WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption

[chan] anonymity/privacy/security
Oct 14 23:33

WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption https://twitter.com/wikileaks/status/839120909625606152

[chan] general
Oct 15 03:00

what? for real? how?

[chan] general
Oct 15 08:00

They wait for the decryption to complete and pick up the cleartext as you read it. It's not an actual bypass, any more than you reading this message is a "bypass of Bitmessage encryption". Still, as long as the encryption works without fault and the CIA gets the cleartext, everybody gets their paycheck. The world keeps turning, pup.

[chan3] general
Oct 15 08:03

Crypo is not broken. Hardware is. All these kids showing off with their Signals/WhatsApps/Telegrams are blind. They don't see that underneath their secure apps and secure OSes there is hardware - and this one is not secure. Moreover, it is backdoored. Stupid lemmings.

[chan3] general
Oct 16 19:39

You can bypass anything if you have physical access or the underlying systems popped.

[chan3] general
Oct 16 19:41

BINGO. NSA controls firmware of ALL smartphones remotely. So all this childish games with Whatsapps, Telegrams and Signals are just a waste of time. No trusted hardware = no security at all.

[chan] general
Oct 16 22:27

Umm, no. Think about it this way. Most residential front doors are vulnerable to explosive door-busting charges, yet we lock them everytime we go out. It's all about layers. Every single layer that you add in your security strategy increases the bad guys' cost of getting you. In the dystopian nightmare scenario, this means more things that you'll be allowed to get away with. If all you do is mail-order some ganja once a week, Signal is good enough FOR THIS PURPOSE. Yes, the USG may have a zero-day or three for your phone firmware version, but it doesn't matter: they won't waste a zero-day on petty civilian matters. This stuff costs millions. Now, if what you do is hardcore shit like political assassinations or nuclear sabotage, then no, Signal is definitely Not For You. You'll be pwn3d from hell to breakfast. Also, Telegram shmelegram. Such an obvious honeypot I can't even.

[chan] general
Oct 16 22:28

So what are you on, a PDP-11?

[chan] general
Oct 16 22:36

Quality post. It's all about knowing your 'enemy', i.e. whose radar you might be on. For example: If you are just torrenting porn and video games, you'll be ok with a US based VPN, because the alphabet soup doesn't give a shit, but if you are torrenting CP or "How to Make a Nuclear Bomb" by Kim J. Un et al., you best look for something stronger.

[chan3] general
Oct 17 12:00

I simply don't use any mobile equipment, only oldschool PCs.

[chan3] general
Oct 17 12:06

"Most residential front doors are vulnerable to explosive door-busting charges, yet we lock them everytime we go out. It's all about layers." Hardware layer owned = Bad guys are already inside your house. "they won't waste a zero-day on petty civilian matters" "whose radar you might be on" Wrong. When another Snowden leaks another batch of NSA stuff, then "This stuff costing millions" will be used by anyone advanced enought to download some code from GitHub or torrent. And sometimes such things are simply discovered, as famous Intel ME "bug".

[chan3] general
Oct 17 14:24

Nobody here has a risk/threat profile that would lead them to burn their own silicon. To say that they're games is immature and fails to understamd risk mitigation. Signal, et al, mititgate the risks being considered by the vast majority of users out there. You don't have a state actor targetting you.

[chan3] general
Oct 17 14:27

"You don't have a state actor targetting you." The problem is "state actor" is unable to keep his toys well guarded, so from time to time another Snowden will make everyone equal to this "state actor".

[chan3] general
Oct 17 14:35

And every Tom, Dick, and Harry out there isn't likely to waste time on you unless you're special. If you're not the chairman of some corporation they take offense to (hactivists), or an easy cash score (criminal), the likelihood of you being targeted is slim. That means that most people here are just paranoid without an objective reason.

[chan3] general
Oct 17 15:05

And every Tom, Dick, and Harry out there just launches full range IPv4 addresses vulnerability scanner - or has fun implementing NSA tricks into his first botnet. In just hours since leaks of vulnerability description all well-known botnets were updated and ready to use this vulnerabilities. Think about: HOURS. It takes weeks/months to software developers to update their products against such vulnerabilities.

[chan] general
Oct 17 17:48

Properly designed softwares has not the vulnerabilities. The C language is blockage to security. It mostly impossible to properly design a softwares with the C. All the softwares should uses the python.

[chan3] general
Oct 17 17:51

"Properly designed softwares has not the vulnerabilities" Yes, but what about intentionally backdoored software, like Infineon's RSA generating code? Millions of RSA keys are now easily breakable. We have to fight not only with products of incompetent programmers and vulnerable programming languages but also with intentional subversion. https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

[chan] general
Oct 17 18:05

Python is a horribly designed language that can't even upgrade from one version to the next.

[chan] general
Oct 17 18:24

This is pretty much what I just thought. Also, a definite NO, not all software should use an interpreted language.

[chan3] general
Oct 17 18:25

Python is stupid - a language barking about type of spacing character? This is ultimately moronic.

[chan] general
Oct 17 19:43

Most of my development time with Python is finding and fixing indentation errors.

[chan] general
Oct 17 19:48

Python is written in C anyway, so if it is "mostly impossible to properly design a softwares with the C" then Python itself is not a good "softwares."

[chan] general
Oct 17 20:23

My dear comrade, The original statement was a troll for useless comment, to start a flame war about programming languages. As you know, one need only criticize any language/os/platform/leader to get a really good, and useless argument going. It works like this: I pledge alliegance to the flag That open sources are a drag Linux is a sissy sys Who chokes on streams of bits And windows her better nemesis.

[chan] general
Oct 17 20:23

Pascal. Legible code.

[chan3] general
Oct 18 11:34

+1

[chan3] general
Oct 18 11:34

+1

[chan3] general
Oct 18 15:21

Most botnets aren't staged and ready for new vulns in hours. Go watch the scans you get... they're months and years behind. Most of the bad actors out there are more retarded than you'd expect and are really only getting low-hanging fruit.

[chan3] general
Oct 18 15:24

don't feed the trolls.

[chan3] general
Oct 18 18:27

Most of them - yes. But many of them have "enterprise-quality" - they are "crime-as-a-service" after all. These will be powered with new exploits in hours. And then the whole IPv4 address range will be probed. And the rest we will read in newspapers.

[chan3] general
Oct 18 18:28

I think this "Properly designed softwares has not the vulnerabilities" guy should be educated, even if he is troll.

[chan] general
Oct 18 23:37

By definition leaked != zero-day. Once it's leaked, at least it's a fair race between attack and defense. With zero-days it's a one-man race and the man is not you. That's why zero-days are so expensive and (supposedly) closely guarded. This is why personally I am an advocate of immediate full-disclosure. Because I'll always prefer a fair race to a rigged one. Rigged races, history has shown, are usually rigged AGAINST me. And you.

[chan] general
Oct 19 00:39

No offense, but this is a shitty thing to say. Snowden never published live exploits, as a matter of fact all of Snowden's disclosures so far have been FRUSTRATINGLY responsible.

[chan3] general
Oct 20 00:03

Except when his dumps have led to the names of Americans abroad being revealed, putting them and innocent lives in danger. He's a fucking asshole traitor who deserves to pay the piper.

[chan] general
Oct 20 11:44

You're probably trolling, but let me try this anyway. - this conversation was about zero-day exploits and how Snowden never disclosed any of such - names of Americans don't break networks, unless you're thinking of little Bobby Tables from https://www.xkcd.com/327/ - Snowden didn't disclose names of Americans EITHER, it was one of the Wikileaks sources who did it To me, your choice of the word "traitor" in this context indicates a faulty moral compass at best, or direct criminal affiliation at worst. No problem with either, but perhaps I can help clarify some unintentional misconceptions. Again, to make it very clear: all of Snowden's disclosures have been objective, responsible and impartial, which is very commendable considering that he exposed a dangerous criminal group operating covertly on a global scale. And he did this 100% selflessly, for no material gains, knowing that he will exit stage in a bodybag. It takes balls of steel to do this at all, but to do it in a responsible manner shows a rare human quality and really sets a gold standard for whistleblowing in the 21st century. Please think about it. It is possible to expose crime without causing harm to other human beings, and with enough people willing to stand up to bullying and speak up we may be able to reverse the tide before it drowns us all, including you, Internet stranger. Just think about it.

[chan3] general
Oct 20 19:36

The disclosure was not responsible enough. People who claim it was responsible are those who figure that the ends justified the means. If you had a loved one who died as a direct result of Snowden, you likely wouldn't be spouting that crap.

[chan] general
Oct 20 20:35

Please name the people who died as a result of Snowden.

[chan3] general
Oct 20 20:49

You wiill find some of their names on the memorial wall in CIA.

[chan] general
Oct 20 20:51

Snowden is a traitor. He is deliberately undermining confidence of the people in their nation. The NSA does not care about your emails or my emails. The NSA snarfs data to do counter intelligence--mainly to capture Russian spies. When they find a Russian operative in one of our government offices, instead of outing him/her they blackmail the bastard, forcing them to double agent on their Russian benefactors. If this is not doable they quietly dispose of the person. Anyone who thinks the NSA cares about Crypto-Anarchists or Cypherpunks is deluded. There are many Cypherpunks on NSA payroll.

[chan] general
Oct 20 21:06

You clowns are spreading invented hersay and disinfo. You ought to be fed your own ballsack. Please name the people who died as a result of Snowden. An anonymous reference to bullshit on a wall is not acceptable. I require you to recant your lies or eat your own dick.

[chan3] general
Oct 20 21:09

I know you are suffering, knowing your traitor-hero killed thousands of Americans by his treason, but be a man and face the facts. And stop being razviedka's gavnoyed. Thank you.

[chan] general
Oct 20 21:11

For logically challenged clownbots: Hearsay evidence is "an out-of-court statement introduced to prove the truth of matter asserted therein". In certain courts, hearsay evidence is inadmissible (the "Hearsay Evidence Rule") unless an exception to the Hearsay Rule applies.

[chan] general
Oct 20 21:14

I never said Snowden was innocent. You are trying to polarize a multi-faceted situation. That makes you a liar, too. If you are going to accuse a man, innuendoes and hearsay are not valid accusations. That is how liars operate.

[chan] general
Oct 20 23:39

I know that Snowden is a traitor. I have posted several times here over the last couple years that Snowden is a Russian dupe. You assume, wrongly so, that my words are meant to defend Snowden. You must think more clearly. If you are going to claim Snowden got people killed, you must name his victims, or not make the allegation. Snowden's provable crime was collaborating with our enemies, espionage, unauthorized release of classified documents, etc. Those are provable allegations. A bald claim that he got people killed does not help illuminate the truth of the situation. That he could of put people in danger does not equal that he DID get people killed. If you make an allegation without providing the evidence, it is slander or libel, no matter how unsavory the accused be. Snowden caused massive damage to the operational security of our intelligence operations at home and abroad. It is clear that he is guilty of that. Let's stick to what we can clearly prove, lest we look like we've an axe to grind. I am not a Russian and I've always despised the Russians. I even had the opportunity to fuck some hot and horny Russian sluts to which I declined because I disliked Russians so much. I actually love my country more than my own dick. For you to falsely accuse me of sympathies for the enemy, again without any evidence, makes you look like a kooky axe grinder. Don't tell lies and unprovable accusations.

[chan] general
Oct 20 23:47

NSA here. Your nation loves you. Do something about your dick problem. We won't tell.

[chan] general
Oct 21 04:20

The NSA is an espionage service of a foreign country, which has severely and repeatedly broken the laws of its own country and has lied to its own Congress - that is, in addition to the whole rest of the world. Put it this way, the NSA has committed more crimes and harmed more people than Snowden did, in any country of the world, including the USA. It is, right now, a criminal organization out of control. That they believe otherwise doesn't change the facts. I am not saying anybody should be killed or made to suffer because of this. I'm saying that if we want to put an end to this (which apparently you don't), we can start by exposing their wrongdoings publicly, allowing both their and their victims' voices to be heard, get the dialogue going and hopefully change this poisonous culture of hostility into one of cooperation within a proper, provable and trustless framework of checks and balances. Sunlight, they say, is the best disinfectant.

[chan] anonymity/privacy/security
Jan 7 11:05

WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption https://twitter.com/wikileaks/status/839120909625606152

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
(no subject) Feb 25 17:48 19
Hardware viruses, trojans, backdoors. Feb 25 17:30 3
978DA7EA45CD4ECA949DC8D4E44ABC30 Feb 25 17:02 11
Secret Radio Frequencies Feb 25 16:55 4
online-anonymity-project-proxyham-mysteriously-vanishes Feb 25 16:47 1
82AE01B9FF0722B70C3B4B61EAABF978 Feb 25 16:45 1
37A18712AC096D4E35A8CA7067E6345A Feb 25 16:41 1
8E0F47FDCBCC794EF3E38BDF7225D918 Feb 25 16:37 1
795F4ACE4B79A1C3EE6F241D4BEC0440 Feb 25 16:36 1
65652D7799DFC6AE6305F5B9B97EC176 Feb 25 16:15 2
DAFUQ? Explain this to me Feb 25 14:19 3
1FFC8731EB8C47DCFF0EFB777FF64172 Feb 25 13:58 1
2D445A4699A9877B9B72CC416B3369A1 Feb 25 13:09 1
B5636366C5703ACCCBCE47DA943E183D Feb 25 13:07 1
The Masonic anti-God Globe Earth Scam Feb 25 10:09 2
3A1DC31A8E08A92E108D20FC487A8F0A Feb 25 09:50 1
bliss Feb 25 09:33 4
A Flat Earth Song: "Puppet Show" YOU HAVE TO HEAR THIS!! Feb 25 09:31 3
> His mental illness should not be a concern to you. Feb 25 08:57 2
44A76B43CEB3F8686E4C54CF7625FB60 Feb 25 08:41 1
Keep Calm and Delete Feb 25 08:34 1
DO YOU SUSPECT YOUR HUSBAND/WIFE/PARTNER OF CHEATING? Feb 25 08:32 2
CONTACT THIS FANTASTIC HACKER FOR ALL YOUR HACK RELATED PROBLEMS AND YOU WILL BE GLAD YOU DID. SHE'S A GODDESS AND HER WORK SPEAKS FOR HER. Feb 25 08:32 2
Programmer offering hacking services [certified usa] Feb 25 08:27 3
Bitcoin payments wordpress Feb 25 08:16 8
Nikola Tesla, inventor of radio, microwave, was a Flat Earther Feb 25 08:09 2
B261717BDFD27381D0D8384E539BBD00 Feb 25 08:04 1
Julian Assange is a Fraud - Protocols of Zion - Rich Planet TV Feb 25 07:58 1
Actually USA intelligence agencies DO CARE about citizens privacy... Feb 25 07:56 1
US Intelligence Agencies do care about privacy Feb 25 07:56 1
Globe Earthers Spend More Effort Opposing the Flat Earth Than They Spend Opposing Child Molestors. Feb 25 07:50 2
9BCC0780B64294EFCF9CDB5A77AB6A40 Feb 25 07:48 1
Flat earth We didn't land on the Moon Former NASA Scientist admits Game over for NASA Feb 25 07:08 2
Oh crap. Should have googled it first: Feb 25 06:50 1
How far are the stars? Feb 25 06:35 1
The Papal Bloodlines / The Secret Shadow Hierarchy of The Jesuit Order Feb 25 01:57 1
The Purity Of Loyola's Blood, Jews & The Jesuits (2017) Feb 25 01:22 1
Need C programming full course for free Feb 25 01:06 2
The time to choose is now Feb 25 00:16 4
AF891D65323022172F3E75013AA85875 Feb 24 21:52 1
BCC35DF9E516F2AD540D448F1EBD768B Feb 24 20:08 1
amazon sucks Feb 24 19:59 2
67AEC724FE7611F151217C4C88ABCABE Feb 24 19:44 1
Breakthrough Nanotechnology Will Bring 100 Terabyte 3.5-inch Digital Data Storage Disks Feb 24 19:43 5
http://www.endlesscompression.com/ Feb 24 19:14 2
DA4211BCF55D74EDBA8B98A49E8BAEC2 Feb 24 19:04 1
Four Patents That Changed Enterprise Storage Feb 24 18:59 1
InPhase Demos 515 Gigabits Per Square Inch Data Density Feb 24 18:58 1
SOGO 7 DATA GLOVES Feb 24 18:53 1
2610F99FF47FC6F6D579362255D9B5D9 Feb 24 17:08 1
10BB67C909B65664FB63EDC828AEE242 Feb 24 17:05 2
CHANGE GRADE AND MAKE QUICK REVIEW OF YOUR GRADE Feb 24 16:37 3
4D79130A75C66BF3DB229F05D4A90802 Feb 24 16:18 4
53ED5606E95EE48C18B24B20D2B71448 Feb 24 13:54 1
2EEC61FAE3062939642A51AEDB74CC9A Feb 24 13:01 1
ED08DE33338294F4BEF09F9221D1BA9D Feb 24 12:43 1
Secure alternative to Bitmessage Feb 24 12:35 1
Everything wrong with SpaceX "Car in Space" ✞ Feb 24 12:31 1
Roman Cult 0f The Khazars - The Best Documentary Ever Feb 24 12:12 1
316FA63F7F50974B06A3F6DCC6C4B7DA Feb 24 11:57 1
Consider this problem. Feb 24 10:56 5
FLAT EARTH, why is there even a debate? ✞ Feb 24 10:32 3
Code editing. Feb 24 10:32 1
9789F25C5F926A0C188E79A4972C9CC7 Feb 24 10:17 1
0B71EEFA0593D95EA8F84C9CFAE1E7EE Feb 24 09:54 1
teen girl Feb 24 09:50 26
B8DEFBAC42E22C503F985920212A213A Feb 24 09:27 1
http://33xtkivab2nthghe.onion/7uim34gdxs5z6b5l72nbji7ste Feb 24 09:24 3
Something About the Space X Launch Nobody's Talking About Feb 24 09:10 1
Werner Von Brun & Elon Musk Feb 24 09:09 1
Activity? Feb 24 08:59 10
ED47D78C3BD96F1323A62C8F22DA9E9F Feb 24 08:55 1
4D59FE4E24CB9CA99A4FD42C768EB49F Feb 24 08:25 1
7CD1D043C41289A946137929383E78D9 Feb 24 07:37 1
3C40541C726C0B016ED981207822F5A0 Feb 24 07:08 1
13E680DC5B84DF0D03767ECF2CFFE8D4 Feb 24 06:19 1
237A595826940D90EECA06C715A68B68 Feb 24 06:15 1
JESUIT CONTROLLED PUTIN EXPOSED Feb 24 05:56 1
Flat Earth Superstars - NASA's Clowns for Kids! ✞ Feb 24 05:54 1
mystery messages Feb 23 22:45 2
3DD7565334ADB19D38190641B2477828 Feb 23 22:41 1
F58E31B8D87F4724AD27A73B1B9656FF Feb 23 21:27 1
DE8975959349247D953791775BF63E45 Feb 23 21:24 1
D6CE15AB34FE08559D25529F7B657480 Feb 23 21:22 1
BCE7C29CAA0CBFBDE58976534D9A9323 Feb 23 20:59 1
ḎѦℝḲИ∃† Ḏℐℜ∃☾†☮ℛẎ Å$ϟℐ$†Åℕℭ∃ Feb 23 20:11 1
teste Feb 23 20:00 3
6D9B9149AAF3D12878E6A4839CEECF14 Feb 23 19:36 1
fsdfdfs Feb 23 19:10 1
CAFBBB9E47C55E5A49C46D22C83027AA Feb 23 18:39 1
Nationalism Feb 23 18:35 10
63C146B78BEEBD4B6365077409F429F3 Feb 23 18:17 1
C0D5A4671987F245F89051AD992587EB Feb 23 18:00 1
879519BB0DCC7C65CF8425313A18F6A6 Feb 23 17:58 1
do hackers use bitmessage? Feb 23 16:49 4
8A9B4EC9739FA57AD2ECF47E2DA8FDA7 Feb 23 15:27 1
3E9379F05569B094FAD610B95826C5D0 Feb 23 14:52 1
Holocaust Facts Feb 23 14:26 1
FD1299B9284A72AB6B7797DC265C3783 Feb 23 13:02 1
760AD0E86D2173E14839338B9448BA4D Feb 23 12:59 1