My friend Borepatch is an Internet security professional. And a fine blogger and good friend.
Here’s what he has to say about the latest Wikileaks CIA revelations:
(Here’s a hint – the media is less-than-accurate!)
The media has a poor track record of getting security stories right, and the CIA Wikileaks document dump is no exception. For example, they don’t hack your TV over the network:
The CIA didn’t remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There’s no evidence of them doing so remotely over the Internet. If you aren’t afraid of the CIA breaking in an installing a listening device, then you should’t be afraid of the CIA installing listening software.
So as long as you’re not worried about a CIA operative breaking into your house, this specific exploit isn’t going to be aimed at you. Does this mean you should hook your smart TV up to the ‘net? Ohhellsno. Just no.
And this is pretty interesting:
There’s no false flags. In several places, the CIA talks about making sure that what they do isn’t so unique, so it can’t be attributed to them. However, Wikileaks’s press release hints that the “UMBRAGE” program is deliberately stealing techniques from Russia to use as a false-flag operation. This is nonsense. For example, the DNC hack attribution was live command-and-control servers simultaneously used against different Russian targets — not a few snippets of code. [More here]
Like I said, it’s hard to get stories like this right and mostly the Press doesn’t. There are more examples at the link.
I’ve no expertise in this area, but I trust Borepatch.
You gotta trust someone, right?