Netintercept and SSH Decryption
Jonathan Hutchins
hutchins at tarcanfel.org
Thu Nov 20 16:35:35 CST 2003
There's a spyware program advertised in the December SysAdmin, Netintercept
from www.sandstorm.net. Clearly pitched for employers to spy on employee
activity, it offers some disturbing features:
"View Email, Webpages, Images & File Contents". "Guaranteed Invisible &
Silent on Your Network". "Custom Reports Including Cleartext Passwords".
This is not exceptional, except for the hint that they're decrypting
passwords, which might not be necessary if they can link to the actual hosts
and pull them from the original password files.
More troubling though is this:
"Patent Pending SSH & SSL Decryption".
Now, I know that the government has been pressing encryption providers to
leave back doors for NSA and other "legitimate" surveillance, but I didn't
think that SSH had caved on this. I was under the impression that SSH was
still un-cracked. Can they actually offer to decrypt SSH streams now?
More information about the Kclug
mailing list