In March, Wikileaks published the Vault 7 leaks, a cache of CIA cyberweapons created under the doctrine of "NOBUS" ("No One But Us"), in which security agencies suppress the publication of bugs in widely used software, choosing instead to develop attack-tools that exploit these bugs, on the assumption that no one else will ever discover those bugs and use them to attack the people they're charged with defending.
Though Wikileaks shared the sourcecode for these weapons with a few select tech giants shortly after the initial leak publication, they withheld it from wider publication until now.
The Vault 8 leaks are a trove of sourcecode and analysis of the Vault 7 weapons, presented to "enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components."
Access to this sourcecode will reveal, for example, whether the CIA is recycling existing cyberweapons used by criminals in its tools, whether and how the CIA misdirects attribution for its cyberwarfare operations (for example, by leaving false clues like foreign-language variable names or timestamps from exotic locales), and it provides critical data on the practical realities of NOBUS, allowing researchers to track the rate of independent rediscovery and exploitation of the bugs that the CIA has deliberately left intact on our computers.
Vault 8 [Wikileaks]
Over at XKCD, Randall Munroe's predicted the Critical Vulnerabilities and Exposures for 2018, with some pretty solid predictions (especially under the tooltip, which finally reveals a secret that many of us have kept mum about for literal decades -- damn you, Munroe!).
It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them.
A pair of researchers from Toronto's storied Citizen Lab (previously) have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable.
Going back to school isn’t necessarily an option for everyone. Between the time commitments and steep tuition rates, there are obstacles aplenty as far as furthering education is concerned. However, that’s not to say it’s impossible to learn new skills. Excel with Business lets users access thousands of hours of online learning in Microsoft, business, technology, […]
More often than not, you won’t see an accident coming, which means it pays to be proactive and ensure you have the right tools on-hand before you need them. Whether you find yourself in the middle of a power outage or having car trouble at night, you can make sure you’re still capable of navigating […]
Trains may not be the most popular means of conveyance nowadays, but chances are you grew up playing with toy trains or building a model set to wrap around the Christmas tree. In either case, it’s safe to say that locomotives have long carried a unique sense of awe and scale, especially when they’re hundreds […]