Monthly Archives: May 2019
Funny that. Just a couple of weeks ago, I wrote:
The spy in your ‘puter or ‘phone … Some of that is P2P communications software like Microsoft’s skype or Facebook’s whatsapp, that should be prime vehicles for Aussie-style targeted espionage.
Suppose you’re a government spy agency that has leaned on whatsapp to introduce your spyware. You want to get everyone to update to a version with the spyware. How do you go about it? How about an announcement of a serious security flaw in earlier versions to persuade everyone who might have something to hide to make the upgrade?
As reported, the whatsapp flaw was already at a much deeper level than just spying on whatsapp traffic (as per my earlier comment): it was used to install some of the world’s most sophisticated spyware called Pegasus, developed by an Israeli company NSO and sold to government agencies for total surveillance on dangerous elements such as dissidents and human rights lawyers. The Reg article quotes a comment that kind-of summarises:
NSO Group has been bragging that it has no-click install capabilities for quite some time. The real story here is that WhatsApp found the damn thing.
— Eva (@evacide)
Indeed. Pegasus wasn’t new, and was thought to have been distributed by more conventional means (and no doubt was, to less-than-paranoid users). How did they make the connection between it and a critical whatsapp bug? One might speculate there was more to this story than is being told!
A good day to bury other security/spyware news? Golly, what a coincidence that Thrangrycat was also just announced. The perfect way to bury something more than the official lawful intercept (wiretapping as required of them by the US Government) malware into Cisco routers, switches and firewalls, so deeply that future upgrades won’t affect it.
Wicked speculation: could it be the amount of work they’ve had to devote to supporting US Government spying requirements that caused Cisco to fall behind an unencumbered Huawei?
It’s a long time since I experienced the Web without ad-blocking, without noscript. Individual sites may have changed for better or worse, but overall it remains a whole world of pain.
I don’t even mind adverts. What I need to block is crap that moves: animations, tickers, slideshows, etc, including those that aren’t adverts at all but are just some deezyner’s wet dream. And it turns out there’s a lesser nuisance alongside those: sites that put up a huge great dialogue box where I have to agree T&Cs, and usually telling me about their cookies, before viewing the page.
Goodbye, Firefox. Hello Chromium. Probably won’t look back (at least for general browsing) until and unless I start getting grief with the latter.