Re: [perpass] A reminder, the Network is the Enemy...

Bjoern Hoehrmann <> Wed, 20 November 2013 22:44 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 66D611AE078 for <>; Wed, 20 Nov 2013 14:44:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.425
X-Spam-Status: No, score=-2.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.525, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id e_Zm3SQ_aPYZ for <>; Wed, 20 Nov 2013 14:44:01 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id E99A71AE4C6 for <>; Wed, 20 Nov 2013 14:44:00 -0800 (PST)
Received: from netb.Speedport_W_700V ([]) by (mrgmx103) with ESMTPA (Nemesis) id 0MCL6r-1VrkoC1mE5-009B3q for <>; Wed, 20 Nov 2013 23:43:53 +0100
From: Bjoern Hoehrmann <>
To: Ted Lemon <>
Date: Wed, 20 Nov 2013 23:43:36 +0100
Message-ID: <>
References: <> <>
In-Reply-To: <>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:jNtuAeVjDCzxdj1KcDt26rgP4LuLuQmfFwAyFyPXEFtoLOjb3hv rfLE3fbab0riAi/In+bSD734mvsVkYUoPFNycPDlC8OScRnSCqnkkwW19ekDPIgGx9JmIZX FtQWFb2xz3f0ANudHMQqRsHnxiT6Mvkn+l0NUC/s9d4x6v6v583+KUg4jnTGHHrKM4dTj8i +j2ft7IGQOg89hHUGjzCQ==
Cc: perpass <>, Nicholas Weaver <>
Subject: Re: [perpass] A reminder, the Network is the Enemy...
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Nov 2013 22:44:03 -0000

* Ted Lemon wrote:
>The thing that hit me from this article that I really just hadn't fully 
>understood previously is that any web site that displays personalized 
>information per user that can be easily parsed now serves as a way to do 
>a targeted attack on an individual or on individuals who work for an 
>So if you read slashdot or tumblr, for example, both of which display 
>personally identifying information on their home pages if you are logged 
>in, then an MiTM attacker can listen on the link the server is connected 
>to and trigger on HTTP responses to you, and then attack you 
>specifically, without revealing the attack to anyone else.

>This can be mitigated in several ways—obviously https-everywhere will 
>address the problem, but also if the web site simply doesn't display 
>personally identifying information in their outgoing traffic, then the 
>passive attack isn't possible.

Online advertisers are happy to help you identify your targets and put
code on their computers, <>.
Björn Höhrmann · ·
Am Badedeich 7 · Telefon: +49(0)160/4415681 ·
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 ·