2014-06-15 09:25:40 UTC
in my INBOX a few minutes ago. Whew, it's a l-o-n-g one.
For those unaware: http://en.wikipedia.org/wiki/Bruce_Schneier
He's one of the few people allowed access to the Snowden documents that
were given to The Guardian and Der Spiegel about which both Bruce and
Glen Greenwald <http://en.wikipedia.org/wiki/Glenn_Greenwald> have
One item mentioned is the NSA's QUANTUM. AFAIK that has nothing to do
with quantum computers and is described here as Bruce cited today:
as "... QUANTUM, at heart, really is airpwn without the goatse." :-)
Here's Bruce's latest summary about the NSA in today's CRYPTO-GRAM:
" I am regularly asked what is the most surprising thing about the
" Snowden NSA documents. It's this: the NSA is not made of magic.
" Its tools are no different from what we have in our world, it's
" just better-funded. X-KEYSCORE is Bro plus memory. FOXACID is
" Metasploit with a budget. QUANTUM is AirPwn with a seriously
" privileged position on the backbone. The NSA breaks crypto not
" with super-secret cryptanalysis, but by using standard hacking
" tricks such as exploiting weak implementations and default keys.
" Its TAO implants are straightforward enhancements of attack tools
" developed by researchers, academics, and hackers; you can buy a
" computer the size of a grain of rice, if you want to make your
" own such tools. The NSA's collection and analysis tools are
" basically what you'd expect if you thought about it for a while.
" That, fundamentally, is surprising. If you gave a super-secret
" Internet exploitation organization $10 billion annually, you'd
" expect some magic. And my guess is that there is some, around
" the edges, that has not become public yet. But that we haven't
" seen any yet is cause for optimism.
Because it's too long for a posting, you can read today's issue here:
" These same essays and news items appear in the "Schneier on
" Security" blog at <http://www.schneier.com/blog>, along with a
" lively and intelligent comment section. An RSS feed is available.