[fpc-other] Processing passwords etc.
Mark Morgan Lloyd
markMLl.fpc-other at telemetry.co.uk
Fri Apr 11 12:07:14 CEST 2014
Jonas Maebe wrote:
> [ moving to fpc-other ]
>
> On 11 Apr 2014, at 11:03, Michael Van Canneyt wrote:
>
>> I expect that all sensitive sites (banks, google, etc) have taken
>> immediate action.
>
> That was still too late. See e.g.
> http://foxitsecurity.files.wordpress.com/2014/04/heartbleed-example.png (from
> Yahoo mail). And as mentioned, private keys can also have been
> compromised. Given that pretty no one uses perfect forward security, it
> means that also all encrypted data captured in the past can now be
> decoded in that case.
>
>> That the login of my local tennis/pool/golf club was compromised is
>> not really so scary, sorry.
>
> What about information regarding persecuted human rights activists and
> the people they were in contact with? Journalists and their informants?
> Communications between lawyers and their clients? Sensitive information
> that can be used to blackmail people?
Remember that totalitarian governments will consider use of Tor or
encrypted mail as proof of guilt, and will then apply more direct means
to get co-conspirators.
I'd also point out that in the UK people can be locked up if the police
accuse them of using steganography, even if they weren't so can't supply
decrypt keys.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
More information about the fpc-other
mailing list