[13825] in cryptography@c2.net mail archive
Re: traffic analysis of phone calls?
daemon@ATHENA.MIT.EDU (Don Davis)
Sat Jul 12 11:47:40 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20030711212803.E5E1A7B4D@berkshire.research.att.com>
Date: Sat, 12 Jul 2003 11:21:38 -0400
To: Steve Bellovin <smb@research.att.com>
From: Don Davis <don@mit.edu>
Cc: cryptography@metzdowd.com
> Slightly off-topic, but a reminder of the sort of thing that
> ordinary crypto doesn't hide.
>
> http://www.silicon.com/news/500009-500001/1/5093.html?rolling=2
>
> IT Myths: Colombian drugs gang's mainframe-assisted assassinations?
> Did drugs barons really use multi-million pound systems to see who
> was grassing to informants...?
with similar import, here's cringely's article on
insecure CALEA workstations:
- don davis
http://www.pbs.org/cringely/pulpit/pulpit20030710.html
"Not only can the authorities listen to your phone calls,
they can follow those phone calls back upstream and
listen to the phones from which calls were made. They
can listen to what you say while you think you are on
hold. This is scary stuff.
"But not nearly as scary as the way CALEA's own internal
security is handled. The typical CALEA installation on
a Siemens ESWD or a Lucent 5E or a Nortel DMS 500 runs
on a Sun workstation sitting in the machine room down
at the phone company. The workstation is password
protected, but it typically doesn't run Secure Solaris.
It often does not lie behind a firewall. Heck, it
usually doesn't even lie behind a door. It has a direct
connection to the Internet because, believe it or not,
that is how the wiretap data is collected and transmitted."
-
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
