The Canadian Communications Security Establishment -- the most secretive of Canada's spy agencies -- has released the sourcecode for Assemblyline, a "Swiss Army Knife for malware analysis" that rolls up several malware analysis tools into a single unit, which can scan files for known malware and also assign a score to files indicating the likeliness that the file has a previously unseen form of malware.
The move is most welcome, and exemplifies the ways that security services can serve the mission of national security by rooting out malware and vulnerabilities. It's a real contrast to this year's meeting in Ottawa where Australia's top spy proposed deliberately introducing vulnerabilities into commonly used tools to preserve spies' ability to hack their adversaries./
The possibility that CSE's own tool could be used to detect spy software of its own design, or that of its partners, is not lost upon the agency.
"Whatever it detects, whether it be cybercrime or [nation] states, or anybody else that are doing things — well that's a good thing, because it's made the community smarter in terms of defence," said Jones.
Nor does he believe that releasing Assemblyline to the public will make it easier for adversaries to harm the government, or understand how CSE hunts for threats — quite the opposite, in fact.
"We believe that the benefits far outweigh any risks and that we can still use this to be ahead of the threat that's out there."
Canada's 'super secret spy agency' is releasing a malware-fighting tool to the public
Daniel Moghimi, Berk Sunar, Thomas Eisenbarth and Nadia Heninger have published TPM-FAIL: TPM meets Timing and Lattice Attacks, their Usenix security paper, which reveals a pair of timing attacks against trusted computing chips ("Trusted Computing Modules" or TPMs), the widely deployed cryptographic co-processors used for a variety of mission-critical secure computing tasks, from verifying software […]
The privacy-focused web browser Brave has finally launched a 1.0 version, bringing it officially out of beta.
A number of popular health-related websites in the UK are reported to be actively sharing sensitive user data with dozens of third parties, including Google and Facebook, but also various adtech firms and data brokers.
Sous vide cooking: It sounds fancy, but it’s actually one of the easiest and most reliable ways to cook. It’s the reason why many restaurants are able to put out delicious dishes with a consistent flavor. All you need is the right equipment, and that hasn’t always been available to those outside the resto crowd. […]
The more you use your computer, the more it becomes possible for others to use it too. Where there are anti-virus systems, there are hackers looking for a way to get around them. That’s why it’s important to get software that doesn’t just passively scout for viruses in the background. The folks behind GlassWire have […]
Knowledge is power. It’s a cliché, but sometimes things turn into a cliché because they’re true. If you’re making your way through the world of business and entrepreneurship, it only makes sense to read about the insights of people who have climbed that ladder before you. Trouble is, the modern workday doesn’t leave a lot […]