[kictanet] WikiLeaks CIA Leaks

Wed Mar 8 17:38:40 EAT 2017

Kivuva

All I can is this:-

Sisi kwisha! 

Ali Hussein
Hussein & Associates
+254 0713 601113 / 0770906375

Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
Blog: www.alyhussein.com

"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought".  ~ Albert Szent-Györgyi

Sent from my iPad

> On 8 Mar 2017, at 3:32 PM, Mwendwa Kivuva via kictanet <kictanet at lists.kictanet.or.ke> wrote:
> 
> Wikileaks released CA hacking tools codenamed Vault 7.
> 
> Basically, everybody that maters has been hacked ... even if they use
> Signal, Telegram, or the best security tools. Funny how Telegram tried
> to console its users "The good news is that for the moment all of this
> is irrelevant for the majority of Telegram users. If the CIA is not on
> your back, you shouldn't start worrying just yet. And if it is, it
> doesn't matter which messaging apps you use as long as your device is
> running iOS or Android."
> 
> Now we are in the age of another new-normal - that encryption only
> protects you from parochial entities.
> 
> Below is the full release by Telegram: http://telegra.ph/Wikileaks-Vault7-NEWS
> 
> What does the "Year Zero" and "Vault 7" stuff from Wikileaks mean?
> 
> TelegramMarch 7, 2017
> 
> Wikileaks has released a new set of documents they called "Year Zero".
> According to these documents, the CIA had created "its own NSA" with
> "even less accountability". The newly discovered hacking arsenal of
> the agency includes techniques that reportedly permit the CIA to go
> around the encryption of messaging apps like WhatsApp or Signal by
> hacking people's smartphones and collecting audio and message traffic
> before encryption is applied.
> 
> This is not an app issue. It is relevant on the level of devices and
> operating systems like iOS and Android. For this reason, naming any
> particular app in this context is misleading.
> 
> Say what?
> 
> To put "Year Zero" into familiar terms, imagine a castle on a
> mountainside. That castle is a secure messaging app. The device and
> its OS are the mountain. Your castle can be strong, but if the
> mountain below is an active volcano, there's little your engineers can
> do.
> 
> So in the case of "Year Zero", it doesn't matter which messenger you
> use. No app can stop your keyboard from knowing what keys you press.
> No app can hide what shows up on your screen from the system. And none
> of this is an issue of the app.
> 
> So who can fix this?
> 
> It is now up to the device and OS manufacturers, like Apple, Google,
> or Samsung, to fix their volcanoes back into mountains.
> 
> Luckily, in the case of "Year Zero", the mountain isn't exactly a
> volcano. It's rather just a big mountain that is full of secret
> tunnels and passages. The tools from "Vault 7" are like a map of those
> tunnels. Now that device and OS manufacturers like Apple and Google
> will get this map, they can start filling in the holes and boarding up
> the passages. This will require many hours of work and many security
> updates, but eventually they should be able to take care of most of
> the problems.
> 
> Who is affected?
> 
> The good news is that for the moment all of this is irrelevant for the
> majority of Telegram users. If the CIA is not on your back, you
> shouldn't start worrying just yet. And if it is, it doesn't matter
> which messaging apps you use as long as your device is running iOS or
> Android.
> 
> The published docs did not include details on how to recreate and use
> the CIA cyberweapons. Wikileaks said they will hold off such
> publications until it becomes clear how these weapons should be
> "analyzed, disarmed and published."
> 
> This means that your neighbor next door won't likely get access to the
> newly discovered tools before they are neutralized.
> 
> What can I do?
> 
> There are some general steps you can take to increase the security of
> your device:
> 
> Don't use rooted or jailbroken devices unless you're 400% sure you
> know what you're doing.
> Never install apps from unknown or untrusted sources.
> Keep your device up to date and always install the security updates it offers.
> Pick a manufacturer that offers long term updates for their products.
> Remember that devices that aren't supported anymore have an increased
> risk of being vulnerable.
> 
> These measures will only protect you from "Year Zero" exploits when
> your device and OS manufacturers implement the relevant fixes, but
> following these tips can already make you much safer against many of
> the known security threats you'd be otherwise exposed to.
> 
> To sum up
> 
> "Year Zero" is not an app issue. It applies to devices and operating
> systems and will require security updates from their respective
> manufacturers to mitigate the threats. Naming any particular app in
> this context is misleading.
> 
> Wikileaks claims that the CIA has had a map of undiscovered secret
> tunnels and passages in your mountain for several years. The CIA could
> use them to look inside your castle and read data from your phone
> screen, before any app gets a chance to encrypt it. It is possible
> that some of the tunnels from the secret maps have been or will be
> discovered by actors other than the CIA.
> 
> The most important news is that after this leak, the device and OS
> manufacturers will finally get these maps as well. And so Samsung,
> Apple, Google, and others will be able to get to work and make their
> mountains impassable for the CIA and anyone who tries to follow in
> their footsteps.
> ______________________
> Mwendwa Kivuva, Nairobi, Kenya
> twitter.com/lordmwesh
> 
> 
> 
> 
> On 8 March 2017 at 11:11, Ngigi Waithaka via kictanet
> <kictanet at lists.kictanet.or.ke> wrote:
>> Hi,
>> 
>> Anyone interested in top-notch cyber-war tools and techniques, it doesn't
>> get better than this...
>> 
>> https://wikileaks.org/ciav7p1/
>> 
>> As we discuss Internet privacy etc, it's important to know friendly
>> countries have such an arsenal of tools that are or could be used to spy on
>> us.
>> 
>> --
>> Regards,
>> 
>> Waithaka Ngigi
>> Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building
>> T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000
>> www.at.co.ke
>> 
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>> 
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafrica.com
>> 
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for
>> people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>> 
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
> 
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> 
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40campusciti.com
> 
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
> 
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170308/1f95946b/attachment.htm>