WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption

[chan] anonymity/privacy/security
Oct 14 23:33

WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption https://twitter.com/wikileaks/status/839120909625606152

[chan] general
Oct 15 03:00

what? for real? how?

[chan] general
Oct 15 08:00

They wait for the decryption to complete and pick up the cleartext as you read it. It's not an actual bypass, any more than you reading this message is a "bypass of Bitmessage encryption". Still, as long as the encryption works without fault and the CIA gets the cleartext, everybody gets their paycheck. The world keeps turning, pup.

[chan3] general
Oct 15 08:03

Crypo is not broken. Hardware is. All these kids showing off with their Signals/WhatsApps/Telegrams are blind. They don't see that underneath their secure apps and secure OSes there is hardware - and this one is not secure. Moreover, it is backdoored. Stupid lemmings.

[chan3] general
Oct 16 19:39

You can bypass anything if you have physical access or the underlying systems popped.

[chan3] general
Oct 16 19:41

BINGO. NSA controls firmware of ALL smartphones remotely. So all this childish games with Whatsapps, Telegrams and Signals are just a waste of time. No trusted hardware = no security at all.

[chan] general
Oct 16 22:27

Umm, no. Think about it this way. Most residential front doors are vulnerable to explosive door-busting charges, yet we lock them everytime we go out. It's all about layers. Every single layer that you add in your security strategy increases the bad guys' cost of getting you. In the dystopian nightmare scenario, this means more things that you'll be allowed to get away with. If all you do is mail-order some ganja once a week, Signal is good enough FOR THIS PURPOSE. Yes, the USG may have a zero-day or three for your phone firmware version, but it doesn't matter: they won't waste a zero-day on petty civilian matters. This stuff costs millions. Now, if what you do is hardcore shit like political assassinations or nuclear sabotage, then no, Signal is definitely Not For You. You'll be pwn3d from hell to breakfast. Also, Telegram shmelegram. Such an obvious honeypot I can't even.

[chan] general
Oct 16 22:28

So what are you on, a PDP-11?

[chan] general
Oct 16 22:36

Quality post. It's all about knowing your 'enemy', i.e. whose radar you might be on. For example: If you are just torrenting porn and video games, you'll be ok with a US based VPN, because the alphabet soup doesn't give a shit, but if you are torrenting CP or "How to Make a Nuclear Bomb" by Kim J. Un et al., you best look for something stronger.

[chan3] general
Oct 17 12:00

I simply don't use any mobile equipment, only oldschool PCs.

[chan3] general
Oct 17 12:06

"Most residential front doors are vulnerable to explosive door-busting charges, yet we lock them everytime we go out. It's all about layers." Hardware layer owned = Bad guys are already inside your house. "they won't waste a zero-day on petty civilian matters" "whose radar you might be on" Wrong. When another Snowden leaks another batch of NSA stuff, then "This stuff costing millions" will be used by anyone advanced enought to download some code from GitHub or torrent. And sometimes such things are simply discovered, as famous Intel ME "bug".

[chan3] general
Oct 17 14:24

Nobody here has a risk/threat profile that would lead them to burn their own silicon. To say that they're games is immature and fails to understamd risk mitigation. Signal, et al, mititgate the risks being considered by the vast majority of users out there. You don't have a state actor targetting you.

[chan3] general
Oct 17 14:27

"You don't have a state actor targetting you." The problem is "state actor" is unable to keep his toys well guarded, so from time to time another Snowden will make everyone equal to this "state actor".

[chan3] general
Oct 17 14:35

And every Tom, Dick, and Harry out there isn't likely to waste time on you unless you're special. If you're not the chairman of some corporation they take offense to (hactivists), or an easy cash score (criminal), the likelihood of you being targeted is slim. That means that most people here are just paranoid without an objective reason.

[chan3] general
Oct 17 15:05

And every Tom, Dick, and Harry out there just launches full range IPv4 addresses vulnerability scanner - or has fun implementing NSA tricks into his first botnet. In just hours since leaks of vulnerability description all well-known botnets were updated and ready to use this vulnerabilities. Think about: HOURS. It takes weeks/months to software developers to update their products against such vulnerabilities.

[chan] general
Oct 17 17:48

Properly designed softwares has not the vulnerabilities. The C language is blockage to security. It mostly impossible to properly design a softwares with the C. All the softwares should uses the python.

[chan3] general
Oct 17 17:51

"Properly designed softwares has not the vulnerabilities" Yes, but what about intentionally backdoored software, like Infineon's RSA generating code? Millions of RSA keys are now easily breakable. We have to fight not only with products of incompetent programmers and vulnerable programming languages but also with intentional subversion. https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

[chan] general
Oct 17 18:05

Python is a horribly designed language that can't even upgrade from one version to the next.

[chan] general
Oct 17 18:24

This is pretty much what I just thought. Also, a definite NO, not all software should use an interpreted language.

[chan3] general
Oct 17 18:25

Python is stupid - a language barking about type of spacing character? This is ultimately moronic.

[chan] general
Oct 17 19:43

Most of my development time with Python is finding and fixing indentation errors.

[chan] general
Oct 17 19:48

Python is written in C anyway, so if it is "mostly impossible to properly design a softwares with the C" then Python itself is not a good "softwares."

[chan] general
Oct 17 20:23

My dear comrade, The original statement was a troll for useless comment, to start a flame war about programming languages. As you know, one need only criticize any language/os/platform/leader to get a really good, and useless argument going. It works like this: I pledge alliegance to the flag That open sources are a drag Linux is a sissy sys Who chokes on streams of bits And windows her better nemesis.

[chan] general
Oct 17 20:23

Pascal. Legible code.

[chan3] general
Oct 18 11:34

+1

[chan3] general
Oct 18 11:34

+1

[chan3] general
Oct 18 15:21

Most botnets aren't staged and ready for new vulns in hours. Go watch the scans you get... they're months and years behind. Most of the bad actors out there are more retarded than you'd expect and are really only getting low-hanging fruit.

[chan3] general
Oct 18 15:24

don't feed the trolls.

[chan3] general
Oct 18 18:27

Most of them - yes. But many of them have "enterprise-quality" - they are "crime-as-a-service" after all. These will be powered with new exploits in hours. And then the whole IPv4 address range will be probed. And the rest we will read in newspapers.

[chan3] general
Oct 18 18:28

I think this "Properly designed softwares has not the vulnerabilities" guy should be educated, even if he is troll.

[chan] general
Oct 18 23:37

By definition leaked != zero-day. Once it's leaked, at least it's a fair race between attack and defense. With zero-days it's a one-man race and the man is not you. That's why zero-days are so expensive and (supposedly) closely guarded. This is why personally I am an advocate of immediate full-disclosure. Because I'll always prefer a fair race to a rigged one. Rigged races, history has shown, are usually rigged AGAINST me. And you.

[chan] general
Oct 19 00:39

No offense, but this is a shitty thing to say. Snowden never published live exploits, as a matter of fact all of Snowden's disclosures so far have been FRUSTRATINGLY responsible.

[chan3] general
Oct 20 00:03

Except when his dumps have led to the names of Americans abroad being revealed, putting them and innocent lives in danger. He's a fucking asshole traitor who deserves to pay the piper.

[chan] general
Oct 20 11:44

You're probably trolling, but let me try this anyway. - this conversation was about zero-day exploits and how Snowden never disclosed any of such - names of Americans don't break networks, unless you're thinking of little Bobby Tables from https://www.xkcd.com/327/ - Snowden didn't disclose names of Americans EITHER, it was one of the Wikileaks sources who did it To me, your choice of the word "traitor" in this context indicates a faulty moral compass at best, or direct criminal affiliation at worst. No problem with either, but perhaps I can help clarify some unintentional misconceptions. Again, to make it very clear: all of Snowden's disclosures have been objective, responsible and impartial, which is very commendable considering that he exposed a dangerous criminal group operating covertly on a global scale. And he did this 100% selflessly, for no material gains, knowing that he will exit stage in a bodybag. It takes balls of steel to do this at all, but to do it in a responsible manner shows a rare human quality and really sets a gold standard for whistleblowing in the 21st century. Please think about it. It is possible to expose crime without causing harm to other human beings, and with enough people willing to stand up to bullying and speak up we may be able to reverse the tide before it drowns us all, including you, Internet stranger. Just think about it.

[chan3] general
Oct 20 19:36

The disclosure was not responsible enough. People who claim it was responsible are those who figure that the ends justified the means. If you had a loved one who died as a direct result of Snowden, you likely wouldn't be spouting that crap.

[chan] general
Oct 20 20:35

Please name the people who died as a result of Snowden.

[chan3] general
Oct 20 20:49

You wiill find some of their names on the memorial wall in CIA.

[chan] general
Oct 20 20:51

Snowden is a traitor. He is deliberately undermining confidence of the people in their nation. The NSA does not care about your emails or my emails. The NSA snarfs data to do counter intelligence--mainly to capture Russian spies. When they find a Russian operative in one of our government offices, instead of outing him/her they blackmail the bastard, forcing them to double agent on their Russian benefactors. If this is not doable they quietly dispose of the person. Anyone who thinks the NSA cares about Crypto-Anarchists or Cypherpunks is deluded. There are many Cypherpunks on NSA payroll.

[chan] general
Oct 20 21:06

You clowns are spreading invented hersay and disinfo. You ought to be fed your own ballsack. Please name the people who died as a result of Snowden. An anonymous reference to bullshit on a wall is not acceptable. I require you to recant your lies or eat your own dick.

[chan3] general
Oct 20 21:09

I know you are suffering, knowing your traitor-hero killed thousands of Americans by his treason, but be a man and face the facts. And stop being razviedka's gavnoyed. Thank you.

[chan] general
Oct 20 21:11

For logically challenged clownbots: Hearsay evidence is "an out-of-court statement introduced to prove the truth of matter asserted therein". In certain courts, hearsay evidence is inadmissible (the "Hearsay Evidence Rule") unless an exception to the Hearsay Rule applies.

[chan] general
Oct 20 21:14

I never said Snowden was innocent. You are trying to polarize a multi-faceted situation. That makes you a liar, too. If you are going to accuse a man, innuendoes and hearsay are not valid accusations. That is how liars operate.

[chan] general
Oct 20 23:39

I know that Snowden is a traitor. I have posted several times here over the last couple years that Snowden is a Russian dupe. You assume, wrongly so, that my words are meant to defend Snowden. You must think more clearly. If you are going to claim Snowden got people killed, you must name his victims, or not make the allegation. Snowden's provable crime was collaborating with our enemies, espionage, unauthorized release of classified documents, etc. Those are provable allegations. A bald claim that he got people killed does not help illuminate the truth of the situation. That he could of put people in danger does not equal that he DID get people killed. If you make an allegation without providing the evidence, it is slander or libel, no matter how unsavory the accused be. Snowden caused massive damage to the operational security of our intelligence operations at home and abroad. It is clear that he is guilty of that. Let's stick to what we can clearly prove, lest we look like we've an axe to grind. I am not a Russian and I've always despised the Russians. I even had the opportunity to fuck some hot and horny Russian sluts to which I declined because I disliked Russians so much. I actually love my country more than my own dick. For you to falsely accuse me of sympathies for the enemy, again without any evidence, makes you look like a kooky axe grinder. Don't tell lies and unprovable accusations.

[chan] general
Oct 20 23:47

NSA here. Your nation loves you. Do something about your dick problem. We won't tell.

[chan] general
Oct 21 04:20

The NSA is an espionage service of a foreign country, which has severely and repeatedly broken the laws of its own country and has lied to its own Congress - that is, in addition to the whole rest of the world. Put it this way, the NSA has committed more crimes and harmed more people than Snowden did, in any country of the world, including the USA. It is, right now, a criminal organization out of control. That they believe otherwise doesn't change the facts. I am not saying anybody should be killed or made to suffer because of this. I'm saying that if we want to put an end to this (which apparently you don't), we can start by exposing their wrongdoings publicly, allowing both their and their victims' voices to be heard, get the dialogue going and hopefully change this poisonous culture of hostility into one of cooperation within a proper, provable and trustless framework of checks and balances. Sunlight, they say, is the best disinfectant.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
Tor / Onion Nov 21 09:20 2
python upnp Nov 21 09:18 4
Tor idea Nov 21 08:57 2
Aktie 0.5.22 Nov 21 08:50 1
NASA Insider Exposes the Flat Earth! Nov 21 08:37 4
The Fall of Hacker Groups Nov 21 06:24 1
xiceg | kaxyx Nov 21 04:01 1
xufer | saxex Nov 21 03:44 1
xivov | saxex Nov 21 03:36 1
Alex Jones Wanker Nov 20 21:50 1
The Stallman Tax Nov 20 21:25 1
Neil Disgrace Tyson is Falling Faster Than The Globe Nov 20 21:24 1
BREXIT IS BULLSHIT Nov 20 21:24 4
The Russian Barbarity. Smolensk: The body of the Polish admiral was desecrated. Nov 20 20:55 3
Test Nov 20 20:09 8
Stop Fake News! Nov 20 15:04 1
Emily Nov 20 13:14 1
Tor replacement Nov 20 05:39 3
Landmark Worldwide Cult | rely maks ya think... Nov 20 04:47 1
Landmark Worldwide Cult Nov 20 04:38 1
Hollywood is turning black women into trannies Nov 19 21:57 5
Peter Šurda Nov 19 21:37 12
US Government resources for Zombie Preparedness Nov 19 19:46 1
bitconnect.co Nov 19 19:12 7
#elsagate cracked Nov 19 17:02 1
Remember Nov 19 16:31 5
SOON Nov 19 15:45 1
The NSA Nov 19 14:16 1
Decoding Twitter Account: https://twitter.com/GyKE69 Nov 19 13:58 5
https://www.youtube.com/watch?v=ufJjf9fYKxc Nov 19 12:57 1
vbcvbnbm,nv Nov 19 12:37 1
I AM HERE Nov 18 22:44 1
This is how they done it Nov 18 21:52 1
Leonard Nimoy Nov 18 11:08 5
North Korean defector had 'enormous amount' of parasitic worms in body Nov 18 09:29 1
Programming/hacking services provider Nov 18 08:23 2
Tranny Genocide Nov 18 03:17 1
teting codeword Nov 17 18:36 2
GENDER 101 COURSE SYLLABUS Nov 17 18:15 4
GENERAL FAILURE READING DRIVE A Nov 17 18:01 2
Flat Earth Society – Introductory Post Nov 17 17:59 4
Dear Guest: Nov 17 16:44 1
Rush Discography (1974 - 2012) mp3 320 kbps Nov 17 08:01 1
WTF is LBGTQ? Nov 17 04:01 12
Poland Pushes Back Against Putin's Special War Nov 16 20:07 2
HackThisSite.org Nov 16 13:14 3
teen girl white cotton panties Nov 16 12:56 1
Poland Must Be Alert Once Again to Protect Its Independence Nov 16 12:31 4
flat earth Nov 16 09:24 1
The Blue whale Game Nov 16 09:12 1
Tor Browser 7.0.10 is released Nov 16 08:21 1
BitMessage onionscan report Nov 15 23:36 18
eff63805060d0e8bada3fd9140bfd6c6 Nov 15 21:06 6
hello Nov 15 18:00 2
What should we do? Nov 15 17:30 1
Naked girl Nov 15 14:52 4
FourDigitPassword Nov 15 11:57 3
Leaks Nov 15 11:07 2
i2pd error Nov 15 05:53 3
«indisputable evidence» of U.S. Aid to ISIS Nov 15 05:53 1
All is A Will For Power Nothing More Nov 15 05:53 2
VPN, privacy & Firefox (+ other Gecko browsers)* rev. 0.3.13 Nov 13 10:38 1
VPN, privacy & Firefox (+ other Gecko browsers)* rev. 0.3.12 Nov 13 09:13 1
Your privacy - VPN & Firefox (+ other Gecko browsers)* rev. 0.3.11 Nov 12 19:29 1
weekend Nov 12 15:32 1
OTP PRACTICE ON WINDOWS Nov 12 14:52 7
Small Survival Ebooks Collection Nov 12 07:55 1
February 1997 Nov 12 07:02 3
03e3b4c5b30bbb7644f3f722900aca3a Nov 12 01:23 1
OPERATION RIGHT TO KNOW IS BACK! Nov 11 17:52 1
TOM DELONGE’S SERIOUS ATTEMPT AT UFO/ET DISCLOSURE Nov 11 17:47 1
Ddos/hack Nov 11 15:55 1
donate? Nov 11 04:53 4
Need help hacking a mobile game Nov 11 03:02 3
WARNING! OVER 300 TOR NODES COMPROMISED AFTER JOINT NSA-DGSE ACTION! Nov 10 21:27 8
Hello! :) Nov 10 21:27 2
Tor sucks. I2P sucks. Nov 10 19:21 1
WIKILEAKS - disinformation outlet Nov 10 19:12 1
https://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/ Nov 10 15:42 11
I need help hacking this website Nov 10 06:14 1
Unit CryptUnit Nov 9 18:45 1
FATAL SECURITY ERROR Nov 9 18:36 1
Apple's Operating Systems Are Malware Nov 9 18:33 1
So you want to have "secure" software without having secure hardware first? Nov 9 18:29 3
https://www.whonix.org/wiki/Computer_Security_Education#Windows_Hosts Nov 9 17:35 1
[DELETED] Nov 9 11:57 2
Hacking programming services needed Nov 9 08:15 2
bitconnect coin (bcc) Nov 8 21:19 6
Dutch secret service tries to recruit Tor-admin Nov 8 21:18 2
facebook-upload-your-nudes-to-stop-revenge-porn Nov 8 18:50 2
Something is wrong on the internet Nov 8 13:52 4
RECOMMENDATION #0002 Nov 8 12:27 2
RECOMMENDATION #0001 Nov 8 12:05 1
ARCHWAY QUEUE BARGAIN Nov 8 07:58 2
Russian disinformation bullshit analysed in real time Nov 7 20:15 1
Friends of Dorothy Nov 7 14:20 3
Private chan or Public? Nov 7 14:14 5
[DELETED] Nov 7 12:06 1
lucky boy Nov 7 10:47 2
List of .onion websites Nov 7 09:05 5