Friday, September 13, 2013

NSA Wears a GOOGLE Mask

Police State Culture                             



A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.

The technique is particularly sly because the hackers then use the password to log in to
Res Ipsa Loquitorthe real banking site and then serve as a "man in the middle," receiving requests from the banking customer, passing them on to the bank site, and then returning requested info to the customer -- all the while collecting data for themselves, with neither the customer nor the bank realizing what's happening. Such attacks can be used against e-mail providers too.
 
Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently(using  MITM)  impersonated Google on at least one occasion to gather data on people.

I suspect we are now sailing in seas so studded with mines that scarcely a day can go by without reports of new sinkings. So to speak. The solution?  Short of killing everyone?  I can't think of one. 



6 comments:

leelu said...

There is (Linux) file transfer software that guards against MITM attacks. It has to be on both the server and the client. It would be most useful if this were incorporated into web and e-mail clients and servers, which I don't believe it is.

Rodger the Real King of France said...

Don't know nothin about that, except the government have resources to do any damn thing they want, and this government do.

iri said...

"The solution? Short of killing everyone? I can't think of one."

Nope, not even that would help but it would certainly be therapeutic.

toadold said...

This could explain why Google is on a crash program to increase encryption between clients and servers. They are most unhappy about the loss of Cloud clients. The cover organization for the IT companies is talking and filing lawsuits against the Alphabet agencies, violations of contracts, civil rights, mopery with an attempt to gawk, and the kitchen sink.

Snackeater said...

Heard on the news today that a group of Brazilian hackers hacked into the NASA website as a protest over the NSA abuses. Are they dyslexic or just bad spellers?

iri said...

....path of least resistance. The NSA hired the best hackers Western Imperialism can produce.

Post a Comment

Just type your name and post as anonymous if you don't have a Blogger profile.