Fwd: Freedom Hosting Owner Arrested, Tormail Compromised, Malicious JS Discovered
It's possible that the attack in the paper isn't perfectly effective. It's also possible that the government isn't aware of the paper, or at least hasn't organized enough yet to mount an attacked based off of this paper. (some beauracrat in power is spending money on this piece of malware, wants all resources behind it, or maybe other political bullshit, and so as always the government is slowing itself down) And finally, it's possible that TSR uses additional layers of protection, like VPN through countries outside of US jurisdiction, so that even when you unwrap tor TSR remains hidden. On Mon, Aug 12, 2013 at 9:46 AM, David Vorick <david.vorick@gmail.com>wrote:
It's possible that the attack in the paper isn't perfectly effective. It's also possible that the government isn't aware of the paper, or at least hasn't organized enough yet to mount an attacked based off of this paper. (some beauracrat in power is spending money on this piece of malware, wants all resources behind it, or maybe other political bullshit, and so as always the government is slowing itself down)
And finally, it's possible that TSR uses additional layers of protection, like VPN through countries outside of US jurisdiction, so that even when you unwrap tor TSR remains hidden.
Or that different departments / teams have different enforcement priorities, or that they don't cooperate well with each other... On Mon, Aug 12, 2013 at 8:47 AM, David Vorick <david.vorick@gmail.com> wrote:
It's possible that the attack in the paper isn't perfectly effective. It's also possible that the government isn't aware of the paper, or at least hasn't organized enough yet to mount an attacked based off of this paper. (some beauracrat in power is spending money on this piece of malware, wants all resources behind it, or maybe other political bullshit, and so as always the government is slowing itself down)
And finally, it's possible that TSR uses additional layers of protection, like VPN through countries outside of US jurisdiction, so that even when you unwrap tor TSR remains hidden.
-- @kylemaxwell
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/12/2013 10:25 AM, Kyle Maxwell wrote:
Or that different departments / teams have different enforcement priorities, or that they don't cooperate well with each other...
Sometimes the right hand and left hand don't know what each other are doing. Sometimes the right and left hands are on entirely different bodies on different sides of the continent. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "This time we're using four times the Kevlar." -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlILux8ACgkQO9j/K4B7F8ENUACg9GuTHxEksVnGaltChD/B4Bhy qIMAoIZAcaQ+MAZl9hSmjJCWRLesPGOq =IOxH -----END PGP SIGNATURE-----
On Wed, Aug 14, 2013 at 1:15 PM, The Doctor <drwho@virtadpt.net> wrote:
On 08/12/2013 10:25 AM, Kyle Maxwell wrote:
Or that different departments / teams have different enforcement priorities, or that they don't cooperate well with each other...
Sometimes the right hand and left hand don't know what each other are doing.
Sometimes the right and left hands are on entirely different bodies on different sides of the continent.
In my limited experience with the spook agencies, this understates the case. The left hand refuses to share a thing, making the smug claim "We're listeners, not talkers." The right hand is working to stab the left in the back and take control of the two fingers it thinks are doing anything useful. The left hand is doing the same to the right. I could go on, but I think the analogy is starting to fall apart. Eugen Leitl pasted up an article recently, describing the delusions, incompetence, dirty dealing, and dirty characters involved in Britain's MI5. That matched pretty well what I know of my own knowledge of US operations. Please note that my experience was entirely on the US Army side of things, as a low-ranking officer. I was mostly insulated from political considerations except for budget battles. However, I dealt with other groups and I kept my eyes and ears open and couldn't help noticing things.
A friend of mine, not a security jock, recently needed to cleanse her system (computer system, that is). She was advised to download Malwarebytes. So she went to Google, and selected the top hit. It had the pale green background that indicates (to those who know) that it was a commercial hit. Of course, she did not know that, but so what? She merrily clicked on it. It's Google's top hit, right? Must be well-vetted, safe, etc. The install led her through all sorts of other installs, and the end result was that she had a quite old version of Malwarebytes, and loads of adware on her computer. She needed a very thorough cleaning then, to get rid of that stuff. Hope there's no malware left. Sheesh. The point is that Google was boasting recently about its wonderful machine learning that, unprompted, detected bogus used car ads in China. It's perfectly clear that they could check the nasty Malwarebytes repackager that paid them. Pretty poor behavior on Google's part. Mike
IIRC Google happened to run across it, and they spend a lot of time (and money) trying to detect bad ads, but it's certainly not foolproof. The arms race continues. There are many areas where we can't really consider Google one of the "good guys" (insofar as that label means anything), but fighting malware is an area where they certainly seem to be on the side of good. On Wed, Aug 14, 2013 at 1:45 PM, Michael Nelson <nelson_mikel@yahoo.com> wrote:
A friend of mine, not a security jock, recently needed to cleanse her system (computer system, that is). She was advised to download Malwarebytes. So she went to Google, and selected the top hit. It had the pale green background that indicates (to those who know) that it was a commercial hit. Of course, she did not know that, but so what? She merrily clicked on it. It's Google's top hit, right? Must be well-vetted, safe, etc.
The install led her through all sorts of other installs, and the end result was that she had a quite old version of Malwarebytes, and loads of adware on her computer. She needed a very thorough cleaning then, to get rid of that stuff. Hope there's no malware left. Sheesh.
The point is that Google was boasting recently about its wonderful machine learning that, unprompted, detected bogus used car ads in China. It's perfectly clear that they could check the nasty Malwarebytes repackager that paid them. Pretty poor behavior on Google's part.
Mike
-- @kylemaxwell
Google might very well have given that add -10k LarryPoints. It just had to compete with the other paid ads, and there were none. So it won. Google is capable of automatically crawling websites and running a full virus-and-maleware-scan sweep. Especially for their ads. But they don't do this at all AFAIK. Probably not worth it.
Dnia środa, 14 sierpnia 2013 23:30:59 Lodewijk andré de la porte pisze:
Google might very well have given that add -10k LarryPoints. It just had to compete with the other paid ads, and there were none. So it won.
Google is capable of automatically crawling websites and running a full virus-and-maleware-scan sweep. Especially for their ads. But they don't do this at all AFAIK. Probably not worth it.
First and foremost, dow e REALLY want Google to censor the results? I know, I am using a very strong word here, but I believe there is something to it. If we expect Google to censor our Internet for us, they will, and then we shall weep. The right way of handling this is education. For example getting media and information competencies[1] courses to schools so that people would be able to better filter out the bogus ads themselves. [1] http://ifapcom.ru/files/News/Images/2013/mil_eng_web.pdf p. 351 onwards DISCLAIMER: I'm one of the co-authors of that catalogue; comments welcome also, inb4 "iFap" jokes ;) -- Pozdr rysiek
2013/8/19 rysiek <rysiek@hackerspace.pl>
First and foremost, dow e REALLY want Google to censor the results? I know, I am using a very strong word here, but I believe there is something to it. If we expect Google to censor our Internet for us, they will, and then we shall weep.
They do already. They call it "pagerank". They purposely influence it to achieve the "right" results. They don't have to remove it, just moving it to page 200 is enough.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/12/2013 09:47 AM, David Vorick wrote:
And finally, it's possible that TSR uses additional layers of protection, like VPN through countries outside of US jurisdiction, so that even when you unwrap tor TSR remains hidden.
It's also possible that they found a way to compromise FH and tamper with other sites running on that service. If you ask for hosting (which they offered), and they give it to you, and you deliberately upload a web application that you know you can use to execute arbitrary code on the server side, it suddenly becomes a lot easier to spike popular sites on the same machine. Or, set up your own site as a sting and pack all the exploits you want behind the frontpage. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "This time we're using four times the Kevlar." -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlILuuUACgkQO9j/K4B7F8E3gACgi6o7EUn1Y6fX6nNgif1rXYsu QJMAn3zJHIfYfaOkqA+NcPG5ltytXnmL =QAcu -----END PGP SIGNATURE-----
participants (7)
-
David Vorick -
Kyle Maxwell -
Lodewijk andré de la porte -
Michael Nelson -
rysiek -
Steve Furlong -
The Doctor