Stupid question, but if I wanted to recreate Runa's analysis to learn these tools, where do I go to get it?
I clicked over to Wikileaks + Kapersky's post, interested in possibly writing a small shell script to automate running some of these commands on a given file as a weekend project, but it'd be hard to test such a tool w/o the original binary.
(Maybe it's just been a long day and I'm missing a plainly labeled link, and if so, I apologize for not RTFMing hard enough :) )
> But which version of OS X does the implant need? We know that it’s a 32-bit executable, and the latest macOS is 64-bit only. We can narrow this down further by looking at symbols using nm.
Not sure if it was useful in this case, but usually you can find this information in the Mach-O header.
Sounds like this could have been an interesting story. Sadly there was one of those insufferable pop up email harvesting nag attempts and I instinctively closed the tab. I just can’t bring myself to reopen it.
I also find this unreadable but for a different reason. I'm on mobile and it's rendering unreadably small. On the one hand maybe I should put more time into my setup. On the other hand maybe we, the target audience of this sort of content should comment when the format is unusable. If your power users find mailing list popups annoying to the point they go elsewhere don't you want to know? Isn't a comment on hacker news a great way for someone to learn what their readers like or don't like?
> Please don't complain about website formatting, back-button breakage, and similar annoyances. They're too common to be interesting. Exception: when the author is present. Then friendly feedback might be helpful.
If the author isn't actually present (which, as far as I can tell, they are not) it just clutters up the comments. There's no actual discussion happening here, just a lot of "wow i sure don't like this thing [website] does" and that doesn't provide very much value at all.
NoScript on Firefox solves that problem. Yes it breaks a lot of pages, but then you get to fiddle about allowing and banning different scripts to see what's doing what. Probably not for everyone but I like the educational value.
[Edit] So that pop-up is coming from mailchimp_com, which is called by list-manage_com, which in turn is called by s3amazonaws_com. So blocking that last one is all you need.
In fact this is quite a great web site, as it displays all its content even if you completely disable all scripts.
It's funny I won't accept those "cookies" so I've gotten used to part of SO's screen real estate being taken. Or on a Ubuntu page I do F12/kill the popup... can put that in some kind of extension but ehh...
Just like you, I don't want to interact with cookie warnings at all so they have been annoying me to no end.
I even tried writing my own bookmarklet to hide them by setting "display: none" on these elements. But it sometimes fails on Stackoverflow sites, and I didn't look into it further.
I'm glad you found this useful. But it doesn't work on every site nor on every cookie warning. On some of those sites you can get rid of it by switching off javascript.
Where is it asserted/confirmed that Longhorn == CIA? I don't see it mentioned in the article nor the linked articles (not that I searched exhaustively).
The first line from the article:
In March 2017, WikiLeaks began publishing thousands of files detailing the CIA’s spying operations and hacking tools. The leak, known as Vault 7, was the largest disclosure of classified information in the agency’s history. In April, Symantec publicly linked Vault 7 to an advanced threat actor named Longhorn. Kaspersky then announced it tracks the same actor as The Lamberts, and revealed the existence of an OS X implant called Green Lambert.
Yeah, but that doesn't say what you think it says:
> Cybersecurity writers, such as Ben Buchanan and Kevin Poulsen, were skeptical of [the false flag theories]. Poulsen wrote, "The leaked catalog isn't organized by country of origin, and the specific malware used by the Russian DNC hackers is nowhere on the list."
Ohhhh I see, I didn't connect the "lineage": Vault 7 leak from CIA, Symantec says stuff in Vault 7 is from Longhorn. Thanks for pointing out the obvious for me haha :)
I clicked over to Wikileaks + Kapersky's post, interested in possibly writing a small shell script to automate running some of these commands on a given file as a weekend project, but it'd be hard to test such a tool w/o the original binary.
(Maybe it's just been a long day and I'm missing a plainly labeled link, and if so, I apologize for not RTFMing hard enough :) )
Not sure if it was useful in this case, but usually you can find this information in the Mach-O header.
> Please don't complain about website formatting, back-button breakage, and similar annoyances. They're too common to be interesting. Exception: when the author is present. Then friendly feedback might be helpful.
If the author isn't actually present (which, as far as I can tell, they are not) it just clutters up the comments. There's no actual discussion happening here, just a lot of "wow i sure don't like this thing [website] does" and that doesn't provide very much value at all.
[Edit] So that pop-up is coming from mailchimp_com, which is called by list-manage_com, which in turn is called by s3amazonaws_com. So blocking that last one is all you need.
In fact this is quite a great web site, as it displays all its content even if you completely disable all scripts.
https://alisdair.mcdiarmid.org/kill-sticky-headers/
Just like you, I don't want to interact with cookie warnings at all so they have been annoying me to no end.
I even tried writing my own bookmarklet to hide them by setting "display: none" on these elements. But it sometimes fails on Stackoverflow sites, and I didn't look into it further.
This is just what I need, thanks again!
pu;dr ?
https://en.wikipedia.org/wiki/False_flag
> Cybersecurity writers, such as Ben Buchanan and Kevin Poulsen, were skeptical of [the false flag theories]. Poulsen wrote, "The leaked catalog isn't organized by country of origin, and the specific malware used by the Russian DNC hackers is nowhere on the list."
https://en.wikipedia.org/wiki/Vault_7#False_flag_theories
https://www.itnews.com.au/news/wikileaks-dumps-cia-malware-o...
https://securityaffairs.co/wordpress/56983/intelligence/wiki...
https://cointelegraph.com/news/kim-dotcom-on-vault-7-cia-hur...