Knock Knock Who's There? – An NSA VM(reverse.put.as) |
Knock Knock Who's There? – An NSA VM(reverse.put.as) |
I don't understand. Or does this mean because the malware was being used you refused to publish documentation about it? Because you think people targeted by nation states are evil?
Intelligence services are the worst terrorist organizations, and most people targeted by them are in fact very friendly persons. If only intelligence services dealt with the actual criminals and not revolutionaries, we wouldn't be having corruption and power abuse scandals every other week in all "developed" nations.
EDIT: To those saying it would be a legal liability risk, isn't it a criminal offense in your jurisdiction if you know about a danger to someone else, not to do something about it if only warn them? (non-assistance à personne en danger, in french law) Or couldn't you partner with a security research lab with better legal counsel?
I just want holes to be fixed.
What can ordinary users do to protect themselves other than patching?
So this was far more reaching than Windows.
To answer what ordinary users can do: Against a well funded adversary hell bent on getting access to your systems/data - probably not a lot! In the case of NSO group even a fully patched iPhone wasn’t going to help you.
However, on reading this article my first thoughts are if this method evades detection by not having a listening port that a network scan or locally using ss/netstat can detect then perhaps you would still be able to benefit from egress filtering (only allowing outbound connections to things you need and blocking the rest). On a router most connections are through the router (FORWARD table) as opposed to directly locally originated and outbound (OUTPUT table).
Well, you can - you just need to live a mostly offline live with few, highly hardened devices and enter you passwords under a blanket. Edward Snowden does manage, after all. But you'll have to skip on a lot of enjoyment - new software, games, even Netflix - forget it.
The real question is, is it worth to you to live such a live. Probably not.
If NSO does it, so could the intelligence agencies of dozens of countries. Looks like a hopeless situation, where a small percentage of population have access to anyone’s data (but not conversely).
This is posing a threat to the democratic society.
There ought to be a way to make a secure device.
Wipe and reinstall often, rotate passwords at same time, also teaches good backups.
ad blocker by default and always up to date system.
Use VMs or other machines for dubious websites and wipe those often (like a raspberry?)
Careful what you execute on your machine
Then if you're really paranoid:
Some external firewall running suricata for alerting
Logging to an external system so you can review things in case of issues.
Anonymous guides I read mostly recommend Tor, anonymous sim card and purchasing electronics with cash. But I don't think it's going to render any state player's work impossible. I mean if they are really onto you.
On the other side, three char agencies cannot waste resources on every individual, so the best way is to stay out of the radar.
(NAT , in general, = how the multiple devices at your home all share a single public IP address from your ISP)
This article mainly addresses servers / public facing services (which do not make use of nat)
But again, maintaining an offline life could be very tricky given that the society as a whole is moving everything online. For example, if you earn salaries like me, there is no way to avoid a bank account and a mobile number.
I had an idea that thin clients were going to be big - and I stupidly pitched ideas for cloud based software to Adobe, Newtek, and Autodesk.
Never gunna do that again.
In America where the NSA is located? I’ve never written “lol” on this site, but this time called for it.
Since you’re in France I’ll now explain nicely. Not even our cops have any legal requirement to intervene: both when there’s an active crime or even if they see another cop committing a crime in the line of duty (e.g. excessive force).
And civilians (in the American press both military and “deputized” police are called non-civilian) will frequently ignore all manner of crimes, from shootouts to a person overdosing on drugs.
Cops generally have no duty to protect anybody. That's not their job, no matter what the decals on the squad say. But if you're on duty, and you witness a crime being committed right in front of you, especially if it's something as serious as a violent felony, and literally ignore it, and anybody finds out, you'll at least probably be fired. Depending on the jurisdiction and totality of circumstances, it may also be a crime.
There's a case working its way through the courts where LEOs disarmed someone at the behest of some thugs and then watched him get beat to death by said thugs.
The LEOs are arguing that they had no duty and that they're not responsible for the consequences of said disarming.
[0] https://en.wikipedia.org/wiki/Maksim_Gelman_stabbing_spree