BBC 'vague' reporting again!

[Dave Howe]

Roland Perry wrote:
> I don't follow the terminology used here. What's "package analysis",
> for example?

I am not using any special terminology - a package is a group of related
files which comprise a single installed program or suite, and I mean
that, on encountering a package the attack software is not familiar
with, it will report back names and version numbers to some central
server and download a tailored attack module (if available) and/or
upload the binaries to the central server so that such a module can be
written.

> 
>> On the other hand, interception would not get them historic message
>>  traffic,
> 
> That was my thought too.
> 
>> and if there were any use of TLS, not even get them current traffic
>> without having to demand the TLS keypair from the ISP (and not even
>> then, if PFS modes are in use)
> 
> In theory I can exchange email with my office (aka home) on an ssh 
> tunnel and therefore have no ISP servers, or external unencrypted 
> traffic, involved at all. But it's all a bit too fiddly.

Oh, I do that for certain mail servers hosted outside of UK jurisdiction
- but for most pop3s or imaps is the way to go, as they don't have or
need a sshd (and probably wouldn't give me access to one if they did).
Downside is that most clients are used to self signed certs for tls
email, and don't kick up too much of a fuss when they change - so prime
MitM attack material.