![]() ![]() On the other hand, if someone thinks that a three letter agency might be interested in their communications and that person does not work for another three letter agency, they should probably assume that their signals are compromised if they are detected.Īnd people wonder why I am only lukewarm about encryption and opsec. To me, any secure communications systems that provides the convenience of app store downloads and over the air updates should be considered compromised. Nation states operate at a different scale and easily deployable encryption systems for novice users are white horse led brightly dressed musketeers drum marching to their general's firing line in the midst of a modern free fire zone. The reality is that no matter how good the software engineers are no matter how sound the algorithms no matter how well funded the startup or open source project it's completely outnumbered and completely out gunned. The encryption system is compromised and users do not have practical alternatives. Operationally, it does not matter how the message was read. : Whether anybody is actually interested in actual elections running in auditable, effective, and functional way is apparently another question entirely, and the answer from most seems to be "nope."Įve operates in meat-space not a mathematical Flatland. Mainstream news sources seem to continually get worse at reporting tech related stories, and I think there must be an even greater level of confusion when it comes to typical non-techinical individual citizens. Unfortunately that is not "hacking an election." It's just plain and traditional information ops.) (Yes, computer systems were compromised, and data was exfiltrated from the DNC/related parties and released by foreign state actors. Of course this source is part of the same media that continually calls the election "hacked" despite there being no known technical irregularities with voting machines or vote recording or the actual election itself (that I'm aware of, at least). By suggesting specific apps/services may be "bypassed" they fail to make it crystal clear to all readers that any breakage is likely app/service agnostic. I think the part that's misleading is that with a loose/typical/casual reading it sounds like the bypass is at the application level as opposed to the OS/host level. With root access to a large number of phones and little oversight their capacity for harm is frightening, this seems more worthy of discussion. With unfettered access to these phones there are all manner of hypothetical attacks that could go after any of these app providers and not just snoop on the communications of the users. This was supposed to be a discussion about massive government overreach, not petty squabbles between apps. Of course encrypted communication is better for the user than unencrypted, but this is not the place for that, which is why I ignored it. I do plan on going further through these, they look fun. The only presumption on my part is that they are remotely exploitable, which is practically a requirement for mobile device exploits to be useful because physical access is hard to obtain. ![]() ![]() ![]() and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows > dozens of "zero day" weaponized exploits against a wide range of U.S. I haven't gone through all the documents but the summary does say verbatim: Oh wait groups like the CIA did this already and rigged it to delete itself when not on one of their intended target's machines, stuxnet. It sounds like we are not too far off from the CIA being able to write self spreading malware that allows monitoring they just haven't because. The real news is that the CIA lied to Americans and the President so they could continue damaging American businesses, in the name of protecting America. The owner of the app should write the NYT and complain that their app was used inappropriately or perhaps write an editorial to get even more free advertising. The fine distinction of one app being singled out sucks, but it really is small potatoes here. If the wikileaks article is correct about the CIA having kept multiple 0-day exploits hidden for each OS, then breaking anything even remotely is a work ticket and not a research project for them. It seems that just about every Android and iOS device can be part of an "easy dragnet" without any app installed. I don't see how this goes from one to the other. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |