nationwide interception of Facebook & webmail login credentials in Tunisia
Passive PROFITS
passiveprofits at yahoo.com
Tue Feb 1 17:58:40 GMT 2011
--- On Wed, 1/26/11, Richard W.M. Jones <rich at annexia.org> wrote:
> From: Richard W.M. Jones <rich at annexia.org>
> Subject: Re: nationwide interception of Facebook & webmail login credentials in Tunisia
> +0000, Brian Morrison wrote:
> > True, but are any CAs already present *really* more
> trustworthy than
> > the others? I suspect not.
>
> I think this gets to the nub of it. There's literally
> no criterion
> for trusting a CA except that I set it up myself (and even
> then I'm
> suspicious :-) Why wouldn't the NSA have the private
> keys used by
> Verisign? I'd actually consider them to be failing in
> their job if
> they *hadn't* got them.
>
> Rich.
>
> --
> Richard Jones
> Red Hat
Which I suppose is why Red Hat was recently named by the Washington Post as part of the USA military industrial complex.*
All non USA companies, governments, etc, using Red Hat products, should take note, not just of the naming of the company in this context, but of the attitude of it's employees, to your/your organisation's security.
With employee attitudes to security like those expressed above, who needs a clandestine stealing of the private key/pass phrase.
The implication is clear; use Red Hat products, you're owned. :(
Best,
PP
* http://www.topsecretamerica.com
http://projects.washingtonpost.com/top-secret-america/companies/?keywords=Red+Hat&x=23&y=13
More information about the ukcrypto
mailing list