Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Steve Gibson doesn't really know what he's talking about, does he?

At any rate, assuming all fibre optic is tapped, how does that explain breaking SSL? That's a really big jump.



You didn't add any valuable information to this discussion. Why doesn't Gibson know what he's talking about? Explain what exactly regarding SSL breaking? What's the jump?


If you're talking about this, you should have a cursory understanding of what SSL is and why the MitM attack Gibson is describing is, at best, far fetched.


I'm pretty sure Gibson knows how SSL works, and I don't see why you think it is far fetched.


His point wasn't "all fibre optic" but that by tapping specific routers, e.g. one close to Facebook where FB traffic is concentrated, the NSA can filter and store nearly all FB traffic while FB has full deniability. At the referenced link are links to court documents in which exactly this kind of tap was revealed to exist at AT&T.

As to SSL, is there a claim that NSA has broken it? I wasn't aware of that. Not relevant to Gibson's idea, anyway.


OK, so FB uses SSL on all their pages. Assuming the NSA is FB's ISP, how does that help the NSA obtain any of FB's data?


> At any rate, assuming all fibre optic is tapped, how does that explain breaking SSL?

Large governments don't need to break SSL. They have SSL root keys and can man-in-the-middle at will. Doing so across the board would likely be detected, but targeted usage likely wouldn't be.

If this was widespread, I'd expect someone to have found a Google cert signed by different root. Then again I suspect Google pins their certs in chrome for a reason.


> Doing so across the board would likely be detected but targeted usage likely wouldn't be

This whole conversation is about wholesale data access, so targeting is not relevant. Besides, even if you are talking about targeting, the claim is, they are storing data and then targeting 'retrospectively'. So without a time machine there's no way they are going to be able to go back and MITM the targeted conversations they want to listen to after the fact. They would have to be MITM everything all the time.


> how does that explain breaking SSL? That's a really big jump.

How about this: the NSA has issued a secret subpoena for the private SSL key of every listed provider (Google/Facebook/Yahoo/etc). They are using those keys to transparently decrypt traffic and suck up what they want.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: