Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products. As previously reported, an "anonymous hacker" called Notrax claims to have defeated 11 out of 15 phone scrambling technologies using the commercially available FlexiSpy wiretapping utility and a 'homemade' Trojan …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 1st February 2010 16:06 GMT Anonymous Coward

"Voice crypto fails spark astroturf claims"

What on earth does that title mean? What is a spark astroturf claim, and how can one fail it?

3 0
1. Tuesday 2nd February 2010 00:00 GMT Anonymous Coward
  
  Spark would be a verb there
  
  In non-headline-speak.
  
  The [alleged] failure of various systems for encrypting voice traffic set off (sparked) claims that the individual in question was not in fact an individual at all. It seems that the heroic hacker nobly ensuring the safe encryption of his fellow internet user's traffic may have been a stinking rotter and a shill - doing the work of Johny Bigcompany by stirring up grass roots support for the few systems claimed to work.
  
  (okay, you find a better way to cover 'to astroturf'.
  
  0 0
Monday 1st February 2010 16:36 GMT Robert Carnegie

"I don't remember in all my life a so irresponsible and dirty marketing trick"

May I ask, what has been the second or third most irresponsible and dirty marketing trick in the security world et cetera? The stories may be amusing and instructive.

American voting machines and the now-notorious British-made magic wand for magically detecting explosives in Iraq by magic may be candidates. I think the magic wand one may be even more irresponsible and dirty, but it isn't just a marketing ploy, they actually went and did it.

0 0
Monday 1st February 2010 16:40 GMT Anonymous Coward

Good Trick

I'll have to remember that comment approval thingy.

0 0
Monday 1st February 2010 21:25 GMT Fabio Pietrosanti

Answer of SecurStar GmbH on the Infosecurityguard/Notrax case: absolutely unreasonable! :-)

Hi all,

i am Fabio Pietrosanti and that's my comments on Hafner declarations:

http://infosecurity.ch/20100201/answer-of-securstar-gmbh-on-the-infosecurityguardnotrax-case-absolutely-unreasonable/

It’s true, it’s possible that earth will get a martian attacks that will destroy our life. Statistically extremely difficult, but possible. More or less like the anonymous proxy story told by Hafner of SecurStar not to admit that they are behind the http://infosecurityguard.com fake independent security review.

Fabio

2 2
Tuesday 2nd February 2010 05:50 GMT donhei

Hafner known 'unethical' person..

.. to say the least.

It is little known that his anonymising service 'surfsolo' was actually provided by another outfit at www.privacy.li . According to there website they dumped Wilfried Hafner last year around August/September for 'unethical behaviour', check it out here:

http://privacy.li/news.html

I wonder why...

Don

http://www.theregister.co.uk/Design/graphics/icons/comment/thumb_down_32.png

1 1
1. Thursday 4th February 2010 01:18 GMT Anonymous Coward
  
  privacy.li
  
  Well if you quote Privacy.li then i am really sorry to tell you but that is to say it nicely a bunch of sammers and criminals and if you make a short search on the internet you will find stories about their practices all over the place.....
  
  just the first two that cam up on google:
  
  http://www.wirelessforums.org/comp-security-misc/beware-scamster-site-privacy-li-19874.html
  
  and
  
  http://www.homelandstupidity.us/2005/07/09/privacyli-not-to-be-trusted/
  
  As about of SecurStar i dont particularly care if they hired somebody to do the hack, they did it themselfs or they dont have anything to do with it... What i am concerned is that so many security vendors did not do protect their products agains such an easy attack.
  
  1 1
Tuesday 2nd February 2010 14:25 GMT Frank Bitterlich

Done something wrong?

"[...] as if we had done something wrong."

Well, looks like at least the judge who put you behind bars seemed to have that opinion.

1 1
Wednesday 3rd February 2010 13:23 GMT shaunhw

In defence...

I'll make no bones about this. I work for SecurStar's British subsidiary developer, I own a very small shareholding but my opinions expressed here are MY own not SecurStars.

At the end of the day were the flaws exposed REAL ?

http://news.techworld.com/security/3211618/accusations-fly-over-voice-encyption-hack/

"

As far as they go, the tests do appear to find a legitimate weakness in the programs under test even if a connection to one of the companies involved would represent a huge conflict of interest and discredit them in the eyes of the security community. Pietrosanti is certainly correct to say that researchers are normally keen to be identified with their testing, something ‘Notrax' has avoided doing so far.

"

I do not currently know if anyone within SecurStar did this or not We are in the UK and quite "divorced" from other German parent company activities such as PhoneCrypt which we have had no involvment in whatsoever..

No doubt I will get to know. Having said that, if a flaw has been exposed in a competitors software, then surely it will now get fixed ? It WILL get fixed won't it ? Would it have got fixed before ?

I do know that Wilfried Hafner is passionate about security, and IS a gifted hacker. After nine years working for this company, (nine wonderful and happy years I might add) I never cease to be amazed when he refutes some of my own ideas, regarding things we should do with the software we develop, or the bugs he has found in the past. If he indeed did find the Phone encryption security problem and he went public with it, under the company banner what would people think then ? Would it be worse still ? Should he have just kept completely quiet ? It is certainly not his voice in the Notrax video (which I have now seen) that's for sure.

What really needs to happen FIRST of all, is that the companies concerned need to review the assertions made, and if necessary address the flaws in the software, however they've been identified.

In any case. personally if there was a serious issue with our software, then I would *expect* competitors to try and make some milage from it. At the end of the day, isn't that what business is all about ? It's one of the reasons I am not a business man and never could be I am simply not 'hard nosed' enough.

In the longer term, I am sure their products will be fixed, and that can ONLY be to the advantage of their customers however the flaws were revealed. The authors of the software concerned should make it a priority to fix the problems instead of bleating on how horrible the company is. If indeed the company is at all responsible.

Perhaps Wilfried did try and make some milage out of these flaws I honestly do not know. He is a good hacker and has often found issues of this kind. BUT he is, at the end of the day, a business man as well.

--

Now, ask me about my iPhones, (3g and 3Gs) my 09 reg Ford C-Max car with Sony CD/Radio and USB connection, and how neither iphone works anymore with the car's USB port.. On the older iphone I could play the tracks back via the console, until OS 3 was installed. The thing won't even recognise the 3Gs phone at all.

Ask me who, of the four companies concerned (including the garage) really even cares about my problem, instead of just playing pass the parcel instead of helping me get it sorted. That's bad and horrible practice as well, but we consumers simply have to put up with it.

1 1