Wikileaks

I want to know what AVAST as to say about the story of CIA breaking into laptop, smartphones and other devices.

https://www.washingtonpost.com/news/the-switch/wp/2017/03/07/why-the-cia-is-using-your-tvs-smartphones-and-cars-for-spying/?utm_term=.3c8d9d3cc8e3

Then you should check avast blog as that is usually where they post what they think :wink:

It is no surprise that these big spy organisations with budget bigger then some contry have ways of entering your smart device, it would be a bigger surprise if they did not. Remeber this is what they work with 24/7

Anyway, this is not new. Malware for smart devices has been around for some time

http://blog.trendmicro.com/trendlabs-security-intelligence/android-based-smart-tvs-hit-by-backdoor-spread-via-malicious-app/

http://blog.trendmicro.com/trendlabs-security-intelligence/internet-things-ecosystem-broken-fix/

The problem with smart devices is that people often don’t change the standard factory password on them.
Another problem is that many “smart devices” either don’t have a password at all or the user can’t even change it.

There is nothing new here.
It has been already that way since the first smart device.

Snowden made everyone aware of the lack of privacy some years back.
This simply confirms his original leak and goes a few steps further.

And maybe some smart devices are not really smart enough :slight_smile:

Yepp, just click the second link i posted above

Hi bob3160,

Lucky that we two cannot be blamed for this, we are too old, as old-director, Michael Haydn, says in his comment, it is the Millenials.
Millenials are a disloyal bunch America can no longer count on to enlist for this kind of work.

As I see it the USA becomes more and more a “divided house” and divided houses cannot stand
according to Mark 3:25 and do we now have: “The Divided States of America”? ;D

I think it will be hard to get back the old reliable mentality from before the Civil War, like in the Southern States.

polonus

Back then, slavery was the norm. I certainly wouldn’t call that a good mentality.
To outsiders it looks like something is broken. We re simply going through a new period of adjustment.
It is hard for Washington to realize that politics as usual is no longer acceptable or tolerated. :slight_smile:
The message will eventually sink in. :slight_smile:

It is hard for Washington to realize that politics as usual is no longer acceptable or tolerated.
But it should be possible to present it in a normal civilised way and not like a reality show

Since I’m not the one in Washington, I can’t speak for any one else.
Neither side at the moment is being civilized :o

Wikileaks presented documents which listed all major antivirusbrands and that CIA have tried or tries or allready managed to by pass or compromise them to get acces to our computers. And of course that´s what spy agencies do. But another problem is that it seems that not only Wikileaks got acces to the documents including numerous of codes which maybe is a bigger threath to us ordinary users. I read a report by virus bulletin which stated that when securitysoftware get acces to when you are connected via https connections and scans the connection it will not highten the security in fact it makes it less secure. If i´m not misstaken wasn´t this something that Avast incorporated in their software a while ago ? So one thing is for sure forget about privacy anymore. Sad but true. And I think it´s going to worsen in the future when it seems that “everything” in a near future will be connected to the internet. And i´m not wearing a foilhat :wink:
Just want to ad one thing, according to the Avast blog Avast products were the only one that didn´t compromise the security when scanning the https connection. It was rated with an A. That´s one comfort. For what it is worth.

@cruiser25,

That is why with the broken infrastructure we have, nobody seems to like to put in an effort to mend it,
we have to redefine the main term in this spelled “TRUST”.

When are you able to fully trust an e2e encryption and the role of that CDN in it against data breaches and cloudbleeds? When your VPN or proxy has been turned against you, no longer keeping you safe, what then?

Who allowed a true amateur to develop a language like PHP that is insecure by design, and never should have been used as CMS apart from building a html website?

Why is Microsoft sitting on an enormous problem with double extensions for over a decade, and that has not be solved so gigantic amounts of user can be infested by executable second extensions that stay invisible by default?

These are real questions, so “What’s up doc”. Can you explain that to us, dear Mr. Michael Haydn, sir?
Why don’t we improve the global Internet infrastructure? Poundering the problems is getting to the core of the problem. The infrastructure is holed like Swiss cheese and beyond. And top governance of the global Internet structure are not doing a thing about it or sitting on their hands.

IT staff and developers learn nothing about security or have to specialize in it as Technical IT, and when they have know-how or pass a particular security exam, CIA is the first institute to approach and gratulate them, depending from what part of the world they come. That is the situation shortly sketched before you. A security officer may do some resource engineering of worked out schemes put out before him, but he will never govern the lay-out he has to go by. Seems almost like we do not want to arrive at a more secure infrastructure because of vested interests, like we have found some here.

polonus

Do no evil with Avira (or nasty HTTPS handshakes)
https://blog.avira.com/evil-nasty-https-handshakes/

Avast 2016: HTTPS scanning in Web Shield - FAQs
https://www.avast.com/en-us/faq.php?article=AVKB190

http://www.zdnet.com/article/google-and-mozillas-message-to-av-and-security-firms-stop-trashing-https/

The researchers urge antivirus vendors to stop intercepting HTTPS altogether, since the products already have access to the local filesystem, browser memory, and content loaded over HTTPS.

Additionally, they charge all security companies with acting “negligently”.

“Many of the vulnerabilities we find in antivirus products and corporate middleboxes, such as failing to validate certificates and advertising broken ciphers, are negligent and another data point in a worrying trend of security products worsening security rather than improving it,” they write.

Your blog.avira link is coming up 404 error.

Your 3rd link has been discussed/posted in at least couple of other topics already.