[Dailydave] The wrong thing.

Dave Aitel dave at immunityinc.com
Mon Nov 4 16:14:11 EST 2013


http://www.washingtonpost.com/world/national-security/nsa-apparently-taps-google-yahoo-networks-without-companies-knowledge/2013/10/30/f14749d0-4195-11e3-a751-f032898f2dbc_story.html

Otherwise known as "Much ado about basically the wrong thing."

Eric Schmidt is pretty mad about how when you send unencrypted data over
leased lines it has a tendancy to get sucked into big databases and
parsed, and ignoring this elephant sized irony from someone who sends
automated cars around to photograph everyone in their front yards, you
have to wonder what he's thinking in terms of their datacenters in
places like Russia and Hong Kong.

Because, especially in the case of Hong Kong, you can hardly say that
they're on friendly ground, and you'd have to assume that not only are
your leased lines being read, but your data is being MITM'd, such that
if you can use GAIA to change the permissions for an internal session's
inbox, then it's being done to read Eric's email.

This is a huge problem with cloud providers in general - they're
migrating your VM in the clear over leased lines to who knows where?
That's awesome - let me add some bytecode into your kernel in the
process as you transit the fiber. You don't need kernel exploits when
the kernel itself is "data in motion"!

-dave


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20131104/52b18131/attachment.sig>


More information about the Dailydave mailing list