[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Red team attacks vs. cracking


        This is to forestall those of you who seem to be be arguing
 that the debconf6 KSP crack was a red team attack -- here is how that
 attack differed from a legitimate red team effort (I have been a
 member of red teams before, and have lead a number of red team
 attacks in my time).

  a) You talk to the chain of command. The DPL was present, the the
     person running the key signing come to mind.  The red team
     details the attack to the officer in charge, laying out the plan,
     so that the attack and response can be monitored
  b) No actual damage is done -- in this case, the web of trust should
     not be contaminated by actual keys being signed.  This could have
     been easily done by proclaiming the deception when the KSP was
     just over, and by sending an email to the debconf list, and to
     the devel list, and in the IRC channel.  The experiment was over
     by then -- people had challenged, or not, the key.
   c) Allow the blue team to dissect the attack. This could have been
      done easily by setting up in hacklab, allowing people toexamine
      the trick ID, the real ID, and have other people with german
      passports and the DPL assure us that there was no real attack in
      progress, and allow us all to examine the passport, if any, to
      assure us of the identity of the red team, belatedly.

        None of these characteristics of a legitimate read team attack
 were in evidence. The disclosure came days later, in a blog posting,
 well after the web of trust was tainted by fake signatures.

        My friends, I know read team attacks. Red teams are friends of
 mine. This, my friends, was no read team attack.

ps: udos to those who get the last para.
Garbage In, Gospel Out
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: