Feeds

* Posts by Matthew Elvey

7 posts • joined 8 Jul 2008

Spies would need SUPER POWERS to tap undersea cables

Matthew Elvey

Article author Richard Chirgwin is either a stooge or incompetent (or this is just cljckspam). Here's why:

What Greenwald wrote is, "“Speargun” involved the covert installation of 'cable access' equipment, which appears to refer to surveillance of the country’s main undersea cable link, the Southern Cross cable."

In no way does this include Greenwald claiming that the undersea portion of the cable link was accessed. It could be done the same way splitters feed Room 641A (Google it or see video.pbs.org/video/2365249828 ...)

Not to mention that other commenters have pointed out that the US has assets (USS Jimmy Carter) designed specifically to tap undersea cables.

0
0

Moore's Law leaves mobile networks ripe for attack

Matthew Elvey
Flame

Anyone willing to help me find my stolen GSM phones then?

So given the IMEI, it's not hard to brute force ones way into a phone! It ticks me off that AT&T and T-Mobile are unwilling to help recover phones unless served with a court order.

My Android and iPhone were stolen recently. I have the IMEIs. (Well, I was pickpocketed of the former and left the latter in a restaurant, so arguably the latter isn't theft.)

I guess I could head over to the RSA conference and find Aaron Turner. I guess I could find the CCClub-published info mentioned and do it myself. I'm reachable at 7-M-Elvey in the SF area code.

0
0

Morgan Chase blames Oracle for online bank crash

Matthew Elvey
FAIL

More evidence their IT and IS are 'challenged':

Security Alert - they don't even bother to fix identified security flaws:

http://www.elvey.com/it/spr/SPR-2008-08-16.html

So I wouldn't expect their disaster recovery plans to be in tiptop shape!

0
0

Google cloud told to encrypt itself

Matthew Elvey
FAIL

FAIL!

@Darren Forster: "Then call the person and tell them the password..."

And the phone system IS secure? No... When I lived in NYC, I could have safely and easily tapped the lines of anyone in the building.

Glad to see google getting with the program. Half the cost of SSL is in the initial handshake, which Google always did to protect the login itself. I've been using SSL with my provider for years. (fastmail.fm).

0
0

New-age cyber-attack inflicts major damage with modest means

Matthew Elvey
Thumb Up

Hardened porn sites, har har...

Chris Miller: excellent post! Spot on.

Adrian wrote "Apart from the illegality of it" - at first I thought he was saying the filtering was illegal, not the address spoofing!

AC: very funny!

Hardened? Well, aside from the double entendre, sure! Porn sites make money. Lots of money. So of course they'll be hardened.

0
0

Kaminsky (finally) reveals gaping hole in internet

Matthew Elvey
Happy

Thank you, Dan Kaminski

I shoula emailed him a few days ago. I was close. I was thinking of the stunt DNS server John Levine set up at sp.am, and how it could be used to trigger lots of DNS lookups from a client...

0
0

Trojan trawls recruitment sites in ID harvesting scam

Matthew Elvey
Unhappy

Sue 'em?

I sued TD Ameritrade for violating their privacy policy, in failing to prevent their customer database from being obtained by hackers. It is a more serious case; they've already offered $1.9MM in plaintiff's attorney's fees alone to settle the case.

It's much harder for Monster to keep crooks out of its database than AMTD... How would monster do so? I.e. how would it differentiate between a faux firm set up to look like a normal company looking for staff, and a real one? Reliably? At reasonable cost?

0
0