Re: [Smart] Hacked by Crypto
Kirsty P <Kirsty.p@ncsc.gov.uk> Mon, 04 March 2019 13:55 UTC
Return-Path: <Kirsty.p@ncsc.gov.uk>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5001228B7 for <smart@ietfa.amsl.com>; Mon, 4 Mar 2019 05:55:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ncsc.gov.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Iv12XGedIEd for <smart@ietfa.amsl.com>; Mon, 4 Mar 2019 05:55:44 -0800 (PST)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100112.outbound.protection.outlook.com [40.107.10.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDC8813106D for <smart@irtf.org>; Mon, 4 Mar 2019 05:55:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ncsc.gov.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RVK7jkXJI8H7sjwxwQhSrVaWYQYY8yMGYiY6YhQ67Fs=; b=NNmGL1jfH7JXwO9aqnD0/oJX3GvuCk7fbPVPkExUs7fyHZVgoSE2+S+gaKntw/RMjqG5InZfLbdWB21gGzdcaY7Uj8u7hMEPDmH6r6HRpxSJhIHDGPqN6JR16xC7vnEGRzi19NCQE8UXrziw3g4zPNwFeA8sRZcFdq1QB8nltCg=
Received: from CWLP123MB2467.GBRP123.PROD.OUTLOOK.COM (20.176.62.15) by CWLP123MB1716.GBRP123.PROD.OUTLOOK.COM (20.176.58.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.16; Mon, 4 Mar 2019 13:55:41 +0000
Received: from CWLP123MB2467.GBRP123.PROD.OUTLOOK.COM ([fe80::da8:590:973e:c17c]) by CWLP123MB2467.GBRP123.PROD.OUTLOOK.COM ([fe80::da8:590:973e:c17c%4]) with mapi id 15.20.1665.020; Mon, 4 Mar 2019 13:55:41 +0000
From: Kirsty P <Kirsty.p@ncsc.gov.uk>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Bret Jordan <jordan.ietf@gmail.com>, "smart@irtf.org" <smart@irtf.org>
Thread-Topic: [Smart] Hacked by Crypto
Thread-Index: AQHU0dyFt8c17fvVGk2fqOhMBHjMxaX6Gq2AgAFlSaw=
Date: Mon, 04 Mar 2019 13:55:41 +0000
Message-ID: <CWLP123MB2467C7F06026882BACEEEBC1D7710@CWLP123MB2467.GBRP123.PROD.OUTLOOK.COM>
References: <D22C801A-F090-4081-A15F-103EBCEDB3E6@gmail.com>, <4ab8d117-1aa8-f875-d77f-412c7f8935ee@cs.tcd.ie>
In-Reply-To: <4ab8d117-1aa8-f875-d77f-412c7f8935ee@cs.tcd.ie>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Kirsty.p@ncsc.gov.uk;
x-originating-ip: [51.140.114.144]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 90053b48-dfe3-42f2-dafd-08d6a0a916d1
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:CWLP123MB1716;
x-ms-traffictypediagnostic: CWLP123MB1716:
x-ms-exchange-purlcount: 1
x-microsoft-exchange-diagnostics: 1; CWLP123MB1716; 23:DP234Bo6HLXlEP/+E86rhw7m+bcyW8X9otlmdjpe+ZI/Rg1BSdmaiK+CF0WxpMCth2BWVdMyroBU6G6o7aBoTWSslck3RqlCT91a93LC02oP0KmlGHbfXWmE9Wl/5YQmC1aHJZayWp22lQDo+SrlmwU1nQEZdIIpQirJmyL8IxBJymOvReB3iagTaUTV4Gp4IgY10n4Bm5PqYnPjiYA4gxnC8jdTCgnVpOtv5opbkIiHgNZ7J+exMeVoWP/fjs98/0/GLsIN/2oR8xXTq9UpgJYGA3f3gjvmUgUaNTAk9OSxxHiYtZa5tRfEe2Soix8cukh7MNfFz+HVBE+2YKQ1OSgA/pTpI9oRJfZhzbDbO/7h7KbHwL6THgMtuNseh5RDFtIzAsQqohugIUk7OPgcgxs6iqIAFDR6h9FuJpnUSGRnzzqQkYWtfQcMbBZXkDjip5PSNZUL9NQsaTul5PzDlkcgxNkC+VPu9b36RsFPOqkFFOHx4aEaXNXE3OxXR+jNeq1qQqtd25nNuZjnbxal7kAMlz42L/NN1iBy4MVM9F1xXCSQr6Jxs4a4Ydn+71IccXRZgtnKtbsRxwW/fXp5fs5NIhk/MobzGVOmvtcOjIKfv6CYwNb+Pfg9/sNduAClLhgJzfAgiXgtPt0cimriFKeKeYhleYBIzCilccnVEZrb9WUl39qhtuQQbzmb5XypDEZUZEZ5B2X/t9w88sxMagxb5z9jm2NHivrsh+ObdjTF3bKpWC2gfKiWZ89nJtkonvck/Pv8Z6JXX8YYguq5/neR9o/N+XyyBnATmMJo1m63e/hf7e+oSPuyyqLIm4Nb7Ob9G8rrZThv4A34ZUtugF13FY7jbiBJIgfyLMiLE5RL4RjSLkf12BFvaaWHD+ilbEPAb3HuDC4YWDcQqLBINt04/Qu0lvVjCvS67FLYz37Z2dXimSfoMy9ZukvakW5K6sod7RbwoEKDZBZvmKHVtsEVRt/Rccq+kLnwl185bbPt+AEzKY+zBIQzlLE8ip62Ca1Cnwh9Ps/lXljLm+6RXVpEBH4uHhU2NNC7tGGIDNtmaOCui/4Kt8VWKohaYVWY5lJSCPLaM66JQYiJHs/vN0ILdW5gkB+vV+OxIZFeN4UPzbTG/cjbpV9aLuP21KB5MQ8w+Bn92LkgS+qGQsD2/GTSPAZtXJNH4D9ZMRwh/prMQ1GJZYJatEldhgos1UbZZS3Ol0UOMt96yWqsyLs3PR+wcT9h8RMqIyljJBx6iL2TObP5c3i7qY5PzTchoNYOBnlA6xFdSGSzPtJYBkPvgZ/aOZcEiEIhMtfWkVovOTAZ9Xfudegp+jT9DPpmPR2W7FAY+x1fBr+Rico/jGjg9IJiS8V/J4ZD797jkFO3XyqbbXPlX7jUcNaQkL3emkzT1Ht0YQ2havhXf67FmtKf4q5nYjdoAn+xGpKFsfCgcI+7RfTkL11AwN0FXsbqrJpJ
x-microsoft-antispam-prvs: <CWLP123MB171620A2FF4EA7A7663E85A5D7710@CWLP123MB1716.GBRP123.PROD.OUTLOOK.COM>
x-forefront-prvs: 09669DB681
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(39850400004)(136003)(346002)(376002)(396003)(199004)(189003)(66066001)(14454004)(86362001)(7736002)(9686003)(606006)(54896002)(76176011)(6306002)(25786009)(296002)(5660300002)(99286004)(6506007)(74316002)(55016002)(7696005)(55236004)(110136005)(2906002)(236005)(2501003)(71190400001)(71200400001)(33656002)(53936002)(53546011)(229853002)(68736007)(97736004)(3846002)(6116002)(316002)(26005)(75922002)(81156014)(1015004)(81166006)(8676002)(102836004)(186003)(966005)(11346002)(446003)(74482002)(486006)(19627405001)(476003)(105586002)(106356001)(6606003)(14444005)(72206003)(8936002)(256004)(6246003)(6436002)(45080400002)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:CWLP123MB1716; H:CWLP123MB2467.GBRP123.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ncsc.gov.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 8CTE0rmZ0xjYlu5/d6oMzLkmC5hLcYlJQcEclSQIZhqkHTWPbXAwCn+BCtp7G5uoL1ENgAyOq+icPEtykDMcQx0nNQ+3EtWqRJEfP1DTRws/1PTjplUDRBYn96ZYeYu3KpyPzJnIEGCfb/2nNrgz+2/43k6Y+4Vt/J4L+6chGRNizW6S3rXqSXiPAAXgxqKAf9UUKBRt2gFNv2P1Vma+jtUclry3PcPOyYvSH+ZaURXvmX7nzW8KKgXImXCLtWJbOuweWjSTQBhtdAXJqrU+A6KEz+Bqvt7Lsfm1v9Gi+I7Vw408R4bOE6F8ujpzMiEgPOskPy7bQt4g1cVtoITwUxRuOt5SpWVGPfof37lfI5St1xYVCx9emmCsnD9iW66ExNfYrg25U0yHSN+yrC+xup/V9scQzsJeNWG1x8+kx0U=
Content-Type: multipart/alternative; boundary="_000_CWLP123MB2467C7F06026882BACEEEBC1D7710CWLP123MB2467GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: ncsc.gov.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 90053b48-dfe3-42f2-dafd-08d6a0a916d1
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2019 13:55:41.1292 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 14aa5744-ece1-474e-a2d7-34f46dda64a1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWLP123MB1716
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/XIwlLtOHJidEnIhwV4oWMvYZZ34>
Subject: Re: [Smart] Hacked by Crypto
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 13:55:47 -0000
Thank you for bringing this talk to our attention. As Stephen notes, this is indeed a serious topic and I'm glad that Bret is presenting on it at RSA. I'm sure it will reach many people who need to be aware of the content of the talk, but aren't currently sighted. I would also politely contest describing a conference that attracts 40k+ attendees annually as "only the RSA show"... That could be perceived as a bit dismissive, and I'd like to keep the list friendly for many reasons, but especially to encourage those who are new to the IETF/IRTF to participate. Kirsty ________________________________ From: Smart <smart-bounces@irtf.org> on behalf of Stephen Farrell <stephen.farrell@cs.tcd.ie> Sent: 03 March 2019 16:36 To: Bret Jordan; smart@irtf.org Subject: Re: [Smart] Hacked by Crypto Bit of a pity to see a serious topic handled using such a wildly inaccurate title. You may as well have said "hacked by network" or "hacked by computer" or even "hacked by arithmetic" as they'd all be as inaccurate. I guess it is only the RSA show though. S. On 03/03/2019 16:16, Bret Jordan wrote: > All, > > If you will be at RSA this week, I will be giving a talk about various new technologies and standards and what they will mean for operational security. Specifically, how could a threat actor, intrusion set, or crime syndicate use these technologies to advance their objectives. > > The main topics will be: > DNSSEC > DANE > DoH/DoT > Opportunistic DoH > TLS1.3 > ESNI > QUIC > > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rsaconference.com%2Fevents%2Fus19%2Fagenda%2Fsessions%2F14434-hacked-by-crypto&data=02%7C01%7Ckirsty.p%40ncsc.gov.uk%7Cee50ad85285f4eb8486008d69ff660ab%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C636872277875507480&sdata=ZhJUJ9u4KAOK7cTsdxv5lGL%2FvNAh9gRTBISdY4YnqUY%3D&reserved=0 <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rsaconference.com%2Fevents%2Fus19%2Fagenda%2Fsessions%2F14434-hacked-by-crypto&data=02%7C01%7Ckirsty.p%40ncsc.gov.uk%7Cee50ad85285f4eb8486008d69ff660ab%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C636872277875507480&sdata=ZhJUJ9u4KAOK7cTsdxv5lGL%2FvNAh9gRTBISdY4YnqUY%3D&reserved=0> > > > Thanks, > Bret > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." > > > This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk
- [Smart] Hacked by Crypto Bret Jordan
- Re: [Smart] Hacked by Crypto Stephen Farrell
- Re: [Smart] Hacked by Crypto Kirsty P