[cryptome] Re: Farook Backup: Password Screwup

  • From: douglas rankine <douglasrankine2001@xxxxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Sun, 21 Feb 2016 23:16:50 +0000


Michael,
Question...can anyone, any group, any organisation reverse engineer proprietary software, whether they keep it to themselves or not...If so...can you please refer me to where it says so, in US, UK or international law?
ATB
Dougie.
On 21/02/2016 22:19, Michael Best wrote:

I don't think reverse engineering it is a problem unless they try to distribute that info or profit from it. Plus, reverse engineering is its own analysis which provides some degree of separation (I think).

On Sun, Feb 21, 2016 at 5:16 PM, Andrew Hornback <achornback@xxxxxxxxx <mailto:achornback@xxxxxxxxx>> wrote:

    Would the FBI be liable in the event that they reverse engineered
    Apple's product in order to break it?  I'm sure that's part of the
    problem.  Personally, I've heard that the NSA has the capabilities
    to handle this issue without making a big deal out of it, but they
    don't want to tip their hand and prove that they do... so, we end
up with the smoke and mirrors show asking Apple to get involved. Of course, it could simply be their way of asking Apple to
    validate the NSA's process...

    From looking at the court documents, it appears that the FBI is
    simply wanting Apple to circumvent the "self-destruct" routine
within iOS so they can brute force the password on the device. That doesn't break or negate the encryption, it merely prevents
    the device from pulling a "Mission Impossible" after they get the
    code wrong the 10th time.

    Now, if Farook's employer had done things properly and implemented
    an appropriate MDM solution prior to deploying the phone, we
    wouldn't be having this conversation since the MDM
    client/widget/whatever you want to call it operates at a low
    enough level to allow administration of the phone without it being
    unlocked.

    I also wouldn't be surprised to find some young, enterprising
    lawyer in California to be soliciting those beneficiaries of
    Farook's employer's services to file suit agains them for failure
    to properly safeguard their data on those mobile devices.  I
    figure someone's going to be screaming about HIPAA and PII
    security in order to make a few bucks...

    --- A

    On Sun, Feb 21, 2016 at 4:11 PM, Michael Best
    <themikebest@xxxxxxxxx <mailto:themikebest@xxxxxxxxx>> wrote:

        What does copyright have to do with it? FBI isn't trying to
        redistribute the code. Apple's NDAs and IP agreements might
        apply, but I don't see what role copyright plays. (I'm asking,
        not arguing. I haven't exactly following the case though, and
        I already got one major detail wrong lol.)

        Sent from my iPhone

        On Feb 21, 2016, at 3:45 PM, douglas rankine
        <douglasrankine2001@xxxxxxxxxxx
        <mailto:douglasrankine2001@xxxxxxxxxxx>> wrote:

        see url: https://twitter.com/cfarivar/status/701430905076731906

        Even if the FBI did screw up...or Farooks Employer screwed
        up...or they both screwed up...It wouldn't have made a lot of
        difference regarding what is at present on Farooks phone. The
        back up was done on October 19th whereas the crime was
        committed one and a half months later.  In that time, up
        until the time of the crime, the phone had NOT been backed
        up...according to the affadavit from the FBI.  From looking
        at the affadavit, the FBI is saying that they agreed to
        trying to change the password to see if they could get access
        to the back up, and the phone.   It didn't work, so that
        makes the FBI stupid because they should have known.  Does
        this mean that if the FBI/Farooks employer hadn't changed the
        password that there would have been an automatic backup made?

          Remember, according to the FBI, it is Apple software, it is
        copyright and the FBI is not allowed under US Law to breach
        that copyright.  Any experts out there on Apples end-to-end
        encryption software, who isn't bound by Apple's copyright and
        non-disclosure agreements?  Perhaps they could enlighten us.

        Whom do I believe?  I'll reserve my judgement until the facts
        come out!...:-) .  Coward that I am...
        ATB
        Dougie.





--
Veritas aequitas liberabit vos
Veri universum vici

That 1 Archive <http://that1archive.neocities.org/>
@NatSecGeek <https://twitter.com/NatSecGeek>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.5
Comment: Hostname:pgp.mit.edu <http://pgp.mit.edu>

mQINBChG9zoBEADKzALG4UHCjY6L9OFUxWRVGGCW7LY71K2EAK/0jkRh1wPkJ4chPaVJ3vVD
nJ0d8HxsyR5R3+y7GH6GCc/tK0IDPJah+xpQnraS1nWUvAlSaaxsBK4hJfuVGyfBg/joQVKU
OhpqJLQhRIkUWk30QC94IbOKiCTb6V4pStLYyrLieewjT481vvRIYp/48IS5eiveZW0/IpcA
HBON7xJw6P1murC8PNOJSWRCp9FJhcs3wIPG3cFTfsxSZnGcoivMgFLtGAfLbztpZkcHEMOR
4qamVvirzYGHma0UlOzyNr7xpxyLXFsU5kKzQ8Az2nP1GG7vuqXSjPNLIvvHFL+g+gKuCe9W
xTa9Ac038RRSiBGdDrvTFpQ/h9h5GWIHP7nsA4TCeZSpL81aqp7Cb0MK3KPQmteTPIujVCnx
jXXHrOe9Tj6iYUU8edApISyBEVFZMd+EtfDEDf/ZwDjzSGE85vv1dZ/ck7iJvS8FwM8hsRBG
U9huCKiItGs26teUJ2Sum49YaEiDL4QLQhJ+FbsAusxJg+V3GE/4w75K/6/czT0p10Mf66Uo
fRFTvYRE7S6CNDxzTI4q7+pnRlxMBduGC33KY4eq4Py/O3LWHBDxZ+LffIa/tWcB/7oZ6yDo
bdWleNk5wnJdPGr6lUTHTM4tpDIEcXYpvjzyLcMtg4tFm/Dc0QARAQABtGVNaWNoYWVsIEJl
c3QgKFByaXZhdGUsIG5vdCBzZWN1cmUuIEZvciBzZWN1cmUgZW1haWwsIHJlcXVlc3QgYSBv
bmUtdGltZSBrZXkuKSA8dGhlbWlrZWJlc3RAZ21haWwuY29tPokCPQQTAQoAJwUCKEb3OgIb
AwUJNXc1AAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCiYH9hY4dAS3e+D/sFwyJER4/4
ZnHYC/1EzCpHeDikSmULEgsvNgzo73thOV9/Q2I8mCJTlQjsK4rZ2YiDzi4b0CN8kzjpxtVz
BsBsxfyPLrdH4VoqeqeBVzbwHxSk7bYUI3vFt+e3gBgpAxbVfPXCnYUnWPRlr9dc/JZoPJH4
p8yRIqktehbAE3Fa3gkfrXJ5e6+/nKlQhikyvo9VuErrLpPMXBzOq4/2LVfurkcOzlp1RBjs
hWr6B98EiOXs44ZGLEkINxJiW8koFhw/WDuON8LKi/DtLiqqtBVTjrkqKCuKzSAVncGGcEVO
3Om3aOIOvG0do/wQKYXnpbeGsHwx2PGrJ7H+lb2bIb5KhbZkbG4rMTjsVnuGN+IF4BxBhmGz
MYoooWy4VCLL0o8keomU8JPXt+fZDqJ9sNjY/asTsjOa6aE3bIa6w3mWUeefGwA25oXur3Rr
L3wmu1pPzCejumfA1X93dS9UZS3xni+7W34g6YbsREuaZ+YBxFLN227JXAx2pEdjLsuVOaqM
9CO7ARHsxDZoE9U7n0s3txnSw/2YYwjEK1wDhdLnHBL3ZzaAcaHnpzsTYQAVW7uXKKHhzeSK
GP3O4ByCisM/7WLFvIIpaNNs85jI1PvKH0GutSTl9xXDfWuYMl9rwwbteBB/oGSxlIFe0pqq
IDNfAJdR/HjTLqrTES2wdXJS1bkCDQQoRvc6ARAAmltXrhVfpePdIFrfEHCet4nkQvmRI+AX
rUgiNlxQDW8M5FzlUfT2xpMXHMWuKehTYpFq7bNbFi+fwBhMajgvgDsTuLInftKSFp+sisbR
n8psv7CpGB4jp0Xd4y1Wm/HejV/kga0kcUVVetaqyzgZedn1UnccQRzDBVWW2j2ed+hi/8g0
/d7mbVG81yzJo8tLidM90xFF7JGlijm0dBAqmhD4UgkxSnJQ3PK5onqdjdbx7HkP68RrkeTQ
vhWK1978qzdSl9ljJ0jLnoAaDNPs5Dj/TyYCtqoKHUqMbTwU5nIQnJG7geMeSw/7OVnKlypF
Rs/JesZzMBooZTRxZJuIB/q0wOfE/MYTwGSwLs2brUwJFJ6bSYmerZ+81S8W/Y4mehJ3o6Vl
SabrrVN+LlBfUuRqd5U909WECzk6HVnwnRfL07zD+1y5cLU+e4MQs2227kLriTIxtDZ/umeG
hKQgNgFGTAPHJxA96xGvQ8Ovv+XEivlO0jxBNMIiopNSlMDE+k3nigWHuavt9LUUCOd45aw7
0pgKstQQgpFfVAwV98LPpUKxa61q6wQiQHAcP7YxuQG0dsr4nUq2xids5l1IpOLzZJ3nRThM
k7alkljBbqphbocV3FsSXOkpcSWns94k1QGmrPzEPLF0FHFBG6whWoaoEySMkdsN1zVu4GMU
o2EAEQEAAYkCJQQYAQoADwUCKEb3OgIbDAUJNXc1AAAKCRCiYH9hY4dASzTaEACKXVgc8KmZ
xWyYTUQgIwrj3J/re68uIilq0iBBDocgEZZpxyf6lD1V3IKBjAPpWyYHMrrrLY64rFDR+8DE
Xyhm1Wv2S6YJuWJtyAlS4bciXjJE6evirIH5GoFq++vzsufRaudAoQ56hJ0+Z3dNMMWZ6YuP
zWNNL2tvpdo3Nvd8bqiADWSffFdIPv5Yj/mZsXmaDN+7iWYlAdCrubGyGzFHlCh26Ghu6SS0
/u8x1/Oi7ma7fUMFnEsFiYjwBkD3pQKK1dm7j2f1OMxi8uky8vgBgx40aeJkoUgEvIHWsCIi
CWVTyfiGeWIcKbK7tYP5jsjV5fUv+TaQ1pApt++Pyop1aogfQ8icNBQQkdX6E4gNhnPOPTM8
FTl69Tq5Ori5+TM8VM0iPGiydlcAXIAD3OyR4tZM12Ga1AtppKjx31EyDB4SPzUmDWRy5WgG
NRH3+RgiK/iXVcvLdFIKj3/AvctSLdbayyaFD8zrE/wcMzLfie+iE231+rG/7gmcR3H1rcYE
vxvmWAPikLQKiMUpPBNSvfLPUTrwNSGiZ5ieAAPgOooc3u5nohwZmEW1pg6HirZgIAgAYuyL
aLgnikwH70guiQ4Ufsih3gy0ddsUwliUTtbYQyX0OBQoTUyaiXPy0Wu2FJfsxiW8X9Lu9pIH
KOwU9K76VKot+UikGqeFQsS/Ig==
=M+du
-----END PGP PUBLIC KEY BLOCK-----

Other related posts: