SSL Connect metadata–NSA; FBI/GCHQ/DEA covers; NIST subversion


 

Add a rule like this inside the OnBeforeRequest function*:

    if (oSession.HTTPMethodIs("CONNECT") 
&&
oSession["X-PROCESSINFO"]
&& oSession["X-PROCESSINFO"].StartsWith("outlook")) { oSession["x-no-decrypt"] = "boring process"; }

From http://fiddler2.com/documentation/Configure-Fiddler/Tasks/DecryptHTTPS

assume the FBI has implanted NSA-malware on the target’s computer.  Or assume some economic spying agency is trying to bias bilateral negotiations in the favor of the US, illegally. One goal of the malware would be to have it signal (to agent responsible for “selectors”) when “connections of interest” happen, so “other” cryptanalytical processes can kick in.

The most obvious malware attack on windows SSL is on the SSL sessionid cache, and the policy store. Who cares what the encryption is.. if the resulting master secret is stored in the local cache – and the cache is being “made available” (by Microsoft DESIGN PRINCIPLES) to NSA’s key provisioning service!

Now what is interesting is the parallel world of creating covers, for keys learned from compromised server farms, to hide the method used. As with DEA using spying, where one has such as a local police force manufacture a traffic stop to discover “happenstance” what was actually discovered by spying, one has the FBI install official search warranted malware (after one knows where its worth putting it, and what the search is going to reveal)

image

http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all&src=ISMR_AP_LO_MST_FB

Concerning unreferenced 2006-era NIST publications, on “public key” topics, that are deemed (vaguely by the press) to have been subverted by NSA, and utlimately become internationalized standards, what might they be? Evidently, its too “operationally” sensitive to actually say what they are (which makes the topic more interesting). So lets look at the 2006 period…for candidates:-

image

image

image

image

image

http://csrc.nist.gov/publications/PubsTC.html

In general one sees that the period of 2005/2006/2007 is all about PIV (smartcards), the vulnerability world (the operational sensor network for NSA, which is Schneirs main falsehood since he/BT fomented this world in full knowledge of its ulterior motive to place the local scanning modules for into the server rooms…), and “forensics” (particular on the then novel smart phone).

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in spying. Bookmark the permalink.