![]() Xmas posted a second message to Twitter after some testing, saying that he had the correct scale for the TSA keys. I came home and began testing them, only to find the sizes were way too small,” he explained. ![]() “I had printed the keys up, confirmed they looked good, and then took that picture while I was out grabbing some dinner. One Tweet made by Johnny Xmas at the time was widely circulated in the media, despite the fact it wasn’t truthful. At no point, did the media contact Johnny Xmas, DarkSim905, Xylit0l, or MS3FGX to get additional details or confirm facts – a major misstep considering there were problems with some of the keys in the first place. In all fairness, they were right to be frustrated. People have had a great deal of things stolen from their luggage in recent years due to the abuse of key escrow,” DarkSim905 added, referencing reports of valuables being stolen at airports.Īs mentioned, when the Travel Sentry story broke, most of the hackers involved felt the media missed the point entirely. It should shock anyone who has even vaguely private things or thoughts. “The fact an organization with an already questionable history and existence went so far as put all of our travelers’ belongings at risk for theft is mind boggling. luggage), doesn’t mean we should accept it for our electronic communications as a result,” DarkSim905 said. Just because the average person was forced to share keys to their things (i.e. “Security, encryption and protecting communications that many of us security researchers take for granted, are constantly under threat. Yet, at that point in time, those calling out the parallels between the Travel Sentry keys and the backdoors being sought by the FBI were routinely ignored. How much can you trust that third-party? If they’re dishonest or greedy, they can steal your property or access your sensitive information without your knowledge or consent,” explained Nite 0wl during a recent interview with Salted Hash.Įven if the third-party is completely honest, Nite 0wl added, “their security must be at least as good as your own or an attacker can get your keys from them instead of attacking your system directly.” “At its best key escrow creates a larger attack surface and places significant, if not complete, control or your security in the hands of a third-party. ![]() However, no one trusted the FBI’s ability to protect such golden keys. ![]() The backdoor would allow unrestricted access to the encrypted data on a person’s iPhone or iPad, but the FBI claimed they would only use it when legally allowed.Īnother way to put it – the FBI wanted Apple to give them a master key that would bypass the security protections on an Apple customer’s device, one that would be held in escrow and only used when the FBI felt it necessary. “The point we were trying to make, which everyone involved stated very clearly over and over again, was that this was all an act of civil disobedience in order to create an excellent metaphor for the general public to better understand the inherent dangers of trusting a highly-targeted third-party to have the tools necessary to grant unfettered access to your stuff,” Johnny Xmas said.Īround the time the Travel Sentry keys were released, Apple and the FBI were going to war over the FBI’s demand that Apple develop a backdoor in their software. ![]() The media coverage related to the Travel Sentry leak primarily focused on the fact that hackers could now break into luggage, which the hackers involved in the leak claimed completely missed the point. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |