Other people who purchased Anthrax spores were also interested in...
Amazon turns up spectacularly late to 'transparency' party, pours a large one
Amazon has finally released details of the info snooping governments from around the world demand of the retail and cloudy biz. The company said in a subdued blog post that it would publish a bi-annual information request report. It comes after Amazon – unlike its tech rivals – spent years resisting going public with the data …
COMMENTS
-
-
-
Monday 15th June 2015 10:49 GMT James O'Shea
"..smallpox spores
...mustard gas
...depleted uranium"
Feh. Smallpox doesn't do spores. I can make my own mustard gas (anyone with access to even a high school chem lab can) and I don't want _depleted_ uranium. Tungsten-carbide handles all my armoured fighting vehicle killing needs nicely, what I want is the Mother of All Improvised Explosive Devices.
-
-
Sunday 14th June 2015 16:51 GMT choleric
No need
The thing with Amazon, for their retail section at any rate, is that there is no need for the security services to ask them for access. Amazon send all order confirmation emails utterly unencrypted. All the spooks need to do is stick a packet reader onto a network somewhere (which they have done already) and Bob's their uncle.
-
-
-
Sunday 14th June 2015 21:40 GMT choleric
Re: No need
What Trevor said. I should have been clearer that I meant the lack of encryption on the SMTP connection from Amazon's outgoing email server to your email server. I'm not expecting Amazon to pull a Facebook and go all PGP on us. However, I would like them to take some basic steps towards preserving a customer's privacy.
-
-
-
Monday 15th June 2015 08:09 GMT Anonymous Coward
Re: No need
just because it's not required doesn't mean it's not a good idea, even with A(EC)DH or self-signed certs
Hmm. That would protect it against "casual" intercept (if there is such a thing), but not against any Man in the Middle attack (you have no way of checking other than by prior arrangement that the cert you see is genuinely that of the receiving MTA) so it can be argued that the gain may not be as great, and people may end up with a false sense of security. Interesting challenge.
-
-
-
-
Monday 15th June 2015 10:13 GMT Anonymous Coward
Re: No need
220 mail.example.org ESMTP service ready
EHLO myserver.fuckoffNSA.com
250-myserver.fuckoffNSA.com knows encryption won't actually stop the NSA
250 STARTTLS
STARTTLS
220 Go ahead
That sends me back to the last Access All Areas hacker conference in London a while back where I watched a 13 year old girl email a friend, straight from a Linux telnet prompt. Or slightly later when I asked my guys to recompile sendmail to mask the version number.
-
-
Monday 15th June 2015 17:44 GMT Anonymous Coward
Re: No need
Ahh security by obscurity... no wonder you're posting as AC
LOL, nice assumption, but wrong. It was what happens when government appointed white hat hackers are grasping at straws to show they have done an audit when you have sewn up everything so tight they couldn't find anything else to write about - they start talking about version numbers :).
-
-
-
-
-