nationwide interception of Facebook & webmail login credentials in Tunisia
Richard W.M. Jones
rich at annexia.org
Fri Feb 4 19:23:15 GMT 2011
On Tue, Feb 01, 2011 at 09:58:40AM -0800, Passive PROFITS wrote:
> --- On Wed, 1/26/11, Richard W.M. Jones <rich at annexia.org> wrote:
> > From: Richard W.M. Jones <rich at annexia.org>
> > Subject: Re: nationwide interception of Facebook & webmail login credentials in Tunisia
> > +0000, Brian Morrison wrote:
> > > True, but are any CAs already present *really* more
> > trustworthy than
> > > the others? I suspect not.
> >
> > I think this gets to the nub of it. There's literally
> > no criterion
> > for trusting a CA except that I set it up myself (and even
> > then I'm
> > suspicious :-) Why wouldn't the NSA have the private
> > keys used by
> > Verisign? I'd actually consider them to be failing in
> > their job if
> > they *hadn't* got them.
> >
> > Rich.
> >
> > --
> > Richard Jones
> > Red Hat
>
> Which I suppose is why Red Hat was recently named by the Washington Post as part of the USA military industrial complex.*
>
> All non USA companies, governments, etc, using Red Hat products, should take note, not just of the naming of the company in this context, but of the attitude of it's employees, to your/your organisation's security.
>
> With employee attitudes to security like those expressed above, who needs a clandestine stealing of the private key/pass phrase.
>
> The implication is clear; use Red Hat products, you're owned. :(
I've no idea what you're on about. I work for Red Hat (hence the
.signature), but the comments here are in *no* way related to,
endorsed by, authorized by, recommended by, guaranteed by,
underwritten by or encouraged by Red Hat. Just to make that clear.
Rich.
--
Richard Jones
Red Hat
More information about the ukcrypto
mailing list