[Ach] filippo on SSL SMTP encryption

Manuel Kraus ach at lsd.is
Thu Apr 2 00:25:50 CEST 2015


Am 01.04.2015 um 23:03 schrieb Aaron Zauner:
> Aaron Zauner wrote:
>> Hi Manuel,
>>
>> Sorry but that's handwaving. Also not how intelligence operations work.
> Added to that; it's neither low effort nor high gain. If you want to
> effectively fuck with the internet: attack BGP and be done with it.
>
> Aaron
>

Having said "killswitch" was not meant to have some best solution to
fuck with the internet, it was meant to show that some government is
most possibly willing to actively disturb the internet by whatever
means. Enforcing suicide on webbrowsers could simply be one out of many
ways to do it. Maybe there is no need to disturb internet routing
(complete AS's), if you can disturb visitors accessing their single
target server with this less invasive (for the network) method. Given
the assumption, that an attacker does not control all links to the
target (firewall, traffic shaping does not work) and is not even in the
vicinity of it, he still can make a semi permanent damage without
disturbing the network as a whole. Having an active injector for some
days, covering traffic to a single specific service is a quite low
effort, while having a huge amount of people not knowing what their
browsers are up to blocking that site for days or longer as "high gain"
result.

Mentioning "handwaving": You really can't tell if such an attack
wouldn't be low effort high gain if it hasn't took place in the wild yet
and without reflecting about the investment/outcome ratio thereafter.
And what do you know about how intelligence operations work? I for
myself have no clue! ;-)

Well, I just tried to draw the picture expecting the turn of stealthy
behavior into active (cyber) warfare. I think it'll take place in the
future and I'm not alone with this view.


We're going far off here btw.



Regards

Manuel




More information about the Ach mailing list