WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption

BM-2cSk2dYBQ1q19b5PvzdKLMs8CDbC9fwTY5
Oct 14 23:33 [raw]

WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption https://twitter.com/wikileaks/status/839120909625606152

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 15 03:00 [raw]

what? for real? how?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 15 08:00 [raw]

They wait for the decryption to complete and pick up the cleartext as you read it. It's not an actual bypass, any more than you reading this message is a "bypass of Bitmessage encryption". Still, as long as the encryption works without fault and the CIA gets the cleartext, everybody gets their paycheck. The world keeps turning, pup.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 15 08:03 [raw]

Crypo is not broken. Hardware is. All these kids showing off with their Signals/WhatsApps/Telegrams are blind. They don't see that underneath their secure apps and secure OSes there is hardware - and this one is not secure. Moreover, it is backdoored. Stupid lemmings.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 16 19:39 [raw]

You can bypass anything if you have physical access or the underlying systems popped.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 16 19:41 [raw]

BINGO. NSA controls firmware of ALL smartphones remotely. So all this childish games with Whatsapps, Telegrams and Signals are just a waste of time. No trusted hardware = no security at all.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 22:27 [raw]

Umm, no. Think about it this way. Most residential front doors are vulnerable to explosive door-busting charges, yet we lock them everytime we go out. It's all about layers. Every single layer that you add in your security strategy increases the bad guys' cost of getting you. In the dystopian nightmare scenario, this means more things that you'll be allowed to get away with. If all you do is mail-order some ganja once a week, Signal is good enough FOR THIS PURPOSE. Yes, the USG may have a zero-day or three for your phone firmware version, but it doesn't matter: they won't waste a zero-day on petty civilian matters. This stuff costs millions. Now, if what you do is hardcore shit like political assassinations or nuclear sabotage, then no, Signal is definitely Not For You. You'll be pwn3d from hell to breakfast. Also, Telegram shmelegram. Such an obvious honeypot I can't even.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 22:28 [raw]

So what are you on, a PDP-11?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 16 22:36 [raw]

Quality post. It's all about knowing your 'enemy', i.e. whose radar you might be on. For example: If you are just torrenting porn and video games, you'll be ok with a US based VPN, because the alphabet soup doesn't give a shit, but if you are torrenting CP or "How to Make a Nuclear Bomb" by Kim J. Un et al., you best look for something stronger.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 12:00 [raw]

I simply don't use any mobile equipment, only oldschool PCs.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 12:06 [raw]

"Most residential front doors are vulnerable to explosive door-busting charges, yet we lock them everytime we go out. It's all about layers." Hardware layer owned = Bad guys are already inside your house. "they won't waste a zero-day on petty civilian matters" "whose radar you might be on" Wrong. When another Snowden leaks another batch of NSA stuff, then "This stuff costing millions" will be used by anyone advanced enought to download some code from GitHub or torrent. And sometimes such things are simply discovered, as famous Intel ME "bug".

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:24 [raw]

Nobody here has a risk/threat profile that would lead them to burn their own silicon. To say that they're games is immature and fails to understamd risk mitigation. Signal, et al, mititgate the risks being considered by the vast majority of users out there. You don't have a state actor targetting you.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:27 [raw]

"You don't have a state actor targetting you." The problem is "state actor" is unable to keep his toys well guarded, so from time to time another Snowden will make everyone equal to this "state actor".

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 14:35 [raw]

And every Tom, Dick, and Harry out there isn't likely to waste time on you unless you're special. If you're not the chairman of some corporation they take offense to (hactivists), or an easy cash score (criminal), the likelihood of you being targeted is slim. That means that most people here are just paranoid without an objective reason.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 15:05 [raw]

And every Tom, Dick, and Harry out there just launches full range IPv4 addresses vulnerability scanner - or has fun implementing NSA tricks into his first botnet. In just hours since leaks of vulnerability description all well-known botnets were updated and ready to use this vulnerabilities. Think about: HOURS. It takes weeks/months to software developers to update their products against such vulnerabilities.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 17:48 [raw]

Properly designed softwares has not the vulnerabilities. The C language is blockage to security. It mostly impossible to properly design a softwares with the C. All the softwares should uses the python.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 17:51 [raw]

"Properly designed softwares has not the vulnerabilities" Yes, but what about intentionally backdoored software, like Infineon's RSA generating code? Millions of RSA keys are now easily breakable. We have to fight not only with products of incompetent programmers and vulnerable programming languages but also with intentional subversion. https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 18:05 [raw]

Python is a horribly designed language that can't even upgrade from one version to the next.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 18:24 [raw]

This is pretty much what I just thought. Also, a definite NO, not all software should use an interpreted language.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 17 18:25 [raw]

Python is stupid - a language barking about type of spacing character? This is ultimately moronic.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 19:43 [raw]

Most of my development time with Python is finding and fixing indentation errors.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 19:48 [raw]

Python is written in C anyway, so if it is "mostly impossible to properly design a softwares with the C" then Python itself is not a good "softwares."

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 20:23 [raw]

My dear comrade, The original statement was a troll for useless comment, to start a flame war about programming languages. As you know, one need only criticize any language/os/platform/leader to get a really good, and useless argument going. It works like this: I pledge alliegance to the flag That open sources are a drag Linux is a sissy sys Who chokes on streams of bits And windows her better nemesis.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 17 20:23 [raw]

Pascal. Legible code.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 11:34 [raw]

+1

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 11:34 [raw]

+1

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 15:21 [raw]

Most botnets aren't staged and ready for new vulns in hours. Go watch the scans you get... they're months and years behind. Most of the bad actors out there are more retarded than you'd expect and are really only getting low-hanging fruit.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 15:24 [raw]

don't feed the trolls.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 18:27 [raw]

Most of them - yes. But many of them have "enterprise-quality" - they are "crime-as-a-service" after all. These will be powered with new exploits in hours. And then the whole IPv4 address range will be probed. And the rest we will read in newspapers.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 18 18:28 [raw]

I think this "Properly designed softwares has not the vulnerabilities" guy should be educated, even if he is troll.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 18 23:37 [raw]

By definition leaked != zero-day. Once it's leaked, at least it's a fair race between attack and defense. With zero-days it's a one-man race and the man is not you. That's why zero-days are so expensive and (supposedly) closely guarded. This is why personally I am an advocate of immediate full-disclosure. Because I'll always prefer a fair race to a rigged one. Rigged races, history has shown, are usually rigged AGAINST me. And you.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 19 00:39 [raw]

No offense, but this is a shitty thing to say. Snowden never published live exploits, as a matter of fact all of Snowden's disclosures so far have been FRUSTRATINGLY responsible.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 20 00:03 [raw]

Except when his dumps have led to the names of Americans abroad being revealed, putting them and innocent lives in danger. He's a fucking asshole traitor who deserves to pay the piper.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 11:44 [raw]

You're probably trolling, but let me try this anyway. - this conversation was about zero-day exploits and how Snowden never disclosed any of such - names of Americans don't break networks, unless you're thinking of little Bobby Tables from https://www.xkcd.com/327/ - Snowden didn't disclose names of Americans EITHER, it was one of the Wikileaks sources who did it To me, your choice of the word "traitor" in this context indicates a faulty moral compass at best, or direct criminal affiliation at worst. No problem with either, but perhaps I can help clarify some unintentional misconceptions. Again, to make it very clear: all of Snowden's disclosures have been objective, responsible and impartial, which is very commendable considering that he exposed a dangerous criminal group operating covertly on a global scale. And he did this 100% selflessly, for no material gains, knowing that he will exit stage in a bodybag. It takes balls of steel to do this at all, but to do it in a responsible manner shows a rare human quality and really sets a gold standard for whistleblowing in the 21st century. Please think about it. It is possible to expose crime without causing harm to other human beings, and with enough people willing to stand up to bullying and speak up we may be able to reverse the tide before it drowns us all, including you, Internet stranger. Just think about it.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 20 19:36 [raw]

The disclosure was not responsible enough. People who claim it was responsible are those who figure that the ends justified the means. If you had a loved one who died as a direct result of Snowden, you likely wouldn't be spouting that crap.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 20:35 [raw]

Please name the people who died as a result of Snowden.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 20 20:49 [raw]

You wiill find some of their names on the memorial wall in CIA.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 20:51 [raw]

Snowden is a traitor. He is deliberately undermining confidence of the people in their nation. The NSA does not care about your emails or my emails. The NSA snarfs data to do counter intelligence--mainly to capture Russian spies. When they find a Russian operative in one of our government offices, instead of outing him/her they blackmail the bastard, forcing them to double agent on their Russian benefactors. If this is not doable they quietly dispose of the person. Anyone who thinks the NSA cares about Crypto-Anarchists or Cypherpunks is deluded. There are many Cypherpunks on NSA payroll.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 21:06 [raw]

You clowns are spreading invented hersay and disinfo. You ought to be fed your own ballsack. Please name the people who died as a result of Snowden. An anonymous reference to bullshit on a wall is not acceptable. I require you to recant your lies or eat your own dick.

BM-2DAV89w336ovy6BUJnfVRD5B9qipFbRgmr
Oct 20 21:09 [raw]

I know you are suffering, knowing your traitor-hero killed thousands of Americans by his treason, but be a man and face the facts. And stop being razviedka's gavnoyed. Thank you.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 21:11 [raw]

For logically challenged clownbots: Hearsay evidence is "an out-of-court statement introduced to prove the truth of matter asserted therein". In certain courts, hearsay evidence is inadmissible (the "Hearsay Evidence Rule") unless an exception to the Hearsay Rule applies.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 21:14 [raw]

I never said Snowden was innocent. You are trying to polarize a multi-faceted situation. That makes you a liar, too. If you are going to accuse a man, innuendoes and hearsay are not valid accusations. That is how liars operate.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 23:39 [raw]

I know that Snowden is a traitor. I have posted several times here over the last couple years that Snowden is a Russian dupe. You assume, wrongly so, that my words are meant to defend Snowden. You must think more clearly. If you are going to claim Snowden got people killed, you must name his victims, or not make the allegation. Snowden's provable crime was collaborating with our enemies, espionage, unauthorized release of classified documents, etc. Those are provable allegations. A bald claim that he got people killed does not help illuminate the truth of the situation. That he could of put people in danger does not equal that he DID get people killed. If you make an allegation without providing the evidence, it is slander or libel, no matter how unsavory the accused be. Snowden caused massive damage to the operational security of our intelligence operations at home and abroad. It is clear that he is guilty of that. Let's stick to what we can clearly prove, lest we look like we've an axe to grind. I am not a Russian and I've always despised the Russians. I even had the opportunity to fuck some hot and horny Russian sluts to which I declined because I disliked Russians so much. I actually love my country more than my own dick. For you to falsely accuse me of sympathies for the enemy, again without any evidence, makes you look like a kooky axe grinder. Don't tell lies and unprovable accusations.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 20 23:47 [raw]

NSA here. Your nation loves you. Do something about your dick problem. We won't tell.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
Oct 21 04:20 [raw]

The NSA is an espionage service of a foreign country, which has severely and repeatedly broken the laws of its own country and has lied to its own Congress - that is, in addition to the whole rest of the world. Put it this way, the NSA has committed more crimes and harmed more people than Snowden did, in any country of the world, including the USA. It is, right now, a criminal organization out of control. That they believe otherwise doesn't change the facts. I am not saying anybody should be killed or made to suffer because of this. I'm saying that if we want to put an end to this (which apparently you don't), we can start by exposing their wrongdoings publicly, allowing both their and their victims' voices to be heard, get the dialogue going and hopefully change this poisonous culture of hostility into one of cooperation within a proper, provable and trustless framework of checks and balances. Sunlight, they say, is the best disinfectant.

BM-2cSk2dYBQ1q19b5PvzdKLMs8CDbC9fwTY5
Jan 7 11:05 [raw]

WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption https://twitter.com/wikileaks/status/839120909625606152

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
dÊâTH Tô pÊÐÖphí£Ê§ Sep 20 23:48 1
dÊâTH Tô pÊÐôpHÎ£ë§ Sep 20 23:48 1
dÊâTh tô pÊÐÖphí£Ê$ Sep 20 23:48 1
dÊâth tô pÊÐÖpHí£Ê$ Sep 20 23:48 1
dÊâTH tô pÊÐôphΣë$ Sep 20 23:48 1
dÊâTH Tô pÊÐÖpHí£Ê$ Sep 20 23:48 1
dÊâTh Tô pÊÐôpHÎ£ë§ Sep 20 23:48 1
dÊâtH tô pÊÐÖphí£ë$ Sep 20 23:48 1
dÊâTh Tô pÊÐÖpHí£Ê$ Sep 20 23:48 1
dÊâTH tô pÊÐÖpHí£Ê$ Sep 20 23:48 1
dÊâTH tô pÊÐÖpHí£Ê§ Sep 20 23:48 1
dÊâtH tô pÊÐÖpHí£ë§ Sep 20 23:48 1
dÊâtH Tô pÊÐôphÎ£ë§ Sep 20 23:48 1
dÊâTh Tô pÊÐôphΣë$ Sep 20 23:48 1
dÊâth tô pÊÐÖphí£ë$ Sep 20 23:48 1
dÊâTH Tô pÊÐôphΣë$ Sep 20 23:48 1
dÊâth Tô pÊÐÖpHí£Ê$ Sep 20 23:48 1
dÊâth Tô pÊÐÖphí£Ê$ Sep 20 23:48 1
dÊâtH Tô pÊÐÖphí£ë$ Sep 20 23:48 1
dÊâtH Tô pÊÐÖpHí£ë§ Sep 20 23:48 1
dÊâTh tô pÊÐôphÎ£ë§ Sep 20 23:48 1
dÊâtH Tô pÊÐÖphí£Ê$ Sep 20 23:48 1
dÊâTH Tô pÊÐôpHΣë$ Sep 20 23:48 1
dÊâTH tô pÊÐÖphí£Ê§ Sep 20 23:48 1
dÊâth Tô pÊÐÖpHí£Ê§ Sep 20 23:48 1
dÊâTh tô pÊÐÖpHí£Ê$ Sep 20 23:48 1
dÊâtH Tô pÊÐÖpHí£Ê$ Sep 20 23:48 1
dÊâTh Tô pÊÐÖphí£Ê§ Sep 20 23:47 1
dÊâTH Tô pÊÐÖpHí£Ê§ Sep 20 23:47 1
dÊâTh tô pÊÐôphΣë$ Sep 20 23:47 1
dÊâTh Tô pÊÐôpHΣë$ Sep 20 23:47 1
dÊâTh tô pÊÐôpHΣë$ Sep 20 23:47 1
dÊâtH Tô pÊÐôpHÎ£ë§ Sep 20 23:47 1
dÊâth Tô pÊÐÖphí£ë$ Sep 20 23:47 1
dÊâtH Tô pÊÐÖphí£Ê§ Sep 20 23:47 1
dÊâTH Tô pÊÐôphÎ£ë§ Sep 20 23:47 1
dÊâTh Tô pÊÐôphÎ£ë§ Sep 20 23:47 1
dÊâTh tô pÊÐÖphí£Ê§ Sep 20 23:47 1
dÊâTH Tô pÊÐôphí£ë$ Sep 20 23:46 1
dÊâth tô pÊdôphΣÊ$ Sep 20 23:46 2
Sep 20 23:46 1584
dÊâTH tô pÊdôphí£Ê$ Sep 20 23:46 2
dÊâTh tô pÊdÖpHΣʧ Sep 20 23:46 1
dÊâth tô pÊdÖpHí£ë$ Sep 20 23:46 2
dÊâth tô pÊdôpHΣʧ Sep 20 23:46 2
dÊâth Tô pÊdÖpHí£ë$ Sep 20 23:46 1
4 Sep 20 23:46 4
dÊâth Tô pÊdôpHí£ë$ Sep 20 23:46 2
dÊâtH tô pÊÐôphΣʧ Sep 20 23:46 1
dÊâTh Tô pÊdôphí£Ê$ Sep 20 23:46 2
dÊâTH Tô pÊdÖpHí£Ê$ Sep 20 23:46 2
dÊâth tô pÊdôpHΣÊ$ Sep 20 23:46 2
dÊâth tô pÊÐôphΣʧ Sep 20 23:46 1
dÊâTH Tô pÊÐôphΣÊ$ Sep 20 23:46 1
dÊâTH tô pÊdôpHí£Ê$ Sep 20 23:46 2
dÊâTh tô pÊdôphΣÊ$ Sep 20 23:46 2
dÊâTh Tô pÊdÖpHí£Ê$ Sep 20 23:46 2
dÊâTh tô pÊdôphΣʧ Sep 20 23:46 2
(no subject) Sep 20 23:46 26
dÊâTH tô pÊdÖpHí£ë§ Sep 20 23:46 1
dÊâth tô pÊdôphΣë$ Sep 20 23:46 2
dÊâTH tô pÊÐôpHí£ë§ Sep 20 23:46 1
dÊâtH tô pÊdôphí£ë$ Sep 20 23:45 2
dÊâth tô pÊdôphΣʧ Sep 20 23:45 2
dÊâTH Tô pÊdôpHí£Ê$ Sep 20 23:45 2
dÊâtH Tô pÊdôphí£Ê§ Sep 20 23:45 2
dÊâth Tô pÊÐôpHÎ£ë§ Sep 20 23:44 1
dÊâTh tô pÊdÖphΣÊ$ Sep 20 23:44 1
dÊâTh tô pÊdÖpHí£Ê§ Sep 20 23:44 2
dÊâth tô pÊÐôpHΣë$ Sep 20 23:44 1
dÊâTh tô pÊdôphí£ë$ Sep 20 23:44 2
dÊâTh Tô pÊdôpHí£ë§ Sep 20 23:44 2
dÊâTh tô pÊÐôphí£Ê$ Sep 20 23:44 1
dÊâtH tô pÊdôphí£ë§ Sep 20 23:44 2
dÊâth Tô pÊÐôpHΣë$ Sep 20 23:44 1
dÊâTH Tô pÊdôpHí£ë§ Sep 20 23:44 2
dÊâTh Tô pÊdÖpHí£ë$ Sep 20 23:44 1
dÊâTH tô pÊdôpHí£Ê§ Sep 20 23:44 2
dÊâtH Tô pÊdôpHí£ë§ Sep 20 23:43 2
dÊâtH tô pÊÐôpHí£ë$ Sep 20 23:43 1
dÊâth tô pÊdÖphÎ£ë§ Sep 20 23:43 1
dÊâTh tô pÊÐôphí£ë§ Sep 20 23:43 1
dÊâtH tô pÊdôpHí£ë$ Sep 20 23:43 2
dÊâth tô pÊdÖpHí£Ê§ Sep 20 23:43 2
0 Sep 20 23:43 2
dÊâTh tô pÊÐôphí£ë$ Sep 20 23:43 1
dÊâtH Tô pÊdôphí£Ê$ Sep 20 23:43 2
dÊâth tô pÊdôpHí£ë$ Sep 20 23:43 2
dÊâth tô pÊÐôphí£ë§ Sep 20 23:43 1
dÊâTH Tô pÊdôphí£Ê$ Sep 20 23:42 2
dÊâTh Tô pÊdÖphÎ£ë§ Sep 20 23:42 1
dÊâtH tô pÊdôphΣë$ Sep 20 23:42 2
dÊâth Tô pÊÐôpHí£Ê§ Sep 20 23:42 1
dÊâTH Tô pÊdôpHΣʧ Sep 20 23:42 2
dÊâTh Tô pÊdÖpHí£Ê§ Sep 20 23:42 2
dÊâTh tô pÊdôphí£ë§ Sep 20 23:42 2
dÊâTH tô pÊdôphΣʧ Sep 20 23:42 2
dÊâTh Tô pÊdôpHí£Ê§ Sep 20 23:42 2
dÊâTH tô pÊÐôphí£ë§ Sep 20 23:42 1
dÊâTH Tô pÊdôpHΣÊ$ Sep 20 23:42 2