[Ach] New leaks suggest even more active attacks

Aaron Zauner azet at azet.org
Sun Mar 16 04:25:19 CET 2014

Hi *,

Has anyone read over
with attention? There's a slide in there that does not mention the
facebook stuff *, that I do find extremely interesting:

	1) they collect key exchanges whole sale (nothing new there, we've
always expected that)
	2) "Pairing and Crypt Attacks" - I guess that just means pairing keys,
trying to brute force, or apply one of the dozens of possible attack
vectors on live traffic
	3) "CA resources". Yes. Not going into that one again.

As far as I can tell this is related to IPSec and SSL VPN tunnels.


* which I find amusing anyway given that Facebook collects tons of user
data, biometrics, graph and behavior analysis. Zuckerberg just
complained to Obama directly about the issue.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140316/1053e062/attachment.sig>

More information about the Ach mailing list