Even without knowing Italian, from the "quality" of their website it should be clear enough the "high" level of such institution.
The IMHO preoccupying thing is that the use of "Fanelli C" is not much different from using "Smith J", as a matter of fact there is another "Fanelli C" , actually Fanelli Carlo, which is an ematologist in Bologna (and that has also published medicine research) that may be mistaken for the "corresponding author" of this plagiarized paper.
honestly it amazes me that people still call such interpretations paranoid in a world where information about the rampancy of such programs is readily available, including for this specific application
Edit: it's not paranoia if there's demonstrable history of such things. It's making a reasonable assumption from available facts.
further, all the arguments against this interpretation assume that those introducing security vulnerabilities for surveillance purposes abide by some kind of logic - which by the very nature of such activities they demonstrate that they do not. They (3 letter agencies) want every possible vector of information gathering regardless of the privacy, security, and legal issues that arise.
It seems to me to be a paranoid interpretation because if Microsoft wants to hand Skype-related user data over to the NSA, they'll do so on the server side and not the client side.
Secondly, this is a pretty stupid way of doing it. 'If you use this client identifier than anything goes' seems vastly more like a stupid coding mistake than it does a sneaky covert backdoor into accessing Skype from the local machine.
If I wanted to hand user data over to a 3rd party that tapped the entire backbone, I'd make that user data unencryptable. Why would I want to send Gbps of traffic to that third party? Then everyone would know. If they can just analyze the recorded traffic, none has to know.
Intelligence agencies want as many possible vectors for attack as possible. Especially unknown ones that you are not prepared for them to exploit. Everyone is assuming they wouldn't bother with a client backdoor... That right there is enough reason for them to get a client backdoor!
>further, all the arguments against this interpretation assume that those introducing security vulnerabilities for surveillance purposes abide by some kind of logic
Of course they do. You may disagree with the logic, but it's there. Vectors of intelligence gathering have to be both sufficiently covert and useful for an agency to consider. This vulnerability is neither.
sure! Oh except for the fact that i linked an articule documenting skype specifically catering to NSA surveillance programs, and the NSA having a history of getting software to introduce vulnerabilities they can exploit...
It's the facts that are the problem with your weird theory: this doesn't even make sense as an NSA backdoor. It only works if they've already backdoored your computer.
I think he means 'if nsa were logical actors, they would patch vulnerabilities, not leave them to be exploited by anyone, and they would use NSLs/collaborators/special NSA Voodoo to get their data'.
This idea is built on the assumption that (1) they think their defensive role is as vital as their offensive one, (2) there is plenty of special NSA voodoo to go round. Which is false. In particular, it is better that a hack come from a vendor vuln that anybody could find than from crypto wizardry (e.g. Logjam or signed drivers with md5 collisions).
The NSA did an illogical thing, therefore everything they do is illogical. It is illogical to create a backdoor that requires already owning the machine, therefore the NSA did exactly that.
Exactly right. Skype used to do peer-to-peer connections with nobody in the middle. If you knew how to modify the port forwarding configuration of your router, you could get very high quality connections.
Now, everything goes through Microsoft servers where it can be conveniently wiretapped.
Um...no. If RIAA thinks you did something wrong, even with flimsy evidence, they can still come after you. Should be easier to convince Comcrap to shut off your Internet than get a judge to agree.
That's not how the real world of this sort of thing works. Often the firms hired to do this sort of thing are just catching any/all IPs on a tracker without any analysis. Meaning that said IPs can be spoofed, part of a botnet, and so on which makes the accusations based purely on those IPs as purely speculative. It's why certain federal circuits throw them out since the firms are sometimes found to be outright fabricating the logs in question. And more obviously, that an IP address itself isn't evidence that the user was at the device in question or that the device in question was assigned that IP address at the time recorded. Simply put, it's 99% bullshit hearsay worse than that of your office gossiper.
