1998-07-08 - Re: Covert Access to Data and ID

Header Data

From: Adam Shostack <adam@homeport.org>
To: jya@pipeline.com (John Young)
Message Hash: 8a5f65db1c07892ba23719d8ce518b6ee81877511ce9882a42b203a0053f15be
Message ID: <199807082138.RAA12934@homeport.org>
Reply To: <199807081547.LAA21623@camel14.mindspring.com>
UTC Datetime: 1998-07-08 21:38:58 UTC
Raw Date: Wed, 8 Jul 1998 14:38:58 -0700 (PDT)

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Wed, 8 Jul 1998 14:38:58 -0700 (PDT)
To: jya@pipeline.com (John Young)
Subject: Re: Covert Access to Data and ID
In-Reply-To: <199807081547.LAA21623@camel14.mindspring.com>
Message-ID: <199807082138.RAA12934@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


John Young wrote:

| If this is logging (and related retrieval) is done covertly, 
| encryption could thereby become a falsely reassuring 
| cloak of privacy.
| 
| Dave thinks devices like these are surely in the works,
| and he can say more about their sponsors, technologies 
| and implementations.

	Keystroke logging technology exists commercially as a result
of the shit reliability of commercial OSs.  Turning one of them
quite stealth wouldn't be hard; they're very innocous as is.

	Also note things like the recent MS 'send chunks of ram in
Word documents' bug in Word for the Mac.  (Actually an OLE bug.)

	The benefit to encryption is not that it makes your data
secure, but that it allows you to communicate safely in the presense
of adversaries.  (Rivest's definition.)

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







Thread