BBC 'vague' reporting again!
Igor Mozolevsky
ukcrypto at chiark.greenend.org.uk
Mon, 1 Dec 2008 18:59:08 +0000
2008/12/1 James Firth <james2@jfirth.net>:
>
> Igor Mozolevsky wrote:
>> Of course you are omitting the technical aspects of this - how much
>> 'evidence' can you pull out of 25kiBps pipe (or whatever ADSL upstream
>> speed your suspect may be connected to)? Or do they not plan on
>> gathering the evidence remotely? Also, don't most ADSL modems/routers
>> connect home PCs on private IP address space nowadays? I seriously
>> can't see how this is 'technology' is going to work against mere
>> mortals...
>
> Firstly, it is likely that only the information you require would be
> removed, or fingerprints for files taken for comparison, see:
> http://www.theregister.co.uk/2008/11/15/cryptographic_hash_search_ruling/
>
> Secondly, most vulnerabilities today are in the application layer, and being
> behind a firewall or on a private NATed address doesn't help, especially
> with complicity from ISP or application vendor.
>
> With ISP complicity one could inject exploit code into otherwise trusted
> websites visited, e.g. bbc etc. or simply redirect requests to "trusted"
> sources, such as application vendors to receive updates.
>
> Similarly with application vendor complicity it would be easy to bundle
> covert search tools into software updates, especially anti-virus vendors,
> since one expects a virus scan to hog CPU and disk usage.
I thought that others were saying that this software was essentially
hacking into a system and delivering a payload. Of course, if you have
willing participants en-route to the suspect's machine, you have a
different situation.
Cheers,
Igor M., GCFA