1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <drak@zikula.org>) id 1VxzY7-0005qU-Qg
for bitcoin-development@lists.sourceforge.net;
Tue, 31 Dec 2013 13:39:59 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of zikula.org
designates 74.125.82.175 as permitted sender)
client-ip=74.125.82.175; envelope-from=drak@zikula.org;
helo=mail-we0-f175.google.com;
Received: from mail-we0-f175.google.com ([74.125.82.175])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1VxzY4-0004m6-IS
for bitcoin-development@lists.sourceforge.net;
Tue, 31 Dec 2013 13:39:59 +0000
Received: by mail-we0-f175.google.com with SMTP id t60so11134542wes.34
for <bitcoin-development@lists.sourceforge.net>;
Tue, 31 Dec 2013 05:39:50 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:content-type;
bh=uxJRUZk18f+md5K1EcuuRg9fBx3FM4j12lsOJyZywqg=;
b=dpv2eCEmUS6zZ/qtoIGTv+zBKRcuYBbvGZ5v3XUuMEsOiLSscvC9UhE3ewwv55RZ0k
YfA4ape2/h9YhXKz8DU4yX9m/usNE/9B0GSb63oooXP8QKABu7VAmIxf5LpoXiHoFB0r
ZyAC4bsmKiP5IGVV2+61EgtfF3Gzc4pUW1kDuQvbmLT2vB2zI2VK/wfKRKq/phcAw32p
5/6lmoJHA9vYpuTwRGc7RXfkY3YdWuzuHe135mZYJ9QLVuKWHzstxA12FHHchok77znh
g6+l2AC8lZ8DQi8BZfG5E2e7CX/VpwToDImbW05OGSqnvZml02eUIfqkkbt4wFjwI3PJ
T2pA==
X-Gm-Message-State: ALoCoQkkwxTdZmX1/2Z8WIqyfHwhZRZNlLoBLPK1v88kE9s0ym6EM2PeiYzrSxLjV+N9CtBrDdVA
X-Received: by 10.180.108.162 with SMTP id hl2mr47450565wib.56.1388497190221;
Tue, 31 Dec 2013 05:39:50 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.93.105 with HTTP; Tue, 31 Dec 2013 05:39:30 -0800 (PST)
In-Reply-To: <20131212205106.GA4572@netbook.cypherspace.org>
References: <52A3C8A5.7010606@gmail.com>
<1795f3067ba3fcdd0caf978cc59ff024.squirrel@fruiteater.riseup.net>
<52A435EA.7090405@gmail.com> <201312081237.24473.luke@dashjr.org>
<CANAnSg2OrmQAcZ+cZdtQeADicH3U29QOgYPfP1AQhOMP6+P1wg@mail.gmail.com>
<CAAS2fgR0khyJxmz9c2Oc87hOFgiNuiPJuaeugGajdo_EcKEW9w@mail.gmail.com>
<20131212205106.GA4572@netbook.cypherspace.org>
From: Drak <drak@zikula.org>
Date: Tue, 31 Dec 2013 13:39:30 +0000
Message-ID: <CANAnSg3nPhrk2k=yDKf39AuBQnSuTWJbgANdMhGe=soiOy0NTw@mail.gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=e89a8f3bac6fcb8e8d04eed4b1ed
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: bitcoin.org]
X-Headers-End: 1VxzY4-0004m6-IS
Subject: Re: [Bitcoin-development] Dedicated server for bitcoin.org,
your thoughts?
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 31 Dec 2013 13:39:59 -0000
--e89a8f3bac6fcb8e8d04eed4b1ed
Content-Type: text/plain; charset=UTF-8
Has anyone seen the talk at 30c3 on the current NSA capabilities?
https://www.youtube.com/watch?v=b0w36GAyZIA
Specifically they are able to "beat the speed of light" between you and a
website such that if you communicate with Bob, they can sent competing
packets that will arrive before Bob's packets. They have realtime deep
packet insertion able to inject arbitrary data into an TCP streams and can
change file downloads **on the fly**. This can be done remotely.
Sourceforge do not have https downloads, so this is yet another reason to
move downloads to somewhere that does - like github.
The NSA has the ability, right now to change every download of bitcoin-qt,
on the fly and the only cure is encryption.
Revealed as part of the presentation is the fact that if the NSA has access
to these capabilities, then so do others and in fact one of the things
revealed yesterday was independently discovered already and published.
Same goes for the bitcoin.org site - why are we dragging our feet on
installing an SSL certificate and redirecting all http to https? While no
solution is perfect, it's a lot better than zero defense.
You can see the irony of disseminating the bitcoin crypto-currency client
in the clear.
For anyone who has not seen the video. You will be shocked by what is
actually in the wild being used today. It goes way beyond anything
imaginable even in science fiction.
https://www.youtube.com/watch?v=b0w36GAyZIA
Drak
--e89a8f3bac6fcb8e8d04eed4b1ed
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Has anyone seen the talk at 30c3 on the current NSA c=
apabilities?=C2=A0<a href=3D"https://www.youtube.com/watch?v=3Db0w36GAyZIA"=
>https://www.youtube.com/watch?v=3Db0w36GAyZIA</a></div><div><br></div><div=
>Specifically they are able to "beat the speed of light" between =
you and a website such that if you communicate with Bob, they can sent comp=
eting packets that will arrive before Bob's packets. They have =C2=A0re=
altime deep packet insertion able to inject arbitrary data into an TCP stre=
ams and can change file downloads **on the fly**. This can be done remotely=
.</div>
<div><br></div><div>Sourceforge do not have https downloads, so this is yet=
another reason to move downloads to somewhere that does - like github.</di=
v><div>The NSA has the ability, right now to change every download of bitco=
in-qt, on the fly and the only cure is encryption.</div>
<div><br></div><div>Revealed as part of the presentation is the fact that i=
f the NSA has access to these capabilities, then so do others and in fact o=
ne of the things revealed yesterday was independently discovered already an=
d published.</div>
<div><br></div><div>Same goes for the <a href=3D"http://bitcoin.org">bitcoi=
n.org</a> site - why are we dragging our feet on installing an SSL certific=
ate and redirecting all http to https? While no solution is perfect, it'=
;s a lot better than zero defense.=C2=A0</div>
<div><br></div><div>You can see the irony of disseminating the bitcoin cryp=
to-currency client =C2=A0in the clear.</div><div><br></div><div>For anyone =
who has not seen the video. You will be shocked by what is actually in the =
wild being used today. It goes way beyond anything imaginable even in scien=
ce fiction.</div>
<div><br></div><div><a href=3D"https://www.youtube.com/watch?v=3Db0w36GAyZI=
A">https://www.youtube.com/watch?v=3Db0w36GAyZIA</a><br></div><div><br></di=
v><div>Drak<br></div><div><br></div></div>
--e89a8f3bac6fcb8e8d04eed4b1ed--
|