Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday June 30 2017, @06:11PM   Printer-friendly
from the another-day-another-leak dept.

"Today, June 29th 2017, WikiLeaks publishes documents from the OutlawCountry project of the CIA that targets computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from an user or even system administrator.

The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain."

https://www.wikileaks.org/vault7/#OutlawCountry

-- Leaked Documents :

= OutlawCountry v1.0 User Manual
https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_User_Manual/
(PDF) https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_User_Manual/OutlawCountry_v1_0_User_Manual.pdf

= OutlawCountry v1.0 Test Plan
https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_Test_Plan/
(PDF) https://www.wikileaks.org/vault7/document/OutlawCountry_v1_0_Test_Plan/OutlawCountry_v1_0_Test_Plan.pdf


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: -1, Troll) by Snotnose on Friday June 30 2017, @06:20PM (21 children)

    by Snotnose (1623) on Friday June 30 2017, @06:20PM (#533602)

    Hint: it's not because of it's superior code. No, it's because 95% of the computers hackers care about run Windows and haven't targeted Linux. Let Linux get a 20-25% share of the home market and just watch how things change.

    IMHO, much as I dislike Windows and Microsoft's attitude towards my machine, the fact is they've spent 30 years hardening their system. They're the most secure OS you can buy. If the hackers can get into as easily as they've proven they can, we're in for a world of hurt when they turn their eyes towards Linux.

    Macs are the same thing. Based on BSD, not enough market share for the hackers to target. Just wait....

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
    • (Score: 4, Insightful) by butthurt on Friday June 30 2017, @06:42PM (3 children)

      by butthurt (6141) on Friday June 30 2017, @06:42PM (#533616) Journal

      > [...] 95% of the computers hackers care about run Windows [...]

      Because attackers don't care about the computers in data centres, nor the computers in people's pockets. They only care about the ones on desks.

      • (Score: 4, Funny) by bob_super on Friday June 30 2017, @06:54PM (1 child)

        by bob_super (1357) on Friday June 30 2017, @06:54PM (#533621)

        I've been mining bitcoin on top500 machines for years, because the people running them just assumed that linux is too small of a target and didn't ever consider security...
        I hope that CIA tool being public doesn't get me booted from Oak Ridge, I already have to deal with Kim's friends slowing me down when they try to access nuke sim results.

        • (Score: 0) by Anonymous Coward on Saturday July 01 2017, @02:55AM

          by Anonymous Coward on Saturday July 01 2017, @02:55AM (#533805)

          Hey, is that my tax $$ paying the electric bill for your mining?

          Time to share the wealth...

      • (Score: 0) by Anonymous Coward on Saturday July 01 2017, @06:19AM

        by Anonymous Coward on Saturday July 01 2017, @06:19AM (#533831)

        Actually, they care about computers people use for ebanking nowadays, and those usually do indeed reside on desks (or in their pockets).

    • (Score: 0, Offtopic) by Anonymous Coward on Friday June 30 2017, @06:54PM (1 child)

      by Anonymous Coward on Friday June 30 2017, @06:54PM (#533622)

      Ask yourself which OS the people responsible for Grenfell Tower probably use. Think about whether those people have good judgement concerning technical matters. Then ask yourself if you want to use the same OS.

      • (Score: 2) by KGIII on Saturday July 01 2017, @05:07PM

        by KGIII (5261) on Saturday July 01 2017, @05:07PM (#533941) Journal

        Huh... I think this is the first time I've wished for a 'fucking retarded' moderation category.

        --
        "So long and thanks for all the fish."
    • (Score: 0) by Anonymous Coward on Friday June 30 2017, @07:00PM (3 children)

      by Anonymous Coward on Friday June 30 2017, @07:00PM (#533623)

      Don't most Windows "exploits" rely on the user installing some kind of screen saver or something so they can see some tits? Are there still princes in Africa who need financial assistance? Are there urgent notices from the Federal Department of Needful Revenue Internal Service I need to install a program at the link provided in the email to see?

      • (Score: 2) by Nerdfest on Friday June 30 2017, @07:07PM (2 children)

        by Nerdfest (80) on Friday June 30 2017, @07:07PM (#533627)

        There are still lots of drive-bys.

        • (Score: 1, Interesting) by Anonymous Coward on Friday June 30 2017, @07:35PM (1 child)

          by Anonymous Coward on Friday June 30 2017, @07:35PM (#533641)

          Oh right, I forget that Windows users install software for which each document opened is potentially a program in unto itself.

          I don't understand why exactly Microsoft Office users need a feature like that, but I'm a LibreOffice user when I'm not using LaTeX. Perhaps my use-case is different.

          Microsoft Office users must implicitly trust anybody who would send them documents. Seems a bit insane to me.

          • (Score: 0) by Anonymous Coward on Saturday July 01 2017, @03:48PM

            by Anonymous Coward on Saturday July 01 2017, @03:48PM (#533926)

            By design, what easier way to spread malware through a business? No one thinks a text document would be dangerous (non tech people)

    • (Score: 2) by RamiK on Friday June 30 2017, @07:39PM (2 children)

      by RamiK (1813) on Friday June 30 2017, @07:39PM (#533643)

      the fact is they've spent 30 years hardening their system

      Following that logic, it's safer to live is in the city's most patrolled streets over the suburbs.

      *insert car analogy here*

      --
      compiling...
      • (Score: 0) by Anonymous Coward on Friday June 30 2017, @08:19PM

        by Anonymous Coward on Friday June 30 2017, @08:19PM (#533668)
        The analogy is living in a city apartment in drug war area vs a trailer in some boring small town.

        Even _if_ the former has a slightly more secure design (steel doors, more compartmentalized), you're more likely to be screwed if you make a mistake than in the latter case.
      • (Score: 3, Touché) by Gaaark on Saturday July 01 2017, @03:06AM

        by Gaaark (41) on Saturday July 01 2017, @03:06AM (#533808) Journal

        Car analogy:

        MS has spent 30 years trying to get girls' pants off in the back of their Edsel, but is constantly getting some disease or other because MS's idea of security is a condom ripped to shreds when they replace a faulty fan belt with it.

        Good enough? ;)

        --
        --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 0) by Anonymous Coward on Friday June 30 2017, @08:36PM

      by Anonymous Coward on Friday June 30 2017, @08:36PM (#533678)

      You can't claim that everything from dos to windows 10 is the same thing.

      Also as has been said, Linux and especially other unix based OS have been used in servers for just as long. Not every exploit is for desktops.

    • (Score: 1) by khallow on Friday June 30 2017, @09:26PM (1 child)

      by khallow (3766) Subscriber Badge on Friday June 30 2017, @09:26PM (#533706) Journal

      IMHO, much as I dislike Windows and Microsoft's attitude towards my machine, the fact is they've spent 30 years hardening their system.

      Linux and Unix systems have only been doing that for 50 years combined. And they actually bother to harden the system when they harden it.

      • (Score: 0) by Anonymous Coward on Saturday July 01 2017, @12:37AM

        by Anonymous Coward on Saturday July 01 2017, @12:37AM (#533772)

        And it can be hardened even more by the end user. Try that with Win10... You might as well pull the hard drive out and put it in a microwave oven, that's the only way to harden Windows

    • (Score: 0) by Anonymous Coward on Saturday July 01 2017, @03:54AM (3 children)

      by Anonymous Coward on Saturday July 01 2017, @03:54AM (#533812)

      Spend 30 years hardening your system, then find it's still micro and soft and there isn't enough viiagra to do any kind of a job at all with it.

      30 years of impotence. Maybe they need an Apple a day?

      Gimme a break, dude.
      30 years:
      1: http://www.zdnet.com/article/microsoft-hides-behind-linux-for-protection/ [zdnet.com]
      2: http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/ [theregister.co.uk]
      3: http://www.theregister.co.uk/2004/10/22/security_report_windows_vs_linux/ [theregister.co.uk]

      30 years of FUD and misinformation and fudging reports and......

      (Sheesh, not allowed to put V_iagra in your post? "Lameness filter encountered. Post aborted!")

      • (Score: 3, Interesting) by kaszz on Saturday July 01 2017, @05:09AM (2 children)

        by kaszz (4211) on Saturday July 01 2017, @05:09AM (#533823) Journal

        Microsoft hides behind Linux for protection [zdnet.com]:

        Microsoft has employed Akamai's Linux-based servers to protect its Microsoft.com Web site and reduce the site's vulnerability

        Just proves their shit sucks. and they should stop peddling it onto others.

        • (Score: 2) by takyon on Saturday July 01 2017, @09:44PM (1 child)

          by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Saturday July 01 2017, @09:44PM (#533999) Journal

          Or it proves that Akamai is cheap and convenient because of their scale.

          --
          [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
          • (Score: 2) by kaszz on Sunday July 02 2017, @08:15AM

            by kaszz (4211) on Sunday July 02 2017, @08:15AM (#534117) Journal

            Sure, but if Microsoft has so great products. Then why don't they use their own cloud solution Azure with.. Windows? ;-)

    • (Score: 2) by mcgrew on Saturday July 01 2017, @03:49PM

      by mcgrew (701) <publish@mcgrewbooks.com> on Saturday July 01 2017, @03:49PM (#533927) Homepage Journal

      Linux is a kernal, not an OS, so this exploit should be able to pwn any Android device. There are a lot more Android devices than Windows devices; everyone who doesn't have an iPhone has Linux in their pockets and purses. Linux devices now outnumber Windows devices, just not on desks (unless you leave your tablet on a desk).

      --
      mcgrewbooks.com mcgrew.info nooze.org
  • (Score: 3, Informative) by Thexalon on Friday June 30 2017, @07:10PM (1 child)

    by Thexalon (636) on Friday June 30 2017, @07:10PM (#533629)

    ... this module will only work with default kernels.

    If you needed motivating to compile your own, well, there you go.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 2) by Nerdfest on Friday June 30 2017, @10:15PM

      by Nerdfest (80) on Friday June 30 2017, @10:15PM (#533734)

      The randomized linking described here the other day should help as well.

  • (Score: 2) by kaszz on Friday June 30 2017, @07:15PM

    by kaszz (4211) on Friday June 30 2017, @07:15PM (#533632) Journal

    No OpenBSD support? what.. I'm disappointed! :P

    Just a though.. open memory. Verify, no hiding ;)

  • (Score: 3, Interesting) by NewNic on Friday June 30 2017, @07:44PM (6 children)

    by NewNic (6420) on Friday June 30 2017, @07:44PM (#533645) Journal

    OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x;

    Not going to work: as soon as you update the kernel, the module won't be accepted.

    --
    lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
    • (Score: 2) by KiloByte on Friday June 30 2017, @07:59PM

      by KiloByte (375) on Friday June 30 2017, @07:59PM (#533656)

      Peddlers of proprietary drivers keep whining about no binary compatibility for kernel modules. Documentation/process/stable-api-nonsense.rst provides enough non-security reasons "why not". Here we have a security one, although to get full benefits you'd need to actively stop compatibility rather to rely on it being accidentally broken.

      The OpenBSD take on this is to re-link the kernel every boot [theregister.co.uk]. They also decided to drop support for loadable modules [phoronix.com], although that's not really an option if you want to support hotplugging new hardware at runtime.

      --
      Ceterum censeo systemd esse delendam.
    • (Score: 2) by forkazoo on Friday June 30 2017, @08:47PM (4 children)

      by forkazoo (2561) on Friday June 30 2017, @08:47PM (#533683)

      RHEL specifically makes some guarantees about binary compatibility that other distributions don't for the sake of turnkey proprietary Linux based systems like Autodesk Flame. Minor updates are unlikely to explode, that's why it targets a specific version of RHEL.

      And regardless, OutlawCountry requires root to install the kernel module. If if's possible to do that, I am pretty sure than can run a compiler to build a specific version of the kernel module. (And of course, once you penetrate a system, it's easy to say "Oh, I see this is Ubuntu/Slackware/Debian 1.2.3.4, I'll just install that on one of my machines to build a compatible nf_table module.")

      • (Score: 2) by NewNic on Friday June 30 2017, @09:32PM (3 children)

        by NewNic (6420) on Friday June 30 2017, @09:32PM (#533710) Journal

        RHEL specifically makes some guarantees about binary compatibility that other distributions don't for the sake of turnkey proprietary Linux based systems like Autodesk Flame

        But RHEL does not guarantee binary compatibility of kernel modules. In fact, you are pretty much guaranteed that kernel modules will not be compatible between updates. That's what tools like DKMS are for.

        --
        lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
        • (Score: 2) by jmorris on Saturday July 01 2017, @06:12AM (2 children)

          by jmorris (4844) on Saturday July 01 2017, @06:12AM (#533830)

          You must not have any experience with RHEL / CentOS. They do not rev the kernel version, period. When RHEL N.0 ships the N.[1-9] periodic releases all report the same major and minor kernel version numbers, only the numbers way over in the package name tick upward. They backport in new hardware support and bug fixes but no new functionality and none of the changes that would break a typical binary kernel driver for a device.

          This is a version string from a currently patched up CentOS 6:

          2.6.32-696.3.2.el6.centos.plus.x86_64

          And note that is a centos plus kernel on that machine, the RHEL / stock CentOS kernel gets fewer device drivers. But don't think that just because it says it is a 2.6 kernel that it won't boot on modern post 2009 hardware, like I said, RedHat expends quite a bit of effort backporting device drivers. But the basic internal structure, the sort of changes that would break binary kernel modules between a 2.6 kernel and 4.x aren't there, it is still essentially a 2.6 kernel. They do this to ensure stability, if you initially install on a machine you can be damned certain a random kernel update won't suddenly break something. Unlike Fedora that recently broke hibernation on my machine for several kernel versions and now it works again. They also very explicitly and publicly do it to facilitate binary modules for RHEL servers and workstations. Again, the Fedora peeps with NVidia cards learn quick to stay up on when it is safe to update since they are again very explicit and public about not giving even 0.1 f*cks about breaking ANY closed software during the madcap ride to the Glorious SystemD Future that Fedora is on. Complaining about unimportant problems like having a blank screen on reboot on the fedora mailing lists will only get you abuse and ridicule, including from @redhat.com addresses.

          Pro Tip: Buy a Radeon if you want to run Fedora and NVidia for RHEL / CentOS. (But the free Radeon drivers are getting good and are also supported so very soon we should all be able to just buy Radeon and tell NVidia to f*ck themselves with a pineapple.)

          • (Score: 2) by NewNic on Saturday July 01 2017, @06:58PM (1 child)

            by NewNic (6420) on Saturday July 01 2017, @06:58PM (#533964) Journal

            Interesting, your post made me look into kernel module compatibility a bit more.

            A naive attempt appears to shows that the version must match exactly:

            # insmod /lib/modules/2.6.32-696.1.1.el6.x86_64/kernel/drivers/net/vmxnet3/vmxnet3.ko
            insmod: error inserting '/lib/modules/2.6.32-696.1.1.el6.x86_64/kernel/drivers/net/vmxnet3/vmxnet3.ko': -1 Required key not available

            However, it appears that this error message is related to module signing:
            # grep MODULE_SIG /boot/config-2.6.32-642.13.1.el6.x86_64
            CONFIG_MODULE_SIG=y
            # CONFIG_MODULE_SIG_FORCE is not set

            --
            lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
            • (Score: 2) by jmorris on Monday July 03 2017, @03:00AM

              by jmorris (4844) on Monday July 03 2017, @03:00AM (#534318)

              Yea, it is annoying. But it can be worked around. Check this CentOS wiki page [centos.org] discussing the issue of making third party repo modules. ElRepo is the example given and it is noted their modules aren't signed. (The packages are though, which is easier since adding the repo can add a new key to rpm.)

  • (Score: 2) by NewNic on Friday June 30 2017, @07:47PM (3 children)

    by NewNic (6420) on Friday June 30 2017, @07:47PM (#533650) Journal

    an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system.

    --
    lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
    • (Score: 2) by butthurt on Friday June 30 2017, @09:09PM (2 children)

      by butthurt (6141) on Friday June 30 2017, @09:09PM (#533700) Journal

      If you have root, you can install this software to enable stealthy, ongoing monitoring (spying). Gaining root is a means and spying is an end.

      https://en.wikipedia.org/wiki/Payload_(computing)#Security [wikipedia.org]

      • (Score: 2) by NewNic on Friday June 30 2017, @09:36PM (1 child)

        by NewNic (6420) on Friday June 30 2017, @09:36PM (#533712) Journal

        My point is that this isn't anything new, or particularly interesting. People have developed root kits before. Once you have root, it's game over and just about anything is possible.

        I doubt that this has ever been used. Look at my other comments under "Bullshit!". This won't work with almost all CentOS/RHEL systems because it only supports a single kernel version.

        The limitations mean that this doesn't show a significant interest by the NSA in compromising CentOS/RHEL systems. This is probably some intern's summer project.

        --
        lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
        • (Score: 3, Insightful) by deimtee on Saturday July 01 2017, @03:05AM

          by deimtee (3272) on Saturday July 01 2017, @03:05AM (#533807) Journal

          This is probably some intern's summer project.

          Or it was targetted at a specific computer that was known to be running that kernel version.
          And once you've written it for that purpose, why throw it away? You might never be able to use it again, but space is cheap and it might come in handy. At the very least it would be easier to convert to other kernels than to start over.

          --
          If you cough while drinking cheap red wine it really cleans out your sinuses.
  • (Score: 2, Informative) by Anonymous Coward on Friday June 30 2017, @07:58PM (5 children)

    by Anonymous Coward on Friday June 30 2017, @07:58PM (#533654)

    - Only supports 64-bit CentOS/RHEL 6.x
    - Only supports Linux kernel 2.6
    - Only supports NAT tables in iptables
    - Hidden table name is dpxvke8h18
    - Only supports IPv4

    • (Score: 1, Informative) by Anonymous Coward on Friday June 30 2017, @08:39PM (3 children)

      by Anonymous Coward on Friday June 30 2017, @08:39PM (#533680)

      Thank you for the info. One the one hand, it is the CIA's "job", but on the other hand you must understand why people around the world hate the US so much. These revelations just feed their flames of hate and resentment of what essentially is an out-of-control bully. No other way to interpret it.

      • (Score: 0) by Anonymous Coward on Friday June 30 2017, @11:09PM

        by Anonymous Coward on Friday June 30 2017, @11:09PM (#533750)

        The CIA should have been abolished decades ago. But as an American citizen living under a two party system, I have no say over their "job".

      • (Score: 2) by jmorris on Saturday July 01 2017, @06:21AM (1 child)

        by jmorris (4844) on Saturday July 01 2017, @06:21AM (#533832)

        Only the stupid ones. Everyone else knows EVERY nation state since the beginning of recorded history has had spies and this reality isn't going to change as long as humans are still basically flawed ("fallen" if you are of a religious bent) violent and tribal critters. Don't hate the player, hate the game. Or is it you hate us because we happen to be winning and you feel inferior? Don't worry, that isn't why your weenie is small, the CIA isn't putting secret sauce in your Mountain Dew.

        • (Score: 2) by lentilla on Saturday July 01 2017, @09:51AM

          by lentilla (1770) on Saturday July 01 2017, @09:51AM (#533872)

          By the same token, everyone knows that every society since the dawn of time has had its share of murderers. Of course, just because some people happen to be murderers does not mean that I need to be one. Just to be clear: just because one country employs spies does not mean another country needs spies.

          you hate us because we happen to be winning and you feel inferior?

          I believe the widespread dislike for the USA is that they act like a bunch of bullies that simply can't leave the rest of the world to go about their own business in their own way. The rest of the world would look more kindly on the United States if they simply stopped interfering.

          The language you used "you hate us because we happen to be winning" is curious. It's not a game: "us verses them". There are no "goodies" and "baddies". We are; all of us; brothers and sisters. As for "winning"... my goodness! If by "winning" you mean getting the largest share of the pie, leaving the others with the scraps and having the rest of the world really, really, dislike your team? Then sure, you're winning.

    • (Score: 0) by Anonymous Coward on Friday June 30 2017, @11:07PM

      by Anonymous Coward on Friday June 30 2017, @11:07PM (#533749)

      The PDF files are kind of old.

      I'm sure the code + PDF files have been updated since, but not included in the leak.

  • (Score: 2) by drussell on Friday June 30 2017, @08:58PM (4 children)

    by drussell (2678) on Friday June 30 2017, @08:58PM (#533693) Journal

    Who runs a stock kernel except for initial installation?

    ... or am I just one of those "BSD retards?" :)

    I don't use Linux, but I always compile a custom kernel for every machine I install BSD on....

    • (Score: 4, Interesting) by jmorris on Saturday July 01 2017, @12:35AM (3 children)

      by jmorris (4844) on Saturday July 01 2017, @12:35AM (#533771)

      You don't run RHEL/CentOS. Stock is the name of the game, often to be able to insert closed source modules. And you certainly want to retain support, especially for RHEL.

      No, what I have found most interesting about the Vault 7 leaks so far is how incompetent the CIA is. Yea I realize this was all from a skunksworks deal where they were trying to develop their own tools to use in cases where the good stuff at NSA couldn't be used because of too much oversight and requirement to actually obey laws and crap, but damn! Read the PDF, this thing can't even reliably hide itself. If iptables gets reloaded it pops up in the output of lsmod. And haven't these super geniuses heard of dkms? Run it, harvest the module and then remove the package to delete the trace, or just gimp the rpm command to hide it if you are so super government spy level Either way you get a module that installs anywhere the dkms toolchain exists. Or just see what kernel is installed and spin up a VM on your network with it and build the module. Either way, bottom line is they are not impressing with their 3133t 5k1|z.

      Scary thought for the day. What if Wikileaks gets the NSA's stuff and we discover it isn't much better? That the script kiddies and ransomware peeps are actually BETTER.

      • (Score: 3, Informative) by butthurt on Saturday July 01 2017, @01:39AM

        by butthurt (6141) on Saturday July 01 2017, @01:39AM (#533791) Journal

        > What if Wikileaks gets the NSA's stuff and we discover it isn't much better? That the script kiddies and ransomware peeps are actually BETTER.

        Exploits purportedly used by the NSA were leaked, and became the basis of ransomware.

        /article.pl?sid=17/05/13/116235 [soylentnews.org]

      • (Score: 1, Funny) by Anonymous Coward on Saturday July 01 2017, @02:18AM

        by Anonymous Coward on Saturday July 01 2017, @02:18AM (#533798)

        ... with the Kennedy assassination?

        He's dead, ain't he?

      • (Score: 2) by kaszz on Saturday July 01 2017, @05:01AM

        by kaszz (4211) on Saturday July 01 2017, @05:01AM (#533821) Journal

        The leak could be engineered to make the case they aren't that good and it's possible the CIA isn't even aware of some black budget program that have the "real skills".

  • (Score: 0) by Anonymous Coward on Friday June 30 2017, @09:32PM (1 child)

    by Anonymous Coward on Friday June 30 2017, @09:32PM (#533709)

    To put this on a few "crap" machines doing useless tasks just to muddy the waters :)

    • (Score: 2) by butthurt on Saturday July 01 2017, @01:43AM

      by butthurt (6141) on Saturday July 01 2017, @01:43AM (#533792) Journal

      It appears that only the documentation, not the software, has been published.

  • (Score: 0) by Anonymous Coward on Friday June 30 2017, @10:33PM (4 children)

    by Anonymous Coward on Friday June 30 2017, @10:33PM (#533743)

    A Linux administrator committed to security can pile hurdle after hurdle an attacker must overcome to modify a system. Many barriers can be "Catch 22" types.

    Technical knowledge is pretty much the only limiting factor in making a tight Linux box.

    • (Score: 3, Informative) by jmorris on Saturday July 01 2017, @12:37AM (3 children)

      by jmorris (4844) on Saturday July 01 2017, @12:37AM (#533773)

      It is a truth though that the people who spend the most time securing their machine have the least interesting stuff on it. All of the most vendable personal information, the business records, the corporate secrets, the most useful networks full of innocent spam canneries, the darkest vilest crap, all that tends to reside on the low hanging fruit,

      • (Score: 0) by Anonymous Coward on Saturday July 01 2017, @02:01AM (2 children)

        by Anonymous Coward on Saturday July 01 2017, @02:01AM (#533794)

        Your statement is unrelated to ones ability to secure Linux. The point is, one has the freedom and access to really tighten a Linux box.

        Linux administrators' individual choices doesn't diminish what is available to her/him.

        • (Score: 0) by Anonymous Coward on Saturday July 01 2017, @06:23AM (1 child)

          by Anonymous Coward on Saturday July 01 2017, @06:23AM (#533833)

          You have the same freedum on windows. Nobody does it, but you do. Nothing stops you from loading a custom ring 0 driver and basically filter/change/manipulate/control whatever you want.

          • (Score: 0) by Anonymous Coward on Saturday July 01 2017, @05:34PM

            by Anonymous Coward on Saturday July 01 2017, @05:34PM (#533946)

            "Nothing stops you from loading a custom ring 0 driver and basically filter/change/manipulate/control whatever you want."

            not being a stupid whore bent on insanity stops me.

(1)