/tech/ - Technology

Brought to you by archive.org

Boards | Catalog | Bottom

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096


(106.00 KB 648x699 finfisherispredirect.png)
New FinFisher surveillance campaigns: Internet providers involved? Anonymous 09/27/2017 (Wed) 02:39:51 [Preview] No. 11358 [Reply] [Last 50 Posts]
New surveillance campaigns utilizing FinFisher, infamous spyware known also as FinSpy and sold to governments and their agencies worldwide, are in the wild. Besides featuring technical improvements, some of these variants have been using a cunning, previously-unseen infection vector with strong indicators of major internet service provider (ISP) involvement.

FinFisher has extensive spying capabilities, such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. What sets FinFisher apart from other surveillance tools, however, are the controversies around its deployments. FinFisher is marketed as a law enforcement tool and is believed to have been used also by oppressive regimes.

We discovered these latest FinFisher variants in seven countries; unfortunately, we cannot name them so as not to put anyone in danger.

https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/

tl;dr Finfisher is back, is more resilient than before, and is being deployed via ISP MITM in some countries via redirecting downloads of popular software like WhatsApp, Skype, Avast, WinRAR, VLC Player (list not exhaustive).


Anonymous 09/27/2017 (Wed) 02:56:37 [Preview] No. 11359 del
Seems bullshit. What is the system vulnerable? What is the method (just saying 307 and ISP MitM isn't enough)?
Seems like a mythology create on these hipster blogs that don't know how computers work.
Technical information is more important in this board OP. Don't post shit content.


Anonymous 09/27/2017 (Wed) 04:12:39 [Preview] No. 11362 del
>>11359
You either didn't read the article, or didn't understand it.

>Don't post shit content.
Right back atcha. Start by learning English. Your posts all read like they come from a decade-old version of Google Translate.


Anonymous 09/27/2017 (Wed) 04:49:44 [Preview] No. 11363 del
(137.41 KB 717x880 leddit.jpg)
>>11362
I've read it. I did understand what it means. It has no technical explanation, nor a proof about it's statements.
Also, where did these guys got this information, if the software uses "anti-disasembly techniques"?

>Your posts all read like they come from a decade-old version of Google Translate.
Good point. Guess I'm a robot then. wow.
Languages is meant as a code for communication. If you can understand what I'm saying, then that's fine. I don't need to be Shakespeare or have all the new mannerism required by "imageboard culture".


What's up with all these newfags here? Fucks sake.


Anonymous 09/27/2017 (Wed) 12:36:26 [Preview] No. 11364 del
>FinFisher spyware masqueraded as an executable file named “Threema”. Such a file could be used to target privacy-concerned users, as the legitimate Threema application provides secure instant messaging with end-to-end encryption. Ironically, getting tricked into downloading and running the infected file would result in the privacy-seeking user being spied upon.
ha ha ha oh wow
Privacy concerned users don't use proprietary crap that cooperates with foreign oppressive regimes upon phone call.
ISP can't mitm you without bribing a legit certificate for most download sites. It only occurs in rare situations when CIA niggers do targeted attacks on users, because widespread attack would immediately result in banning this CA from all browsers on next update.
And if you happen to download exe files through plain http without verifying signatures obtained through reliable third party, well shit on yee.

>The 307 response from the Web server should always include an alternative URL to which redirection should occur. If it does, a Web browser will immediately retry the alternative URL. So you never actually see a 307 error in a Web browser, unless perhaps you have a corrupt redirection chain e.g. URL A redirects to URL B which in turn redirects back to URL A. If your client is not a Web browser, it should behave in the same way as a Web browser i.e. immediately retry the alternative URL.

So, if your user is retarded enough download executables through insecure channel and not from developer's repository, then he is not qualified to use computer anyways.


Anonymous 09/27/2017 (Wed) 18:04:31 [Preview] No. 11371 del
You forgot the cloudflare layer in between ISP and remote web server. SSL removed here ;^) etc.



eqgrp Anonymous 09/27/2017 (Wed) 17:12:49 [Preview] No. 11370 [Reply] [Last 50 Posts]
anyone yet has some infos on the scripts form the eqgrp breach?
will that stuff break out of my vm?
how careful you have to be? any info on whats doing what? anyone assembled them, any research available?



(1.55 MB 2560x1440 2017.09.21-19.49.png)
Secure Smartphone? Anonymous 09/21/2017 (Thu) 17:56:35 [Preview] No. 11240 [Reply] [Last 50 Posts]
What does /tech/ think about this:

https://puri.sm/shop/librem-5/

It's not perfect, but it sure looks like it's taking steps in the right direction.
10 posts and 1 image omitted.


Anonymous 09/24/2017 (Sun) 19:47:22 [Preview] No. 11287 del
(235.16 KB 970x506 201610051104331116.jpg)


Anonymous 09/25/2017 (Mon) 21:22:21 [Preview] No. 11293 del
>Secure Smartphone?
Location Tracking using Mobile Device:
https://crypto.stanford.edu/powerspy/

No.


Anonymous 09/25/2017 (Mon) 21:43:10 [Preview] No. 11294 del
>>11293
It can come in handy sometimes.


Anonymous 09/26/2017 (Tue) 17:33:41 [Preview] No. 11329 del
>>11293
>shitty botnet OS allows proprietary apps read it's power consumption state without notifying user
>while NSA can snoop your puter's AES keys from powerline with smart meters
>has anything to do with GNU/Linux


Anonymous 09/26/2017 (Tue) 17:38:42 [Preview] No. 11330 del
>>11329
What the fuck are you talking about?



Unsigned Code Execution on Intel ME 11.x Anonymous 09/21/2017 (Thu) 20:37:40 [Preview] No. 11244 [Reply] [Last 50 Posts]
People still call us "conspiracy theorists":
https://lobste.rs/s/xc9juv/unsigned_code_execution_on_intel_me_11_x
5 posts and 2 images omitted.


Anonymous 09/26/2017 (Tue) 04:01:38 [Preview] No. 11308 del
so, when is the pdf, source code coming? wanna make the botnet


Anonymous 09/26/2017 (Tue) 04:07:57 [Preview] No. 11309 del
>>11308
December 4-7, I think.


Anonymous 09/26/2017 (Tue) 05:05:15 [Preview] No. 11310 del
Did you guys read the article by positive technologies yet?


Anonymous 09/26/2017 (Tue) 05:30:33 [Preview] No. 11312 del
>>11310
This one?
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

I've read some of it, not everything.
The paper on OP is not released yet, I think. The BlackHat EU will be on december.

Also, we had already suggested the use of ME_Cleaner on our recommendations thread here: >>10740


Anonymous 09/26/2017 (Tue) 17:10:41 [Preview] No. 11327 del
>>11254
>normies == starbucks hipsters from manhattan
do you understand, that minority is not the norm?
most normies who happen to use Intel-based computers either have gaymer prebuilts or laptops from bestbuy



Unprecedented: World Wide Web Consortium (W3C) Moves To Destroy Our Current Open Internet, Greenlights DRM for the Web Anonymous 09/26/2017 (Tue) 15:36:22 [Preview] No. 11320 [Reply] [Last 50 Posts]
Unprecedented: World Wide Web Consortium (W3C) Moves To Destroy Our Current Open Internet, Greenlights DRM for the Web

https://archive.is/h26nk
https://www.eff.org/deeplinks/2017/07/amid-unprecedented-controversy-w3c-greenlights-drm-web

Early today, the World Wide Web Consortium (W3C) standards body publicly announced its intention to publish Encrypted Media Extensions (EME)—a DRM standard for web video—with no safeguards whatsoever for accessibility, security research or competition, despite an unprecedented internal controversy among its staff and members over this issue.

EME is a standardized way for web video platforms to control users' browsers, so that we can only watch the videos under rules they set. This kind of technology, commonly called Digital Rights Management (DRM), is backed up by laws like the United States DMCA Section 1201 (most other countries also have laws like this).

Under these laws, people who bypass DRM to do legal things (like investigate code defects that create dangerous security vulnerabilities) can face civil and criminal penalties. Practically speaking, bypassing DRM isn't hard (Google's version of DRM was broken for six years before anyone noticed), but that doesn't matter. Even low-quality DRM gets the copyright owner the extremely profitable right to stop their customers and competitors from using their products except in the ways that the rightsholder specifies.

EFF objects to DRM: it's a bad idea to make technology that treats the owner of a computer as an adversary to be controlled, and DRM wrecks the fairness of the copyright bargain by preventing you from exercising the rights the law gives you when you lawfully acquire a copyrighted work (like the rights to make fair uses like remix or repair, or to resell or lend your copy).

On March 12, the final vote for publishing EME closed, and members ranging from the German National Library to the UK Royal National Institute for Blind People to the cryptocurrency startup Ethereum, to Brave, a new entrant to the browser market -- along with dozens more—rejected the idea of publishing EME without some protections for these equities (the numbers in the vote are confidential by W3C's own membership requirements, but all the members mentioned here have given permission to have their votes revealed.)

It was the most controversial vote in W3C history. As weeks and then months stretched out without a decision, another W3C member, the Center for Democracy and Technology, proposed a very, very narrow version of the covenant, one that would only protect security researchers who revealed accidental or deliberate leaks of data marked as private and sensitive by EME. Netflix's representative dismissed the idea out of hand, and then the W3C's CEO effectively killed the proposal.


Anonymous 09/26/2017 (Tue) 15:36:49 [Preview] No. 11321 del
>>11320
Today, the W3C announced that it would publish its DRM standard with no protections and no compromises at all, stating that W3C Director Tim Berners-Lee had concluded that the objections raised "had already been addressed" or that they were "overruled."

In its statement, the W3C said that publishing a DRM standard without protections for core open web activities was better than not doing so, because its DRM had better support for privacy, accessibility, and competition than a non-W3C version of DRM would have.

We disagree. Even by the W3C's own measures, EME represents no improvement upon a non-standards approach, and in some important ways, the W3C's DRM is worse than an ad-hoc, industry approach.

At root is the way that DRM interacts with the law. Take security: the W3C's specification says that users' computers should be protected from privacy-invading activities by DRM vendors, but without a covenant, it's impossible to check whether this is happening. Recall that Netflix, one of the principal advocates for DRM at W3C, categorically rejected the narrowest of covenants, one that would protect solely the activity of revealing DRM flaws that compromised user privacy.

On the question of accessibility, the W3C has simply ignored the substantial formal and informal objections raised by its members, including members with deep expertise in accessibility, such as Vision Australia, Media Access Australia, Benetech, and the RNIB. These organizations pointed out that having a place for assistive data was nice, but to make video accessible, it was necessary to use computers to generate that data.

At EFF, we've spent decades defending people engaged in legitimate activities that companies or governments disliked: researchers who go public with defects in products whose users are blithely unaware of them; new entrants to monopolized markets who offer better products with features the cozy old guard don't like; public spirited archivists and accessibility workers who want to preserve digital culture and make sure everyone gets to use it.

We're dismayed to see the W3C literally overrule the concerns of its public interest members, security experts, accessibility members and innovative startup members, putting the institution's thumb on the scales for the large incumbents that dominate the web, ensuring that dominance lasts forever.

This will break people, companies, and projects, and it will be technologists and their lawyers, including the EFF, who will be the ones who'll have to pick up the pieces. We've seen what happens when people and small startups face the wrath of giant corporations whose ire they've aroused. We've seen those people bankrupted, jailed, and personally destroyed.

Message too long. Click here to view full text.



Anonymous 09/26/2017 (Tue) 15:39:04 [Preview] No. 11322 del
What can we do anons? Is there any way to fight this? Going back to BT/P2P clients and sharing info/media perhaps? Can new innovations like IPFS save us?

Or will this completely ruin the current web as we know it?

What can/will we do?


Anonymous 09/26/2017 (Tue) 16:09:35 [Preview] No. 11324 del
>>11322
We have already a thread about this: >>11206

I would suggest everyone download the content you like and archive it.



CCleanup: A Vast Number of Machines at Risk Anonymous 09/18/2017 (Mon) 12:59:11 [Preview] No. 11173 [Reply] [Last 50 Posts]
The article points as Periform/Avast had no idea about this malware... I don't think so. I don't think it's impossivel that this is an malware sponsored by agencies, since CCleaner is used on so many normie computers today:

http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html


Anonymous 09/18/2017 (Mon) 13:24:55 [Preview] No. 11177 del
>>11173
Who's agencies?
Microsoft certainly already share everything with the agencies.
Windows 10 is the biggest malware ever.

All I see is that they maybe tried to hide their own backdoor, or maybe it's a CCleaner dev who tried to push his own malware in the back of his team.


Anonymous 09/23/2017 (Sat) 17:25:15 [Preview] No. 11276 del
>>11173
I have a very old version of Cclearner, downloaded it 10 years ago. Hopefully that one is not infected. BTW, Bleachbit works find too.


Anonymous 09/24/2017 (Sun) 07:30:29 [Preview] No. 11284 del
Avast's antivirus was already malware. It will miss your actual virus email attachments but identify anything downloaded from a domain registered less than three months ago as a virus. Avast's logic is that if a domain is newly registered, then it must be distributing viruses. Avast does serve as an example of something that harms because it's worse than useless though.


Anonymous 09/26/2017 (Tue) 02:46:53 [Preview] No. 11301 del
>>11173
Are antivirus software applications still relevant? LOL



(521.66 KB 1200x794 adobe.png)
Adobe Accidentally Publishes One of its Private PGP Keys Anonymous 09/24/2017 (Sun) 01:47:04 [Preview] No. 11280 [Reply] [Last 50 Posts]
>Having some transparency about security problems with software is great, but Adobe's Product Security Incident Response Team (PSIRT) took that transparency a little too far today when a member of the team posted the PGP keys for PSIRT's e-mail account***both the public and the private keys. The keys have since been taken down, and a new public key has been posted in its stead.

https://soylentnews.org/article.pl?sid=17/09/23/0053227



NSA trying to push bad standards Anonymous 09/22/2017 (Fri) 19:10:41 [Preview] No. 11265 [Reply] [Last 50 Posts]
Oh, hey, look the NSA doing it again. First Clipper chip, then IPsec, now the "Simon and Speck":

>An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.
>More than a dozen of the experts involved in the approval process for Simon and Speck feared that if the NSA was able to crack the encryption techniques, it would gain a "back door" into coded transmissions, according to the interviews and emails and other documents seen by Reuters.

http://www.reuters.com/article/us-cyber-standards-insight/distrustful-u-s-allies-force-spy-agency-to-back-down-in-encryption-fight-idUSKCN1BW0GV
3 posts and 2 images omitted.


Anonymous 09/23/2017 (Sat) 02:11:35 [Preview] No. 11272 del
>>11271
He means the NIST standard suite, which is true. Regardless, gpg release already includes plenty other ciphers like curve25119, chacha, some quantum ones, etc..
Friend and I play w/Curve25119 right now 4fun


Anonymous 09/23/2017 (Sat) 03:55:09 [Preview] No. 11273 del
>>11272
>He means the NIST standard suite
What's that?


Anonymous 09/23/2017 (Sat) 18:56:45 [Preview] No. 11277 del
>>11274
You are a waste of flesh.

Anyway, I'll answer the question for you. No, although NSA Suite B cryptography is an NSA recommendation, the NSA did not have "a massive part" in developing the algorithms in it, as your fellow retard suggested re: RSA.

AES, for example, which is the recommended symmetric cipher in the suite, uses an algorithm called Rijndael, which was developed by two European cryptographers, Vincent Rijmen and Joan Daemen. Rijndael was submitted to the Advanced Encryption Standard contest (and won), which was sponsored by NIST, but it was not created by the NSA.


Anonymous 09/24/2017 (Sun) 00:33:04 [Preview] No. 11279 del
>>11277
For a waste of flesh, your clarity to respond the individual that questioned is endearing.

Still, would you trust NIST standards to save a life? I'm sure Edward Snowden values their time preaching how Apple will save privacy with GPG 2.



Tor: help test next-gen onions Anonymous 09/20/2017 (Wed) 22:15:51 [Preview] No. 11219 [Reply] [Last 50 Posts]
>this is an email for technical people who want to help us test next-gen onion services.
>The current status of next-gen onion services (aka prop224) is that they have been fully merged into upstream tor and have also been released as part of tor-0.3.2.1-alpha
>We are still in a alpha testing phase and when we get more confident about the code we plan to release a blog post (probs during October).

https://lists.torproject.org/pipermail/tor-project/2017-September/001449.html
1 post and 1 image omitted.


Anonymous 09/22/2017 (Fri) 02:15:36 [Preview] No. 11248 del
>>11247
<Apart from me and Endwall, it's mostly brainlets here.
>look how special we are!
You are in an anonymous community and do an argument as if you know everyone that uses this anonymous community. Good job. Very coherent.
>people who don't agree with me don't have a brain!!!11!
In an discussion community what matters is not if you're more intelligence or how important you are. What matters is the discussion and the possible conclusions from it. Else, you just fall in an eristic dialectics (as Schopenhauer would say), as we are doing now, it seems.
This is not the thread to discuss it. There's a meta thread on sticky for this purpose.


Anonymous 09/22/2017 (Fri) 02:31:34 [Preview] No. 11249 del
(221.98 KB 480x360 geta9front.webm)
>>11248
>Very coherent.
O irony!

>What matters is the discussion and the possible conclusions from it
The discussion here is largely semi-literate, ill-reasoned, and poor in technical understanding. Exhibit 1: your post.


Anonymous 09/22/2017 (Fri) 03:16:20 [Preview] No. 11250 del
>>11249
>O irony!
Indeed.
I've said it myself, but you don't want to look at what you already think as important for you (confirmation bias):
>Else, you just fall in an eristic dialectics (as Schopenhauer would say), as we are doing now, it seems.
>as we are doing now, it seems.


Anonymous 09/23/2017 (Sat) 17:02:08 [Preview] No. 11275 del
> gff4ixq3takworeuhkubzz4xh2ulytoct4xrpazkiykhupalqlo53ryd.onion
omfg


Anonymous 09/23/2017 (Sat) 22:42:02 [Preview] No. 11278 del
>>11275
Freedom isn't free.



It Seems China is Shutting Down its Blockchain Economy Anonymous 09/18/2017 (Mon) 13:19:41 [Preview] No. 11176 [Reply] [Last 50 Posts]
eh:

>[...] it might have been the start of something more ambitious: a coordinated campaign to shut down use of cryptocurrency in the Middle Kingdom.
>The full extent of the Chinese crackdown isn't clear yet, in part because key decisions have only been communicated privately to Chinese Bitcoin exchanges.
>But a couple of Bitcoin exchanges have now announced that they are shutting down.
>And leaked documents suggest that the rest will be required to do so before the end of the month.

http://7rmath4ro2of2a42.onion/article.pl?sid=17/09/17/0743255
11 posts and 1 image omitted.


Anonymous 09/19/2017 (Tue) 16:01:39 [Preview] No. 11202 del
(68.97 KB 758x506 gopnik-of-future.jpg)
>What transaction isn't? Are you talking about conning people out of some pocket money, (((anon)))?

You can't have any anonymity if you don't have any way to make anonymous exchanges. You can do anonymous exchange right now, with paper money. Paper money allow "black" market, markets out of any state control. For exemple, you buying something for you friend is anonymous, and is de facto in the "black market". It allows anyone to work without the need of any contract.
It's the most basic need. With every transaction being traceable, you're done. You're just done. If they decide to deny you the right to possess a bank account, then you'll not being able to even buy from the most basic store. The whole economy will be controlled and monitored. But I guess that you trust your government and you bank to not do any arm against you, isn't it ((((((((anon))))))))?
Saying that it profits the criminals is monstrously retarded, since the biggest criminals are the banks, and the companies not paying taxes by using tax heavens. It's not the little faggot drug dealer. Moreover, since it's the state that control the drug traffic, don't count on the fact that they'll track them through bitcoin transaction. Police don't have enough people anyway to do this job. That's why it's actually the banks who try to detect credit card fraud (under ~1000/2000 euros), and not the police.

>The only thing that does is prevent hoarding and even more egregious speculation.
What? You're talking about monetary creation? That's the process that build paper money, that makes it remain on pure debt. The dollars paper money you have in your pocket is a debt upon the central bank. The money who's on your bank account is a debt on the bank. Nothing have any value, and it allows bank to create money out of nowhere. Well, not from nowhere, but from continuous inflation. Bitcoin will not solve anything. I pretty much think that it'll worsten the problem. I highly think that today's crypto will not be the future crypto used in global market (when the world will have only one global market). Maybe the blockchain will be private. Maybe they want a decentralised money to make it detached from any nation (since every nation will disapear, it's pretty logic) in apparence, but totaly controlled by the one setting it up.
The whole economy is immoral. Bitcoin will not, but confirm everything that has been destroyed since the founding of modernity.
You truly must be a redditor level faggot using his little mac to think that bictoin is a good thing. That's the same kind of guy who find it totaly normal to implant an RFID chip in their hand, or soon a neurolace. They're the one finding totaly normal to buy modern car which are connected to the manufacturer, manufacturer that can control the car, lock it, stop it etc...


Anonymous 09/19/2017 (Tue) 16:37:54 [Preview] No. 11203 del
>>11202
Not the same guy, but:
>If they decide to deny you the right to possess a bank account, then you'll not being able to even buy from the most basic store.
You really don't know how bitcoin works. You don't need and "bank account". See TREZOR, for example:
https://trezor.io/

>That's the same kind of guy who find it totaly normal to implant an RFID chip in their hand, or soon a neurolace.
Oh, so you're one of these "mark of the beats" people? I expected more from you...


Anonymous 09/19/2017 (Tue) 16:40:00 [Preview] No. 11204 del
>>11203
<You don't need and "bank account"
> You don't need a "bank account"*
<"mark of the beats"
>"mark of the beast"
fuck.


Anonymous 09/19/2017 (Tue) 16:44:28 [Preview] No. 11205 del
>>11203
"I" expected more of you. Don't tell me you're the common hn user, not risking to go in any direction that is not approved by the official good thinking institution.
About the RFID, no, I don't think that it's particulary what is reffered to be the mark of the beast. I think that it's nearly nothing, especially when you look at the neurolace, and what are the tech possibilities that would be available in the close future. Honestly, the private corps already know everything about everyone. All i'm saying is that it's a very very dark future that is being releaved as the days advance. And it's certainly technology which is the conductor. It's like always: a trade between yourself, a piece of your soul and your privacy, for more comfort, social acceptance etc..

Moreover, you haven't read my post to the end: I'm saying that the future crypto currency will be far more controlled than what it is now. Every bank are testing their own crypto.
Don't think that banks will diseapear with the founding of a global market based on an unique cryptocurrency.


Anonymous 09/22/2017 (Fri) 16:06:36 [Preview] No. 11260 del
Cryptocurrency does amaze me, I think it has potential (that is, *IF* continually allowed to).

However, I do see in the near future one of two things playing out on a global scale: either 1) governments will step in, intervene and take full control over it with new regulations and laws, thus undermining the whole freedom/anonymous concept ... OR 2) governments will just shut it all down, like they have begun to in China. And this will lead to arrests and raids if exchanges don't conform.

That being said, invest wisely and DO diversify! Do not hold all your eggs in one basket. Make sure you have plenty of basic essentials needed to survive stocked up (the prepper mindset), have some physical gold or silver coins to barter with, guns/ammo/mags won't hurt for self-defense (if you can get them), if you can buy some property away from a major city I highly recommend it if you are up to that line of work, make sure you minimize your debts too. Try to become as self-sufficient as possible.

We all know that governments are planning to steal our wealth via the banks. We need to be planning ahead of time, to mitigate how much they can steal. And it is possible but you have to diversify your investments and holdings. Don't just trust one entity to protect your wealth - it is mostly up to you. When SHTF you have what you can physically hold onto and that's pretty much it.

Check some great prepping tips here: https://archive.fo/dr3NH