How does the Hacking Team network malware work? How bad is it?

Eric Mill eric at
Sun Aug 17 14:24:38 PDT 2014


I've read the Intercept's writeup[1], and read through Citizen Lab's
writeup[2]. I'm having trouble understanding the attack surface, and how
widely applicable the vulnerability is.

Are MS and Google targeted because of their ubiquity, or is there also
something (besides not using HTTPS) that they did to make their services

How can there be a remote code vulnerability so low in the stack that it
can be injected at the packet level, but high enough that TLS encryption
foils the attack?

Does this affect Windows only? Through particular browsers?

I'm certainly up for using this as an argument for how difficult it is to
predict the severity and creativity of MITM attacks, but I would like to
better understand the magnitude of the disclosure.



-- |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1527 bytes
Desc: not available
URL: <>

More information about the cypherpunks mailing list