http://blogs.computerworld.com/privacy/24145/leaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance?source=CTWNLE_nlt_security_2014-07-17
Leaked GCHQ catalog of exploit tools for manipulation and mass surveillance
By Darlene Storm
July 16, 2014 1:22 PM EDTAdd a comment
Just as
Hello list,
We know something about the selectors that could trigger Foxacid
attacks, and we can record the data sent to a machine running Tor
Browser Bundle. So has anyone set up a sitting duck to trigger and
record the payload of the attack?
Once the payload is known then Firefox
On Thu, Jul 17, 2014 at 03:14:32PM -0400, Jonathan Wilkes wrote:
We know something about the selectors that could trigger
Foxacid attacks, and we can record the data sent to a machine
running Tor Browser Bundle. So has anyone set up a sitting duck to
trigger and record the payload of the
On Thu, Jul 17, 2014 at 12:32:26PM -0700, coderman wrote:
And once you've patched this bug, FOXACID will update to issue another
0day.
It's worth doing, for sure! Patching bugs makes us all incrementally
safer.
this is exactly why some who have received these payloads are sitting
on
On Thu, Jul 17, 2014 at 1:11 PM, coderman coder...@gmail.com wrote:
...
Forcing deployments to move to more interesting bugs will also give
insight into IAs' exploit sourcing methodologies.
this is absolutely true and useful,
and does not require making specific exploits public.
i have
On Thu, Jul 17, 2014 at 1:11 PM, coderman coder...@gmail.com wrote:
...
- if you want to thwart FOXACID type attacks there are ways to do it
without knowing specific payloads. (architectural and broad
techniques, not fingerprints on binaries or call graphs)
some specific examples:
A:
On 07/17/2014 04:11 PM, coderman wrote:
On Thu, Jul 17, 2014 at 12:41 PM, Andy Isaacson a...@hexapodia.org wrote:
...
this is exactly why some who have received these payloads are sitting
on them, rather than disclosing.
Hmmm, that seems pretty antisocial and shortsighted. While the pool of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andy Isaacson wrote:
this is exactly why some who have received these payloads are
sitting on them, rather than disclosing.
Hmmm, that seems pretty antisocial and shortsighted. While the
pool of bugs is large, it is finite. Get bugs fixed and
On 07/17/2014 05:57 PM, Griffin Boyce wrote:
Andy Isaacson wrote:
this is exactly why some who have received these payloads are
sitting on them, rather than disclosing.
Hmmm, that seems pretty antisocial and shortsighted. While the
pool of bugs is large, it is finite. Get bugs fixed and
On Thu, Jul 17, 2014 at 2:57 PM, Griffin Boyce grif...@cryptolab.net wrote:
...
Solidarity is really important here. Increased security for those
who actively set honeytraps doesn't really scale at all, and most
people will never reap the rewards of this work. =/
it doesn't scale at all,
10 matches
Mail list logo
