Who's listening?

StickyPlastics

Junior Member
Messages
70
All been around a very long time. Every fibre, sat link in and out of the UK is mirrored and diverted as is all UK telco's switching gear. Everything is IP now so makes life so much easier. Even back in the old days all was mirrored elsewhere. VPN's people use today are an algorithm developed by the same institutes. Every single piece of data is accessible no matter what you think. These algorithms have a pattern that can be spotted to those in the know then decrypt. SSL means nothing, IPSEC means nothing. The version number just goes up when it has been leaked. Those that dont upgrade are left vunerable to joe public. It's impossible for someone that doesnt have the patterns within the data stream to analyse then decrypt the data stream. Eavesdropping on any device is possible. Apple a prime example for verifing code before app store and limited access to api functionality for devlopers to stop this happening although apple/feds themselves can see and read what they like no matter what the press lead you to believe.

Sent from my SM-G973F using Tapatalk
 

CatmanV2

Member
Messages
48,555
Not directed to anyone. Just sharing knowledge.

Sent from my SM-G973F using Tapatalk

Sorry, and I really mean that. You're not sharing knowledge. I totally respect your expertise in dealing with plastics and so on. Something I have basically zero knowledge of.

However, this is my bread and butter. Somehow I managed to keep systems running about $1.3b of revenue secure in 2019. I've sat in a SKIFF in DC. I've managed another company's response to the Equifax breach. I've managed the response to (non critical, stupidity based) breaches in my own organisation. I don't say this to willy wave. I say this to ask: Please stop sharing mis-information.

C
 

StickyPlastics

Junior Member
Messages
70
Sorry, and I really mean that. You're not sharing knowledge. I totally respect your expertise in dealing with plastics and so on. Something I have basically zero knowledge of.

However, this is my bread and butter. Somehow I managed to keep systems running about $1.3b of revenue secure in 2019. I've sat in a SKIFF in DC. I've managed another company's response to the Equifax breach. I've managed the response to (non critical, stupidity based) breaches in my own organisation. I don't say this to willy wave. I say this to ask: Please stop sharing mis-information.

C
Ok.. no problem. This is quite a good tool earlywarning.service.ncsc.gov.uk presume you already subscribed? Yes and do feel your pain with data breaches etc. Its just the way of the world now which is sad to say.

Sent from my SM-G973F using Tapatalk
 

CatmanV2

Member
Messages
48,555
Ok.. no problem. This is quite a good tool earlywarning.service.ncsc.gov.uk presume you already subscribed? Yes and do feel your pain with data breaches etc. Its just the way of the world now which is sad to say.

Sent from my SM-G973F using Tapatalk

No worries. No I'm not subscribed because it's very very basic. Pretty much consumer level (despite the NCSC involvement) It's there to try and damp down consumers that insist on not changing the default usernames and passwords on their cheap baby monitors, or clicking on the 'Boots have a special treat for you' emails.

Yes, you're right. There are two types of company in the world now. Those that have been breached, and those that don't know they've been breached. But just about everything you've asserted is simply not accurate. :(

C
 

StickyPlastics

Junior Member
Messages
70
No worries. No I'm not subscribed because it's very very basic. Pretty much consumer level (despite the NCSC involvement) It's there to try and damp down consumers that insist on not changing the default usernames and passwords on their cheap baby monitors, or clicking on the 'Boots have a special treat for you' emails.

Yes, you're right. There are two types of company in the world now. Those that have been breached, and those that don't know they've been breached. But just about everything you've asserted is simply not accurate. :(

C
Consumers wouldnt use it. Give it a try. Back in the days I used vasco tokens similar to rsa's. Many said whats the point just harden passwords lol. 25 odd years on its starting to come to play with mfa apps etc in the workplace. Quite scary really when we could do this many moons ago.

Sent from my SM-G973F using Tapatalk
 

Saigon

Member
Messages
778
All been around a very long time. Every fibre, sat link in and out of the UK is mirrored and diverted as is all UK telco's switching gear. Everything is IP now so makes life so much easier. Even back in the old days all was mirrored elsewhere. VPN's people use today are an algorithm developed by the same institutes. Every single piece of data is accessible no matter what you think. These algorithms have a pattern that can be spotted to those in the know then decrypt. SSL means nothing, IPSEC means nothing. The version number just goes up when it has been leaked. Those that dont upgrade are left vunerable to joe public. It's impossible for someone that doesnt have the patterns within the data stream to analyse then decrypt the data stream. Eavesdropping on any device is possible. Apple a prime example for verifing code before app store and limited access to api functionality for devlopers to stop this happening although apple/feds themselves can see and read what they like no matter what the press lead you to believe.

Sent from my SM-G973F using Tapatalk
Thank God I unplugged that electric tin opener last night. Thanks guys.

Sent from my Matsui SE- G973F microwave cooker using Tapatalk
 

Felonious Crud

Administrator
Staff member
Messages
21,014
Ok so if its garbage excuse my ignorance. If you dont mind me asking can you give an example of an outside facing device manafacturer you would trust in.?

Sent from my SM-G973F using Tapatalk

Any Chinese home security cameras bought cheap,off the internet!

Oh, no, wait. Huawei! ****. Still no. Erm...
 

Felonious Crud

Administrator
Staff member
Messages
21,014
Oh, incidentally, in answer to the OP’s question, seldom my wife and never my kids. I don’t blame them. Mostly I’m just talking to myself, and even I’m bored to ******* ****.
 

Felonious Crud

Administrator
Staff member
Messages
21,014
Do you trust alexa??

Sent from my SM-G973F using Tapatalk

Dunno. Don’t use one. Can’t see the point.

Although I was given one as a corporate gift at a customer event in Mumbai. When I plugged it in, I was delighted that it has an Indian accent. Bloody awesome.

But I still don’t see the point. It sits in my desk drawer.
 

CatmanV2

Member
Messages
48,555
Ok so if its garbage excuse my ignorance. If you dont mind me asking can you give an example of an outside facing device manafacturer you would trust in.?

Sent from my SM-G973F using Tapatalk

Device covers a lot of ground. What sort of thing are you talking about?

Do you trust alexa??

Sent from my SM-G973F using Tapatalk

And now I think you're conflating a coupe of things, trust in Alexa is (or should be) rather divorced from your assertions regarding SSL, IPSEC and 'algorithms' being vulnerable.

I can't think anyone would put Alexa into a corporate environment (although I guess Amazon might) but as for trusting it? I have four of them. I am absolutely confident that they're not recording my every word and passing it back to Jeff et al. I am confident that they are secure enough for a domestic environment and that my set up is properly configured.

If (when) my network gets breached, it won't be because of any of the things you said. It'll be because I clicked on a stupid email (1999 I think it was) or I didn't keep my systems up to date (about 5 years back where there was a flaw in the SSH implementation in OS X), or I didn't use a suitable password (2002, a mail system was brute forced)

C