> It's just a demo instance, but, these front ends are barely revealed to the public
This genuinely doesn't look any different from the control panels of commercial infostealers and RATs sold on Russian hacking forums. Those usually sell for between $200 and $20,000 depending on features and pricing model (one-time vs. ongoing subscription).
These spyware companies hype themselves up, but they're really not any different from Ivan's RAT-as-a-Service, besides having extra exploits to burn and wealthier customers.
walletdrainer 1 days ago [-]
As it turns out, you just can’t make malware for targets like these much better.
tamimio 23 hours ago [-]
> These spyware companies hype themselves up
Same applies to other industries too btw, in drones world, so many companies that you see their names with multi billions contracts, but if you open the hood and see their hardware/software, it’s built on top of everyday open source tools duct taped together with some UI, and sales selling it as the next big (insert buzzword here) thing ever!
sudoshred 21 hours ago [-]
If it wasn't sold as the next big buzzword you could easily hire 10 new SDR employees who would sell it that way.
It's too bad that "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized" has become "we can download a full copy of all of your files at any time, or continually, if we feel like it, even if we don't suspect you of a crime".
seanw444 23 hours ago [-]
You must be new. The Constitution is an irrelevant piece of toilet paper now.
The first amendment only protects you unless the people in power say it doesn't. The government will pressure private companies to censor you. This was provably demonstrated under the Biden administration.
The second amendment is useless. One third to half of the country doesn't recognize the right to keep the majority of the useful arms that exist, nor the right to bear them in any meaningful way. The (Republican-leaning) Supreme Court has decided that states requiring permission slips to exercise a right is a totally valid precedent. The Republican district attorney for D.C. proudly states that having a gun there for any reason is an immediate offense. Donald Trump has been recorded suggesting to take guns from people before due process. And that's ignoring the Democrats' unfathomably large track record against this amendment. I just wanted to include the fact that neither side actually supports this amendment, as much as people like to believe.
Third amendment is pretty obscure in our era. So far, at least. But you could make the roundabout argument that the Biden admin preventing landlords from evicting their unpaying tenants, particularly if those tenants were currently or previously employed by the military, would violate this amendment.
Fourth amendment doesn't matter anymore. We have entire government agencies whose primary purpose is to ignore this amendment. It's not even a conspiracy, nor a conspiracy theory. They do it in plain sight, and everyone knows, but apparently nobody cares (in which case why does the amendment even matter). Also, as long as the government gets the data from private companies (even if by force), that apparently doesn't constitute a fourth amendment violation these days.
Fifth amendment: civil asset forfeiture is disgustingly rampant all across the country. Not enough people know about it or care.
Sixth amendment: the term "speedy" regarding trials is an extremely loose one, especially now. Especially considering the government is apparently allowed to hold you indefinitely without an actual trial, without facing any repercussions.
Eighth amendment: judges impart excess fines quite often. See the Alex Jones case.
Ninth amendment: completely irrelevant now. If the government believes they have the right, though not explicitly enumerated, then they have the right.
dylan604 22 hours ago [-]
> You must be new. The Constitution is an irrelevant piece of toilet paper now.
Only when convenient, as it is also considered a sacred document when it comes to the first and second amendments.
seanw444 5 hours ago [-]
Did you even read my comment?
fortran77 23 hours ago [-]
Third Amendment issues come up every now and then. For example, legislators have tried to force airlines to provide special services for U.S. military at their own expense:
I'm not saying these men and women aren't deserving, but the taxpayers should foot the bill. A private property owner shouldn't be forced to. Fortunaely, these bills never get far.
seanw444 23 hours ago [-]
Interesting. I haven't heard of many examples. Thanks. Seems the issues that do pop up tend to be loosely related to the original wording. It was focused on quartering in homes.
Though it does say "but in a manner to be prescribed by law." Wouldn't that mean that this bill would technically be viable?
1 days ago [-]
killingtime74 14 hours ago [-]
Is there much point blanking the faces when it also names who uploaded the photo....we can easily google them?
Can somebody please explain to an idiot (me) how is this possible for this to keep going? I thought that the world has decided that spyware is illegal and can't be produced. Is this company related to israeli government? If not, why is it allowed to function?
muvlon 24 hours ago [-]
The world has not decided that spyware can't be produced. Mostly, the powers that be treat it like weapons of war.
That is, companies can make and sell it as long as they only sell it to governments and only the ones that we like.
Microsoft has decided that spyware is a good thing --- as long as it's theirs.
general1465 24 hours ago [-]
What is allowed to companies is not allowed to private citizens. If you want to systematically break copyright laws or steal data from people, do it as Joe's LLC. Joe would go to prison for copyright infringement or hacking other people, Joe's LLC can do as it please.
rtaylorgarlock 1 days ago [-]
Looks like image was removed and maybe only a demo?
arg0x 23 hours ago [-]
The original linkedin post is deleted? Is there a way to recover it? Did anyone archive?
xinayder 21 hours ago [-]
Lots of grammar errors in some buttons, is this legit?
moralestapia 1 days ago [-]
[flagged]
thmsths 1 days ago [-]
The message can't be intercepted in transit, since we are talking about spyware, I assume they get it from the device, hard to defend against that if they have access to your process' memory space.
lmm 1 days ago [-]
Certainly very hard to defend against that when the messenger you're using won't let you use a device you control.
Hamuko 1 days ago [-]
Surprising that end-to-end encryption doesn't really matter when you get into one of the ends.
ASalazarMX 1 days ago [-]
Even if you had to input your private key every time you wanted to read or send a message, having malware in your phone voids practically any form of encryption, because it has to be decrypted eventually to be used.
akimbostrawman 1 days ago [-]
not at all. there is no encryption that can save you when one of the legitimate participants is somehow compromised. doesn't even need to be a sophisticated device compromise, literal shoulder surfing does that too.
moralestapia 1 days ago [-]
[flagged]
coldtea 1 days ago [-]
The parent said "it's surprising". It's not surprising.
Talanes 1 days ago [-]
You're correct in the literal sense that they did say those words, but the entire comment clearly demonstrated a lack of surprise that reveals the opening words to be intended ironically.
moralestapia 1 days ago [-]
>The message can't be intercepted in transit
Lol, so like ... all encryption schemes since the 70s?
sowbug 1 days ago [-]
They do have stronger schemes, which are called hash functions.
Thank you for that link. Your original comment implied that Signal's threat model should have included an attacker-controlled end. The only way to do that is to make decryption impossible by anyone, including the intended recipient. A labyrinthine way to do that would be to substitute the symmetric-encryption algorithm with a hash algorithm, which of course destroys the plaintext, but does accomplish the goal of obfuscating it in transit, at rest, and forever.
p-o 1 days ago [-]
Hashing is a part of encryption, maybe you are the one who needs to shore up on the topic?
aipatselarom 1 days ago [-]
Nice try. However, hashing and encryption are two different operations.
Before being pedantic at least check out the url in that comment to get the basics going.
sowbug 1 days ago [-]
This entire thread should be annihilated, but since you mentioned being pedantic...
You're correct that a pure encryption algorithm doesn't use hashing. But real-world encryption systems will include an HMAC to detect whether messages were altered in transit. HMACs do use hash functions.
AlotOfReading 1 days ago [-]
A good hash function is surjective. Encryption is bijective. They're very different things.
Apologies for being dense. Could you spell out how you went from Paragon Solutions to the Signal Protocol?
ale42 1 days ago [-]
I guess they've seen a Signal icon in the photo. Of course the interception is done locally on the phone (so it's basically "man-in-the-client" rather than a "man-in-the-middle"), therefore the Signal protocol is not really worth being mentioned as it has nothing to do with local interception.
moralestapia 10 hours ago [-]
While Signal also applies, I was thinking of WhatsApp.
jabwd 24 hours ago [-]
Cool, can you now show how the protocol has been broken? Lot of smart people would love to see your novel research.
Insanity 1 days ago [-]
Yea I knew which Moxie it was but that didn’t help at all haha
tamimio 23 hours ago [-]
It’s performative security, when an app still requires a phone number, can’t have your own server, and all these audits are meaningless as you might have memory injected spyware later, it is NOT secure, never was.
amai 1 days ago [-]
I read Pentagon instead of Paragon.
Rendered at 22:21:31 GMT+0000 (Coordinated Universal Time) with Vercel.
> It's just a demo instance, but, these front ends are barely revealed to the public
This genuinely doesn't look any different from the control panels of commercial infostealers and RATs sold on Russian hacking forums. Those usually sell for between $200 and $20,000 depending on features and pricing model (one-time vs. ongoing subscription).
These spyware companies hype themselves up, but they're really not any different from Ivan's RAT-as-a-Service, besides having extra exploits to burn and wealthier customers.
Same applies to other industries too btw, in drones world, so many companies that you see their names with multi billions contracts, but if you open the hood and see their hardware/software, it’s built on top of everyday open source tools duct taped together with some UI, and sales selling it as the next big (insert buzzword here) thing ever!
The first amendment only protects you unless the people in power say it doesn't. The government will pressure private companies to censor you. This was provably demonstrated under the Biden administration.
The second amendment is useless. One third to half of the country doesn't recognize the right to keep the majority of the useful arms that exist, nor the right to bear them in any meaningful way. The (Republican-leaning) Supreme Court has decided that states requiring permission slips to exercise a right is a totally valid precedent. The Republican district attorney for D.C. proudly states that having a gun there for any reason is an immediate offense. Donald Trump has been recorded suggesting to take guns from people before due process. And that's ignoring the Democrats' unfathomably large track record against this amendment. I just wanted to include the fact that neither side actually supports this amendment, as much as people like to believe.
Third amendment is pretty obscure in our era. So far, at least. But you could make the roundabout argument that the Biden admin preventing landlords from evicting their unpaying tenants, particularly if those tenants were currently or previously employed by the military, would violate this amendment.
Fourth amendment doesn't matter anymore. We have entire government agencies whose primary purpose is to ignore this amendment. It's not even a conspiracy, nor a conspiracy theory. They do it in plain sight, and everyone knows, but apparently nobody cares (in which case why does the amendment even matter). Also, as long as the government gets the data from private companies (even if by force), that apparently doesn't constitute a fourth amendment violation these days.
Fifth amendment: civil asset forfeiture is disgustingly rampant all across the country. Not enough people know about it or care.
Sixth amendment: the term "speedy" regarding trials is an extremely loose one, especially now. Especially considering the government is apparently allowed to hold you indefinitely without an actual trial, without facing any repercussions.
Eighth amendment: judges impart excess fines quite often. See the Alex Jones case.
Ninth amendment: completely irrelevant now. If the government believes they have the right, though not explicitly enumerated, then they have the right.
Only when convenient, as it is also considered a sacred document when it comes to the first and second amendments.
https://www.foxnews.com/politics/lawmaker-wants-to-waive-all...
I'm not saying these men and women aren't deserving, but the taxpayers should foot the bill. A private property owner shouldn't be forced to. Fortunaely, these bills never get far.
Though it does say "but in a manner to be prescribed by law." Wouldn't that mean that this bill would technically be viable?
That is, companies can make and sell it as long as they only sell it to governments and only the ones that we like.
Lol, so like ... all encryption schemes since the 70s?
Hashing is not encrypting.
You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/
> Hashing is not encrypting.
> You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/
Thank you for that link. Your original comment implied that Signal's threat model should have included an attacker-controlled end. The only way to do that is to make decryption impossible by anyone, including the intended recipient. A labyrinthine way to do that would be to substitute the symmetric-encryption algorithm with a hash algorithm, which of course destroys the plaintext, but does accomplish the goal of obfuscating it in transit, at rest, and forever.
Load this page, https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Ctrl-F "hash". No mention of it.
Before being pedantic at least check out the url in that comment to get the basics going.
You're correct that a pure encryption algorithm doesn't use hashing. But real-world encryption systems will include an HMAC to detect whether messages were altered in transit. HMACs do use hash functions.
See, https://en.wikipedia.org/wiki/Moxie_Marlinspike