1996-09-04 - Re: Passive Trojan (was:Re: HAZ-MAT virus)

Header Data

From: ichudov@algebra.com (Igor Chudov @ home)
To: tcmay@got.net (Timothy C. May)
Message Hash: 048853a64d0c847a600bc203feb28aa068c9618a42fd906df2b13a9dd46c6f63
Message ID: <199609032225.RAA07933@manifold.algebra.com>
Reply To: <ae51b3f204021004e39e@[207.167.93.63]>
UTC Datetime: 1996-09-04 05:10:31 UTC
Raw Date: Wed, 4 Sep 1996 13:10:31 +0800

Raw message

From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 4 Sep 1996 13:10:31 +0800
To: tcmay@got.net (Timothy C. May)
Subject: Re: Passive Trojan (was:Re: HAZ-MAT virus)
In-Reply-To: <ae51b3f204021004e39e@[207.167.93.63]>
Message-ID: <199609032225.RAA07933@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


Timothy C. May wrote:
> At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat,"  wrote:
> >::
> >Request-Remailing-To: remailer@huge.cajones.com
> >::
> >Request-Remailing-To: remailer@remailer.nl.com
> ....
> >::
> >Request-Remailing-To: furballs@netcom.com (Paul S. Penrod)
> >Deep Throat.
> 
> 
> Hey, Hans, ya gotta watch those "Cc: cypherpunks@toad.com" lines!
> At least now we know who the _other_ "Unicorn" is.

Which brings up the following question: what is the role of human 
screwups in cryptosecurity? How "foolproof" (no pun intended) should
be remailer clients? How can we prevent people from forgetting to delete 
unencrypted files after encryption?

Alternatively, let's think about this: premail always fingers
a certain user account at berkeley.edu to obtain remailer keys.

Suppose that Joe DrugUser uses remailers to talk to his
Columbian friends and the government wants to find out what he is doing.
They could just break into the computer at berkeley.edu and replace keys
with the government-provided keys. They could even modify the finger
server so that it would be lying only to Joe's computer and would
work just as before for all others (to prevent detection).

The government would then intercept Joe's communications and
decrypt them.


	- Igor.





Thread