From: Alan Olsen <alano@teleport.com>
Date: Wed, 21 Aug 1996 15:48:26 +0800
To: Frank Stuart <fstuart@vetmed.auburn.edu>
Subject: Re: Hackers invade DOJ web site
Message-ID: <2.2.32.19960821051709.00e4b758@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 06:31 PM 8/20/96 -0500, Frank Stuart wrote:
>Since we don't know how the intruders broke in, we can only speculate.  I
>can think of several scenarios where cryptographic techniques could help.
>I can also think of several where they wouldn't.  When you've only got 20
>seconds to explain to a non-technical audience, I don't think it's dishonest
>to say that it might have prevented it.
>
>Off the top of my head, here are a couple examples:
>
>   1. It's possible that a DOJ employee logged in from a remote site while
>      the intruders were snooping somewhere along the way.  If the link had
>      been encrypted, that would have made things much more difficult or
>      impossible for the attackers.
>
>   2. Perhpas the intruders used IP spoofing and .rhosts to break in.  If
>      machines had to be cryptographically authenticated, a rsh from the
>      wrong machine wouldn't work.

One of the best comments I have seen (from another list) was:

"These are the people who want us to escrow our encryption keys with them
and yet they can't protect their own web site."

I think this can be used as a very valid example as to why they are
untrustworthy to be in charge of keeping anything private and/or protected,
let alone private encryption keys.

---
|  "Remember: You can't have BSDM without BSD. - alan@ctrl-alt-del.com  "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | alano@teleport.com  |