Most of the intrusion attempts I see come from within the US borders, from systems or companies already compromised by someone else. Or road-runner addresses. A Chinese attack would likely be launched from within our borders.
Right! Just because you have a degree doesn't mean you magically crap daisies and good code. I've met plenty of programmers with advanced degrees in Computer Science who couldn't tell me how to.
I feel the same way when I'm hiring guys with Microsoft or other certifications. If they can't answer basic questions, I don't hire them. I had one guy claim he knew Server 2000 really well even though he had an MCSE and less than 1 year of experience. I called his bluff by pointing him to a computer that was blue screening on boot and asking him to fix it. This MCSE twit didn't know how to boot in safe mode. For what I needed, I'd much rather have the guy with lots of experience.
I have the same issue. The solution for me is to try to get the emergency exit row, which has more leg room. Some planes even have a missing seat in front of the exit where I can really stretch my legs out.
The very rapid store/release is probably the main benefit. Overall energy storage is probably pretty low. Doing the math, an 80-hp output for 10 seconds is about the 166 watt-hours of energy. Or about the equivalent of a small 12 volt, 14 amp*hr motorcycle battery. I can't imaging that energy efficiency or the energy/weight ratio is higher than a battery.
The hybrid system in the GT3 R Hybrid uses a flywheel system that harnesses kinetic energy under braking to power a pair of electric motors mounted in a single assembly. The electric motors and flywheel assembly sit where the passenger seat of a street 911 would normally reside. Power gathered by the flywheel system is sent to the front wheels and when fully charged the hybrid system can provide a 6-8 second burst of power for passing and exiting corners activated by a button on the steering wheel. The flywheel in the hybrid system will reportedly spin as fast as 40,000 rpm.
The pair of electric motors provides an additional 161 horsepower to the front wheels supplementing the 4.0-liter flat-6 that produces 480hp and sends its power to the rear wheels. Porsche is mum on performance claims for the 911 GT3 R Hybrid, but the car will appear on May 15 at the Nurburgring 24 Hours endurance race."
So it's not too different from a normal hybrid, except instead of charging batteries to store the energy they are spinning up a flywheel. The forward kinetic energy of the vehicle is recovered as electrical power using generators/motors, which drives generator/motors that spin up a flywheel. Going the other way, the flywheel mechanical energy is converted back to electricity to drive the front wheel motors.
I think he was referring to the dimwits who were spending far more than they were earning, and then wondered how they got so far into irrecoverable debt. True the banks were preying on these folks, but still ya gotta wonder who gets a $400k interest-only mortage when they only make $30k.
Why on earth would I download and run the "inoculation" removal software from some unknown company? It might actually be installing more crap! Why not just give us a shell script if it's just wmi calls?
And if the quality is sub-par they're going to be complaining about crappy Cisco hardware when it's not Cisco's fault, affecting their brand image.
All true. Do you know if Cisco is honoring warranties on the counterfeits. Surely when you call in a TAC case, they know from the serial number if it's legitimate or not.
True; pressure from the FBI probably had a large part behind this- either way, I hope that China will continue to cooperate with other countries in cracking down with counterfeits. China has to start cleaning up.
I don't believe China is overly concerned about counterfeits. In fact, they probably view it as a benefit. As a country, instead of paying Microsoft for copies of Windows or Cisco routers, they can get virtually identical products for very cheap.
The manufacturers like Apple, Dell, Cisco, etc are not going to pull out of China any time soon so their aren't even jeopardizing their trade relations from that respect. The problem will come when China's rampant inflation and climbing workers wages no long make it profitable for US based companies to offshore production to China. Then we'll see if China doesn't exhibit an economic meltdown.
The only reason the Chinese govt got involved was pressure from the FBI. The only reason the FBI got involved is that some of those fake Cisco routers had a modified IOS with a backdoor password. I have a suspicion that the Chinese govt was actually involved in selling the compromised counterfeit equipment.
This and many other examples, are why the security specialists highly recommend formatting any new computers or equipment and installing fresh software/firmware from a known good source.
It certainly raises a red flag for me when you consider that a single vaccine can give a child an exposure 5-10x the OSHA limit for mercury poisoning.
It doesn't. The OSHA limit is for chronic exposure to methylmercury. Thimerosal exposes you (via breakdown) to ethylmercury, and only once. It's the wrong substance and is a non-chronic exposure. There is not an established toxicity for ethylmercury, as far as I recall -- it is generally thought that the toxicity is lower than methylmercury, and so the limits for methylmercury are used. (But again, the limit you are referring to is the chronic-exposure limit.)
The FDA hasn't established limits on ethyl mercury and has several articles suggesting that the methyl mercury limits be used for chronic exposure. See my other post showing one daily exposure limit was being exceeded by 3x for a typical 6-month getting his vaccinations.
It certainly raises a red flag for me when you consider that a single vaccine can give a child an exposure 5-10x the OSHA limit for mercury poisoning.
Really? From childhood.com: "An infant who is exclusively breast-fed will ingest more than twice the quantity of mercury that was ever contained in vaccines and fifteen times the quantity of mercury contained in the influenza vaccine."
And: "Thimerosal — a preservative still used in the influenza vaccine — contains a different form of mercury called ethylmercury. Studies comparing ethylmercury and methylmercury suggest that they are processed differently in the human body. Ethylmercury is broken down and excreted much more rapidly than methylmercury. Therefore, ethylmercury (the type of mercury in the influenza vaccine) is much less likely than methylmercury (the type of mercury in the environment) to accumulate in the body and cause harm."
Are you going to argue that we should stop breastfeeding our children, since through breastfeeding children ingest a larger quantity of a more harmful form of mercury than was ever contained in vaccines?
And where are you getting the OSHA limit from? All I can find on their website is a limit on the air concentration of mercury, which is an entirely different issue.
All true, although the comparison of a single exposure to a lifelong exposure is a bit of a stretch. Particularly, since as you pointed out, since ethyl mercury is expelled from the body pretty quickly compared to methyl mercury which tends to accumulate.
What do you mean by "large"? According to this chart, the vaccine with the most mercury (Influenza-A) contains only.025mg of mercury, and is a one-time dose; this is much lower than OSHA's air-exposure limit of 0.1mg/m^3 per work week, if you somehow managed to ingest all of that mercury vapor.
And, as noted, most vaccines now contain zero mercury.
So much for your point;)
The OHSA limit is 0.01mg/m^3 for long term occupational air exposure. The EPA daily intake limit is 0.1 micrograms/kg/day. Prior to 2000, the average round of vaccines for a 6-month infant contained 187.5 micrograms of thimerasol, almost three times the calculated exposure limit of 65 micrograms, based on this EPA guideline. (ref AAP, 1999, interim report; United States schedule, Tables 1 and 2). It's even worse for a small, underweight child.
As you pointed out, the FDA placed restrictions on the use of thimerasol in child vaccines. A large portion of vaccines like the flu shot still do. It's not uncommon to see pneumonia and flu vaccinnes administered to kids outside of the official guidelines from the drug maker. In some cases, thimerasol-free child versions of some vaccines simply are not available.
I'm not saying I agree that thimerasol is causing autism. In fact, I'm a bit skeptical. I'm saying that there is no concrete data proving it's absolutely safe for 100% of the population. Given the doubts and some conflicting data, it's safer to be conservative.
As another interesting point of data. I recall reading that 5% of contact lens wearers are sensitive to thimerasol containing saline solutions. I'm not how this compares to internal injection though.
But the large volume of anecdotal evidence should be enough to get the vaccine manufacturers to consider stopping the use of thimerasol as the preservative. Perticularly when there are other alternative preservatives that are not under suspicion. The FDA has yanked drugs off the market with far, far less circumstantial evidence. It certainly raises a red flag for me when you consider that a single vaccine can give a child an exposure 5-10x the OSHA limit for mercury poisoning.
It's quite likely that some small percentage of people are unusually sensitive to mercury, and a large dose can trigger autism in them. We've certainly seen lots of cases of unusual allergies in people that are not present in the general population.
Also, consider that we are far more eager to diagnose autism and put a label on kids as its the only way to get help from the state. 30 years ago, we'd just call Johnny a lottle slow. Nowadays, he's ADHD, autistic, aspergers, something or other.
The receiving antennas are not nearly that big for subs (maybe you're confusing them with the towed acoustic arrays?). In fact the receiving antenna for surface ships is generally under 10-meters in diameter. Its the transmitting antenna that has to be enormous.
It appears this is basically using VLF using very directional antenna both in the mine and topside. Hence the reason for a large antenna that has to be assembled. This is also the major downfall as you need to accurately aim and locate both antenna.
You've said two things that are the opposite of each other. You've claimed:
The entire communications circuit betweem sites is encrypted if the connected networks or systems are classified.
Which is entirely correct. But you've also claimed:
Again, its not done becauses bandwidth costs money and it isn't needed.
When you encrypt a circuit (as opposed to the traffic on it) then the circuit is in constant use, and uses constant bandwidth. You cannot encrypt a circuit at the link-level, and save bandwidth. It is an contradiction. So you were correct in one of your claims, but when you claimed the opposite as well, you were wrong.
I think you're misunderstanding how military network encryption works. I probably added to that confusion by not making the distinction between the circuit and the site-site link.
Think of the miltary encryptors as vpn boxes doing tunneling with encryption between classified sites. If there is a dedicated telco circuit, the actual circuit between the encryptors isn't encrypted, but rather all of the data passed over it is encrypted. Yes, technically a circuit is a fixed bandwidth and gets padded out with "zeros". The padding is obvious to anyone sniffing the telco circuit itself. The encryptors don't add any bogus traffic between themselves.
Also, it's pretty common for the encrypted traffic to travel between sites over an existing unclassified network connection. In that case, encrypted and non-encrypted traffic exists on that link.
You made the contention that additional traffic is added to prevent traffic analysis. That simply is not true in any of the typical military encryption setups. Not for networks, radio coms, or any other communication methods I work with.
Close, different branch. Despite smallfries assertion that I don't know anything, I happen to be deeply involved in encryption and classified miltary networks.
Indeed, the main intent of the spread spectrum techniques is to prevent jamming and identifying the source location of a transmission. No sense having your soldier sending out a beacon for his location on the battlefield.
This technique does a layer of security, but it's a secondary benefit as encryption is normally done for classified transmissions anyway.
Why have you bothered to argue a point that you clearly know nothing about?
Link level encryption. In order to defeat Traffic Analysis it is necessary to fill the channel.
You just proved my point sir! Link-level encryption is exactly what I'm talking about. The entire communications circuit betweem sites is encrypted if the connected networks or systems are classified. It is generally done using NSA type-1 encryptors. There is no distinction made about the actual traffic traversing the link. There is no requirement what so ever to fill the channel with extra garbage and it generally is not done.
You'll see end-end encryption on the unclass networks in the form of individually encrypted emails or encrypted files, or perhaps even the use of ipsec for select communications. Are you suggesting that we should just add random traffic that looks encrypted but is just garbage? Again, its not done becauses bandwidth costs money and it isn't needed.
To confuse this even more, quite often the black side of the encryptors are connected to the unclass networks, and the encrypted traffic traverses/tunnels unclassified links. That would technically be link-level encryption between the classified sites, but could also be considered end-end encryption since the unclass link contains some encrypted and non-encrytped traffic.
Yes, I accept your point. Now let's modify the situation to real life. When most governments send encrypted data, they don't just say "ooooh, we've got some sensitive data to send, we'd better encrypt it" as that alone tells a baddie that there's something going on - as the level of encrypted data increases. Further, you don't just send *all* your traffic encrypted either, as it's still prone to monitoring the volume of traffic.
Instead, you fill the channel, all of the time. Some of the traffic is proper encrypted data and some of it is just random padding (or if you really want to screw with them, encrypted random padding). While it may be possible to brute-force 1 particular message, until you can do a brute-force decryption in real time, encryption, even with weak keys, will almost always egt through securely. (You could nuance it further, but inserting decoy data with artifically weakened keys. too).
Now lets switch to this reality. Military encryptors just encrypt the entire classified traffic channels. They don't "fill the channel" with garbage as it costs real money and bandwidth to do that. Granted they encrypt all traffic on that channel so the overall traffic has varying levels of sensitivity or classification, but they certainly don't generate garbage padding to confuse the enemy.
Those products are hyped as a means to prevent your calls from being intercepted by a third party. They do indeed protect the call in transit as promised. The flaw being pointed out is that if the endpoints (the phone) are compromised, you can't guarantee the security of the call. Well duh, there's a no brainer. That's like claiming your VPN software isn't secure if someone surreptitiously slipped a keylogger into your computer.
Did anyone else notice that this seems to be an ad for flexispy?
You might want to review the RFCs, particularly the difference between TLA, NLA, and SLA and what bits of the prefix they use. Only the last 16-bits of the network portion of the address are intended for site subnets. Unless you're an ISP or other aggregator, you don't get bigger than a/48. The Top Level ISPs get a/24 which they are expected to route into the NLAs, who assign up to/48s to sites.
It seems IPv6 will be in use soon; so why tinker with DNS requests on IPv4 ?
Also, does anybody know how GEO locating an IP will be done on IPv6 (at least down to country level) ?
The first part of an ipv6 address defines the Top Level Aggregator (TLA) and generally will tell you what region the address is assigned to. That's one of the benefits of ipv6 is greatly simplified routing tables
Oh because they're not going to get all four octets a fraction of a second later when you CONNECT TO THEIR SERVER?
Critical thinking people... This would actually let people not use their ISP provided LDNS' without getting asstastic performance from every big site out there!
Slashdot Mirror
Most of the intrusion attempts I see come from within the US borders, from systems or companies already compromised by someone else. Or road-runner addresses. A Chinese attack would likely be launched from within our borders.
Right! Just because you have a degree doesn't mean you magically crap daisies and good code. I've met plenty of programmers with advanced degrees in Computer Science who couldn't tell me how to .
I feel the same way when I'm hiring guys with Microsoft or other certifications. If they can't answer basic questions, I don't hire them. I had one guy claim he knew Server 2000 really well even though he had an MCSE and less than 1 year of experience. I called his bluff by pointing him to a computer that was blue screening on boot and asking him to fix it. This MCSE twit didn't know how to boot in safe mode. For what I needed, I'd much rather have the guy with lots of experience.
I have the same issue. The solution for me is to try to get the emergency exit row, which has more leg room. Some planes even have a missing seat in front of the exit where I can really stretch my legs out.
The very rapid store/release is probably the main benefit. Overall energy storage is probably pretty low. Doing the math, an 80-hp output for 10 seconds is about the 166 watt-hours of energy. Or about the equivalent of a small 12 volt, 14 amp*hr motorcycle battery. I can't imaging that energy efficiency or the energy/weight ratio is higher than a battery.
Quoting from http://www.dailytech.com/Porsche+911+GT3+R+Hybrid+to+Debut+in+Geneva/article17666.htm
The hybrid system in the GT3 R Hybrid uses a flywheel system that harnesses kinetic energy under braking to power a pair of electric motors mounted in a single assembly. The electric motors and flywheel assembly sit where the passenger seat of a street 911 would normally reside. Power gathered by the flywheel system is sent to the front wheels and when fully charged the hybrid system can provide a 6-8 second burst of power for passing and exiting corners activated by a button on the steering wheel. The flywheel in the hybrid system will reportedly spin as fast as 40,000 rpm.
The pair of electric motors provides an additional 161 horsepower to the front wheels supplementing the 4.0-liter flat-6 that produces 480hp and sends its power to the rear wheels. Porsche is mum on performance claims for the 911 GT3 R Hybrid, but the car will appear on May 15 at the Nurburgring 24 Hours endurance race."
So it's not too different from a normal hybrid, except instead of charging batteries to store the energy they are spinning up a flywheel. The forward kinetic energy of the vehicle is recovered as electrical power using generators/motors, which drives generator/motors that spin up a flywheel. Going the other way, the flywheel mechanical energy is converted back to electricity to drive the front wheel motors.
I think he was referring to the dimwits who were spending far more than they were earning, and then wondered how they got so far into irrecoverable debt. True the banks were preying on these folks, but still ya gotta wonder who gets a $400k interest-only mortage when they only make $30k.
Am I the only one that thinks it looks kinda like a head crab?
Why on earth would I download and run the "inoculation" removal software from some unknown company? It might actually be installing more crap! Why not just give us a shell script if it's just wmi calls?
And if the quality is sub-par they're going to be complaining about crappy Cisco hardware when it's not Cisco's fault, affecting their brand image.
All true. Do you know if Cisco is honoring warranties on the counterfeits. Surely when you call in a TAC case, they know from the serial number if it's legitimate or not.
True; pressure from the FBI probably had a large part behind this- either way, I hope that China will continue to cooperate with other countries in cracking down with counterfeits. China has to start cleaning up.
I don't believe China is overly concerned about counterfeits. In fact, they probably view it as a benefit. As a country, instead of paying Microsoft for copies of Windows or Cisco routers, they can get virtually identical products for very cheap.
The manufacturers like Apple, Dell, Cisco, etc are not going to pull out of China any time soon so their aren't even jeopardizing their trade relations from that respect. The problem will come when China's rampant inflation and climbing workers wages no long make it profitable for US based companies to offshore production to China. Then we'll see if China doesn't exhibit an economic meltdown.
The only reason the Chinese govt got involved was pressure from the FBI. The only reason the FBI got involved is that some of those fake Cisco routers had a modified IOS with a backdoor password. I have a suspicion that the Chinese govt was actually involved in selling the compromised counterfeit equipment.
This and many other examples, are why the security specialists highly recommend formatting any new computers or equipment and installing fresh software/firmware from a known good source.
Um, thimerosal has never been used in MMR shots and thimerosal
I never said it did.
and thimerosal hasn't been used in other vaccines since the early 90s
Wrong. It's use in vaccines targeted at children in the US was limited in 2001 by the FDA. It's still used in lots of vaccines such as the flu shot.
It certainly raises a red flag for me when you consider that a single vaccine can give a child an exposure 5-10x the OSHA limit for mercury poisoning.
It doesn't. The OSHA limit is for chronic exposure to methylmercury. Thimerosal exposes you (via breakdown) to ethylmercury, and only once. It's the wrong substance and is a non-chronic exposure. There is not an established toxicity for ethylmercury, as far as I recall -- it is generally thought that the toxicity is lower than methylmercury, and so the limits for methylmercury are used. (But again, the limit you are referring to is the chronic-exposure limit.)
The FDA hasn't established limits on ethyl mercury and has several articles suggesting that the methyl mercury limits be used for chronic exposure. See my other post showing one daily exposure limit was being exceeded by 3x for a typical 6-month getting his vaccinations.
It certainly raises a red flag for me when you consider that a single vaccine can give a child an exposure 5-10x the OSHA limit for mercury poisoning.
Really? From childhood.com: "An infant who is exclusively breast-fed will ingest more than twice the quantity of mercury that was ever contained in vaccines and fifteen times the quantity of mercury contained in the influenza vaccine."
And: "Thimerosal — a preservative still used in the influenza vaccine — contains a different form of mercury called ethylmercury. Studies comparing ethylmercury and methylmercury suggest that they are processed differently in the human body. Ethylmercury is broken down and excreted much more rapidly than methylmercury. Therefore, ethylmercury (the type of mercury in the influenza vaccine) is much less likely than methylmercury (the type of mercury in the environment) to accumulate in the body and cause harm."
Are you going to argue that we should stop breastfeeding our children, since through breastfeeding children ingest a larger quantity of a more harmful form of mercury than was ever contained in vaccines?
And where are you getting the OSHA limit from? All I can find on their website is a limit on the air concentration of mercury, which is an entirely different issue.
All true, although the comparison of a single exposure to a lifelong exposure is a bit of a stretch. Particularly, since as you pointed out, since ethyl mercury is expelled from the body pretty quickly compared to methyl mercury which tends to accumulate.
What do you mean by "large"? According to this chart, the vaccine with the most mercury (Influenza-A) contains only .025mg of mercury, and is a one-time dose; this is much lower than OSHA's air-exposure limit of 0.1mg/m^3 per work week, if you somehow managed to ingest all of that mercury vapor.
And, as noted, most vaccines now contain zero mercury.
So much for your point ;)
The OHSA limit is 0.01mg/m^3 for long term occupational air exposure. The EPA daily intake limit is 0.1 micrograms/kg/day. Prior to 2000, the average round of vaccines for a 6-month infant contained 187.5 micrograms of thimerasol, almost three times the calculated exposure limit of 65 micrograms, based on this EPA guideline. (ref AAP, 1999, interim report; United States schedule, Tables 1 and 2). It's even worse for a small, underweight child.
Even the FDA cites isolated cases where far lower exposure has caused neurological problems http://www.fda.gov/BiologicsBloodVaccines/SafetyAvailability/VaccineSafety/ucm096228.htm#guid.
As you pointed out, the FDA placed restrictions on the use of thimerasol in child vaccines. A large portion of vaccines like the flu shot still do. It's not uncommon to see pneumonia and flu vaccinnes administered to kids outside of the official guidelines from the drug maker. In some cases, thimerasol-free child versions of some vaccines simply are not available.
I'm not saying I agree that thimerasol is causing autism. In fact, I'm a bit skeptical. I'm saying that there is no concrete data proving it's absolutely safe for 100% of the population. Given the doubts and some conflicting data, it's safer to be conservative.
As another interesting point of data. I recall reading that 5% of contact lens wearers are sensitive to thimerasol containing saline solutions. I'm not how this compares to internal injection though.
But the large volume of anecdotal evidence should be enough to get the vaccine manufacturers to consider stopping the use of thimerasol as the preservative. Perticularly when there are other alternative preservatives that are not under suspicion. The FDA has yanked drugs off the market with far, far less circumstantial evidence. It certainly raises a red flag for me when you consider that a single vaccine can give a child an exposure 5-10x the OSHA limit for mercury poisoning.
It's quite likely that some small percentage of people are unusually sensitive to mercury, and a large dose can trigger autism in them. We've certainly seen lots of cases of unusual allergies in people that are not present in the general population.
Also, consider that we are far more eager to diagnose autism and put a label on kids as its the only way to get help from the state. 30 years ago, we'd just call Johnny a lottle slow. Nowadays, he's ADHD, autistic, aspergers, something or other.
The receiving antennas are not nearly that big for subs (maybe you're confusing them with the towed acoustic arrays?). In fact the receiving antenna for surface ships is generally under 10-meters in diameter. Its the transmitting antenna that has to be enormous.
It appears this is basically using VLF using very directional antenna both in the mine and topside. Hence the reason for a large antenna that has to be assembled. This is also the major downfall as you need to accurately aim and locate both antenna.
You've said two things that are the opposite of each other. You've claimed:
Which is entirely correct. But you've also claimed:
When you encrypt a circuit (as opposed to the traffic on it) then the circuit is in constant use, and uses constant bandwidth. You cannot encrypt a circuit at the link-level, and save bandwidth. It is an contradiction. So you were correct in one of your claims, but when you claimed the opposite as well, you were wrong.
I think you're misunderstanding how military network encryption works. I probably added to that confusion by not making the distinction between the circuit and the site-site link.
Think of the miltary encryptors as vpn boxes doing tunneling with encryption between classified sites. If there is a dedicated telco circuit, the actual circuit between the encryptors isn't encrypted, but rather all of the data passed over it is encrypted. Yes, technically a circuit is a fixed bandwidth and gets padded out with "zeros". The padding is obvious to anyone sniffing the telco circuit itself. The encryptors don't add any bogus traffic between themselves.
Also, it's pretty common for the encrypted traffic to travel between sites over an existing unclassified network connection. In that case, encrypted and non-encrypted traffic exists on that link.
You made the contention that additional traffic is added to prevent traffic analysis. That simply is not true in any of the typical military encryption setups. Not for networks, radio coms, or any other communication methods I work with.
Close, different branch. Despite smallfries assertion that I don't know anything, I happen to be deeply involved in encryption and classified miltary networks.
Indeed, the main intent of the spread spectrum techniques is to prevent jamming and identifying the source location of a transmission. No sense having your soldier sending out a beacon for his location on the battlefield.
This technique does a layer of security, but it's a secondary benefit as encryption is normally done for classified transmissions anyway.
Why have you bothered to argue a point that you clearly know nothing about?
Link level encryption. In order to defeat Traffic Analysis it is necessary to fill the channel.
You just proved my point sir! Link-level encryption is exactly what I'm talking about. The entire communications circuit betweem sites is encrypted if the connected networks or systems are classified. It is generally done using NSA type-1 encryptors. There is no distinction made about the actual traffic traversing the link. There is no requirement what so ever to fill the channel with extra garbage and it generally is not done.
You'll see end-end encryption on the unclass networks in the form of individually encrypted emails or encrypted files, or perhaps even the use of ipsec for select communications. Are you suggesting that we should just add random traffic that looks encrypted but is just garbage? Again, its not done becauses bandwidth costs money and it isn't needed.
To confuse this even more, quite often the black side of the encryptors are connected to the unclass networks, and the encrypted traffic traverses/tunnels unclassified links. That would technically be link-level encryption between the classified sites, but could also be considered end-end encryption since the unclass link contains some encrypted and non-encrytped traffic.
Yes, I accept your point. Now let's modify the situation to real life. When most governments send encrypted data, they don't just say "ooooh, we've got some sensitive data to send, we'd better encrypt it" as that alone tells a baddie that there's something going on - as the level of encrypted data increases. Further, you don't just send *all* your traffic encrypted either, as it's still prone to monitoring the volume of traffic.
Instead, you fill the channel, all of the time. Some of the traffic is proper encrypted data and some of it is just random padding (or if you really want to screw with them, encrypted random padding).
While it may be possible to brute-force 1 particular message, until you can do a brute-force decryption in real time, encryption, even with weak keys, will almost always egt through securely. (You could nuance it further, but inserting decoy data with artifically weakened keys. too).
Now lets switch to this reality. Military encryptors just encrypt the entire classified traffic channels. They don't "fill the channel" with garbage as it costs real money and bandwidth to do that. Granted they encrypt all traffic on that channel so the overall traffic has varying levels of sensitivity or classification, but they certainly don't generate garbage padding to confuse the enemy.
Those products are hyped as a means to prevent your calls from being intercepted by a third party. They do indeed protect the call in transit as promised. The flaw being pointed out is that if the endpoints (the phone) are compromised, you can't guarantee the security of the call. Well duh, there's a no brainer. That's like claiming your VPN software isn't secure if someone surreptitiously slipped a keylogger into your computer.
Did anyone else notice that this seems to be an ad for flexispy?
You might want to review the RFCs, particularly the difference between TLA, NLA, and SLA and what bits of the prefix they use. Only the last 16-bits of the network portion of the address are intended for site subnets. Unless you're an ISP or other aggregator, you don't get bigger than a /48. The Top Level ISPs get a /24 which they are expected to route into the NLAs, who assign up to /48s to sites.
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_2-1/ipv6.html - scroll down to the section titled Public Routing Topology Prefixes.
It seems IPv6 will be in use soon; so why tinker with DNS requests on IPv4 ?
Also, does anybody know how GEO locating an IP will be done on IPv6 (at least down to country level) ?
The first part of an ipv6 address defines the Top Level Aggregator (TLA) and generally will tell you what region the address is assigned to. That's one of the benefits of ipv6 is greatly simplified routing tables
Oh because they're not going to get all four octets a fraction of a second later when you CONNECT TO THEIR SERVER?
Critical thinking people... This would actually let people not use their ISP provided LDNS' without getting asstastic performance from every big site out there!
Not if you're using a proxy server.