In March, Wikileaks published the Vault 7 leaks, a cache of CIA cyberweapons created under the doctrine of "NOBUS" ("No One But Us"), in which security agencies suppress the publication of bugs in widely used software, choosing instead to develop attack-tools that exploit these bugs, on the assumption that no one else will ever discover those bugs and use them to attack the people they're charged with defending.
Though Wikileaks shared the sourcecode for these weapons with a few select tech giants shortly after the initial leak publication, they withheld it from wider publication until now.
The Vault 8 leaks are a trove of sourcecode and analysis of the Vault 7 weapons, presented to "enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components."
Access to this sourcecode will reveal, for example, whether the CIA is recycling existing cyberweapons used by criminals in its tools, whether and how the CIA misdirects attribution for its cyberwarfare operations (for example, by leaving false clues like foreign-language variable names or timestamps from exotic locales), and it provides critical data on the practical realities of NOBUS, allowing researchers to track the rate of independent rediscovery and exploitation of the bugs that the CIA has deliberately left intact on our computers.
Vault 8 [Wikileaks]
The video conferencing app Zoom has become suddenly ubiquitous over the past few weeks, as the coronavirus shutdown closes schools, businesses, and keeps us all indoors. Shares of Zoom dropped 9% on Monday, adding to their sharp declines in recent days, as security and privacy vulnerabilities are reported. There is also new competition from other […]
“Researchers conclude that Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is not suitable for sensitive communications.”
The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user’s Windows login credentials from malicious chat links. Hi @zoom_us & @NCSC – here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use […]
Yoga studios are closed nationwide. The irony is that between the anxieties of the outside world and those popping up inside your very own home with everyone trapped indoors, there’s probably never been a time where yoga’s calming zen was more vital and needed. Rather than just throwing in the yoga mat and subjecting family […]
The workers aren’t inside their physical business space anymore. So why should business technology still be under that roof either? In fact, more and more businesses have been making this migration for a while now, moving all their digital infrastructure to the world’s two largest cloud services platforms, Amazon Web Services (AWS) and Microsoft’s Azure. […]
Gather round, young and old — and hear tales of bygone days. Back in olden times, citizens would mass at a house of coffee, wherein skilled java alchemists would concoct special blends and apply artisanal wizardry to make each steaming chalice an appointment for the taste buds. Granted, said wizards, once known as baristas, were […]