On Wed, Mar 08, 2017 at 05:12:18PM +1100, Glenn McIntosh wrote:
You'll be pleased to see that selinux gets a few mentions in the CIA leaks :-), particularly in the Android context (eg that it prevents normal installation of their 'RoidRage' malware, and how they get around it).
It is a very different leak to the NSA ones. The NSA ones gave a big picture view of the scope and magnitude of US surveillance, which provided evidence that these agencies were not well regulated (at least in a democratic context). The CIA leaks have the character of random documentation about tools and processes; probably not of as much import in a political sense, but of some interest to people working to secure commonly used platforms.
What is interesting is that different agencies are independently working on ways of attacking computing infrastructure. I guess duplication of effort is the nature of a large bureaucracy.
Glenn -- pgp: 833A 67F6 1966 EF5F 7AF1 DFF6 75B7 5621 6D65 6D65
Just popping in to the less political side of the thread, it's nice to see that SELinux gets a few mentions. I still haven't put much effort in to secure my desktop how I'd like it to be done but it might be a good time to do some more messing around to get something I can feel somewhat safe with. Regarding the leaks: There's really not much there unless I missed a huge block of information. It's annoying that some pages are empty but subpages aren't. A few things struck out at me on my brief read throughout the day: - Most of it is aimed towards end-user devices, such as Windows or Android. - Most issues come from proprietary and/or popular software. - There's no talk of defeating crypto. Some things that interested me: - Win32 programming is top secret. https://wikileaks.org/ciav7p1/cms/page_11629041.html LOL - EFI seems to be a really interesting attack vector. https://wikileaks.org/ciav7p1/cms/page_3375460.html We all know how terrible EFI is, and if you're not running some version of coreboot on your machine then you should be a little worried about this. - Ricky Bobby malware?! https://wikileaks.org/ciav7p1/cms/page_16385046.html https://wikileaks.org/ciav7p1/cms/page_16385073.html https://wikileaks.org/ciav7p1/cms/page_15728810.html https://wikileaks.org/ciav7p1/cms/page_15729131.html https://wikileaks.org/ciav7p1/cms/page_15729066.html https://wikileaks.org/ciav7p1/cms/page_20251107.html (Sorry for the list, I advise skimming them) It looks like typical botnet malware, but it's interesting seeing this side since the malware is used by agents to collect data. It also hides information in filesystem metadata or THROUGH STEGANOGRAPHY! Leveraging existing applications seems to be through DLL hijacking existing applications that would seem in place at work. Worth noting that s - CD-ROM based air gap jumping. https://wikileaks.org/ciav7p1/cms/page_17072172.html Truth be told I haven't actually seen a CD ROM drive for a while now, but it's fascinating that Nero was infected this way. - Proprietary drivers exploited on Android https://wikileaks.org/ciav7p1/cms/page_11629096.html There's not much to read, but it's VERY interesting in that a lot of the exploits are related to proprietary drivers and firmware that projects like Replicant seek to remove. For instance, GPU drivers like Adreno or Broadcom's Wi-Fi drivers. These are things people can't update. Night people, Jookia.