S/MIME And Poor OpenPGP Email Client Behavior Leak Plaintext

Today disclosure of two plaintext leaking behaviors in email clients handling OpenPGP and S/MIME encrypted messages has been released (archived). The vulnerability affecting S/MIME is baked into the S/MIME standard and may only be mitigated by abandoning S/MIME, no other mitigation is possible. Meanwhile the plaintext leaking behavior affecting OpenPGP encrypted emails requires certain common but very stupid behavior on the part of an email client and the user allowing the email client to be involved in decrypting the message.

The attack in OpenPGP encrypted email involves the message being molested on the wire in such a way the plaintext metadata surrounding the cyphertext is modified to engage your typical email client's HTML rendering engine. If the email client is allowed to be involved in decrypting the cyphertext as is common with various client "plugins", the email client can "phone home" the plaintext after decryption to the message's molester according to the spurious instructions delivered to the HTML rendering engine. The mitigation for this vulnerability is hygiene and not allowing your email client to be involved in cryptographic operations beyond sending and recieving cyphertext blobs encrypted and decrypted elsewhere.

German Police Hunting 89 Year Old Civilian WWII Survivor

Ursula Haverbeck, an 89 year old survivor of the second World War, is being pursued by German Police and a group calling itself "The International Auschwitz Committee" (archived). Haverbeck, who was 16 years old in 1945, was sentenced to 2 years in prison for disputing the official Holocaust narrative. In light of her advanced age, any prison sentence is likely to be a life sentence.

While actual violence against Jews is increasing in Germany an awful lot of efforts seems to be wasted trying to ensure a non-violent political activist dies in jail.

USG.MIL Pursues Single Provider "Cloud" Computing Contract

Substantial butthurt is coming out of the USG Department of bagholding as the US Department of Defense looks to award a 10 year single provider "cloud" computing contract (archived). The feedbeasts marketing commercial "cloud" computes are already crying foul that only one of them will get chosen for the priviledge of serving the most gullible customer in history.

Rising African Political Star Criticises "Poor" Australia: "No Black People To Exploit"

Rising South African political star Julius Malema has criticised Australian Home Minister Peter Dutton for offering white South African farmers a place of refuge from racism in their home country. Malema insisted Australia lacks the necessary amount of exploitable black people necessary for white farmers to avoid poverty. Malema offered the following concerns with respect to the plight of his white agragrian countrymen:

If they want to go, they must go. They must leave the keys to their tractors because we want to work the land, they must leave the keys to their houses because we want to stay in those houses.

Don’t make noise, because you will irritate us. Go to Australia. It is only racists who went to Australia when Mandela got out of prison. It is only racists who went to Australia when 1994 came. It is the racists again who are going back to Australia.

They are rich here because they are exploiting black people. There is no black person to be exploited in Australia, they are going to be poor.

They will come back here with their tail between their legs. We will hire them because we will be the owners of their farms when they come back to South Africa. As to what we are going to do with the land, it’s our business, it’s none of your business.

We want Africa back. Africa belongs to our people. (archived)

 

Malema is the major opposition figure to South African president Cyril Ramaphosa who last month pushed through measures to allow white African land to be taken without compensation.

 

USG Whispers Pleas Of "War On Terror" And "Special Operations Command" In MikroTik Router Shitware Case

In the absence of firm admissions of guilt, known USG influence outlets including Conde Nast publications are pleaing that the malware pushed into phuctorable MikroTik routers was part of a US Special Operations Command anti-Terrorism effort (archived, archived). Presumably this is part of the terrorist Pantsuit USG campaign to creating dialogue points for shifting the overton window on shitware.

Ledger "Hardware Wallet" Backdoored By Child Who Releases Proof Of Concept Attack

Saleem Rashid has published a vulnerability report on the "Ledger Nano S" hardware wallet (archived). The nature of the vulnerability thorougly counters marketing and damage control PR offered by the firm and it's CEO Eric Larchevêque. This incident once again demonstrates that magic totems are no substitute for hygiene.

Saif Ghaddafi Attempting Libyan Presidential Campaign 7 Years After Pantsuit Murdered His Father And Plunged Libya Into Chaos

Seven years after Pantsuit Hillary Rodham Clinton threw Libya into chaos and caused the murder of Libyan leader Colonel Muammar Gaddafi, son Saif Al-Islam Gaddafi is attempting a presidential campaign to bring stability back to Libya. The 45 year old scion of the late Libyan leader is rumoured to be in exile successfully evading all manner of "summons" and "indictments" including an in absentia death sentence ordered by a local pantsuit puppet court (archived). Until June 2017 Saif Gaddafi had been continusly in the custody of the local militia which captured him in 2011. Said militia refused to carry out the July 2015 in absentia death sentence and released Gaddafi for reasons uncertain at present.

CoinBase Fiat Side Glitch Opens Butts For Hurts

An unnamed bug in Coinbase's purchasing system is responsible for multiple cases of SFYL this week, with angry redditards reporting having their bank accounts drained of filthy fiat after making a single purchase on the platform. As always, Coinbase was quick to lay the blame elsewhere, stating “We have confirmed that this is an issue occurring downstream from Coinbase, and we’re working with those parties to reach a resolution.”

The glitch went unnoticed from Jan.22 until Feb.11 and "customer service" reps from Coinbase say everyone should rest assured that they will be refunded in full. The company recently made changes to how it handles credit card purchases, listing them as "cash advances" at the point-of-sale, resulting in all the customer's cash being advanced directly to Coinbase's coffers. The front page of r/Coinbase on reddit stands as a testament to the escalating number of rubes who probably now wish they were using actual bitcoin.

US Intel Committee Releases Memo Damning FBI – Full Text

Today the US House Intelligence Committee released a memo damning the FBI over their extralegal political sabotage aimed at handicapping US President Donald Trump through electoral interference which began back when the now President was a mere candidate for office. The full text is available below:

January 18, 2018

To: HPSCI Majority Members

From: HPSCI Majority Staff

Subject: Foreign Intelligence Surveillance Act Abuses at the Department of Justice and the Federal Bureau of Investigation

Purpose

This memorandum provides Members an update on significant facts relating to the Committee’s ongoing investigation into the Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) and their use of the Foreign Intelligence Surveillance Act (FISA) during the 2016 presidential election cycle. Our findings, which are detailed below, 1) raise concerns with the legitimacy and legality of certain DOJ and FBI interactions with the Foreign Intelligence Surveillance Court (FISC), and 2) represent a troubling breakdown of legal processes established to protect the American people from abuses related to the FISA process.

Investigation Update

On October 21, 2016, DOJ and FBI sought and received a FISA probable cause order (not under Title VII) authorizing electronic surveillance on Carter Page from the FISC. Page is a U.S. citizen who served as a volunteer advisor to the Trump presidential campaign. Consistent with requirements under FISA, the application had to be first certified by the Director or Deputy Director of the FBI. It then required the approval of the Attorney General, Deputy Attorney General (DAG), or the Senate-confirmed Assistant Attorney General for the National Security Division.

The FBI and DOJ obtained one initial FISA warrant targeting Carter Page and three FISA renewals from the FISC. As required by statute (50 U.S.C. §,1805(d)(l)), a FISA order on an American citizen must be renewed by the FISC every 90 days and each renewal requires a separate finding of probable cause. Then-Director James Comey signed three FISA applications in question on behalf of the FBI, and Deputy Director Andrew McCabe signed one. Then-DAG Sally Yates, then-Acting DAG Dana Boente, and DAG Rod Rosenstein each signed one or more FISA applications on behalf of DOJ.

Due to the sensitive nature of foreign intelligence activity, FISA submissions (including renewals) before the FISC are classified. As such, the public’s confidence in the integrity of the FISA process depends on the court’s ability to hold the government to the highest standard—particularly as it relates to surveillance of American citizens. However, the FISC’s rigor in protecting the rights of Americans, which is reinforced by 90-day renewals of surveillance orders, is necessarily dependent on the government’s production to the court of all material and relevant facts. This should include information potentially favorable to the target of the FISA application that is known by the government. In the case of Carter Page, the government had at least four independent opportunities before the FISC to accurately provide an accounting of the relevant facts. However, our findings indicate that, as described below, material and relevant information was omitted.

1) The “dossier” compiled by Christopher Steele (Steele dossier) on behalf of the Democratic National Committee (DNC) and the Hillary Clinton campaign formed an essential part of the Carter Page FISA application. Steele was a longtime FBI source who was paid over $160,000 by the DNC and Clinton campaign, via the law firm Perkins Coie and research firm Fusion GPS, to obtain derogatory information on Donald Trump’s ties to Russia.

a) Neither the initial application in October 2016, nor any of the renewals, disclose or reference the role of the DNC, Clinton campaign, or any party/campaign in funding Steele’s efforts, even though the political origins of the Steele dossier were then known to senior DOJ and FBI officials.

b) The initial FISA application notes Steele was working for a named U.S. person, but does not name Fusion GPS and principal Glenn Simpson, who was paid by a U.S. law firm (Perkins Coie) representing the DNC (even though it was known by DOJ at the time that political actors were involved with the Steele dossier). The application does not mention Steele was ultimately working on behalf of—and paid by—the DNC and Clinton campaign, or that the FBI had separately authorized payment to Steele for the same information.

2) The Carter Page FISA application also cited extensively a September 23, 2016, Yahoo News article by Michael Isikoff, which focuses on Page’s July 2016 trip to Moscow. This article does not corroborate the Steele dossier because it is derived from information leaked by Steele himself to Yahoo News. The Page FISA application incorrectly assesses that Steele did not directly provide information to Yahoo News. Steele has admitted in British court filings that he met with Yahoo News—and several other outlets—in September 2016 at the direction of Fusion GPS. Perkins Coie was aware of Steele’s initial media contacts because they hosted at least one meeting in Washington D.C. in 2016 with Steele and Fusion GPS where this matter was discussed.

a) Steele was suspended and then terminated as an FBI source for what the FBI defines as the most serious of violations—an unauthorized disclosure to the media of his relationship with the FBI in an October 30, 2016, Mother Jones article by David Corn. Steele should have been terminated for his previous undisclosed contacts with Yahoo and other outlets in September—before the Page application was submitted to the FISC in October—but Steele improperly concealed from and lied to the FBI about those contacts.

b) Steele’s numerous encounters with the media violated the cardinal rule of source handling—maintaining confidentiality—and demonstrated that Steele had become a less than reliable source for the FBI.

3) Before and after Steele was terminated as a source, he maintained contact with DOJ via then-Associate Deputy Attorney General Bruce Ohr, a senior DOJ official who worked closely with Deputy Attorneys General Yates and later Rosenstein. Shortly after the election, the FBI began interviewing Ohr, documenting his communications with Steele. For example, in September 2016, Steele admitted to Ohr his feelings against then-candidate Trump when Steele said he “was desperate that Donald Trump not get elected and was passionate about him not being president.” This clear evidence of Steele’s bias was recorded by Ohr at the time and subsequently in official FBI files—but not reflected in any of the Page FISA applications.

a) During this same time period, Ohr’s wife was employed by Fusion GPS to assist in the cultivation of opposition research on Trump. Ohr later provided the FBI with all of his wife’s opposition research, paid for by the DNC and Clinton campaign via Fusion GPS. The Ohrs’ relationship with Steele and Fusion GPS was inexplicably concealed from the FISC.

4) According to the head of the FBI’s counterintelligence division, Assistant Director Bill Priestap, corroboration of the Steele dossier was in its “infancy” at the time of the initial Page FISA application. After Steele was terminated, a source validation report conducted by an independent unit within FBI assessed Steele’s reporting as only minimally corroborated. Yet, in early January 2017, Director Comey briefed President-elect Trump on a summary of the Steele dossier, even though it was—according to his June 2017 testimony—“salacious and unverified.” While the FISA application relied on Steele’s past record of credible reporting on other unrelated matters, it ignored or concealed his anti-Trump financial and ideological motivations. Furthermore, Deputy Director McCabe testified before the Committee in December 2017 that no surveillance warrant would have been sought from the FISC without the Steele dossier information.

5) The Page FISA application also mentions information regarding fellow Trump campaign advisor George Papadopoulos, but there is no evidence of any cooperation or conspiracy between Page and Papadopoulos. The Papadopoulos information triggered the opening of an FBI counterintelligence investigation in late July 2016 by FBI agent Pete Strzok. Strzok was reassigned by the Special Counsel’s Office to FBI Human Resources for improper text messages with his mistress, FBI Attorney Lisa Page (no known relation to Carter Page), where they both demonstrated a clear bias against Trump and in favor of Clinton, whom Strzok had also investigated. The Strzok/Lisa Page texts also reflect extensive discussions about the investigation, orchestrating leaks to the media, and include a meeting with Deputy Director McCabe to discuss an “insurance” policy against President Trump’s election.

What Happened While Qntra Was Down

In The Most Serene Republic:

Outside the Republic:



  1. BingoBoingo: Attention Lords And Ladies of The Republic: You may add 161.0.121.253 to your hosts file as Qntra.net