Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders

Cristina efecto99 at riseup.net
Sun May 18 06:54:37 PDT 2014


El 18/05/14 09:40, Fabio Pietrosanti (naif) escribió:
> Il 5/15/14, 11:47 PM, Tom Ritter ha scritto:
>> On 14 May 2014 23:36, Fabio Pietrosanti (naif) <lists at infosecurity.ch> wrote:
>>> i think that would be very important to organize a project to Audit the
>>> functionalities of Auto-Update of software commonly used by human rights
>>> defenders.

I'm afraid I see more and more how the "on-field activist" people use
facebook (YES, I saw it), google mailing-list, google accounts without
encryption, whatsapp, and the list is more and more terrific...
I talk about Sudamerica. But I saw it either in other places.

I'm not IT professional, then even when I can talk "their language"
(because IT people talk in "other" language, impossible to journalist or
activist) they - in 95% of the cases - don't care.

I can count on my horror list even lawyers fighting for HR or govs
censorship! NGOs, ...

They now "all about Snowden and net neutrality" bot they don't know and
- as say before, in general - don't care, about OTR, free software, etc.

> I think that's plenty of software that are used by activists and
> journalists on field in difficult places that have a lot of
> insecurities, being graphical software, data collection software, web
> editing software, etc, etc
> 
> While our "hackish" communities mostly focus on the "security
> softwares", on-fields the people use just general purposes sofware for
> doing general purpose works, but that's where the "adversary" able to
> MitM a connection, can leverage stupid bugs to inject directly or
> indirectly monitoring malware.
> 

The "adversary" has the work so easy...one part because of the lack of
interest
of the technical people to *really* explain the the tools (not only
suggest "links")
to the non technical, without expect that a lawyer, an activist or a
journalist
became hackers; and the other part because of the lack of interest (or a
kind of over confidence?) of the non-IT group.

It's a real problem we observe and try to solve here, but in general,
without mentionable results. I hope we can reverse it.

Cristina
foike.org


-- 
Esta comunicación puede ser ilegalmente recogida y almacenada por la
Agencia Nacional de Seguridad de los EEUU (NSA) en secreto. Las partes
de este correo electrónico no consienten la recuperación o
almacenamiento de esta comunicación y los metadatos relacionados, así
como la impresión, copia, re-transmisión, difusión, u otra forma de
usarlo sin el consenso de sus autores. Si usted no es destinatario
explícito de este mensaje, por favor bórrelo inmediatamente y considere
denunciar la actividad ilegal de su empleador a la justicia de su país o
a la prensa. La privacidad es un derecho fundamental, no colabore en
ningún crimen contra ella.



More information about the liberationtech mailing list