Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
On 08/03/17 12:23, Russell Coker wrote: > This isn't really news. After Snowden's information this is something most > people expected. > > https://www.theatlantic.com/politics/archive/2017/01/assange-man-in-the-news/512243/ > > Also remember that Assange seems to be a Russian agent. Hi Russell and Andri, I'm sorry I hadn't read this thread sooner. It's probably not my place to moderate this list any more, I'm going to chime in anyway. Russell, the above was unnecessarily dismissive of Andri's concerns about CIA hacking. I don't think it ever hurts to be passionate and outraged when privacy violations are revealed, and to use this to start a conversation about free software. We value your work as a security expert - thank you! :) That doesn't preclude others from having a say though. Questioning Andri's credentials and dragging the Jacob Abbelbaum issue was inappropriate. Andri, please don't ever lose your passion for free software! :) Do lean towards ignoring comments that you don't agree with rather than debating them and getting dragged off-topic. Don't be too quick to take things personally. Regards, Ben signature.asc Description: OpenPGP digital signature ___ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
https://mobile.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html?smid=fb-nytimes=cur=http://m.facebook.com/ -- Sent from my Nexus 6P with K-9 Mail. ___ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
On Thu, Mar 09, 2017 at 06:41:00PM +1100, Russell Coker wrote: > I agree that reducing the attack surface is good, but I doubt that dealing > with BIOS bugs actually achieves that goal. To get to the BIOS an attacker > has to either compromise the kernel/acpid or gain physical access to the > system. It's well known that there are a variety of ways of intercepting key > presses that an attacker could use to get the passphrase to your encrypted > filesystems, GPG key, etc after they made a copy of your disk. > > It's easy to imagine how EFI attacks could be useful in attacking a corporate > desktop PC standard running Windows with signed kernel etc. But I can't > imagine how it could be the most effective attack against the typical people > who are involved in groups like this. I look at it more as investing time and effort than threat models. It took me maybe a week or two to set coreboot up on my T400, and now it's much less exposed than its previous BIOS. In addition I've removed ME, so I have a mostly free boot system running. > Android is theoretically free software (ignoring the binary driver issue) via > the AOSP. But in practice it's too difficult for me to install one of the > other > versions, and I was using Linux in 1992! You tend to have to get the phone that you know will work with a ROM. ___ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
On Thu, 9 Mar 2017 07:41:37 AM Jookia wrote: > I don't plan to make my system resistant to a full-scale CIA attack, but I > do like having a BIOS that isn't a complete and buggy operating system in > itself. I think reducing the attack surface is always a worthy goal. I agree that reducing the attack surface is good, but I doubt that dealing with BIOS bugs actually achieves that goal. To get to the BIOS an attacker has to either compromise the kernel/acpid or gain physical access to the system. It's well known that there are a variety of ways of intercepting key presses that an attacker could use to get the passphrase to your encrypted filesystems, GPG key, etc after they made a copy of your disk. It's easy to imagine how EFI attacks could be useful in attacking a corporate desktop PC standard running Windows with signed kernel etc. But I can't imagine how it could be the most effective attack against the typical people who are involved in groups like this. > > http://laforge.gnumonks.org/blog/20160920-openmoko_10years/ > > > > > > > > This is worth reading. > > Yeah, the state of things is really bad. I did the initial port of > Replicant 6 to the i9100 last year, so I'm running that on my phone. It > works well enough but I still use the compromised wi-fi blobs out of > convenience. It's such a headache that at this point I'm considering > avoiding using a phone for things other than calls and messages. It seems to me that one of the biggest factors in developing free software on PCs is the ability to change floppy disks and hard drives between systems. If you mess up the configuration of Linux on a PC you can install that hard drive in another PC to fix it. Phones have images that are specific to the CPU and chipset, you can't boot an image for your Nexus 7 in a Nexus 5 for test purposes. The images are loaded in storage soldered to the motherboard so you can't switch images. If you convinced me that some new Linux distribution was worth trying I could easily install a spare hard drive in one of my PCs and test it out. I can't install a SD card in one of my phones for testing a different Android build. Android is theoretically free software (ignoring the binary driver issue) via the AOSP. But in practice it's too difficult for me to install one of the other versions, and I was using Linux in 1992! -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
On Wed, Mar 08, 2017 at 05:12:18PM +1100, Glenn McIntosh wrote: > You'll be pleased to see that selinux gets a few mentions in the CIA > leaks :-), particularly in the Android context (eg that it prevents > normal installation of their 'RoidRage' malware, and how they get around > it). > > It is a very different leak to the NSA ones. The NSA ones gave a big > picture view of the scope and magnitude of US surveillance, which > provided evidence that these agencies were not well regulated (at least > in a democratic context). The CIA leaks have the character of random > documentation about tools and processes; probably not of as much import > in a political sense, but of some interest to people working to secure > commonly used platforms. > > What is interesting is that different agencies are independently working > on ways of attacking computing infrastructure. I guess duplication of > effort is the nature of a large bureaucracy. > > Glenn > -- > pgp: 833A 67F6 1966 EF5F 7AF1 DFF6 75B7 5621 6D65 6D65 Just popping in to the less political side of the thread, it's nice to see that SELinux gets a few mentions. I still haven't put much effort in to secure my desktop how I'd like it to be done but it might be a good time to do some more messing around to get something I can feel somewhat safe with. Regarding the leaks: There's really not much there unless I missed a huge block of information. It's annoying that some pages are empty but subpages aren't. A few things struck out at me on my brief read throughout the day: - Most of it is aimed towards end-user devices, such as Windows or Android. - Most issues come from proprietary and/or popular software. - There's no talk of defeating crypto. Some things that interested me: - Win32 programming is top secret. https://wikileaks.org/ciav7p1/cms/page_11629041.html LOL - EFI seems to be a really interesting attack vector. https://wikileaks.org/ciav7p1/cms/page_3375460.html We all know how terrible EFI is, and if you're not running some version of coreboot on your machine then you should be a little worried about this. - Ricky Bobby malware?! https://wikileaks.org/ciav7p1/cms/page_16385046.html https://wikileaks.org/ciav7p1/cms/page_16385073.html https://wikileaks.org/ciav7p1/cms/page_15728810.html https://wikileaks.org/ciav7p1/cms/page_15729131.html https://wikileaks.org/ciav7p1/cms/page_15729066.html https://wikileaks.org/ciav7p1/cms/page_20251107.html (Sorry for the list, I advise skimming them) It looks like typical botnet malware, but it's interesting seeing this side since the malware is used by agents to collect data. It also hides information in filesystem metadata or THROUGH STEGANOGRAPHY! Leveraging existing applications seems to be through DLL hijacking existing applications that would seem in place at work. Worth noting that s - CD-ROM based air gap jumping. https://wikileaks.org/ciav7p1/cms/page_17072172.html Truth be told I haven't actually seen a CD ROM drive for a while now, but it's fascinating that Nero was infected this way. - Proprietary drivers exploited on Android https://wikileaks.org/ciav7p1/cms/page_11629096.html There's not much to read, but it's VERY interesting in that a lot of the exploits are related to proprietary drivers and firmware that projects like Replicant seek to remove. For instance, GPU drivers like Adreno or Broadcom's Wi-Fi drivers. These are things people can't update. Night people, Jookia. ___ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
On 08/03/17 14:14, Russell Coker wrote: > True. I think I've done my share of work in securing Linux systems both > directly through working on SE Linux and indirectly through finding bugs in > various daemons and applications (often due to SE Linux policy revealing > inappropriate things). You'll be pleased to see that selinux gets a few mentions in the CIA leaks :-), particularly in the Android context (eg that it prevents normal installation of their 'RoidRage' malware, and how they get around it). It is a very different leak to the NSA ones. The NSA ones gave a big picture view of the scope and magnitude of US surveillance, which provided evidence that these agencies were not well regulated (at least in a democratic context). The CIA leaks have the character of random documentation about tools and processes; probably not of as much import in a political sense, but of some interest to people working to secure commonly used platforms. What is interesting is that different agencies are independently working on ways of attacking computing infrastructure. I guess duplication of effort is the nature of a large bureaucracy. Glenn -- pgp: 833A 67F6 1966 EF5F 7AF1 DFF6 75B7 5621 6D65 6D65 signature.asc Description: OpenPGP digital signature ___ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
On Wed, 8 Mar 2017 03:05:00 PM russ...@coker.com.au wrote: > Jason, your analysis is insightful and well written. But I disagree with > this > paragraph. The above article gives a clear example of the problems with > a "release all information" approach. Releasing government information > that has no relevance to security (EG the amount of money spent on coffee > and biscuits for government employees) might be harmless, but releasing > information on citizens can be dangerous. Releasing the addresses of most > women in a country has an obvious risk of facilitating stalking and rapes. Russell, I don't disagree with the article about the dangers of releasing unfettered information. But the problem with having a secretive, unaccountable body deciding what is worth releasing to the public, and what isn't worth releasing to the public is that we have no idea what decisions are being made, why they are made, or what they are refusing to release. Which is kind of exactly the problem that wikileaks usually argue they are addressing. Governments are collecting information about us, and are then - in a secretive, unaccountable manner - deciding what information we may or may not have. Governments usually cite the argument, when they say they can't release some information, that by releasing the information they would be causing harm to the people they are supposed to be protecting. Strangely similar to the article you link to, and the argument about managing what is released. It's a legitimate point for governments to be making - except that we never find out what information governments happen to have chosen to keep from us for our own protection. And in that gap lies the problem wikileaks want to address. However we'll also never know what information wikileaks have chosen to keep from us for our own protection. So what's the difference? There is a slight difference. In a democracy, at least we have the thin veneer of an opportunity to influence our decision makers. And we have laws and systems designed to try and ameliorate the excesses of the dreaded establishment. Imperfect maybe. Let's face it, however crap they are, they all far exceed any public oversight or power we happen to have over wikileaks or Julian Assange. I'm not sure when the next election for the 'board' of wikileaks is happening, but I know for a fact that I don't get a vote. If we are replacing one flawed, failing, not-very transparent information overlord with another flawed, even less transparent overlord, we are really not doing ourselves any favours, no matter how beautiful the core idea behind wikileaks is. And when that organisation starts to play partisan politics with information it possesses, well it's turned into a monster that - if it isn't far worse than what it claims to be protecting us from - it's a least definitely no better. If wikileaks want to protect individuals by withholding some information, or holding it until they have vetted it - well great. We all support not hurting innocent people through thoughtless and rash actions. So do it "as soon as practicable". And if by releasing information two days after President Trump claims he was spied on by the CIA, then it makes wikileaks look like they are complicit with the new US administration, then wikileaks should wait a few weeks and do it at a time where it doesn't play into the hands of one political actor over another. As others have pointed out, it's not like anyone is astounded at this news. I know I'm not. Frankly, if the US government weren't doing exactly what the Chinese government, the Russian government, the French Government, the [insert any country's name] government is doing wouldn't we all be far more surprised? Anyway, that's all off topic. The point is, if wikileaks want to remain "above politics" then they have an obligation to do everything that they can to not only BE above politics, but also to APPEAR to be above politics. Jason Cleeland -Original Message- From: Russell Coker [mailto:russ...@coker.com.au] Sent: Wednesday, 8 March 2017 3:05 PM To: free-software-melb@lists.softwarefreedom.com.au Cc: ja...@cleeland.org Subject: Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed On Wed, 8 Mar 2017 02:39:58 PM ja...@cleeland.org wrote: > If the information is all that matters, wikileaks will release all > information it obtains as soon as practicable and will do all things > possible to ensure that they do not release information at times that > just happen to suit partisan political interests. ESPECIALLY when > those partisan political interests also appear to align with the > partisan interests of the media star of wikileaks. http://www.huffingtonpost.com/zeynep-tufekci/wikileaks-erdogan- emails_b_11158792.html Jason, your analysis is insightful and well written
Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
On Wed, 8 Mar 2017 01:46:00 PM Andri Effendi wrote: > I think people who dismiss Assange or Snowden as "Russian Agent(s)" are > bonkers and have been manipulated by the MSM. I have never suggested that Snowden is a Russian agent. He merely resides in Russia, there is no evidence of him favoring the Russian government. He only released information about the NSA because that's all he had access to. > I can't believe that such critical information that should be released > to the public as part of being a so called "democracy" is seen as making > them foreign agents. I doubt that anyone outside a few of the more extreme members of Congress think that releasing such information makes them Russian agents. Claiming that Russia has a free press is however good evidence of being a Russian agent. > Vulnerabilities in the software that hundreds of millions (if not > billions) use every day must be exposed and patched ASAP. True. I think I've done my share of work in securing Linux systems both directly through working on SE Linux and indirectly through finding bugs in various daemons and applications (often due to SE Linux policy revealing inappropriate things). http://www.itwire.com/business-it-news/open-source/73441-appelbaum-banned- from-debian-events-after-sexual-misconduct-charges.html Could you please give us a summary of some of your contributions to Linux security? A quick Google search only turned up the above. > We can't let this Anti-Russia scare nonsense affect critically judging > our government. > > When wrong doing is exposed, IT must be the center of attention, NOT who > revealed it. Edward Snowden revealed wrong-doing, I and others took it seriously. Since the Snowden revelations lots of things have been done to improve security, including a massive increase in the use of HTTPS and TOR. This latest release by Assange is simply more of the same. Evidence that the CIA is doing things on Android that the NSA was known to do on other platforms years ago is not particularly interesting and doesn't change anything. I think that everyone who read about the Snowden leaks inferred that such things were being done. > Scape goating and saying "it's all russia's fault" without proof is just > going to alienate people and will be 100% counter productive. It's a good thing that I never said it's Russia's fault. But then studiously ignoring what Russia might be doing is also a bad thing. I think it's reasonable to believe that the Russian government has greater capabilities than the North Korean government and therefore they can do more than hack Sony. There are more than a few people who are happy to have the US government monitor them. Convince those people that Russia isn't a threat and they won't be particularly interested in doing anything about such problems. > Don't take "it's russia's fault" with a grain of salt, especially > nowadays when it is just being used as a distraction. That's something that Trump or Palin might say. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
On Wed, 8 Mar 2017 01:12:16 PM Adrian Colomitchi wrote: > > Also remember that Assange seems to be a Russian agent. > > Oh, really? Yes, anyone who claims that Russia has an open government is on the Russian side. For all the flaws of the US government it doesn't openly kill journalists that report bad things. > So you say: > * it doesn't matter we know how you can be spied on or that you can be > "serendipitous" killed by a truck or that your "secure" apps that should > guarantee your privacy are got around. And it still doesn't matter an > organization that should look after the american public interest chooses to > hoard zero-days instead of disclosing/plugging them (thus letting the > public vulnerable against others). > * but it does matter Assange is human (thus imperfect). > > Quite a twisted logic IMHO, I hope you don't mind if I'm not accepting it. No I don't say anything like that. Please show your messages to someone reliable and get them to advise you. Seek a professional advisor if necessary. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
> This isn't really news. From the two messages: "Security by obscurity in these areas" vs "Assange is ..." - which one would you consider relevant for you? The very page linked in the original poster: "The CIA made these systems unclassified. Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the 'battlefield' of cyber 'war'. To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber 'arms' manufactures and computer hackers can freely "pirate" these 'weapons' if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets." On Wed, Mar 8, 2017 at 12:23 PM, Russell Cokerwrote: > This isn't really news. After Snowden's information this is something most > people expected. > > https://www.theatlantic.com/politics/archive/2017/01/ > assange-man-in-the-news/512243/ > > Also remember that Assange seems to be a Russian agent. > -- > Sent from my Nexus 6P with K-9 Mail. > ___ > Free-software-melb mailing list > Free-software-melb@lists.softwarefreedom.com.au > http://lists.softwarefreedom.com.au/cgi-bin/mailman/ > listinfo/free-software-melb > > > Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/ ___ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed
This isn't really news. After Snowden's information this is something most people expected. https://www.theatlantic.com/politics/archive/2017/01/assange-man-in-the-news/512243/ Also remember that Assange seems to be a Russian agent. -- Sent from my Nexus 6P with K-9 Mail. ___ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/