On 08/03/17 14:14, Russell Coker wrote:
True. I think I've done my share of work in securing Linux systems both directly through working on SE Linux and indirectly through finding bugs in various daemons and applications (often due to SE Linux policy revealing inappropriate things).
You'll be pleased to see that selinux gets a few mentions in the CIA leaks :-), particularly in the Android context (eg that it prevents normal installation of their 'RoidRage' malware, and how they get around it). It is a very different leak to the NSA ones. The NSA ones gave a big picture view of the scope and magnitude of US surveillance, which provided evidence that these agencies were not well regulated (at least in a democratic context). The CIA leaks have the character of random documentation about tools and processes; probably not of as much import in a political sense, but of some interest to people working to secure commonly used platforms. What is interesting is that different agencies are independently working on ways of attacking computing infrastructure. I guess duplication of effort is the nature of a large bureaucracy. Glenn -- pgp: 833A 67F6 1966 EF5F 7AF1 DFF6 75B7 5621 6D65 6D65