Going Bright… [Hack Shopping Mall?]

Going Bright: Wiretapping without Weakening Communications Infrastructure by Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau (unofficial version). (Steven M. Bellovin, Matt Blaze, Sandy Clark, Susan Landau, “Going Bright: Wiretapping without Weakening Communications Infrastructure,” IEEE Security & Privacy, vol. 11, no. 1, pp. 62-72, Jan.-Feb. 2013, doi:10.1109/MSP.2012.138)

Abstract:

Mobile IP-based communications and changes in technologies, including wider use of peer-to-peer communication methods and increased deployment of encryption, has made wiretapping more difficult for law enforcement, which has been seeking to extend wiretap design requirements for digital voice networks to IP network infrastructure and applications. Such an extension to emerging Internet-based services would create considerable security risks as well as cause serious harm to innovation. In this article, the authors show that the exploitation of naturally occurring weaknesses in the software platforms being used by law enforcement’s targets is a solution to the law enforcement problem. The authors analyze the efficacy of this approach, concluding that such law enforcement use of passive interception and targeted vulnerability exploitation tools creates fewer security risks for non-targets and critical infrastructure than do design mandates for wiretap interfaces.

The authors argue against an easy-on-ramp for law enforcement to intercept digital communications.

What chance is there a non-law enforcement person could discover such back doors and also be so morally depraved as to take advantage of them?

What could possibly go wrong with a digital back door proposal? 😉

No lotteries for 0-day vulnerabilities but the article does mention:

Secunia, https://secunia.com/community/advisories

VulnerabilityLab, www.vulnerability-lab.com

Vupen, www.vupen.com/english/services/solutions-gov.php

ZDI, http://dvlabs.tippingpoint.com/advisories/disclosure-policy

as offering

subscription services that make available varying levels of access information about 0-day vulnerabilities to their clients.

As far as the FBI is concerned, they should adapt to changing technology and stop being a drag on communications technology.

You do know they still don’t record interviews with witnesses?

How convenient when it comes time for a trial on obstruction of justice or perjury. All the evidence is an agent’s notes of the conversation.

BTW, in case you are looking for a cybersecurity/advertising opportunity, you have seen those services that gather up software packages for comparison price shopping?

Why not a service that gathers up software packages and displays unresolved (and/or historical) hacks on those products?

With ads from security services, hackers, etc.

A topic map powered hack shopping mall as it were.

One Response to “Going Bright… [Hack Shopping Mall?]”

  1. […] The FBI wants special backdoors (like it has for telecommunications) just to monitor IP traffic. (Going Bright… [Hack Shopping Mall?]) […]