[liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders
Cristina
efecto99 at riseup.net
Sun May 18 06:54:37 PDT 2014
El 18/05/14 09:40, Fabio Pietrosanti (naif) escribió:
> Il 5/15/14, 11:47 PM, Tom Ritter ha scritto:
>> On 14 May 2014 23:36, Fabio Pietrosanti (naif) <lists at infosecurity.ch> wrote:
>>> i think that would be very important to organize a project to Audit the
>>> functionalities of Auto-Update of software commonly used by human rights
>>> defenders.
I'm afraid I see more and more how the "on-field activist" people use
facebook (YES, I saw it), google mailing-list, google accounts without
encryption, whatsapp, and the list is more and more terrific...
I talk about Sudamerica. But I saw it either in other places.
I'm not IT professional, then even when I can talk "their language"
(because IT people talk in "other" language, impossible to journalist or
activist) they - in 95% of the cases - don't care.
I can count on my horror list even lawyers fighting for HR or govs
censorship! NGOs, ...
They now "all about Snowden and net neutrality" bot they don't know and
- as say before, in general - don't care, about OTR, free software, etc.
> I think that's plenty of software that are used by activists and
> journalists on field in difficult places that have a lot of
> insecurities, being graphical software, data collection software, web
> editing software, etc, etc
>
> While our "hackish" communities mostly focus on the "security
> softwares", on-fields the people use just general purposes sofware for
> doing general purpose works, but that's where the "adversary" able to
> MitM a connection, can leverage stupid bugs to inject directly or
> indirectly monitoring malware.
>
The "adversary" has the work so easy...one part because of the lack of
interest
of the technical people to *really* explain the the tools (not only
suggest "links")
to the non technical, without expect that a lawyer, an activist or a
journalist
became hackers; and the other part because of the lack of interest (or a
kind of over confidence?) of the non-IT group.
It's a real problem we observe and try to solve here, but in general,
without mentionable results. I hope we can reverse it.
Cristina
foike.org
--
Esta comunicación puede ser ilegalmente recogida y almacenada por la
Agencia Nacional de Seguridad de los EEUU (NSA) en secreto. Las partes
de este correo electrónico no consienten la recuperación o
almacenamiento de esta comunicación y los metadatos relacionados, así
como la impresión, copia, re-transmisión, difusión, u otra forma de
usarlo sin el consenso de sus autores. Si usted no es destinatario
explícito de este mensaje, por favor bórrelo inmediatamente y considere
denunciar la actividad ilegal de su empleador a la justicia de su país o
a la prensa. La privacidad es un derecho fundamental, no colabore en
ningún crimen contra ella.
More information about the liberationtech
mailing list