barry_king (barry_king) wrote,

  • Mood:

You Foolish Animals!

OK, small political rant again.

Twitter: the power to overthrow tyrants. No. The power to allow tyrants to track you and allow you enough rope to hang yourself.

It's been said that there are two ways to break any cryptosystem. One is a rubber hose in a dark room. The other is controlling the system itself. This is about the second one.

All pumped up by Green Spring in Iran, ASSK (yes, that charming, beautiful nobel laureate) is keen to start twittering, social networking, and otherwise using the internet. She's been given an internet connection.

This is going to lead to the entrapment, torture, and execution of a variety of otherwise blameless individuals. Why?

Well, the Internet is not made of tubes, connecting people together like a switchboard. If anything, it's a big copying machine. A signal goes from your ethernet port to your router, is copied to memory, and is replicated on the outboard route, which signals to the telephone line, which reaches another router which copies it to memory, moves it to the next outgoing port, and so on.

Along the way, copies can be altered.

THIS IS IMPORTANT. Copies can be altered. Especially when you control the hardware. In Burma, the Junta controls the hardware.

But that's cool. Blackberry, Skype, HTTPS, these are secure, because the copies don't mean anything. They're all encrypted, right? So tampering would spoil the transmission. You'd know, wouldn't you?

WRONG. The encryption involves an exchange of keys with which to perform this encryption. If the handshake where these keys are exchanged at the beginning of the conversation is subverted by the hardware that is carrying the messages back and forth, and in fact makes a false key to talk to party A and a separate one to talk to party B and decrypts whatever comes in from A using the false key they gave A, reads it, and re-encrypts it before sending it on to party B with the false key they gave to party B, they can read anything in between.

Anyone who really believes that they are bypassing a firewall out of Burma using SSL is a fool. And could well be providing the Junta with all the information they need to prosecute you. This is in a country where owning a FAX MACHINE is a crime. Where being detained can mean things like being put in a box with your own shit and forced to eat cockroaches or starve. No. Really. Is that a risk you want to take? How about when it's your spouse, or your child that gets to suffer?

But Blackberry, blackberry will save us! They use pre-arranged encryption keys that aren't exchanged and so aren't open to man-in-the-middle attacks.

Blackberries made where? Where do the chips come from? A smartphone is as smart as a ten-year-old computer at the VERY LEAST, and we were well into the multi-million-instructions-per-second in 2001. There could be all sorts of malware at work and you'd never know it. The chips themselves could be subverted. You don't know what's in that thing. Firmware can be subverted after manufacture, for crissakes! Even by a deliberately-targeted virus delivered by email.

But even more easily subverted—and more cheaply—is to subvert security personnel in Skype, in Blackberry. Nowadays, at least two countries: Saudi Arabia and Indonesia have access to BB traffic, and who knows whom else. Do you mean to tell me they aren't selling it, trading it for other intelligence? Bullshit. And Skype—What exactly happened when service went down for two days? Can you tell me that the system is always, yes, always secure and encrypted? Remember: shit and cockroaches. Your choice.

The revolution will not be tweeted. But the counter-revolution will be brought to you by twitter. Trust me on that one.

Rant over. For now.
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded