Source: Original Doom artwork from John Romero on Gamespot.
For months I’ve been warning people that using a Zoom client means a system should be treated as completely compromised.
TechCrunch in April 2020 reported it as “Zoom Doom”
If you care about your security and privacy, perhaps stop using Zoom
My position has been clear, as I’ve written multiple times on this blog. Now this:
…they were able to take over the remote system running the Zoom client without any involvement from the victim; the exploit didn’t require the victim to click any links or open any attachments…
Here we are a year after Zoom Doom and it’s worse. See also the final order from the FTC, still not implemented by Zoom as of early April.
November 9, 2020 — FTC Requires Zoom to Enhance its Security Practices as Part of Settlement
February 1, 2021 — FTC Gives Final Approval to Settlement with Zoom over Allegations the Company Misled Consumers about Its Data Security Practices
I can not emphasize enough just how broken the security culture of Zoom was that after harsh criticism of security they brought in the infamously disgraced CSO (biggest undisclosed breaches in history) to handle PR.
In 1961 the U.S. used their top spy in Moscow to deliver extensive details of the Soviet nuclear program:
In tandem with the CIA, MI6 were in the midst of running their most successful espionage operation to date. A colonel in Soviet military intelligence, Oleg Penkovsky, was working for them as an agent-in-place, photographing thousands of top-secret documents with a miniature camera, and delivering the resulting microfilm in disguised packs of cigarettes and boxes of sweets to Chisholm’s wife Janet, at cocktail parties, parks and other locations around the city.
Some describe these massive disclosures from deep within the Soviet military (by a man who turned on his country after being denied a promotion) as a primary explanation for averting disaster in the Cuban missile crisis:
The CIA’s chief analyst during the crisis, Ray Cline, later told historian Christopher Andrew that Penkovsky’s intelligence was vital to its resolution, as it allowed the agency to “follow the progress of Soviet missile emplacement in Cuba by the hour.”
Just as the global nuclear missile crisis ended on October 22, 1961 Penkovsky was arrested by the KGB.
The next chapter to this story isn’t what you might think.
It actually becomes how the Soviets at that time had established a top spy in Paris, who was delivering extensive details of the U.S. nuclear program in Europe. In October 1961, as Penkovsky was shut down, the Soviets pushed an American mole for deeper access.
In late 1961 [Robert Lee Johnson] received the top-secret clearance and was admitted into the vault as a clerk. At long last the KGB was in. […] Over the following weeks the infiltration began in earnest as he successfully copied the vault keys using clay molds supplied by KGB operatives. In October of 1961 he received a specially manufactured X-ray device from Moscow that he was instructed to place over the final lock in the vault; KGB technicians could then deduce what combination unlocked the vault by studying the cogs inside the locking mechanism.
This spy was from within the U.S. military; “an embittered bureaucrat with a grossly inflated sense of self-worth”, and like Penkovsky a man who turned on his country after being denied a promotion (not to mention being named after a traitor in the military who defected and fought to destroy the U.S. — Robert Lee).
On 15 December 1962, Johnson accessed the vault for the first time and looted its contents. The operation, extensively rehearsed beforehand, went exactly as planned and by 03:15 the following morning some of America’s most sensitive cryptographic and military information—some of it classified higher than top secret—was on its way to Moscow. The treasure trove of information proved so valuable that the KGB decided to reward Johnson with a bonus of $2,000 and the rank of honorary Major in the Red Army. The information—rumored to include the numbers and locations of US nuclear warheads in Europe—was deemed so important that it was presented to Comrade Khrushchev himself.
While there are plenty of stories of Johnson using a vaguely described radioactive device, I’ve found so far almost no documentation or details. Explanations of the Soviet portable X-ray design that cracked a top-secret lock seems obscure, and probably intentionally.
Allegedly the first lock was cracked by making a wax impression of the key, the second lock had a combination written on paper that someone left in a trash can. These are routine weaknesses. The development in October 1961 of an X-ray to crack the third and final lock for U.S. top-secret files is by far the most interesting, especially given the timing, and yet very little record at all has been made available.
I’m really struggling to get through a BBC article called “Who truly was the most dishonest president?”
This section in particular is really hard to read.
Once upon a time Americans placed an almost childlike trust in their commanders-in-chief. They were venerated as demigods. When did it change? Many historians date this rupture to Lyndon Baines Johnson, though he was far from the first president to deceive.
That seems so backwards as to be completely laughable. Which historians?
To begin with, LBJ became president when JFK was assassinated.
Would assassination count as a rupture? I mean saying public change in trust dates to LBJ as president kind of misses at least one big prior rupture event, no?
I would think JFK immediately disproves such a theory of American public rupture and distrust dating to LBJ. And on that note there were assassinations and attempted assassinations long before JFK.
Consider the 1881 assassination of Garfield, for just one obvious example:
Like most presidents up to that point, he was not accompanied by bodyguards or a security detail. As Garfield’s carriage pulled up outside the Baltimore and Potomac, Charles Guiteau paced the waiting room inside, ready to fulfill what he believed was a mission from God. […] In his pocket Guiteau carried a letter addressed to the White House. “The president’s tragic death was a sad necessity,” it read, “but it will unite the Republican Party and save the Republic. Life is a fleeting dream, and it matters little when one goes.”
The whole point of the American system used to be that President would be a citizen and not someone “venerated as demigods” or dare I say someone… monarchical.
Garfield literally ran for office on the premise of being a plain farmer who would roll his sleeves up to cut the “weeds” of “calumny, falsehood, fraud, venom, hatred, defamation and malice”.
“Farmer Garfield: Cutting a swath to the White House” 1880. Source: Library of Congress
The bar is low to become a President, with many running on the premise of being common, so on what basis would anyone mistakenly shift that in their mind to a high one?
Who was venerated? Who was given childlike trust?
The author should perhaps prove these assertions, or at least detail them, first before ironically waxing on about deception.
Women had been carrying important information over private networks for centuries if not longer. The communication protocol safety was so effective that to outsiders only the water was seen.Part four in a three part series…
I told myself I wouldn’t treat this lightly and so it ended up being delayed a long while.
In a nutshell when a “water charity” would roll into villages in Africa they believed dropping a well directly outside homes would liberate women and children from the burden of long walks with heavy loads.
These wells in fact undermined a core network and fabric of social order and thus dangerously unbalanced power — women no longer had private time in shared chores away from the home at their “workplaces” and overall safety/security of the region was significantly undermined.
This is not conjecture. I was working with a huge global tech firm that was pushing a water charity donation pledge. When I started to question the ethics of the charity, the head of it came to meet with me in person.
At first it was cordial and he said things like “happy to answer your questions” though soon he seemed a bit frustrated, even deflated as if I had unmasked him. I had asked straight questions like “exactly how many villages had security issues after a well was dug”.
To his credit he told me could confirm exactly 15 examples (at that time). I appreciated the transparency, yet he seemed disturbed by having to admit to the fact an utterly simplistic solution (get donations, drive in, dig a well, leave) to a complex problem was in fact making lives worse.
In other words I was told by the head of a major charity that in more than a dozen cases soon after the new well was established armed rebels were known to target it, seize control and force all residents into refugee camps. That was fascinating, and still didn’t go deep enough for me as it focused on militant action more than the subtle process of cultural devaluation and collapse (e.g. Achebe’s “Things Fall Apart“). He admitted the lost villages were never reported, despite his transparency with me.
He also tried to muster some of the usual “big picture is we’re helping a lot of people” chaff. When I dug into his actual data (at that time) even it was questionable, suffering from big data integrity issues like obvious copy/paste numbers for a map of the wells scattered across an entire continent.
Finally, when I broached this subject with regional conflict experts they confirmed that the resource charity model was typically flawed from the start, and conditions worsened without analysis. They knew of the problems, and again said none of it was ever reported. More to the point, they confirmed they knew how introduction of wells (or similar technology shifts for that matter, such as men on bicycles fetching water) destroyed a traditional model of safety and power for women.
While perhaps counter-intuitive that reducing a burden creates far worse burdens, it lays bare the kind of false assumptions someone can make when they look at ways to “fix” networks and markets they observe only as “do good” outsiders.
If we think only about carrying water as hard we risk projecting that mindset into other communities and look for ways to remove that specific pain point. Instead we should think about how hard life becomes for people if they don’t have the opportunity to carry water on long isolated paths (removal of private time/place to communicate translates directly to loss of power).
The water charity seemed to be attempting what Fela had written about in the mid 1970s, in a song called “Water no get enemy“.
Initially, water was likely deemed the safest option for substantial and impactful donations. The idea was that nobody could oppose something as essential as water, and any critics would likely be perceived as misguided. However, there was a serious oversight in considering broader risk management related to resources.
To put it plainly, it seems the individual behind the water charity felt a sense of guilt for their past actions and attempted to portray themselves as a “white savior” by delivering water to black communities, thinking it would shield them from scrutiny. Unfortunately, addressing complex real-life issues is not that straightforward, and the search for superficially criticism-proof solutions only reinforces the self-dislike that led to this approach in the first place.
The failure to conduct a thorough threat analysis on water distribution had far-reaching consequences, disrupting security processes, procedures around assets and political power, and jeopardizing the privacy and safety of women and children. The belief in invulnerability was proved wrong.
