gibson99 (u/gibson99)

gibson99 commented on Signal partners with Microsoft to bring end-to-end encryption to Skype signal.org/blog/skype-par... · Posted by u/Aissen

geofft · 8 years ago

Why would you want to assess what's actually running on their servers? Even if you know the code on it, you have no guarantee it's not running inside a hypervisor that logs the contents of memory, or something.

In terms of cryptographic robustness, it's good for an app like Signal to have a closed-source server, because it forces you to not trust the server.

(This is of course separate from whether it's good for the Signal server to be free software for inherent free-software morality reasons.)

gibson99 · 8 years ago

True, but it seems like wishful thinking for Internet users to reasonably assess the dangers of trusting the 'Cloud' with private data.

Still, I think the most important breaches of privacy are not necessarily in decoding the messages themselves, but rather everything from location data to contact lists including time and number of communications these apps have access to by default.

gibson99 commented on Spectre and the end of langsec wingolog.org/archives/201... · Posted by u/robin_reala

forapurpose · 8 years ago

I'm starting to consider whether this reflects a larger failure in the industry/community: Traditionally, many of us (I'd say almost all) have been focused on security at the OS level and above. We've assumed that the processor and related hardware are safe and reliable.

However, below the OS level much new technology has been introduced that has greatly increased the attack surface, from processor performance enhancements such as branch prediction to subsystems such as Intel ME. I almost feel like Intel broke a social compact that their products would be predictable, safe commodities on which I can build my systems. But did those good old days ever really exist?. And of course, Intel naturally doesn't want their products to be commodities, which likely is why they introduced these new features.

Focusing on OS and application security may be living in a fantasy world, one I hesitate to give up because the reality is much more complex. What good are OpenBSD's or Chrome's security efforts, for example, if the processor on which they run is insecure and if there are insecure out-of-band management subsystems? Why does an attacker need to worry about the OS?

(Part of the answer is that securing the application and OS makes attacks more expensive; at least we can reduce drive-by JavaScript exploits. But now the OS and application are a smaller part of the security puzzle, and not at all sufficient.)

gibson99 · 8 years ago

The issue of hardware security really has been ignored too long in favor of the quest for performance enhancement. Perhaps there is a chance now for markets to encourage production of simplified processors and instruction sets that are designed with the same philosophy as OpenBSD. I would imagine companies and governments around the globe should have developed a new interest in secure IT systems with news about major exploits turning up every few months now it seems.

gibson99 commented on Signal partners with Microsoft to bring end-to-end encryption to Skype signal.org/blog/skype-par... · Posted by u/Aissen

gibson99 · 8 years ago

Maybe they have an 'understanding' about the implementation of the cryptography as they do with WhatsApp, meaning the program doesn't notify you when your opposite's keys change, leaving unscrupulous users (most) susceptible to MitM attacks, which could be used by law enforcement or three-letter-agencies. Plus, Skype probably still makes extensive use of meta-data, Signal allege that they don't, but we can't really assess what's actually running on their servers, despite the use of the AGPL.