nationwide interception of Facebook & webmail logincredentials inTunisia

M J D Brown mjdb at
Sun Feb 6 17:12:51 GMT 2011

Thank you; that's very helpful - evidently I need to look more deeply 
into firewall integrity, though I cannot think that backups, etc, stored 
on my NAS would be an attractive target if their extraction involved 
significant effort.

Perhaps more worrying is the thought that subverting the NAS firmware 
could be worthwhile, considering that the devices might find themselves 
in all sorts of interesting places.

The basic question remains: what are the required conditions for a 
trustable CA?


----- Original Message ----- 
From: "Matthew Pemble" <matthew at>
To: "UK Cryptography Policy Discussion Group" 
<ukcrypto at>
Sent: Sunday, February 06, 2011 10:23 AM
Subject: Re: nationwide interception of Facebook & webmail 
logincredentials inTunisia

> On 5 February 2011 18:27, M J D Brown <mjdb at> 
> wrote:
>> LAN which
>> is hiding behind a hardware firewall that Shields Up does not 
>> penetrate.
> Speaking as an ex-pen tester, I'm really not certain that this is a 
> properly
> effective security test ...
>> Accordingly I approved the request.  As a rhetorical question: was I
>> misguided?
>> It would seem that there is a fair concensus that the present system
>> cannot be trusted at a technical level.
> But here you know the CA - the NAS - and you have physical control of 
> it.
> You are trusting it for the issue of one certificate. Yes, somebody 
> could
> have subverted the NAS firmware in order to attack you but it is quite 
> a
> significant attack. Does anybody want what you have got that much?
> Matthew
> -- 
> Matthew Pemble

More information about the ukcrypto mailing list