Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[Ben Sturmfels]

On 08/03/17 12:23, Russell Coker wrote:
> This isn't really news. After Snowden's information this is something most 
> people expected.
> 
> https://www.theatlantic.com/politics/archive/2017/01/assange-man-in-the-news/512243/
> 
> Also remember that Assange seems to be a Russian agent.

Hi Russell and Andri,

I'm sorry I hadn't read this thread sooner. It's probably not my place
to moderate this list any more, I'm going to chime in anyway.

Russell, the above was unnecessarily dismissive of Andri's concerns
about CIA hacking. I don't think it ever hurts to be passionate and
outraged when privacy violations are revealed, and to use this to start
a conversation about free software.

We value your work as a security expert - thank you! :) That doesn't
preclude others from having a say though. Questioning Andri's
credentials and dragging the Jacob Abbelbaum issue was inappropriate.

Andri, please don't ever lose your passion for free software! :) Do lean
towards ignoring comments that you don't agree with rather than debating
them and getting dragged off-topic. Don't be too quick to take things
personally.

Regards,
Ben



signature.asc
Description: OpenPGP digital signature
___
Free-software-melb mailing list
Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb


Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[Russell Coker]

https://mobile.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html?smid=fb-nytimes=cur=http://m.facebook.com/
-- 
Sent from my Nexus 6P with K-9 Mail.
___
Free-software-melb mailing list
Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb


Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[Jookia]

On Thu, Mar 09, 2017 at 06:41:00PM +1100, Russell Coker wrote:
> I agree that reducing the attack surface is good, but I doubt that dealing 
> with BIOS bugs actually achieves that goal.  To get to the BIOS an attacker 
> has to either compromise the kernel/acpid or gain physical access to the 
> system.  It's well known that there are a variety of ways of intercepting key 
> presses that an attacker could use to get the passphrase to your encrypted 
> filesystems, GPG key, etc after they made a copy of your disk.
> 
> It's easy to imagine how EFI attacks could be useful in attacking a corporate 
> desktop PC standard running Windows with signed kernel etc.  But I can't 
> imagine how it could be the most effective attack against the typical people 
> who are involved in groups like this.

I look at it more as investing time and effort than threat models. It took me
maybe a week or two to set coreboot up on my T400, and now it's much less
exposed than its previous BIOS. In addition I've removed ME, so I have a mostly
free boot system running.

> Android is theoretically free software (ignoring the binary driver issue) via 
> the AOSP.  But in practice it's too difficult for me to install one of the 
> other 
> versions, and I was using Linux in 1992!

You tend to have to get the phone that you know will work with a ROM.
___
Free-software-melb mailing list
Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb


Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[Russell Coker]

On Thu, 9 Mar 2017 07:41:37 AM Jookia wrote:
> I don't plan to make my system resistant to a full-scale CIA attack, but I
> do like having a BIOS that isn't a complete and buggy operating system in
> itself. I think reducing the attack surface is always a worthy goal.

I agree that reducing the attack surface is good, but I doubt that dealing 
with BIOS bugs actually achieves that goal.  To get to the BIOS an attacker 
has to either compromise the kernel/acpid or gain physical access to the 
system.  It's well known that there are a variety of ways of intercepting key 
presses that an attacker could use to get the passphrase to your encrypted 
filesystems, GPG key, etc after they made a copy of your disk.

It's easy to imagine how EFI attacks could be useful in attacking a corporate 
desktop PC standard running Windows with signed kernel etc.  But I can't 
imagine how it could be the most effective attack against the typical people 
who are involved in groups like this.

> > http://laforge.gnumonks.org/blog/20160920-openmoko_10years/
> >
> > 
> >
> > This is worth reading.
> 
> Yeah, the state of things is really bad. I did the initial port of
> Replicant 6 to the i9100 last year, so I'm running that on my phone. It
> works well enough but I still use the compromised wi-fi blobs out of
> convenience. It's such a headache that at this point I'm considering
> avoiding using a phone for things other than calls and messages.

It seems to me that one of the biggest factors in developing free software on 
PCs is the ability to change floppy disks and hard drives between systems.  If 
you mess up the configuration of Linux on a PC you can install that hard drive 
in another PC to fix it.

Phones have images that are specific to the CPU and chipset, you can't boot an 
image for your Nexus 7 in a Nexus 5 for test purposes.  The images are loaded 
in storage soldered to the motherboard so you can't switch images.

If you convinced me that some new Linux distribution was worth trying I could 
easily install a spare hard drive in one of my PCs and test it out.  I can't 
install a SD card in one of my phones for testing a different Android build.

Android is theoretically free software (ignoring the binary driver issue) via 
the AOSP.  But in practice it's too difficult for me to install one of the 
other 
versions, and I was using Linux in 1992!

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
___
Free-software-melb mailing list
Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb


Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[Jookia]

On Wed, Mar 08, 2017 at 05:12:18PM +1100, Glenn McIntosh wrote:
> You'll be pleased to see that selinux gets a few mentions in the CIA
> leaks :-), particularly in the Android context (eg that it prevents
> normal installation of their 'RoidRage' malware, and how they get around
> it).
> 
> It is a very different leak to the NSA ones. The NSA ones gave a big
> picture view of the scope and magnitude of US surveillance, which
> provided evidence that these agencies were not well regulated (at least
> in a democratic context). The CIA leaks have the character of random
> documentation about tools and processes; probably not of as much import
> in a political sense, but of some interest to people working to secure
> commonly used platforms.
> 
> What is interesting is that different agencies are independently working
> on ways of attacking computing infrastructure. I guess duplication of
> effort is the nature of a large bureaucracy.
> 
> Glenn
> -- 
> pgp: 833A 67F6 1966 EF5F 7AF1  DFF6 75B7 5621 6D65 6D65

Just popping in to the less political side of the thread, it's nice to see that
SELinux gets a few mentions. I still haven't put much effort in to secure my
desktop how I'd like it to be done but it might be a good time to do some more
messing around to get something I can feel somewhat safe with.

Regarding the leaks: There's really not much there unless I missed a huge block
of information. It's annoying that some pages are empty but subpages aren't. A
few things struck out at me on my brief read throughout the day:

- Most of it is aimed towards end-user devices, such as Windows or Android.
- Most issues come from proprietary and/or popular software.
- There's no talk of defeating crypto.

Some things that interested me:

- Win32 programming is top secret.
https://wikileaks.org/ciav7p1/cms/page_11629041.html

LOL

- EFI seems to be a really interesting attack vector.
https://wikileaks.org/ciav7p1/cms/page_3375460.html

We all know how terrible EFI is, and if you're not running some version of
coreboot on your machine then you should be a little worried about this.

- Ricky Bobby malware?!
https://wikileaks.org/ciav7p1/cms/page_16385046.html
https://wikileaks.org/ciav7p1/cms/page_16385073.html
https://wikileaks.org/ciav7p1/cms/page_15728810.html
https://wikileaks.org/ciav7p1/cms/page_15729131.html
https://wikileaks.org/ciav7p1/cms/page_15729066.html
https://wikileaks.org/ciav7p1/cms/page_20251107.html
(Sorry for the list, I advise skimming them)

It looks like typical botnet malware, but it's interesting seeing this side
since the malware is used by agents to collect data. It also hides information
in filesystem metadata or THROUGH STEGANOGRAPHY!

Leveraging existing applications seems to be through DLL hijacking existing
applications that would seem in place at work. Worth noting that s

- CD-ROM based air gap jumping.
https://wikileaks.org/ciav7p1/cms/page_17072172.html

Truth be told I haven't actually seen a CD ROM drive for a while now, but it's
fascinating that Nero was infected this way.

- Proprietary drivers exploited on Android
https://wikileaks.org/ciav7p1/cms/page_11629096.html

There's not much to read, but it's VERY interesting in that a lot of the
exploits are related to proprietary drivers and firmware that projects like
Replicant seek to remove. For instance, GPU drivers like Adreno or Broadcom's
Wi-Fi drivers. These are things people can't update.

Night people,
Jookia.
___
Free-software-melb mailing list
Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb


Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[Glenn McIntosh]

On 08/03/17 14:14, Russell Coker wrote:
> True.  I think I've done my share of work in securing Linux systems both 
> directly through working on SE Linux and indirectly through finding bugs in 
> various daemons and applications (often due to SE Linux policy revealing 
> inappropriate things).

You'll be pleased to see that selinux gets a few mentions in the CIA
leaks :-), particularly in the Android context (eg that it prevents
normal installation of their 'RoidRage' malware, and how they get around
it).

It is a very different leak to the NSA ones. The NSA ones gave a big
picture view of the scope and magnitude of US surveillance, which
provided evidence that these agencies were not well regulated (at least
in a democratic context). The CIA leaks have the character of random
documentation about tools and processes; probably not of as much import
in a political sense, but of some interest to people working to secure
commonly used platforms.

What is interesting is that different agencies are independently working
on ways of attacking computing infrastructure. I guess duplication of
effort is the nature of a large bureaucracy.

Glenn
-- 
pgp: 833A 67F6 1966 EF5F 7AF1  DFF6 75B7 5621 6D65 6D65



signature.asc
Description: OpenPGP digital signature
___
Free-software-melb mailing list
Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb


Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[jason]

On Wed, 8 Mar 2017 03:05:00 PM russ...@coker.com.au wrote:
> Jason, your analysis is insightful and well written.  But I disagree with 
> this 
> paragraph.  The above article gives a clear example of the problems with 
> a "release all information" approach.  Releasing government information 
> that has no relevance to security (EG the amount of money spent on coffee 
> and biscuits for government employees) might be harmless, but releasing 
> information on citizens can be dangerous.  Releasing the addresses of most 
> women in a country has an obvious risk of facilitating stalking and rapes.

Russell, I don't disagree with the article about the dangers of releasing 
unfettered information. But the problem with having a secretive, unaccountable 
body deciding what is worth releasing to the public, and what isn't worth 
releasing to the public is that we have no idea what decisions are being made, 
why they are made, or what they are refusing to release.

Which is kind of exactly the problem that wikileaks usually argue they are 
addressing. Governments are collecting information about us, and are then - in 
a secretive, unaccountable manner - deciding what information we may or may not 
have.

Governments usually cite the argument, when they say they can't release some 
information, that by releasing the information they would be causing harm to 
the people they are supposed to be protecting. Strangely similar to the article 
you link to, and the argument about managing what is released. It's a 
legitimate point for governments to be making - except that we never find out 
what information governments happen to have chosen to keep from us for our own 
protection. And in that gap lies the problem wikileaks want to address.

However we'll also never know what information wikileaks have chosen to keep 
from us for our own protection. So what's the difference?

There is a slight difference. In a democracy, at least we have the thin veneer 
of an opportunity to influence our decision makers. And we have laws and 
systems designed to try and ameliorate the excesses of the dreaded 
establishment. Imperfect maybe. Let's face it, however crap they are, they all 
far exceed any public oversight or power we happen to have over wikileaks or 
Julian Assange. I'm not sure when the next election for the 'board' of 
wikileaks is happening, but I know for a fact that I don't get a vote.

If we are replacing one flawed, failing, not-very transparent information 
overlord with another flawed, even less transparent overlord, we are really not 
doing ourselves any favours, no matter how beautiful the core idea behind 
wikileaks is.

And when that organisation starts to play partisan politics with information it 
possesses, well it's turned into a monster that - if it isn't far worse than 
what it claims to be protecting us from - it's a least definitely no better.

If wikileaks want to protect individuals by withholding some information, or 
holding it until they have vetted it - well great. We all support not hurting 
innocent people through thoughtless and rash actions. So do it "as soon as 
practicable".

And if by releasing information two days after President Trump claims he was 
spied on by the CIA, then it makes wikileaks look like they are complicit with 
the new US administration, then wikileaks should wait a few weeks and do it at 
a time where it doesn't play into the hands of one political actor over 
another. As others have pointed out, it's not like anyone is astounded at this 
news. I know I'm not. Frankly, if the US government weren't doing exactly what 
the Chinese government, the Russian government, the French Government, the 
[insert any country's name] government is doing wouldn't we all be far more 
surprised?

Anyway, that's all off topic. The point is, if wikileaks want to remain "above 
politics" then they have an obligation to do everything that they can to not 
only BE above politics, but also to APPEAR to be above politics.


Jason Cleeland

-Original Message-
From: Russell Coker [mailto:russ...@coker.com.au] 
Sent: Wednesday, 8 March 2017 3:05 PM
To: free-software-melb@lists.softwarefreedom.com.au
Cc: ja...@cleeland.org
Subject: Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: 
CIA Hacking Tools Revealed

On Wed, 8 Mar 2017 02:39:58 PM ja...@cleeland.org wrote:
> If the information is all that matters, wikileaks will release all 
> information it obtains as soon as practicable and will do all things 
> possible to ensure that they do not release information at times that 
> just happen to suit partisan political interests. ESPECIALLY when 
> those partisan political interests also appear to align with the 
> partisan interests of the media star of wikileaks.

http://www.huffingtonpost.com/zeynep-tufekci/wikileaks-erdogan-
emails_b_11158792.html

Jason, your analysis is insightful and well written

Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[Russell Coker]

On Wed, 8 Mar 2017 01:46:00 PM Andri Effendi wrote:
> I think people who dismiss Assange or Snowden as "Russian Agent(s)" are
> bonkers and have been manipulated by the MSM.

I have never suggested that Snowden is a Russian agent.  He merely resides in 
Russia, there is no evidence of him favoring the Russian government.  He only 
released information about the NSA because that's all he had access to.

> I can't believe that such critical information that should be released
> to the public as part of being a so called "democracy" is seen as making
> them foreign agents.

I doubt that anyone outside a few of the more extreme members of Congress 
think that releasing such information makes them Russian agents.  Claiming 
that Russia has a free press is however good evidence of being a Russian 
agent.

> Vulnerabilities in the software that hundreds of millions (if not
> billions) use every day must be exposed and patched ASAP.

True.  I think I've done my share of work in securing Linux systems both 
directly through working on SE Linux and indirectly through finding bugs in 
various daemons and applications (often due to SE Linux policy revealing 
inappropriate things).

http://www.itwire.com/business-it-news/open-source/73441-appelbaum-banned-
from-debian-events-after-sexual-misconduct-charges.html

Could you please give us a summary of some of your contributions to Linux 
security?  A quick Google search only turned up the above.

> We can't let this Anti-Russia scare nonsense affect critically judging
> our government.
> 
> When wrong doing is exposed, IT must be the center of attention, NOT who
> revealed it.

Edward Snowden revealed wrong-doing, I and others took it seriously.  Since 
the Snowden revelations lots of things have been done to improve security, 
including a massive increase in the use of HTTPS and TOR.

This latest release by Assange is simply more of the same.  Evidence that the 
CIA is doing things on Android that the NSA was known to do on other platforms 
years ago is not particularly interesting and doesn't change anything.  I 
think that everyone who read about the Snowden leaks inferred that such things 
were being done.

> Scape goating and saying "it's all russia's fault" without proof is just
> going to alienate people and will be 100% counter productive.

It's a good thing that I never said it's Russia's fault.

But then studiously ignoring what Russia might be doing is also a bad thing.  
I think it's reasonable to believe that the Russian government has greater 
capabilities than the North Korean government and therefore they can do more 
than hack Sony.

There are more than a few people who are happy to have the US government 
monitor them.  Convince those people that Russia isn't a threat and they won't 
be particularly interested in doing anything about such problems.

> Don't take "it's russia's fault" with a grain of salt, especially
> nowadays when it is just being used as a distraction.

That's something that Trump or Palin might say.

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
___
Free-software-melb mailing list
Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb


Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[Russell Coker]

On Wed, 8 Mar 2017 01:12:16 PM Adrian Colomitchi wrote:
> > Also remember that Assange seems to be a Russian agent.
> 
> Oh, really?

Yes, anyone who claims that Russia has an open government is on the Russian 
side.  For all the flaws of the US government it doesn't openly kill 
journalists that report bad things.

> So you say:
> * it doesn't matter we know how you can be spied on or that you can be
> "serendipitous" killed by a truck or that your "secure" apps that should
> guarantee your privacy are got around. And it still doesn't matter an
> organization that should look after the american public interest chooses to
> hoard zero-days instead of disclosing/plugging them (thus letting the
> public vulnerable against others).
> * but it does matter Assange is human (thus imperfect).
> 
> Quite a twisted logic IMHO, I hope you don't mind if I'm not accepting it.

No I don't say anything like that.

Please show your messages to someone reliable and get them to advise you.  
Seek a professional advisor if necessary.

-- 
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
___
Free-software-melb mailing list
Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb


Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[Adrian Colomitchi]

> This isn't really news.
From the two messages: "Security by obscurity in these areas" vs "Assange
is ..." - which one would you consider relevant for you?

The very page linked in the original poster:

"The CIA made these systems unclassified.

Why the CIA chose to make its cyberarsenal unclassified reveals how
concepts developed for military use do not easily crossover to the
'battlefield' of cyber 'war'.

To attack its targets, the CIA usually requires that its implants
communicate with their control programs over the internet. If CIA implants,
Command & Control and Listening Post software were classified, then CIA
officers could be prosecuted or dismissed for violating rules that prohibit
placing classified information onto the Internet. Consequently the CIA has
secretly made most of its cyber spying/war code unclassified. The U.S.
government is not able to assert copyright either, due to restrictions in
the U.S. Constitution. This means that cyber 'arms' manufactures and
computer hackers can freely "pirate" these 'weapons' if they are obtained.
The CIA has primarily had to rely on obfuscation to protect its malware
secrets."




On Wed, Mar 8, 2017 at 12:23 PM, Russell Coker  wrote:

> This isn't really news. After Snowden's information this is something most
> people expected.
>
> https://www.theatlantic.com/politics/archive/2017/01/
> assange-man-in-the-news/512243/
>
> Also remember that Assange seems to be a Russian agent.
> --
> Sent from my Nexus 6P with K-9 Mail.
> ___
> Free-software-melb mailing list
> Free-software-melb@lists.softwarefreedom.com.au
> http://lists.softwarefreedom.com.au/cgi-bin/mailman/
> listinfo/free-software-melb
>
>
> Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
___
Free-software-melb mailing list
Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb


Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed

[Russell Coker]

This isn't really news. After Snowden's information this is something most 
people expected.

https://www.theatlantic.com/politics/archive/2017/01/assange-man-in-the-news/512243/

Also remember that Assange seems to be a Russian agent.
-- 
Sent from my Nexus 6P with K-9 Mail.
___
Free-software-melb mailing list
Free-software-melb@lists.softwarefreedom.com.au
http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb


Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/