On Wed, 8 Mar 2017 10:28:33 PM Jookia wrote:
Just popping in to the less political side of the thread, it's nice to see that SELinux gets a few mentions. I still haven't put much effort in to secure my desktop how I'd like it to be done but it might be a good time to do some more messing around to get something I can feel somewhat safe with.
I could give a talk and/or training session on SE Linux as a FSM meeting if there is interest.
Regarding the leaks: There's really not much there unless I missed a huge block of information. It's annoying that some pages are empty but subpages aren't. A few things struck out at me on my brief read throughout the day:
- Most of it is aimed towards end-user devices, such as Windows or Android.
Which is easier to crack? Hundreds of millions of old Android devices that don't get security updatess because the manufacturers make more money selling newer devices, or Google's servers? Also who is more likely to notice a compromise, Google's security team or random Android users? As an aside I don't have root on my Android devices and wouldn't necessarily notice a compromise.
- Most issues come from proprietary and/or popular software. - There's no talk of defeating crypto.
The general consensus of opinion is that defeating crypto isn't a winning move. If you crack an algorithm you get fame and maybe a job teaching number theory at a university. If you crack an implementation you can commit some crimes.
Some things that interested me:
- Win32 programming is top secret. https://wikileaks.org/ciav7p1/cms/page_11629041.html
LOL
Over-classification is an ongoing issue with government security. The punishments for under-classifying data are more serious, it's easier to increase classification level than decrease it, and writing highly classified documents can make you feel important.
- EFI seems to be a really interesting attack vector. https://wikileaks.org/ciav7p1/cms/page_3375460.html
Interesting that they named a device NyanCat.
We all know how terrible EFI is, and if you're not running some version of coreboot on your machine then you should be a little worried about this.
If they gain physical access to your system they can mess with you in other ways, like sniffing the hardware on your keyboard. I think that for everyone here, if the CIA becomes so interested in you that they want to do an EFI based attack you have bigger problems than you can deal with. Making your system resistant to a low-priority drive-by attack or a widespread malware attack is a reasonable goal. Being resistant to a full- scale CIA attack isn't something you can expect to succeed in, at least not if you want to keep using computers in anything like a normal way. Any organisation that can make people disappear is not one that you can fight head on. One thing that works in our favor is that 0day attacks are very valuable. Every time a 0day is used there is a risk of it being discovered and fixed. I expect that no-one here is important enough that the CIA would risk losing a 0day on them. Making your PC resistant to a full scale CIA attack is like making your home resistant to a tank attack. But it's probably more difficult to do.
- CD-ROM based air gap jumping. https://wikileaks.org/ciav7p1/cms/page_17072172.html
It's been a standard thing since MS-DOS days that you should never trust an executable from a system that might be infected.
- Proprietary drivers exploited on Android https://wikileaks.org/ciav7p1/cms/page_11629096.html
There's not much to read, but it's VERY interesting in that a lot of the exploits are related to proprietary drivers and firmware that projects like Replicant seek to remove. For instance, GPU drivers like Adreno or Broadcom's Wi-Fi drivers. These are things people can't update.
http://laforge.gnumonks.org/blog/20160920-openmoko_10years/ This is worth reading. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/