History, Security

Czech Patton Museum Comes to America

Leave a comment

The 75th anniversary of liberation from Nazi occupation is giving Americans a chance to see memorials to them that usually are found only in Czechia.

The exhibition, entitled Liberation of Pilsen, will be unveiled at Czech Centre New York on Wednesday afternoon. It outlines the advance of Allied troops from Normandy to Pilsen, the role of General George S. Patton and other historical circumstances.

Ivan Rollinger of the Patton Memorial Pilsen museum, who curated the exhibition, says it also maps the many memorials to civilians and soldiers in the region of Pilsen.

“Even today, 75 years after the end of the war, there are still new monuments being erected to the victims of the Second World War, including fallen US soldiers.

“We still come across new information about the individual victims in the region, for instance in the Washington National Archive or in daily reports, and then we unveil new memorials to them.”

History, Security

New Book: Going to War Against Fascists Earlier Prevents Late Realization That Fascism is Really Bad

Leave a comment

It’s a complicated claim, given how fascism is based on constant deception and lying; yet the facts are in again that as an influence competition was being lost, the far more powerful armies would have benefited from earlier political support to declare war against rapidly expanding lies and aggression of fascism.

Caquet’s most potent argument, borrowed as well from Winston Churchill, is that in 1938 the Allies were in a much stronger military position than Germany. By virtually every measure, including the number of soldiers, ammunition, tanks and aircraft, he reveals, the combined armed forces of England, France and Czechoslovakia greatly exceeded those available to be deployed by the Nazis.

In 1938, Germany was only about halfway through its rearmament initiative, and remained somewhat constrained by restrictions in the Treaty of Versailles. France and Czechoslovakia alone could produce twice as many armored divisions than the Reich, following a general mobilization. German supplies of oil, iron and aviation lubricants sufficed for three months or less. German construction of battleships, aircraft carriers and submarines had just begun. German bombers lacked the range to effectively bomb Britain. And in 1938, Caquet points out, with Czechoslovakian forces on high alert, Germany could not launch a surprise attack. That the Allies did not call Hitler’s bluff and go to war, he implies, resulted from a lack of political will and not inferior military might.

“Supermarine Spitfire, Britain’s superb fighter plane launched 1938 and lasted throughout World War II.” Source: Britannica

See also: death camps described by an escapee in detail to London June 1942

Security

Timeline: Did 2018 WhatsApp Security Flaw Lead to Assassination of WashPo Journalist?

Leave a comment

This is a timeline of proprietary and centralized end-to-end encryption technology (yes that is a contradiction, and yes it uses an open source protocol) for secret delivery of malicious content to targets (apps and people) that seems to have led to massive privacy loss as well as targeted killings.

January 2018:
Facebook’s CSO campaigned on Twitter to restore trust in WhatsApp after researchers alleged privacy flaws.

…clear notifications and multiple ways of checking who is in your group prevents silent eavesdropping. The content of messages sent in WhatsApp groups remain protected by end-to-end encryption.

March 2018:
Amazon CEO is invited to have dinner with the Saudi Crown Prince Mohammed bin Salman.

April 2018:
Amazon CEO and Crown Prince have dinner, exchange phone numbers linked to WhatsApp accounts.

May 2018:
WhatsApp message from the Crown Prince (believed to have included a malicious video file) is sent end-to-end encrypted to the Amazon CEO’s phone.

A huge amount of data (130MB) suddenly is uploaded from the CEO’s phone (29,000% jump), and then about 100MB/day is uploaded in the months following (compared to under 0.5MB/day in months prior). (Full Report by “FTI Consulting” via Vice News story).

June 2018:
Amazon’s WashPo journalist Jamal Khashoggi’s contacts (who use WhatsApp) also receive malicious links.

July 2018:
NYT reports spread of harmful videos on WhatsApp is leading directly to dozens of violent deaths: “How WhatsApp Leads Mobs to Murder in India“.

WhatsApp’s design makes it easy to spread false information. Many messages are shared in groups, and when they are forwarded, [despite CSO promoting “multiple ways of checking who is in your group”] there is no indication of their origin.

August 2018:
Facebook CSO leaves to take position at Stanford doing research for Facebook, pushing for greater use of WhatsApp (see Oct 2019 Stanford tweet).

…companies like to say things like ‘we follow local law’, but in reality, they resist orders every day by saying ‘sorry…

His statements promoting WhatsApp usage completely contradict his infamously bizarre 2015 argument with the NSA (just before being hired by Facebook), which suggested he saw moral equivalence in all lawful orders from everywhere.

…if we’re going to build defects/backdoors or golden master keys for the US government, do you believe we should do so — we have about 1.3 billion users around the world — should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?

Facebook CSO publishes his own Wikipedia page full of uncritical self-promotion and demands it be locked to prevent the public from editing or commenting.

I’ll try to keep an eye on this page for any questions.

September 2018:
Amazon CEO’s phone uploads 500MB.

October 2018:
Khashoggi is murdered at the Saudi consulate in Istanbul.

Slate reports on spread of harmful content on WhatsApp, describing it as dangerous tool for mob rule and abuse of power: “How False News Haunted the Brazilian Elections…it was worse than ever.”

And it coincided with the rise of Brazil’s far-right president-elect…political communication is completely vulnerable, especially on WhatsApp because it’s not monitorable… Just 8 percent of the most-shared information in groups was correct… WhatsApp, which she described as “the biggest misinformation engine during elections this year”, was unwilling to take action against fake news on its platform. …the company “at no point showed itself willing to sit down and talk with fact-checkers to think about solutions.”

November 2018:
US White House occupant reportedly in a “bizarre, inaccurate and rambling” manner “issued a statement in which he said the U.S. would maintain a ‘steadfast’ alliance with Saudi Arabia, refusing to blame Saudi Crown Prince Mohammed bin Salman for Khashoggi’s killing even though the CIA has reportedly concluded that the crown prince ordered his assassination.”

March 2019:
US Congress sends letter criticizing WhatsApp being used in White House for communications with foreign leaders during September and October of 2018 (murder of WashPo journalist).

April 2019:
Ex-Facebook CSO gives talk with huge privacy claims (without any evidence) while Amazon CEO’s phone is uploading GB of extremely sensitive data due to security flaw in WhatsApp; self-congratulatory boasts of the ex-CSO go unchallenged.

'The day Whatsapp turned on encryption was probably the most privacy enhancing day of all time' -@alexstamos

CISOs comment about Stamos in private executive forums (sorry can’t disclose sources): “That boy loves a microphone and a camera, but those can’t keep your systems from crashing.”

April/May 2019:
Amazon CEO’s phone completes 9GB of data uploaded in three large bursts.

12 days after last burst, a full forensics investigation begins by FTI. While unable to find malware FTI writes report showing bursts of suspicious traffic.

November 2019:
Facebook announces CVE-2019-11931, which explains sending a malicious video file to a WhatsApp user has been a serious open vulnerability allowing spyware to be installed. May 2018 to November 2019 is 1.5 year response time to a critical exploit in the wild.

Description: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274 [OCT 3, 2019], iOS versions prior to 2.19.100 [OCT 17, 2019]….

January 2020:
Guardian breaks the story of Amazon CEO and Whatsapp breach, barely hinting at a US White House role.

[In high-profile and long-standing “challenge” to Amazon CEO] Trump and his son-in-law Jared Kushner have maintained close ties with the crown prince…

Further stories roll like NYT “Beware WhatsApp accounts…”, which bring us full circle to the Facebook CSO making a provably false claim in public that “clear notifications and multiple ways of checking who is in your group prevents silent eavesdropping”.

To be clear the phrase “prevents silent eavesdropping” was a very tall claim that deceptively lured victims to false sense of trust in WhatsApp. Eavesdropping wasn’t prevented entirely, and harmful content wasn’t even attempted to be prevented, so many people died as a result of overconfidence from WhatsApp marketing coupled with its critical security flaws.

Related:

WhatsApp CVE-2021-24026 allowed complete system compromise due to a missing bounds check within the audio decoding pipeline for calls.

WhatsApp CVE-2019-18426 allowed attackers to read files from users’ local file systems.

WhatsApp CVE-2018-6344 allowed attackers to fully compromise the app when a target answered a call.

November 1997, Microsoft IE 4.0 browser buffer overflow allowed attackers to “execute arbitrary precompiled native code” (i.e. F00F of concept would denial-of-service the Intel CPU).

History, Security

JFK Assassinated Weeks After Shifting to Cuba “Accommodation”

Leave a comment

I’ve written here before about the compromise solution of the Cuban Missile Crisis. There long has been speculation that foreign policy hawks in the US had JFK assassinated for taking a diplomatic approach to Cuba instead of a more militant one. We finally are starting to see more of this as official history emerges from government archives:

…National Security Archive today posted an audio tape of the President and his national security advisor, McGeorge Bundy, discussing the possibility of a secret meeting in Havana with Castro. The tape, dated only seventeen days before Kennedy was shot in Dallas, records a briefing from Bundy on Castro’s invitation to a U.S. official at the United Nations, William Attwood, to come to Havana for secret talks on improving relations with Washington. The tape captures President Kennedy’s approval if official U.S. involvement could be plausibly denied. The possibility of a meeting in Havana evolved from a shift in the President’s thinking on the possibility of what declassified White House records called “an accommodation with Castro” in the aftermath of the Cuban Missile Crisis. Proposals from Bundy’s office in the spring of 1963 called for pursuing “the sweet approach…enticing Castro over to us,” as a potentially more successful policy than CIA covert efforts to overthrow his regime. Top Secret White House memos record Kennedy’s position that “we should start thinking along more flexible lines” and that “the president, himself, is very interested in [the prospect for negotiations].” Castro, too, appeared interested.

Food for thought when looking at the US faith-based revenge assassination doctrine of state actors, as pushed into the news in recent weeks.

Update 19 Jan 2020: Lawfare implores the US to resist its impulse to assassinate leaders.

…openly targeted a senior official of a sovereign nation-state, carrying out a satisfying act of short-term revenge but undermining its long-term strategic interests…in a destabilizing era of open assassination…a favorite tactic of weak states seeking leverage against strong powers. […] Banning assassination was not just the right thing to do; it was how modern nation-states consolidated their power. […] Democratized digital technologies have enabled weaker states and nonstate actors to more effectively target the United States and its personnel and facilities abroad in ways that were once exclusive to Washington’s arsenal. U.S. policymakers must resist the temptation to use their technological and military prowess to target senior government officials, remembering who is watching and learning from what they do.

See also the CIA roles in Au service de la france: “We know how to discredit him…”