BBC 'vague' reporting again!

[James Firth]

Igor Mozolevsky wrote:
> Of course you are omitting the technical aspects of this - how much
> 'evidence' can you pull out of 25kiBps pipe (or whatever ADSL upstream
> speed your suspect may be connected to)? Or do they not plan on
> gathering the evidence remotely? Also, don't most ADSL modems/routers
> connect home PCs on private IP address space nowadays? I seriously
> can't see how this is 'technology' is going to work against mere
> mortals...

Firstly, it is likely that only the information you require would be
removed, or fingerprints for files taken for comparison, see:
http://www.theregister.co.uk/2008/11/15/cryptographic_hash_search_ruling/

Secondly, most vulnerabilities today are in the application layer, and being
behind a firewall or on a private NATed address doesn't help, especially
with complicity from ISP or application vendor.

With ISP complicity one could inject exploit code into otherwise trusted
websites visited, e.g. bbc etc. or simply redirect requests to "trusted"
sources, such as application vendors to receive updates.

Similarly with application vendor complicity it would be easy to bundle
covert search tools into software updates, especially anti-virus vendors,
since one expects a virus scan to hog CPU and disk usage.

I certainly would not stake my reputation on being able to defend against a
concerted attempt at intrusion into any "regular" system, with the exception
of specialist networks with strict information control (i.e. no or very
little internet browsing, no software auto-update, etc).

James Firth