[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

huawei

Subject: huawei
From: mike at mtcc.com (Michael Thomas)
Date: Sat, 15 Jun 2013 08:03:59 -0700
In-reply-to: <[email protected]>
References: <CAMrdfRzp9f73E10VLTQeBQ7nc9fCyJG72z80tvw6EtZTeRnC0A@mail.gmail.com> <[email protected]> <CAMrdfRzRSBdkcHij-dGmvLHq_0QqiYz-MtDE6DhAAzvuZpM8zg@mail.gmail.com> <[email protected]> <CAMrdfRwYqcHmh0MiceD2wWnXzXPKUPFnJETU8Zbv-jzYUsnu7w@mail.gmail.com> <CAAAwwbVWsGcJsOqn0Z0uXkiqGcTr8d7EVtXD_Up_5ATe0fsqTg@mail.gmail.com> <CAMrdfRwP6ZgD4y6MRQT4iYjV_89Bs=yNM2nniXBkX8rARSbwxQ@mail.gmail.com> <CAAAwwbX3ruK2+xpd_2BVpf3d++Osf5HQoDK-ZRX9iVDdoE2mqQ@mail.gmail.com> <CAMrdfRxy0CYGHw_aH=oyLhm1xVwNRWtH+D=on+8-9xKdB14tMA@mail.gmail.com> <CAAAwwbVr-zXwayneAJjw14=a2we+D6yA_4qiTpKXaLGJPFB0RQ@mail.gmail.com> <[email protected]>

On 06/15/2013 05:13 AM, Rich Kulawiec wrote:
> First: this is a fascinating discussion.  Thank you.
>
> Second:
>
> On Sat, Jun 15, 2013 at 01:56:34AM -0500, Jimmy Hess wrote:
>> There will be indeed be _plenty_ of ways that a low bit rate channel
>> can do everything the right adversary needs.
>>
>> A few bits for second is plenty of data rate for  sending control
>> commands/rule changes to a router backdoor mechanism, stealing
>> passwords, or leaking cryptographic keys   required to decrypt the VPN
>> data stream intercepted from elsewhere on the network,   leaking
>> counters, snmp communities, or interface descriptions,   or
>> criteria-selected forwarded data samples, etc....
> I was actually thinking much slower: a few bits per *day*.  Maybe slower yet.
>
> (So what if it takes a month to transmit a single 15-character password?)
>
> For people who think in terms of instant gratification, or perhaps,
> in next-quarter terms, or perhaps, in next-year terms, that might be
> unacceptabe.  But for people who think in terms of next-decade or
> beyond, it might suffice.
>
> And if the goal is not "get the password for router 12345" but "get as
> many as possible", then a scattered, random, slow approach might yield
> the best results -- *because* it's scattered, random, and slow.
>

And all of us here by virtue of talking about it do not have a day job
which involves thinking all of this stuff up. A lot of the stuff the DoD
is willing to talk about is seriously brilliant, and that's just the public
stuff.

Information really, really wants to be free. Getting access to poorly defended
routers is probably the easy part for them. Masking the payloads is something
that they get paid the big bux for in general, so it is seriously naive to think
they don't have dozens of tricks they employ on a daily basis. The only thing
we really have to counter their ingenuity, IMO, are laws and other layer 8
impediments.

Mike, still wonders if this phenomenon is just a restatement of entropy

Follow-Ups:
- huawei
  - From: randy at psg.com (Randy Bush)

References:
- huawei
  - From: khelms at zcorum.com (Scott Helms)
- huawei
  - From: mike at mtcc.com (Michael Thomas)
- huawei
  - From: khelms at zcorum.com (Scott Helms)
- huawei
  - From: rsk at gsp.org (Rich Kulawiec)
- huawei
  - From: khelms at zcorum.com (Scott Helms)
- huawei
  - From: mysidia at gmail.com (Jimmy Hess)
- huawei
  - From: khelms at zcorum.com (Scott Helms)
- huawei
  - From: mysidia at gmail.com (Jimmy Hess)
- huawei
  - From: khelms at zcorum.com (Scott Helms)
- huawei
  - From: mysidia at gmail.com (Jimmy Hess)
- huawei
  - From: rsk at gsp.org (Rich Kulawiec)

Prev by Date: huawei
Next by Date: huawei
Previous by thread: huawei
Next by thread: huawei
Index(es):
- Date
- Thread