on the detection of quantum insert
I was curious if anybody would actually bother trying to detect QI. And so I set out to build a QI detector detector. The easiest way to do that seemed to be building and deploying a QI like system and seeing how many people noticed. For the sake of clarity, I decided to call my packet front running system VAMPIRE SQUID.
VS works by modifying HTTP responses, but in order not to interfere with normal browsing activity, it simply rewrites “200 OK” responses to say “200 ok”. Browsers don’t care about this difference, but a QI detector will notice that two overlapping packets from the same TCP stream have different content. In order to maximize the chances of detection, both packets were sent to every visitor. The order of OK and ok varied. (The NSA apparently claimed a 50% success rate with QI.) An arc4randomly selected subset of visitors received a more interesting payload, but you’re unlikely to have been affected.
In two months of wanton insertion, there were zero reports of anybody detecting anything anomalous.
One possible conclusion is that people are more interested in complaining about the NSA than actually doing anything about it. That would be too cynical.
Maybe nobody cares about their browser being redirected to exploit sites. Maybe they use a vuln free browser. Maybe they haven’t done anything wrong and aren’t a target.
It’s also possible I failed to attract the right visitors. This is only a one man show, and I can only churn out so much linkbait, even for the sake of science.
Perhaps you’re all a bunch of sneaky bastards who noticed what I was up to and chose to remain silent. Joke’s on me.
Some people browse the web through transparent proxies, in which case the QI attack would be against the proxy and not detectable by the end user. Such users would be susceptible to attacks by the proxy, however. And while mundane, such NEWTONIAN INSERT attacks are no less devastating.
QI should work through most NATs, firewalls, traffic shapers, etc. The “duplicate” packet is in the window, and most routers aren’t in the habit of keeping full stream data to compare contents. They just pass along the packet. (Possibly some interesting IDS tomfoolery potential here.)