[Battlemesh] [OpenWrt-Users] Hardware implants on routers. Something that concerns us all

Mitar mitar at tnode.com
Sat May 17 00:44:03 CEST 2014


> Thanks to Snowden, it is known that the NSA archives all the crypto
> traffic it picks up on the Net.  The only plausible reason for doing
> so (metadata analysis aside) is to decrypt it later once it becomes
> possible to do so.


> The case can be made that Heartbleed has facilitated this to some
> degree.

Not really. Heartbleed is an active attack. Maybe they started using it
after it was revealed and gained access to private keys and if SSL data
they stored was not using forward-secrecy encryption they could uncrypt
it now. But the statement above was that it was actively used by NSA
before it got known. And what I am saying that there was no verified
fact that they did that. There were some claims that people found
packets which looked like Heartbleed in logs of traffic they were
storing, but those mostly proved as false positives or inconclusive. And
without really visible links to NSA. So I am really curious if there is
some new data/proof that they were really doing it before release.

I do not like people just claiming things because especially with NSA it
is good to know what *exactly* are they capable of and knowing. Just
claiming that they are capable of anything and are and were doing
everything is not really useful but more paranoid. One big argument
against NSA is that they are hiding known bugs to exploit them and are
in this way making everyone else less secure. Having a proof of that
would be powerful. But it has to be proof and not wishful thinking.



More information about the Battlemesh mailing list