Slashdot Mirror

← Back to Stories (view on slashdot.org)

Leaked Docs Offer Win 8 Tip: FinFisher Spyware Can't Tap Skype's Metro App

Posted by Unknown on from the never-trust-proprietary-software dept.

mask.of.sanity (1228908) writes "A string of documents detailing the operations and effectiveness of the FinFisher suite of surveillance platforms appears to have been leaked. The documents, some dated 4 April this year, detail the anti-virus detection rates of the FinFisher spyware which German based Gamma Group sold to governments and law enforcement agencies. The dump also reveals Windows 8 users should opt for the Metro version of Skype rather than the desktop client because it cannot be tapped by FinFisher."

21 of 74 comments (clear)

  1. Irrelevant by Anonymous Coward · · Score: 4, Insightful

    Skype belongs to Microsoft, Microsoft is in the US, the US records your calls.

    1. Re:Irrelevant by Travis+Mansbridge · · Score: 3, Informative

      The content of telephone calls was brought under the protection of the 4th amendment around the 1950s. Why such protections still haven't been extended to electronic communication is beyond me.

    2. Re:Irrelevant by CreatureComfort · · Score: 2

      Actually, I would have reversed that and said that the latter implies malicious intent.

      All the marketing folks want to do is sell you stuff. The Gov wants to throw you in prison, or worse.

      --
      "Unheard of means only it's undreamed of yet,
      Impossible means not yet done." ~~ Julia Ecklar
    3. Re:Irrelevant by Anonymous Coward · · Score: 2, Insightful

      Which is absolute 100% nonsense. We killed people based on metadata. Paul Revere could have been found with metadata. Furthermore, people letting telecoms use their metadata is their choice; that doesn't mean they also opt to let the government use it. Their logic is, "You let one person see your metadata, so everyone in the world, including the government, should be able to do so."

    4. Re:Irrelevant by SpankiMonki · · Score: 2

      Yes, marketing is worse than government surveillance...

      So a service provider gathering data on the way its customers use the service for marketing purposes (which the customer agreed to by contract) is worse than the government secretly surveilling its own citizens?

      Nice!

    5. Re:Irrelevant by stooo · · Score: 3, Informative

      >> Much of electronic collection is metadata
      No. This is theory. In practice, they record everything for later (mis)use :
      http://gawker.com/5991731/cias...
      http://www.theguardian.com/com...

      --
      aaaaaaa
    6. Re:Irrelevant by mi · · Score: 2

      The Gov wants to throw you in prison, or worse.

      Huh? No, they don't. They want to protect us against enemies — and are willing to sacrifice our freedoms to that end. Most (all?) people in government get rather cavalier about the subjects' freedoms and rights — as well as monies. In their arrogance, they — both politicians and bureaucrats — quickly develop the opinion, that "they know better"...

      But there is no malicious intent to throw everyone into prison.

      --
      In Soviet Washington the swamp drains you.
  2. Metro Skype is useless by kriston · · Score: 4, Informative

    That would be a good idea if Metro Skype wasn't so utterly useless. It's almost as if they didn't even try. It is missing such basic features as marking yourself as "Busy" and is even missing the screen sharing feature.

    --

    Kriston

    1. Re:Metro Skype is useless by jtwiegand · · Score: 3, Insightful

      This is probably why it's more difficult to exploit; it's a simpler program.

  3. What about security against Microsoft? by Anonymous Coward · · Score: 2, Insightful

    "People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties.

    What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."

    "There are three kinds: those that spy on the user, those that restrict the user, and back doors. Windows has all three. Microsoft can install software changes without asking permission. Flash Player has malicious features, as do most mobile phones."

    "Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer. Apple certainly has the digital handcuffs that are the tightest in history. The i-things, well, people found two spy features and Apple says it removed them and there might be more""

    From:

    Richard Stallman: 'Apple has tightest digital handcuffs in history'
    www.newint.org/features/web-exclusive/2012/12/05/richard-stallman-interview/

  4. Or maybe... by Black+Parrot · · Score: 3, Interesting

    ...the docs were leaked by spy agencies, because the Metro version is *easier* to spy on?

    --
    Sheesh, evil *and* a jerk. -- Jade
  5. Re:'Tis Modern UI by Anonymous Coward · · Score: 2, Funny

    No one cares, Ballmer.

  6. IT'S A TRAP by cloud.pt · · Score: 2

    This is just another one of the recent MS gimmicks to get you to switch to the Metro version.

    I just received a very official Skype Team email stating my desktop version would be automatically removed. That's exactly what it said: YOUR SKYPE VERSION WILL BE REMOVED. If a company would add such a trigger on an application (even one that highly depends on a single external cloud service to do anything at all), I would call that heavy persuasion.

    1. Re:IT'S A TRAP by jeIIomizer · · Score: 2

      2. They have nothing to hide.

      No, they mistakenly believe they have nothing to hide. But they are not the ones who decide; the government does. If you do something the government doesn't like, and it notices, you may find yourself in a very unfortunate situation.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  7. Re:Switch away from Skype and Windows by jader3rd · · Score: 2

    To start, you need a pre-boot scan. The occasional scan from a USB image would provide an integrity check: EFI settings (boot order), bootloader, kernel image, and initrd.

    You mean like the Windows 8 UEFI Secure Boot?

  8. Good to remember by sasparillascott · · Score: 2, Informative

    Keep in mind just what exactly Microsoft handed the keys to the NSA for:

    http://www.theguardian.com/wor...

    Microsoft wasn't called out as an "enthusiastic" partner in the NSA's documents for nothing. Definitely consider all versions of Skype to be damaged goods - along with all other Microsoft products - can't imagine how excited the NSA was for the Xbox One and its always on audio monitoring and (originally) required connected video camera.

  9. Re:Switch away from Skype and Windows by bluefoxlucid · · Score: 2

    Security: Confidentiality, Integrity, Accessibility. Removing Accessibility is called a Denial of Service.

    It's like you just said the only way to be safe from murder is to kill yourself.

    --
    Support my political activism on Patreon.
  10. Not worth it by rebelwarlock · · Score: 3, Funny

    I'll take spyware over metro any day.

  11. Re:'Tis Modern UI by Anonymous Coward · · Score: 2

    They will, after their third tablet has broken because the batteries died.

  12. Re: TrueCrypt by Anonymous Coward · · Score: 2

    Likely the virus just replaces the bootloader with one that logs the passphrase.

    Not much you can do about that, except making sure that USB/removable media boot is disabled and there is adequate tamper evident physical security on the computer hardware casing.

    Not much point in the OS driver validating the bootloader. If things have already got that far, it's game over. OK, you would get a warning and that would be nice, but at that point it's too late.

  13. Re:Nothing to see here. by IMightB · · Score: 2

    No kidding, FinFisher 5.0 can't do the metro app, finfisher 5.1 can. FinFisher 6 has been out for 2 years.....