tag:blogger.com,1999:blog-37798047.post3857176374091153975..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Notes on Sabu arrestDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-37798047.post-20800260139033599742012-04-01T06:22:28.927-04:002012-04-01T06:22:28.927-04:00It's almost as if their equivalent of "Mo...It's almost as if their equivalent of "Morpheous" turned traitor.Georgehttps://www.blogger.com/profile/10128704008699660671noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-35176650752205041502012-03-11T14:32:13.566-04:002012-03-11T14:32:13.566-04:00Sabu was doxed in March of last year, by the same ...Sabu was doxed in March of last year, by the same people who revealed the logs that identified him as the HBGary attacker.<br /><br />Since the coverage is now hard to miss, why is this omitted?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-71378971019796350962012-03-08T07:12:50.754-05:002012-03-08T07:12:50.754-05:00There were several doxes, including the one you li...There were several doxes, including the one you linked from A-Team, that were either spot on about Sabu's identity or came very close: http://bit.ly/zUl4arAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-8812399556973767622012-03-07T14:42:57.087-05:002012-03-07T14:42:57.087-05:00True, I largely skimmed the middle bits of the Dea...True, I largely skimmed the middle bits of the Death and Taxes piece, but I carefully read the conclusion, which was wild eye ravings about how the FBI should arrest the white-collar criminals who crashed the economy, etc.<br /><br />But you are right, the middle part wasn't the wild-eye conspiracy theories I got form skimming, but a debunking of those theories.Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-71339730296898627142012-03-07T13:50:59.112-05:002012-03-07T13:50:59.112-05:00The Death and Taxes piece is not "wild eye ra...The Death and Taxes piece is not "wild eye ravings", you skimmed it if you think that. It is precisely in refuting those wild eyed ravings that it uses to prove its pointsAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-63447774740837235662012-03-06T22:54:43.721-05:002012-03-06T22:54:43.721-05:00To AnonSecurityGeek: I eventually figured out why....To AnonSecurityGeek: I eventually figured out why. I was quoted in Ars Technica in a way that could be misinterpreted, so they followed the link to rebut their misinterpretation.Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-55481992404873496592012-03-06T21:34:40.833-05:002012-03-06T21:34:40.833-05:00Robert Graham -- Good points, fascinating article,...Robert Graham -- Good points, fascinating article, thank you very much for posting it!<br /><br />I don't know why the other commenters are giving you a hard time about your comments on Tor. Your analysis of the risks with Tor (and the strongest defenses) seem obviously, self-evidently true. Oh well.AnonSecurityGeeknoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-63029026117291025442012-03-06T21:11:30.512-05:002012-03-06T21:11:30.512-05:00You're using "fail open" in a way th...<b>You're using "fail open" in a way that's nonsensical</b><br /><br />It's not when Tor fails, it's when you fail. The way most people use Tor, if they make the slightest mistake, they reveal their identity. You should instead use Tor in such a manner that mistakes lead to loss of connectivity. A transparent proxy on a separate (or VM) machine does this.Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-30751189374510652402012-03-06T20:43:03.364-05:002012-03-06T20:43:03.364-05:00You're using "fail open" in a way th...You're using "fail open" in a way that's nonsensical. Tor does not fail open - that's quite an accusation.<br /><br />This was a stupid mistake and has *absolutely nothing* to do with failure modes.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-84334705875843808302012-03-06T17:18:33.373-05:002012-03-06T17:18:33.373-05:00u shouldnt need to proxy into yet another second m...u shouldnt need to proxy into yet another second machine, as long as u can torify all ur apps connecting...mail/browsers/IRC clients.....takes some care, but can be done w/out issues...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-11275122077413095442012-03-06T14:26:18.034-05:002012-03-06T14:26:18.034-05:00This is from June: http://www.informationweek.com/...This is from June: http://www.informationweek.com/news/security/attacks/231000584This page intentionally left blankhttps://www.blogger.com/profile/04671765716661131347noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-70865345029633185112012-03-06T14:10:55.912-05:002012-03-06T14:10:55.912-05:00That was exactly my point. If you log into IRC 100...That was exactly my point. If you log into IRC 100 times, but one time you forget to tunnel through Tor first, then you are hosed. That's the lesson.<br /><br />It's like workers at the CDC (Centers for Disease Control) who work under conditions of extreme paranoia and triple redundancy: all it takes is just once to hose yourself.<br /><br />It's also like crypto. Crypto itself is perfectly secure, but most people use it poorly, making it easy to hack. It's the way they use it that's the problem, not crypto itself.Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-25402372947381024972012-03-06T13:41:32.762-05:002012-03-06T13:41:32.762-05:00How is this a lesson for TOR users? They caught hi...How is this a lesson for TOR users? They caught him because he DIDN'T log into IRC through TOR! Quite trying to prove something you previously speculated...Anonymousnoreply@blogger.com