Jump to content

Talk:FinFisher: Difference between revisions

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
SineBot (talk | contribs)
Bots
2,548,744 edits
m Signing comment by 84.168.61.96 - "→‎"Capture even encrypted data": new section"
Line 21: Line 21:
Capturing encrypted data is not surprising nor impressive at all!
Capturing encrypted data is not surprising nor impressive at all!
That would be the case if the software could decrypt it automatically... <span style="font-size: smaller;" class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/84.168.61.96|84.168.61.96]] ([[User talk:84.168.61.96|talk]]) 17:23, 16 January 2013 (UTC)</span><!-- Template:Unsigned IP --> <!--Autosigned by SineBot-->
That would be the case if the software could decrypt it automatically... <span style="font-size: smaller;" class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/84.168.61.96|84.168.61.96]] ([[User talk:84.168.61.96|talk]]) 17:23, 16 January 2013 (UTC)</span><!-- Template:Unsigned IP --> <!--Autosigned by SineBot-->

Obviously it would capture the encrypted data at the point where the user software is attempting to decrypt it. If this comes through say Windows Update because of some backdoor Microsoft was coerced by the government to put in, it could do that trivially. Only software with completely custom encryption system would stay safe but screen capturing and key logging gets around that. The only completely secure system is one where it works as the user requires from day 1 and won't have any mechanism for running new software on it - pretty much limited to 1998 style web experience, which TBH was better than web these days for consumption purpose rather than advertising/tracking/privacy invasion which is the real focus of JavaScript and HTML5.

Revision as of 00:49, 3 July 2013

WikiProject iconComputer Security: Computing Stub‑class Mid‑importance
WikiProject iconThis article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles
StubThis article has been rated as Stub-class on Wikipedia's content assessment scale.
MidThis article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (assessed as Low-importance).
Things you can help WikiProject Computer Security with:
Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...
  • Answer question about Same-origin_policy
  • Review importance and quality of existing articles
  • Identify categories related to Computer Security
  • Tag related articles
  • Identify articles for creation (see also: Article requests)
  • Identify articles for improvement
  • Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
  • Find editors who have shown interest in this subject and ask them to take a look here.

Detection and see also

I found more refs and put the detection section (back) in. Does that look more balanced to you? The see also seems ok to provide some more linking to similar geopolitical malware. More categories might also help. Thanks for keeping the standards high, regards Widefox; talk 14:52, 3 September 2012 (UTC)[reply]

Better definition?

Could we better define the components:

  • FinFisher is the toolbox
  • FinSpy the desktop malware
  • FinSpy mobile the mobile malware

Is that right? some sources are more lax, which confuses the issue...but we can do better...something like "is a surveillance software toolkit with products FinSpy on the desktop and FinSpy mobile on mobile devices. Widefox; talk 17:03, 3 September 2012 (UTC)[reply]

Seems right. My confusion arose from the use of FinSpy in the first article I read. At first I thought there was no article and started writing it, then discovered this article and made the FinSpy a redirect. We should clarify the terms as you suggest. The University of Toronto researchers seem to get it right and can be used as a source, I think. I suppose we could be more aggressive in gathering information from the company itself. I called it a suite, of software, but toolbox just means the same thing. It's pretty high-tone so suite seems to fit. User:Fred Bauder Talk 11:46, 4 September 2012 (UTC)[reply]
I think FinSpy may be the specific tool for gaining access, probably several tools. User:Fred Bauder Talk 11:48, 4 September 2012 (UTC)[reply]

"Capture even encrypted data"

Well… Capturing encrypted data is not surprising nor impressive at all! That would be the case if the software could decrypt it automatically... — Preceding unsigned comment added by 84.168.61.96 (talk) 17:23, 16 January 2013 (UTC)[reply]

Obviously it would capture the encrypted data at the point where the user software is attempting to decrypt it. If this comes through say Windows Update because of some backdoor Microsoft was coerced by the government to put in, it could do that trivially. Only software with completely custom encryption system would stay safe but screen capturing and key logging gets around that. The only completely secure system is one where it works as the user requires from day 1 and won't have any mechanism for running new software on it - pretty much limited to 1998 style web experience, which TBH was better than web these days for consumption purpose rather than advertising/tracking/privacy invasion which is the real focus of JavaScript and HTML5.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:FinFisher&oldid=562624034"