[SSL Observatory] so called "lawful intercept" survey
Phillip Hallam-Baker
hallam at gmail.com
Mon Sep 26 07:24:54 PDT 2011
On Mon, Sep 26, 2011 at 9:20 AM, Ralph Holz <holz at net.in.tum.de> wrote:
> Hi,
>
> > Which is one of the many reasons why practical security schemes do not
> > look like the ideal models produced by academics.
> >
> > Tehran Bob (the PR flack for the Iranian hackers) has been attempting to
> > do just that with his claims of having 'owned' other CAs. Surprise,
> > surprise, it turns out that these claims were less than 100% accurate.
> > Well duh, if the guy had really compromised another CA he would have
> > kept his mouth shut about it.
>
> Tehran Bob? Never heard that. I thought it's "ComodoGate" or
> "DigiNotarGate". ;)
>
It is a principle of AV that we don't allow the attackers to choose names
for their viruses. So he is now Tehran Bob (c.f. Baghdad Bob).
> Anyway, people also thought after the Comodo debacle that this guy was
> just a pretender. Was it Moxie who also gave that impression at Black
> Hat 2011? Whatever he is, he has surprised people. I would not rule out
> more things to come.
He is certainly connected to the attacker, he is certainly not the attacker.
There is certainly more than one attacker.
Much of what he says is misdirection. So Moxie is right to be dismissive of
him. After all the one thing we know about him for certain is that he is a
liar.
In the last attack the certs were used in a nation level redirect of the
entire Internet. So if Tehran Bob was a lone hacker as he claims he would
have been dancing on the end of a crane as soon as the attack was
discovered.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110926/5588720e/attachment.html>
More information about the Observatory
mailing list