From: Tom Rollins <trollins@hns.com>
To: doug@ss7.digex.net
Message Hash: d4bad3bac3524f02f9433bcb749a49a2ed8a73dd6955eadc516e014f15cc2c4f
Message ID: <199510051418.KAA00604@dcn92.hns.com>
Reply To: N/A
UTC Datetime: 1995-10-05 14:19:18 UTC
Raw Date: Thu, 5 Oct 95 07:19:18 PDT
From: Tom Rollins <trollins@hns.com>
Date: Thu, 5 Oct 95 07:19:18 PDT
To: doug@ss7.digex.net
Subject: Re: Oct 14 meeting Agenda? (DC Cypherpunks)
Message-ID: <199510051418.KAA00604@dcn92.hns.com>
MIME-Version: 1.0
Content-Type: text
>>I figure that as long as we are going to receive...
>> ? a commercial message from Digex ?
>>
>>We might be able to tap their knowledge base in assesing
>>the various risks and rewards available by using a Commercial
>>ISP.
>>
>>After all, with the FBI and Scientologists waging war on
>>the Internet ( capturing keystroaks, siezing computers,
>>and rummaging through everyones E-mail ), There may be a
>>way to make life a little more interesting for them.
>I will be glad to send in my two cents worth - I am not sure that
>I understand the question though.
While, I believe in strong crypto for everyone (what cypherpunks doesn't),
I also believe that much can be done to prevent the wholesale snooping
of Commercial ISP customers data. I believe that this data is snooped
because the ISP's and large number of customers (ignorant of security)
make this data too easy a target (cost effective).
While the NSA may follow it's motto (In GOD we trust, the rest we monitor).
Others may take hostile actions agenst someone whose password or
personal information has been obtained. (ex. drain bank account, or just
send spam)
Some questions that I would like to ask...
1 - Assuming that someone from an agengy or someone pretending to
be from an agency wanted to capture one or all the ISP customers
key presses. What method would they use ?
Would they capture the data at the phone company?
Would they tap the raw data stream at the initial ISP router ?
Would they route IP packets from the initial ISP router through their
own equipment before arriving at the ISP maching running the shell
account ?
Would they use a Trojin Shell (or telnetd) on a shell account ?
Would they inform the ISP and get his help or root access ?
2 - What methods could be put into place by the ISP or it's customers
to help prevent this snooping activity ?
Perhaps an alternative login method (like deslogin or idealogin)
trying to protect data through the phone company and IP route
to the target machine.
Perhaps having a crypto checksum on the shell (telnetd) to detect
trojin software.
Perhaps sendmail could public key encrypt mail on it's way to the
customers directory.
Perhaps just raising the customer awareness of security issues
and methods at the ISP. This could affect the mainstream
user (joe sixpack) as well as the PGP user.
Perhaps ISPs could offer a data archive service/site (foreign site)
where data in the form of PGP encrypted E-mail can be saved and
retrieved via a robot (something like majordomo). That way,
if your home computer breaks, burns, is stolen, or siezed. You
can still retrieve your data at a later time.
Granted these methods do not prevent a determined attacker from squashing
an ISP cutomer. However, it does raise the cost of the effort to single
out a user and attack him rather that grab cleartext from everyone.
-tom
Return to October 1995
Return to “Tom Rollins <trollins@hns.com>”
1995-10-05 (Thu, 5 Oct 95 07:19:18 PDT) - Re: Oct 14 meeting Agenda? (DC Cypherpunks) - Tom Rollins <trollins@hns.com>