| New User, Welcome! Login |
National Security
Take a look at the actual vulnerability advisory.
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
Or the original posting by OpenSSH
http://www.securityfocus.com/archive/1/498558/30/0/threaded
Where is there any condition related to National Security?
If you read the vulnerability advisory you would see that the problem is "a
design flaw in the SSH specification". OpenSSH was merely used as an example of
an implementation of SSH written to implement the specification.
discoverer of a vulnerability, I would say that "you will only get
details if you do X" is a form of blackmail.
So the result is that the developers of the main implementation of the
SSH protocol are without the details of the vulnerability, all in the
cause of "protecting national security".
-Otto
=============================================================================
* Biometrics, National ID Cards, Identity Theft
* Digital forensics
* PST and Web Services / SOA
* Information Filtering, Data Mining & Knowledge from Data
* Privacy, Traceability, and Anonymity
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
* Anonymity and Privacy vs. Accountability
* Recommendation, Reputation and Delivery Technologies
* Access Control and Capability Delegation
>> "We can assure you that we do not cooperate with the NSA or any other
>> government agency anywhere in the world. We invite whomever is
>> making this
>> statement to provide proof, rather than making a baseless accusation.
>
> Note that if they had been served with an NSL (National Security
> Letter),
> they may be legally *required* to lie about it while cooperating.
> Actually
> truthfully saying "Yeah, an NSL showed up and we complied" could
> land them
* Biometrics, National ID Cards, Identity Theft
* Digital forensics
* PST and Web Services / SOA
* Information Filtering, Data Mining & Knowledge from Data
* Privacy, Traceability, and Anonymity
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
* Anonymity and Privacy vs. Accountability
* Recommendation, Reputation and Delivery Technologies
* Access Control and Capability Delegation
* Biometrics, National ID Cards, Identity Theft
* Digital forensics
* PST and Web Services / SOA
* Information Filtering, Data Mining & Knowledge from Data
* Privacy, Traceability, and Anonymity
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
* Anonymity and Privacy vs. Accountability
* Recommendation, Reputation and Delivery Technologies
* Access Control and Capability Delegation
> Sent: Thursday, December 27, 2007 10:11 AM
> To: bugtraq@securityfocus.com
> Subject: Re: Cryptome: NSA has real-time access to Hushmail servers
>
> Valdis.Kletnieks@vt.edu wrote:
> > Note that if they had been served with an NSL (National Security
> Letter),
> > they may be legally *required* to lie about it while cooperating.
> Actually
> > truthfully saying "Yeah, an NSL showed up and we complied" could
land
Hey!
They put a condition because of "National Security". Should that mean
that they use OpenSSH in "National Security"-sensitive applications
(interesting ;););))?
If so, should that mean that they implicitely recognize the very good
work done by the community?
If so, why not act politely with the community and share knowledge?
Andrea Glorioso, European Commission - DG Information Society and Media
New European Policy on Critical Information Infrastructure Protection
Dr. Stuart H. Starr, Senior Research Fellow, Center for Technology and
National Security Policy (CTNSP), National Defense University (NDU)
Towards a (Preliminary) Theory of Cyberpower
Dennis P. Gilbert, Jr., Booz Allen Hamilton
The Information Sphere Domain – Increasing Understanding and Cooperation
|
|
|
