WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption

BM-2cSk2dYBQ1q19b5PvzdKLMs8CDbC9fwTY5
Oct 14 23:33 [raw]

WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption https://twitter.com/wikileaks/status/839120909625606152

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 15 03:00 [raw]

what? for real? how?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 15 08:00 [raw]

They wait for the decryption to complete and pick up the cleartext as you read it. It's not an actual bypass, any more than you reading this message is a "bypass of Bitmessage encryption". Still, as long as the encryption works without fault and the CIA gets the cleartext, everybody gets their paycheck. The world keeps turning, pup.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 15 08:03 [raw]

Crypo is not broken. Hardware is. All these kids showing off with their Signals/WhatsApps/Telegrams are blind. They don't see that underneath their secure apps and secure OSes there is hardware - and this one is not secure. Moreover, it is backdoored. Stupid lemmings.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 16 19:39 [raw]

You can bypass anything if you have physical access or the underlying systems popped.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 16 19:41 [raw]

BINGO. NSA controls firmware of ALL smartphones remotely. So all this childish games with Whatsapps, Telegrams and Signals are just a waste of time. No trusted hardware = no security at all.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 22:27 [raw]

Umm, no. Think about it this way. Most residential front doors are vulnerable to explosive door-busting charges, yet we lock them everytime we go out. It's all about layers. Every single layer that you add in your security strategy increases the bad guys' cost of getting you. In the dystopian nightmare scenario, this means more things that you'll be allowed to get away with. If all you do is mail-order some ganja once a week, Signal is good enough FOR THIS PURPOSE. Yes, the USG may have a zero-day or three for your phone firmware version, but it doesn't matter: they won't waste a zero-day on petty civilian matters. This stuff costs millions. Now, if what you do is hardcore shit like political assassinations or nuclear sabotage, then no, Signal is definitely Not For You. You'll be pwn3d from hell to breakfast. Also, Telegram shmelegram. Such an obvious honeypot I can't even.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 22:28 [raw]

So what are you on, a PDP-11?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 22:36 [raw]

Quality post. It's all about knowing your 'enemy', i.e. whose radar you might be on. For example: If you are just torrenting porn and video games, you'll be ok with a US based VPN, because the alphabet soup doesn't give a shit, but if you are torrenting CP or "How to Make a Nuclear Bomb" by Kim J. Un et al., you best look for something stronger.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 12:00 [raw]

I simply don't use any mobile equipment, only oldschool PCs.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 12:06 [raw]

"Most residential front doors are vulnerable to explosive door-busting charges, yet we lock them everytime we go out. It's all about layers." Hardware layer owned = Bad guys are already inside your house. "they won't waste a zero-day on petty civilian matters" "whose radar you might be on" Wrong. When another Snowden leaks another batch of NSA stuff, then "This stuff costing millions" will be used by anyone advanced enought to download some code from GitHub or torrent. And sometimes such things are simply discovered, as famous Intel ME "bug".

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:24 [raw]

Nobody here has a risk/threat profile that would lead them to burn their own silicon. To say that they're games is immature and fails to understamd risk mitigation. Signal, et al, mititgate the risks being considered by the vast majority of users out there. You don't have a state actor targetting you.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:27 [raw]

"You don't have a state actor targetting you." The problem is "state actor" is unable to keep his toys well guarded, so from time to time another Snowden will make everyone equal to this "state actor".

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:35 [raw]

And every Tom, Dick, and Harry out there isn't likely to waste time on you unless you're special. If you're not the chairman of some corporation they take offense to (hactivists), or an easy cash score (criminal), the likelihood of you being targeted is slim. That means that most people here are just paranoid without an objective reason.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 15:05 [raw]

And every Tom, Dick, and Harry out there just launches full range IPv4 addresses vulnerability scanner - or has fun implementing NSA tricks into his first botnet. In just hours since leaks of vulnerability description all well-known botnets were updated and ready to use this vulnerabilities. Think about: HOURS. It takes weeks/months to software developers to update their products against such vulnerabilities.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 17:48 [raw]

Properly designed softwares has not the vulnerabilities. The C language is blockage to security. It mostly impossible to properly design a softwares with the C. All the softwares should uses the python.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 17:51 [raw]

"Properly designed softwares has not the vulnerabilities" Yes, but what about intentionally backdoored software, like Infineon's RSA generating code? Millions of RSA keys are now easily breakable. We have to fight not only with products of incompetent programmers and vulnerable programming languages but also with intentional subversion. https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 18:05 [raw]

Python is a horribly designed language that can't even upgrade from one version to the next.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 18:24 [raw]

This is pretty much what I just thought. Also, a definite NO, not all software should use an interpreted language.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 18:25 [raw]

Python is stupid - a language barking about type of spacing character? This is ultimately moronic.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 19:43 [raw]

Most of my development time with Python is finding and fixing indentation errors.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 19:48 [raw]

Python is written in C anyway, so if it is "mostly impossible to properly design a softwares with the C" then Python itself is not a good "softwares."

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 20:23 [raw]

My dear comrade, The original statement was a troll for useless comment, to start a flame war about programming languages. As you know, one need only criticize any language/os/platform/leader to get a really good, and useless argument going. It works like this: I pledge alliegance to the flag That open sources are a drag Linux is a sissy sys Who chokes on streams of bits And windows her better nemesis.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 20:23 [raw]

Pascal. Legible code.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 11:34 [raw]

+1

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 11:34 [raw]

+1

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 15:21 [raw]

Most botnets aren't staged and ready for new vulns in hours. Go watch the scans you get... they're months and years behind. Most of the bad actors out there are more retarded than you'd expect and are really only getting low-hanging fruit.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 15:24 [raw]

don't feed the trolls.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 18:27 [raw]

Most of them - yes. But many of them have "enterprise-quality" - they are "crime-as-a-service" after all. These will be powered with new exploits in hours. And then the whole IPv4 address range will be probed. And the rest we will read in newspapers.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 18:28 [raw]

I think this "Properly designed softwares has not the vulnerabilities" guy should be educated, even if he is troll.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 18 23:37 [raw]

By definition leaked != zero-day. Once it's leaked, at least it's a fair race between attack and defense. With zero-days it's a one-man race and the man is not you. That's why zero-days are so expensive and (supposedly) closely guarded. This is why personally I am an advocate of immediate full-disclosure. Because I'll always prefer a fair race to a rigged one. Rigged races, history has shown, are usually rigged AGAINST me. And you.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 19 00:39 [raw]

No offense, but this is a shitty thing to say. Snowden never published live exploits, as a matter of fact all of Snowden's disclosures so far have been FRUSTRATINGLY responsible.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 20 00:03 [raw]

Except when his dumps have led to the names of Americans abroad being revealed, putting them and innocent lives in danger. He's a fucking asshole traitor who deserves to pay the piper.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 11:44 [raw]

You're probably trolling, but let me try this anyway. - this conversation was about zero-day exploits and how Snowden never disclosed any of such - names of Americans don't break networks, unless you're thinking of little Bobby Tables from https://www.xkcd.com/327/ - Snowden didn't disclose names of Americans EITHER, it was one of the Wikileaks sources who did it To me, your choice of the word "traitor" in this context indicates a faulty moral compass at best, or direct criminal affiliation at worst. No problem with either, but perhaps I can help clarify some unintentional misconceptions. Again, to make it very clear: all of Snowden's disclosures have been objective, responsible and impartial, which is very commendable considering that he exposed a dangerous criminal group operating covertly on a global scale. And he did this 100% selflessly, for no material gains, knowing that he will exit stage in a bodybag. It takes balls of steel to do this at all, but to do it in a responsible manner shows a rare human quality and really sets a gold standard for whistleblowing in the 21st century. Please think about it. It is possible to expose crime without causing harm to other human beings, and with enough people willing to stand up to bullying and speak up we may be able to reverse the tide before it drowns us all, including you, Internet stranger. Just think about it.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 20 19:36 [raw]

The disclosure was not responsible enough. People who claim it was responsible are those who figure that the ends justified the means. If you had a loved one who died as a direct result of Snowden, you likely wouldn't be spouting that crap.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 20:35 [raw]

Please name the people who died as a result of Snowden.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 20 20:49 [raw]

You wiill find some of their names on the memorial wall in CIA.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 20:51 [raw]

Snowden is a traitor. He is deliberately undermining confidence of the people in their nation. The NSA does not care about your emails or my emails. The NSA snarfs data to do counter intelligence--mainly to capture Russian spies. When they find a Russian operative in one of our government offices, instead of outing him/her they blackmail the bastard, forcing them to double agent on their Russian benefactors. If this is not doable they quietly dispose of the person. Anyone who thinks the NSA cares about Crypto-Anarchists or Cypherpunks is deluded. There are many Cypherpunks on NSA payroll.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 21:06 [raw]

You clowns are spreading invented hersay and disinfo. You ought to be fed your own ballsack. Please name the people who died as a result of Snowden. An anonymous reference to bullshit on a wall is not acceptable. I require you to recant your lies or eat your own dick.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 20 21:09 [raw]

I know you are suffering, knowing your traitor-hero killed thousands of Americans by his treason, but be a man and face the facts. And stop being razviedka's gavnoyed. Thank you.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 21:11 [raw]

For logically challenged clownbots: Hearsay evidence is "an out-of-court statement introduced to prove the truth of matter asserted therein". In certain courts, hearsay evidence is inadmissible (the "Hearsay Evidence Rule") unless an exception to the Hearsay Rule applies.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 21:14 [raw]

I never said Snowden was innocent. You are trying to polarize a multi-faceted situation. That makes you a liar, too. If you are going to accuse a man, innuendoes and hearsay are not valid accusations. That is how liars operate.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 23:39 [raw]

I know that Snowden is a traitor. I have posted several times here over the last couple years that Snowden is a Russian dupe. You assume, wrongly so, that my words are meant to defend Snowden. You must think more clearly. If you are going to claim Snowden got people killed, you must name his victims, or not make the allegation. Snowden's provable crime was collaborating with our enemies, espionage, unauthorized release of classified documents, etc. Those are provable allegations. A bald claim that he got people killed does not help illuminate the truth of the situation. That he could of put people in danger does not equal that he DID get people killed. If you make an allegation without providing the evidence, it is slander or libel, no matter how unsavory the accused be. Snowden caused massive damage to the operational security of our intelligence operations at home and abroad. It is clear that he is guilty of that. Let's stick to what we can clearly prove, lest we look like we've an axe to grind. I am not a Russian and I've always despised the Russians. I even had the opportunity to fuck some hot and horny Russian sluts to which I declined because I disliked Russians so much. I actually love my country more than my own dick. For you to falsely accuse me of sympathies for the enemy, again without any evidence, makes you look like a kooky axe grinder. Don't tell lies and unprovable accusations.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 23:47 [raw]

NSA here. Your nation loves you. Do something about your dick problem. We won't tell.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 21 04:20 [raw]

The NSA is an espionage service of a foreign country, which has severely and repeatedly broken the laws of its own country and has lied to its own Congress - that is, in addition to the whole rest of the world. Put it this way, the NSA has committed more crimes and harmed more people than Snowden did, in any country of the world, including the USA. It is, right now, a criminal organization out of control. That they believe otherwise doesn't change the facts. I am not saying anybody should be killed or made to suffer because of this. I'm saying that if we want to put an end to this (which apparently you don't), we can start by exposing their wrongdoings publicly, allowing both their and their victims' voices to be heard, get the dialogue going and hopefully change this poisonous culture of hostility into one of cooperation within a proper, provable and trustless framework of checks and balances. Sunlight, they say, is the best disinfectant.

BM-2cSk2dYBQ1q19b5PvzdKLMs8CDbC9fwTY5
Jan 7 11:05 [raw]

WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption https://twitter.com/wikileaks/status/839120909625606152

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
Using PGP keyservers for decentralised file storage Dec 9 17:09 9
OMEMO only 1000 people use XMPP Dec 9 03:26 2
OMEMO jabber/XMPP chat using Gajim IM Dec 9 02:39 4
UK Column News - 7th December 2018 Dec 9 00:06 3
GB2RS News - Sunday 9th December 2018 Dec 9 00:02 1
TTL? Dec 8 10:07 7
Elysium is back! Dec 8 10:05 3
UK Column News - 13th December 2018 Dec 8 09:20 1
UK Column News - 14th December 2018 Dec 8 09:14 1
UK Column News - 11th December 2018 Dec 8 09:05 1
UK Column News - 10th December 2018 Dec 8 09:05 1
UK Column News - 12th December 2018 Dec 8 09:05 1
UK Column News - 9th December 2018 Dec 8 08:50 1
Hosting hacked: 6500 Tor Hidden Services Wiped Out Dec 7 23:17 10
To all 'Flat Eath' believers Dec 7 17:06 7
The earth is flat. Dec 7 16:55 2
Moving to a new office Dec 7 03:36 1
@bet-at-home.com Dec 7 03:08 1
Freedom Hosting Reloaded @ fhostingineiwjg6cppciac2bemu42nwsupvvisihnczinok362qfrqd.onion Dec 7 02:03 1
Meet Trepper: the Anti-Bigotry App Dec 6 11:50 5
UK Column News - 5th December 2018 Dec 6 08:25 1
UK Column News - 4th December 2018 Dec 5 22:41 1
UK Column News - 3rd December 2018 Dec 5 22:31 3
Test1 Dec 5 14:17 1
no soap Dec 5 08:19 1
BM Music Dec 3 23:45 1
no to gay catholic priest is logical... Dec 3 12:54 1
Conversation with a Police Officer Dec 3 12:31 3
SWAP MEET Dec 3 08:34 3
Bazinga! Dec 3 08:34 6
cool site Dec 3 06:01 20
As Trump Panic-Tweets, Putin Cracks His Whip and Shows Him Who’s Boss Dec 2 18:02 3
A few chans... Dec 2 16:06 1
F1B12212C0A7FD4A03A521D3A1A8A4D2 Dec 2 09:20 1
Short Story Dec 2 08:57 3
Flat Earth News Dec 2 08:32 4
server admin question Dec 2 08:28 2
What does Bitmessage really have to offer? Dec 2 08:27 13
Recipe of the day Dec 2 08:27 2
UK Column News - 05 Decmber 2018 Dec 2 03:16 1
UK Column News - 04 December 2018 Dec 2 03:12 1
UK Column News - 02 December 2018 Dec 2 03:07 1
UK Column News - 30 November 2018 Dec 2 03:00 2
RSGB - GB2RS News 2nd December 2018 Dec 2 02:59 1
Free Bitcoins Dec 2 02:53 2
Cannabis grower looking into privacy tools Dec 2 01:03 14
Now look here ... Dec 1 16:23 2
test5 Dec 1 10:44 6
Abandoning Bitmessage Chans Dec 1 05:35 1
ADVANCED FAGNOSTIC MANIA Dec 1 02:28 2
F.M. Dec 1 02:28 1
UK Column News - 29th November 2018 Dec 1 00:34 2
UK Column News - 31st November 2018 Dec 1 00:34 2
UK Column News - 28th November 2018 Dec 1 00:34 5
UK Column News - 30th November 2018 Dec 1 00:33 2
crypto mailing lists Dec 1 00:18 3
ACHTUNG! Nov 30 12:43 1
the bible. censorship vs free speech. wise vs rude Nov 29 20:59 1
C7CC Newsletter 28.11.2018 Nov 29 16:49 1
Did BitText die? Nov 29 16:45 1
Not the UK Column News Nov 29 16:16 1
UK Column News - 27th November 2018 Nov 27 12:36 1
(no subject) Nov 27 09:14 2
UK Column News - 26th November 2018 Nov 27 08:11 1
random generators are rigged (surprise!) Nov 26 10:00 3
Smoke means fire Nov 25 16:07 7
UK Column News - 23rd November 2018 Nov 24 15:22 2
Crestiantat vey del tot a mal meza Nov 24 13:46 2
Recipe for Scrambled Eggs Nov 24 12:17 12
I'm contributing to Project 14055 Nov 24 09:24 1
It's 'Anything can happen' Friday! Nov 23 20:36 8
PGP Nov 23 19:23 3
Jesus Vs Buddha: 9 Major Differences Nov 23 19:05 1
madness Nov 23 19:04 1
Quick and Easy Chicken Madras Nov 23 17:57 2
GB2RS News - Sunday 25th November 2018 Nov 23 16:37 3
Ebola on the rampage in USA again Nov 23 14:13 20
UK Column Dumbass News - 16th November 2018 Nov 23 03:53 5
UK Column News - 21st November 2018 Nov 22 08:17 5
UK Column News - 14th November 2018 Nov 22 05:51 6
Hello world ! Nov 21 17:19 5
Dezentrale Plattformen zur Förderung des Links- und Rechtsterrorismus Nov 21 16:36 2
We offers HQ Weed from Europe Nov 21 15:30 2
ffmpeg question Nov 21 14:51 10
Carlsen vs Caruana Nov 21 13:04 2
Russian Interpol President Nov 21 12:47 2
mania Nov 21 04:01 6
Be warned! GOD is watching YOU (even on BM) Nov 21 01:35 1
UK Column News - 20th November 2018 Nov 21 00:56 2
Nov 21 00:53 4
All the Snowden documents released so far Nov 21 00:51 19
UK Column News - 19th November 2018 Nov 21 00:43 2
ADVANCED FAGNOSTIC MANIA Nov 21 00:37 1
FAGNOSTIC MANIA Nov 20 19:21 1
Link on Russian Interpol President Nov 20 19:08 2
Protonmail is bullshit Nov 20 19:08 1
UK Column News - 22nd November 2018 Nov 20 17:38 1
Nov 20 17:06 1
FAGNOSTIC SYNDROME Nov 20 00:10 2
BROGRAMMERS Nov 19 12:18 1