Reads and Vault 7

Jolly Friday! Weather has been weird with jumps from 70 F yesterday, down to the 30s and steady but rapidly melting snow today. I recently finished reading The Art of Invisibility (amazon link) by Kevin Mitnick. I found it to be an enjoyable read, with most content being fairly well known, yet the wider applied context was helpful. Most of all, it read like a good story, instead of a technical manual. Even if you aren’t into tech heavily, I think you would find this to be a worthwhile read. The book does a good job of applying security into a rational context, without sounding all ‘tin foil hat conspiracy’.

Also buzzing around the security sphere is the Vault 7 leaks – Part 01. This archive jumps into some CIA bug exploits and attach methods they have been using. Be wary of coverage sources, namely the Wikileaks twitter account and most every mainstream news outlet. They are jumping into some unqualified headlines. Personally I think rushing to cover the story with inaccurate information, goes to muddy the actual content. I still think this The Register article best covers the leaked content. Going with a TL;DR here, SmartTV microphones can be owned, but this looks to be a local attack to implement. Crypto applications can be circumvented, if you phone itself gets compromised… not the application itself. There has been plenty of back and forth between the security community and mainstream news over that detail between entire phone access and the subsequent access to apps that grants. The potential to control automobiles is a concern that brings up more desire to probe the death of Michael Hastings.
I have some of the Vault 7 files to rifle through myself, as 8000+ files is quite the cache. Some applications such as Notepad++ have already patched against the disclosed vulnerabilities and other companies are scrambling to do the same. Wikileaks appears to be relaying the exploit code to vendors, as they seem to have redacted almost all of the files from release into the wild.

Outside of the computer and security sphere, I picked up the new Zelda: Breath of the Wild game and have played that a little bit. I also continue to draft up some projects I’ve been working on, but mentioning them before being live, is kind of useless :)

I also learned that interacting with political twitter is the worst, because people will keep @you about something someone else said, all in effort to get their snarky rebuttals in. I know it is difficult to have a dialog in 140 characters, but if your only response is “You’re wrong and I don’t like your opinion”, your shit is weak and you lack any contribution to the dialog. Complaining without any effort at a workable solution, just helps you reinforce your current stance. Try challenging your opinions against others and see if they stick. It’s a 2-way street, but if you are busy throwing labels @ people, I can assure you, you are accomplishing nothing except the old hug box / circle jerk of hive-minded opinions.