[cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets

Jason Iannone jason.iannone at gmail.com
Thu Mar 13 11:13:49 EDT 2014


And remain undetected?  That's a nontrivial task and one that I would
suspect generates interesting CPU or other resource utilization anomalies.
 It's a pretty high risk activity.  The best we can hope for is someone
discovering the exploit and publicly dissecting it.


On Thu, Mar 13, 2014 at 8:50 AM, Greg Rose <ggr at seer-grog.net> wrote:

> You get the routers to create valid-looking certificates for the
> endpoints, to mount man-in-the-middle attacks.
>
> On Mar 13, 2014, at 6:28 , Jason Iannone <jason.iannone at gmail.com> wrote:
>
> > The First Look article is light on details so I don't know how one gets
> from "infect[ing] large-scale network routers" to "perform[ing]
> "exploitation attacks" against data that is sent through a Virtual Private
> Network."  I'd like to better understand that.
> >
> >
> > On Thu, Mar 13, 2014 at 7:22 AM, Jeffrey Walton <noloader at gmail.com>
> wrote:
> > On Thu, Mar 13, 2014 at 9:17 AM, Jason Iannone <jason.iannone at gmail.com>
> wrote:
> > > Are there details regarding Hammerstein?  Are they actually breaking
> > > routers?
> > Cisco makes regular appearances on Bugtraq an Full Disclosure. Pound
> > for pound, there's probably more exploits for Cisco gear than Linux
> > and Windows combined.
> >
> > Jeff
> >
> > > On Thu, Mar 13, 2014 at 2:40 AM, Jeffrey Walton <noloader at gmail.com>
> wrote:
> > >>
> > >> On Thu, Mar 13, 2014 at 1:57 AM, coderman <coderman at gmail.com> wrote:
> > >> >
> > >> >
> https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf
> > >> >
> > >> > "TAO implants were deployed via QUANTUMINSERT to targets that were
> > >> > un-exploitable by _any_ other means."
> > >> >
> > >> And Schneier's Guardian article on the Quantum and FoxAcid systems:
> > >>
> > >>
> http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
> .
> >
> >
> >
> > --
> > PGP Public Key: 2048R/AC65B29D
> > _______________________________________________
> > cryptography mailing list
> > cryptography at randombit.net
> > http://lists.randombit.net/mailman/listinfo/cryptography
>
>
> Greg.
>
> Phone: +1 619 890 8236
> secure voice / text: Seecrypt +28131139047 (referral code 54smjs if you
> want to try it).
> PGP: 09D3E64D 350A 797D 5E21 8D47 E353 7566 ACFB D945 (id says
> ggr at usenix.org, but don't use that email)
>
>


-- 
PGP Public Key: 2048R/AC65B29D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140313/ec784cb7/attachment.html>


More information about the cryptography mailing list