[HN Gopher] CIA Implant: Green Lambert for OS X
___________________________________________________________________
CIA Implant: Green Lambert for OS X
Author : jbegley
Score : 88 points
Date : 2021-10-01 13:47 UTC (9 hours ago)
(HTM) web link (objective-see.com)
(TXT) w3m dump (objective-see.com)
| sneeeeeed wrote:
| Sounds like this could have been an interesting story. Sadly
| there was one of those insufferable pop up email harvesting nag
| attempts and I instinctively closed the tab. I just can't bring
| myself to reopen it.
| amatecha wrote:
| FWIW I am browsing with Firefox with "Strict" privacy settings
| and didn't get any popup.
| junon wrote:
| These sorts of comments are discouraged on HN as per the
| guidelines. Link at the bottom of the page.
| pocw wrote:
| I also find this unreadable but for a different reason. I'm
| on mobile and it's rendering unreadably small. On the one
| hand maybe I should put more time into my setup. On the other
| hand maybe we, the target audience of this sort of content
| should comment when the format is unusable. If your power
| users find mailing list popups annoying to the point they go
| elsewhere don't you want to know? Isn't a comment on hacker
| news a great way for someone to learn what their readers like
| or don't like?
| oriki wrote:
| Like the guidelines say:
|
| > Please don't complain about website formatting, back-
| button breakage, and similar annoyances. They're too common
| to be interesting. Exception: when the author is present.
| Then friendly feedback might be helpful.
|
| If the author isn't actually present (which, as far as I
| can tell, they are not) it just clutters up the comments.
| There's no actual discussion happening here, just a lot of
| "wow i sure don't like this thing [website] does" and that
| doesn't provide very much value at all.
| atok1 wrote:
| I'd say this is very thoughtful and rational, and if I was
| the owner of the site in question, I would be thankful for
| poweruser comments.
| dalrympm wrote:
| I had the exact same reaction. Do we have a tl;dr equivalent
| for these things?
|
| pu;dr ?
| simion314 wrote:
| Works great with JS off. For power user I suggest a browser
| that let's you easily whitelist JS for the websites you need.(I
| use Vivaldi)
| unstatusthequo wrote:
| The developer is pretty well respected. Click the X on the
| newsletter and there is great content.
| devwastaken wrote:
| I can't read it on mobile because the site fails to add a basic
| viewport meta tag.
| photochemsyn wrote:
| NoScript on Firefox solves that problem. Yes it breaks a lot of
| pages, but then you get to fiddle about allowing and banning
| different scripts to see what's doing what. Probably not for
| everyone but I like the educational value.
|
| [Edit] So that pop-up is coming from mailchimp_com, which is
| called by list-manage_com, which in turn is called by
| s3amazonaws_com. So blocking that last one is all you need.
|
| In fact this is quite a great web site, as it displays all its
| content even if you completely disable all scripts.
| jcun4128 wrote:
| It's funny I won't accept those "cookies" so I've gotten used
| to part of SO's screen real estate being taken. Or on a Ubuntu
| page I do F12/kill the popup... can put that in some kind of
| extension but ehh...
| dreamcompiler wrote:
| Kill Sticky bookmarklet is your friend.
|
| https://alisdair.mcdiarmid.org/kill-sticky-headers/
| leephillips wrote:
| Since I was invoking this on nearly every page I made it
| automatic: https://lee-phillips.org/nomorecookiewarnings/
| [deleted]
| throaway46546 wrote:
| uBlock Orgin
| Xavdidtheshadow wrote:
| Is there a rule to block modals like this? I can add site-
| specific things, but I can't seem to find anything that
| blocks all overlays.
| throaway46546 wrote:
| You want to enable the "annoyance" lists. In this case it
| was caught by "Fanboy's Annoyance List" for me.
| amatecha wrote:
| Where is it asserted/confirmed that Longhorn == CIA? I don't see
| it mentioned in the article nor the linked articles (not that I
| searched exhaustively).
| BrianGragg wrote:
| The first line from the article: In March 2017, WikiLeaks began
| publishing thousands of files detailing the CIA's spying
| operations and hacking tools. The leak, known as Vault 7, was
| the largest disclosure of classified information in the
| agency's history. In April, Symantec publicly linked Vault 7 to
| an advanced threat actor named Longhorn. Kaspersky then
| announced it tracks the same actor as The Lamberts, and
| revealed the existence of an OS X implant called Green Lambert.
| amatecha wrote:
| Ohhhh I see, I didn't connect the "lineage": Vault 7 leak
| from CIA, Symantec says stuff in Vault 7 is from Longhorn.
| Thanks for pointing out the obvious for me haha :)
| 1cvmask wrote:
| One of the most important revelations in the Vault 7 was the
| CIA's false flag tooling to ascribe cyberattacks to say
| Russia, China etc.
|
| https://en.wikipedia.org/wiki/False_flag
| khrbrt wrote:
| This is news to me. Do you know of a good article that
| summarizes Vault 7?
| 1cvmask wrote:
| https://wikileaks.org/ciav7p1/
|
| https://www.itnews.com.au/news/wikileaks-dumps-cia-
| malware-o...
|
| https://securityaffairs.co/wordpress/56983/intelligence/w
| iki...
|
| https://cointelegraph.com/news/kim-dotcom-on-vault-7-cia-
| hur...
| severine wrote:
| I mean... https://en.wikipedia.org/wiki/Vault_7
| striking wrote:
| Yeah, but that doesn't say what you think it says:
|
| > Cybersecurity writers, such as Ben Buchanan and Kevin
| Poulsen, were skeptical of [the false flag theories].
| Poulsen wrote, "The leaked catalog isn't organized by
| country of origin, and the specific malware used by the
| Russian DNC hackers is nowhere on the list."
|
| https://en.wikipedia.org/wiki/Vault_7#False_flag_theories
| jimmygrapes wrote:
| It doesn't take CIA tools to change the properties of a
| Word document though
| boomboomsubban wrote:
| Even if that one hack was carried out by Russia, the CIA
| still have tools to create false flag attacks.
___________________________________________________________________
(page generated 2021-10-01 23:01 UTC)