Vault 7
Vault 7
What do you think about the Vault 7 leak?
I am not looking for political debate, I am interested in the technical aspects, in general and also how it might affect The Best Browser. Is it a cause for worry? Is there anything we can/need do to protect against those things?
I would be escpecially interested in your expert opinion, Oh Scion of Our Planetary Companion (Moonchild), if you care to opine.
I am not looking for political debate, I am interested in the technical aspects, in general and also how it might affect The Best Browser. Is it a cause for worry? Is there anything we can/need do to protect against those things?
I would be escpecially interested in your expert opinion, Oh Scion of Our Planetary Companion (Moonchild), if you care to opine.
Re: Vault 7
The most leaks are zero day bugs for old software so i wouldnt say the leak is a real problem for us users.
-
- Pale Moon guru
- Posts: 35649
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Vault 7
I had to look up what this is all about.
Thanks to the nature of Open Source, anyone can (sec) audit Pale Moon and point out any vulnerabilities found (please do if you find them -- but in private message to not unnecessarily disclose it before we had a chance to look at it and patch it)
Why would this concern us? If the security of those devices affected is not in order, then that is something the manufacturers of those devices need to address.The Vault 7 Leaks is the code name for a massive leak released by Wikileaks in early March 2017, containing documents that purportedly discuss hacking tools used by the United States Central Intelligence Agency (CIA) to compromise the security of various devices connected to the internet, including smart phones, computers and smart TVs.
Thanks to the nature of Open Source, anyone can (sec) audit Pale Moon and point out any vulnerabilities found (please do if you find them -- but in private message to not unnecessarily disclose it before we had a chance to look at it and patch it)
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Vault 7
Thanks for the reply.
I don't know, that is why I asked. What I have seen on various parts of the interwebz the opinions ranged from "Don't worry about it" to "End of the internet as we know it". And also considering the extent of my knowledge in security matters (it could easily fit in a tweet), I decided to ask a source I can trust.Moonchild wrote:Why would this concern us?
Re: Vault 7
The leak only show what we all know:
# Always keep all your systems up-2-date
# Use encryption where possible
If you follow that rules, youre fine.
# Always keep all your systems up-2-date
# Use encryption where possible
If you follow that rules, youre fine.
-
- Lunatic
- Posts: 350
- Joined: 2011-11-18, 20:38
- Location: Scotland
Re: Vault 7
They're finding their way around encryption.
These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
Re: Vault 7
Yeah but only on very old smartphone systems.rabnbeinn wrote:They're finding their way around encryption.
These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
So if you folllow rule #1, you safe
-
- Pale Moon guru
- Posts: 35649
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Vault 7
Rather, "Use encryption where prudent". i.e.: When dealing with private or sensitive matters.dark_moon wrote:# Use encryption where possible
I still disagree with "where possible" because it will almost always be possible, but not always be the best thing to do.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Lunatic
- Posts: 350
- Joined: 2011-11-18, 20:38
- Location: Scotland
Re: Vault 7
Who's to say they can't crack newer smart phones, in all probability they can and we wont find out about until it is leaked (if ever).Yeah but only on very old smartphone systems.
So if you folllow rule #1, you safe
And you are never safe (IMHO). If a hacker really wants in, he/she WILL get in eventually.
This is just my view and I believe a hell of a lot of others too.
Re: Vault 7
Obviously Open Source is easily attackable and everyone should try to avoid using it.Luna Tic wrote:What do you think about the Vault 7 leak?
Re: Vault 7
That is crap. Every software is attackable but with OpenSource you can check if the code is secure and help to fix bugs.tuxman wrote:Obviously Open Source is easily attackable and everyone should try to avoid using it.
Re: Vault 7
sarcasm mate..dark_moon wrote:That is crap. Every software is attackable but with OpenSource you can check if the code is secure and help to fix bugs.tuxman wrote:Obviously Open Source is easily attackable and everyone should try to avoid using it.
Re: Vault 7
Reading all this, I'm pretty worried now...
I'm owner one of those 'smart Samsung fridge'...you know, connected to net, warnings when you are empty for milk...etc.
Just wonder, should I change my eating habits from now?...or get new fridge?...or is it some workaround?
Theoretically thinking...when I have guests and we have evening theme 'Midle East food' f.e. eating a lot Falafels, kebab...etc.
What I'm afraid that my fridge gonna blab to NSA and next morning my backyard are full with special forces, choppers, tanks...
Hmm...scary stuff. Is it enough just to change food labels, f.e. put bananas labels on Falafels...or?
I'm owner one of those 'smart Samsung fridge'...you know, connected to net, warnings when you are empty for milk...etc.
Just wonder, should I change my eating habits from now?...or get new fridge?...or is it some workaround?
Theoretically thinking...when I have guests and we have evening theme 'Midle East food' f.e. eating a lot Falafels, kebab...etc.
What I'm afraid that my fridge gonna blab to NSA and next morning my backyard are full with special forces, choppers, tanks...
Hmm...scary stuff. Is it enough just to change food labels, f.e. put bananas labels on Falafels...or?
-
- Keeps coming back
- Posts: 959
- Joined: 2012-09-04, 15:19
- Location: Costa Rica & Union City Georgia USA
Re: Vault 7
--------------------------------------------------------------------------------------------------------------
The difference between the Impossible and the Possible lies in a man's Determination.
Tommy Lasorda
The difference between the Impossible and the Possible lies in a man's Determination.
Tommy Lasorda
Re: Vault 7
If that gets you scared, what about this nightmare scenario? Truly horrific to even imagine it...kizo07 wrote:Hmm...scary stuff. Is it enough just to change food labels, f.e. put bananas labels on Falafels...or?
They replace your Pedigree Jumbones with Whiskas Perfect Portions.
-
- Pale Moon guru
- Posts: 35649
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Vault 7
A few points of clarification for the "software hacks":
- These are all DLL hijacking "hacks". This means that you have to, one way or another, already get malware on your system to replace a legitimate dll with a compromised one before this can take place.
- The main vulnerabilities listed are in common dlls used by portable versions of applications or applications that are often installed in folders that have no special protection; this is because many portable frameworks will have a program look into the portable application folder(s) before looking in system folders, and in the case of portable applications, those folders will not be protected (unlike %program files%).
- This also underlines why installing an application in anything but the designated program files folder is generally a bad idea, especially if it's in e.g. local application data like the Chromium framework tends to do.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Vault 7
Moonchild, while generally speaking I'm agree with you, especially if we talking about 'already get malware on your system'.
On the other side I think it's relative easy to 'protect' anyway. By simply monitor your environment.
Hence, I use for years, 'Spy-The-Spy' a file monitor, 'monitors system and other folders for any new exe's or dll's being added or renamed'.
http://www.mediachance.com/free/spythespy.htm
It's very simple, very old, but still very efficient and useful a peace off software, at least for me. Only 500kB and works as portable, thus can uses on USB too.
Luna Tic, no it's not...it's different, dogs have masters, cats have staff
On the other side I think it's relative easy to 'protect' anyway. By simply monitor your environment.
Hence, I use for years, 'Spy-The-Spy' a file monitor, 'monitors system and other folders for any new exe's or dll's being added or renamed'.
http://www.mediachance.com/free/spythespy.htm
It's very simple, very old, but still very efficient and useful a peace off software, at least for me. Only 500kB and works as portable, thus can uses on USB too.
Luna Tic, no it's not...it's different, dogs have masters, cats have staff
Re: Vault 7
billmcct wrote:At least Notepad++ took it as serious.
http://www.ghacks.net/2017/03/09/notepa ... erability/
Wow, Notepad ++ of all things. I use that all the time. Will update.