Kevin’s Techdirt Profile

kevin312

About Kevin




Kevin’s Comments comment rss

  • Nov 30th, 2014 @ 2:01pm

    Re: SSL

    The same BlueCoat Proxy technology that Syria was caught using can Man-In-The-Middle (MITM) SSL interception, so https everywhere is not a panacea against hostile regimes! Even without breaking SSL, a firewall can still detect the website being accessed (through lookup tables or TLS+SNI), so when everything goes to https, blocking by domain will still succeed.

    For more granular blocking, Syria would need to break SSL/TLS through MITM. Browsers detect these privacy breaking proxies, so for users to not see warning messages, the "attacker" needs a Certificate Authority (CA) signing certificate that the user trusts, either control of a CA that is in the default key set shipped with the OS or browser, or the ability to push a key down to the client.

    As a measure of security, the latest Firefox includes "Public key pinning" which limits which signing certificates will be trusted for a small set of very popular and often-targeted HTTPS sites, including Twitter.

    Realistically, hostile environments with no need to stealth will just force MITM on all sessions and block anything that looks like encrypted traffic (e.g. Tor). It's not like Syria has to worry about their reputation getting any worse.

  • Nov 30th, 2014 @ 1:46pm

    Re: twitter was caught?

    twitter was caught scanning peoples hard-drives for 'unlicensed' software but then tried pathetically to claim it was doing this for the good of it's users.

    That's news to me. I know Steam was caught scanning users HDs for cheat tools, maybe that's what you are thinking of?

    Specifically, I've never heard of any social platform that scanned user hard-drives for 'unlicensed' software, only gaming platforms.

  • Oct 14th, 2009 @ 8:09am

    Re: Re: Look at both sides of the issue

    Even if Skype were to share their encryption code, if it's properly implemented knowing how the software is written will not allow for eavesdropping.

    For that, Skype would need to share their encryption keys, which they won't admit to having shared with any outside agency.

    You think Skype pisses them off, wait until people start using Zfone in any substantial way.