/tech/ - Technology

Brought to you by archive.org (again)

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images


(106.00 KB 648x699 finfisherispredirect.png)
New FinFisher surveillance campaigns: Internet providers involved? Anonymous 09/27/2017 (Wed) 02:39:51 [Preview] No. 11358
New surveillance campaigns utilizing FinFisher, infamous spyware known also as FinSpy and sold to governments and their agencies worldwide, are in the wild. Besides featuring technical improvements, some of these variants have been using a cunning, previously-unseen infection vector with strong indicators of major internet service provider (ISP) involvement.

FinFisher has extensive spying capabilities, such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. What sets FinFisher apart from other surveillance tools, however, are the controversies around its deployments. FinFisher is marketed as a law enforcement tool and is believed to have been used also by oppressive regimes.

We discovered these latest FinFisher variants in seven countries; unfortunately, we cannot name them so as not to put anyone in danger.

https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/

tl;dr Finfisher is back, is more resilient than before, and is being deployed via ISP MITM in some countries via redirecting downloads of popular software like WhatsApp, Skype, Avast, WinRAR, VLC Player (list not exhaustive).


Anonymous 09/27/2017 (Wed) 02:56:37 [Preview] No. 11359 del
Seems bullshit. What is the system vulnerable? What is the method (just saying 307 and ISP MitM isn't enough)?
Seems like a mythology create on these hipster blogs that don't know how computers work.
Technical information is more important in this board OP. Don't post shit content.


Anonymous 09/27/2017 (Wed) 04:12:39 [Preview] No. 11362 del
>>11359
You either didn't read the article, or didn't understand it.

>Don't post shit content.
Right back atcha. Start by learning English. Your posts all read like they come from a decade-old version of Google Translate.


Anonymous 09/27/2017 (Wed) 04:49:44 [Preview] No. 11363 del
(137.41 KB 717x880 leddit.jpg)
>>11362
I've read it. I did understand what it means. It has no technical explanation, nor a proof about it's statements.
Also, where did these guys got this information, if the software uses "anti-disasembly techniques"?

>Your posts all read like they come from a decade-old version of Google Translate.
Good point. Guess I'm a robot then. wow.
Languages is meant as a code for communication. If you can understand what I'm saying, then that's fine. I don't need to be Shakespeare or have all the new mannerism required by "imageboard culture".


What's up with all these newfags here? Fucks sake.


Anonymous 09/27/2017 (Wed) 12:36:26 [Preview] No. 11364 del
>FinFisher spyware masqueraded as an executable file named “Threema”. Such a file could be used to target privacy-concerned users, as the legitimate Threema application provides secure instant messaging with end-to-end encryption. Ironically, getting tricked into downloading and running the infected file would result in the privacy-seeking user being spied upon.
ha ha ha oh wow
Privacy concerned users don't use proprietary crap that cooperates with foreign oppressive regimes upon phone call.
ISP can't mitm you without bribing a legit certificate for most download sites. It only occurs in rare situations when CIA niggers do targeted attacks on users, because widespread attack would immediately result in banning this CA from all browsers on next update.
And if you happen to download exe files through plain http without verifying signatures obtained through reliable third party, well shit on yee.

>The 307 response from the Web server should always include an alternative URL to which redirection should occur. If it does, a Web browser will immediately retry the alternative URL. So you never actually see a 307 error in a Web browser, unless perhaps you have a corrupt redirection chain e.g. URL A redirects to URL B which in turn redirects back to URL A. If your client is not a Web browser, it should behave in the same way as a Web browser i.e. immediately retry the alternative URL.

So, if your user is retarded enough download executables through insecure channel and not from developer's repository, then he is not qualified to use computer anyways.


Anonymous 09/27/2017 (Wed) 18:04:31 [Preview] No. 11371 del
You forgot the cloudflare layer in between ISP and remote web server. SSL removed here ;^) etc.



Top | Return | Catalog | Post a reply