Josh Wieder

Those following Cryptome on Twitter saw some messages that were a little nerve-wracking yesterday. The flood of torrents attributed to Cryptome are not ours. Could be ruses, smears to spread malware. Maybe by HT types. — Cryptome (@Cryptomeorg) July 22, 2015 Some of many [CRYPTOME] torrents gushing wildly recently, could contain [Hacking Team] malware to smear Cryptome https://t.co/3bZ22OQBou — Cryptome (@Cryptomeorg) July 22, 2015 A similar warning was posted to the front page of Cryptome's website: The link in Cryptome's message led me to a Kickass Torrents user account that had been opened ~3 weeks previously under the name Cryptome. The account uses the Cryptome website logo. Similar accounts were created on Monova and Lime Torrents. Putting together an archive for a website you aren't affiliated with, whose content is already free and widely available and has been for many years, isn't necessarily unheard of (?). But doing so while ostensibly

Several months ago I identified malicious software contained within a torrent available for download from Wikileaks . The torrent was the most recent and most complete copy of what Wikileaks titled the "Global Intelligence Files" - a large trove of emails and attachments from defense contractor Stratfor. The story as it is widely understood is that former Lulzsec member and hacktivist Jeremy Hammond was involved in the acquisition of these files from Stratfor and provided them to Wikileaks. Among the many files included in the leak I have identified 18 that have malicious software; most of those are embedded within PDF and DOC files. Some of the attacks I discovered are old, others are less old. Only two of the 18 files are blocked from downloading using Google Chrome's malware protection service, for example. In a second post, I decompile one of these two (older) files using PE Explorer and Hex-Rays IDA to demonstrate how the file corrupts the Microsoft Connection Manage

Some time ago I wrote two blog posts about my discovery about a series of malware-infected files within a torrent being circulated by global whistleblower organization Wikileaks. The torrent file was one of the latest versions of what Wikileaks has named the "Global Intelligence Files" - a large cache of documents obtained from the email spool of a government contractor known as Stratfor. Since my discovery I have made several attempts to contact Wikileaks: @wikileaks sorry to contact here but no other means Ive identified sec issues with most recent torrent here: https://t.co/oeBLtLgDeb — Josh Wieder (@JoshWieder) May 3, 2015 @wikileaks I have some very basic info here http://t.co/cvjY4xWuIr and here: http://t.co/74Xbmxjmy7 can provide more as needed — Josh Wieder (@JoshWieder) May 3, 2015 In addition to Twitter I have attempted to email just about every address I could find on their site (none of them work), as well as attempting to use the chat functi

The Florida Local Government Investment Trust manages money for counties and clerks throughout the state of Florida. They handle bonds that are AAA rated by S&P; pooling assets for municipalities throughout the state to increase their buying power. The Trust was created in 1991. The Florida Local Government Investment Trust maintains a website based on Wordpress, floridatrustonline.com (I highly recommend that readers do not visit the website from an unsecured browser/computer - preferably using a platform like TAILS ). The website contains a description of the Trust, the legislation under which it carries its mandate (Florida Statute 218.415 (16) (a) and 163.01), a list of employees and trustees as well as a series of financial reports covering the last year. The floridatrustonline.com domain is registered to  Earl Donaldson , an employee of the Florida Association of Court Clerks. Donaldson's LinkedIn page lists him as a Network Engineer. The website is hosted on a shared h

Jörg P. Rachen and Ute G. Gahlings  submitted an incredibly awesome physics paper back in 2013. I can't improve on the abstract so I am just going to reproduce it below. I highly suggest reading the entire paper (which is a brief 4 pages and a fun read): Based on the cosmological results of the Planck Mission, we show that all parameters describing our Universe within the \Lambda CDM model can be constructed from a small set of numbers known from conspiracy theory. Our finding is confirmed by recent data from high energy particle physics. This clearly demonstrates that our Universe is a plot initiated by an unknown interest group or lodge. We analyse [sic] possible scenarios for this conspiracy, and conclude that the belief in the existence of our Universe is an illusion, as previously assumed by ancient philosophers, 20th century science fiction authors and contemporary film makers. The paper is available for free download from the Cornell University Library website

I've been doing a substantial amount of work with VPN software lately. Of particular interest to me is helping secure mobile phone web traffic, which for the most part have been very insecure for a very long time. That's why I was excited to come across SoftEther VPN documentation that apparently confirmed its compatibility with Windows Phone: SoftEther VPN documentation from GitHub. Note the highlighted text claiming Windows Phone support. Currently, Windows Phone 8.1 only natively supports IKEv2. Additional support is available for SSL VPN but requires the installation of a third party VPN client. SoftEther VPN has no client application in the Windows phone store, and lack of IKEv2 support has been a known SoftEther development issue for 16 months with no sign of being actively addressed . It's worth pointing out that Blackberry and Nokia Lumia users are also impacted by the lack of IKEv2 support, however none of those devices are explicitly named in the suppo

Its really a shame that Google is rapidly becoming so unabashedly evil , because they really do have some smart folks on the team. One of the latest useful applications to come from outside of the world-domination division is Google Tone: Tone can share useful application data using sound; specifically URLs. There are many possible uses for this sort of thing. Advertisers should be more excited about this then they were about those always annoying and once-ubiquitous QR codes. Those interested in human rights work and IT security could I am sure come up with some uses more useful to humanity. Here is a link to a Tone download from the Chrome web store ; Tone is available to start with as a browser extension.