What is the worst that can happen when CIA or DCI for that matter gains such intimate access to our private lives from texts and CDRs? Prepare for it or else enrol in a Smoke Signal Communications class. Possibly, humankind's rights to privacy was buried in rumble one bright September morning 15 years ago. On 8 Mar 2017 17:40, "Admin CampusCiti via kictanet" < kictanet@lists.kictanet.or.ke> wrote:

Kivuva

All I can is this:-

Sisi kwisha!

*Ali Hussein* *Hussein & Associates* +254 0713 601113 / 0770906375

Twitter: @AliHKassim

Skype: abu-jomo

LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim>

Blog: www.alyhussein.com

"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought". ~ Albert Szent-Györgyi

Sent from my iPad

On 8 Mar 2017, at 3:32 PM, Mwendwa Kivuva via kictanet < kictanet@lists.kictanet.or.ke> wrote:

Wikileaks released CA hacking tools codenamed Vault 7.

Basically, everybody that maters has been hacked ... even if they use Signal, Telegram, or the best security tools. Funny how Telegram tried to console its users "The good news is that for the moment all of this is irrelevant for the majority of Telegram users. If the CIA is not on your back, you shouldn't start worrying just yet. And if it is, it doesn't matter which messaging apps you use as long as your device is running iOS or Android."

Now we are in the age of another new-normal - that encryption only protects you from parochial entities.

Below is the full release by Telegram: http://telegra.ph/Wikileaks- Vault7-NEWS

What does the "Year Zero" and "Vault 7" stuff from Wikileaks mean?

TelegramMarch 7, 2017

Wikileaks has released a new set of documents they called "Year Zero". According to these documents, the CIA had created "its own NSA" with "even less accountability". The newly discovered hacking arsenal of the agency includes techniques that reportedly permit the CIA to go around the encryption of messaging apps like WhatsApp or Signal by hacking people's smartphones and collecting audio and message traffic before encryption is applied.

This is not an app issue. It is relevant on the level of devices and operating systems like iOS and Android. For this reason, naming any particular app in this context is misleading.

Say what?

To put "Year Zero" into familiar terms, imagine a castle on a mountainside. That castle is a secure messaging app. The device and its OS are the mountain. Your castle can be strong, but if the mountain below is an active volcano, there's little your engineers can do.

So in the case of "Year Zero", it doesn't matter which messenger you use. No app can stop your keyboard from knowing what keys you press. No app can hide what shows up on your screen from the system. And none of this is an issue of the app.

So who can fix this?

It is now up to the device and OS manufacturers, like Apple, Google, or Samsung, to fix their volcanoes back into mountains.

Luckily, in the case of "Year Zero", the mountain isn't exactly a volcano. It's rather just a big mountain that is full of secret tunnels and passages. The tools from "Vault 7" are like a map of those tunnels. Now that device and OS manufacturers like Apple and Google will get this map, they can start filling in the holes and boarding up the passages. This will require many hours of work and many security updates, but eventually they should be able to take care of most of the problems.

Who is affected?

The good news is that for the moment all of this is irrelevant for the majority of Telegram users. If the CIA is not on your back, you shouldn't start worrying just yet. And if it is, it doesn't matter which messaging apps you use as long as your device is running iOS or Android.

The published docs did not include details on how to recreate and use the CIA cyberweapons. Wikileaks said they will hold off such publications until it becomes clear how these weapons should be "analyzed, disarmed and published."

This means that your neighbor next door won't likely get access to the newly discovered tools before they are neutralized.

What can I do?

There are some general steps you can take to increase the security of your device:

Don't use rooted or jailbroken devices unless you're 400% sure you know what you're doing. Never install apps from unknown or untrusted sources. Keep your device up to date and always install the security updates it offers. Pick a manufacturer that offers long term updates for their products. Remember that devices that aren't supported anymore have an increased risk of being vulnerable.

These measures will only protect you from "Year Zero" exploits when your device and OS manufacturers implement the relevant fixes, but following these tips can already make you much safer against many of the known security threats you'd be otherwise exposed to.

To sum up

"Year Zero" is not an app issue. It applies to devices and operating systems and will require security updates from their respective manufacturers to mitigate the threats. Naming any particular app in this context is misleading.

Wikileaks claims that the CIA has had a map of undiscovered secret tunnels and passages in your mountain for several years. The CIA could use them to look inside your castle and read data from your phone screen, before any app gets a chance to encrypt it. It is possible that some of the tunnels from the secret maps have been or will be discovered by actors other than the CIA.

The most important news is that after this leak, the device and OS manufacturers will finally get these maps as well. And so Samsung, Apple, Google, and others will be able to get to work and make their mountains impassable for the CIA and anyone who tries to follow in their footsteps. ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh

On 8 March 2017 at 11:11, Ngigi Waithaka via kictanet <kictanet@lists.kictanet.or.ke> wrote:

Hi,

Anyone interested in top-notch cyber-war tools and techniques, it doesn't

get better than this...

https://wikileaks.org/ciav7p1/

As we discuss Internet privacy etc, it's important to know friendly

countries have such an arsenal of tools that are or could be used to spy on

us.

--

Regards,

Waithaka Ngigi

Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building

T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000

www.at.co.ke

_______________________________________________

kictanet mailing list

kictanet@lists.kictanet.or.ke

https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Twitter: http://twitter.com/kictanet

Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at

https://lists.kictanet.or.ke/mailman/options/kictanet/ kivuva%40transworldafrica.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for

people and institutions interested and involved in ICT policy and

regulation. The network aims to act as a catalyst for reform in the ICT

sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors

online that you follow in real life: respect people's times and bandwidth,

share knowledge, don't flame or abuse or personalize, respect privacy, do

not spam, do not market your wares or qualifications.

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/info%40campusciti.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/kmachuhi%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

Wangare, we cannot hold any manufacturer liable for any vulnerability. Indeed, most are not even aware of the Zero Day vulnerabilities that CIA is exploiting. Here is a good writeup by Wikileaks on Zero day Vulnerabilities: In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis — rather than hoard — serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers. Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others. The U.S. government's commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities. The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis. "Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals. As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable. The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable. ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh On 8 March 2017 at 20:18, WANGARI KABIRU via kictanet <kictanet@lists.kictanet.or.ke> wrote:

"...."Year Zero" is not an app issue. It applies to devices and operating systems and will require security updates from their respective manufacturers to mitigate the threats. Naming any particular app in this context is misleading."

Kivuva, now we speak of "Manufacturer Liability".

Blessed day.

Regards/Wangari

--- Pray God Bless. 2013Wangari circa - "Being of the Light, We are Restored Through Faith in Mind, Body and Spirit; We Manifest The Kingdom of God on Earth".

On Wednesday, 8 March 2017, 19:08, K Machuhi via kictanet <kictanet@lists.kictanet.or.ke> wrote:

What is the worst that can happen when CIA or DCI for that matter gains such intimate access to our private lives from texts and CDRs?

Prepare for it or else enrol in a Smoke Signal Communications class.

Possibly, humankind's rights to privacy was buried in rumble one bright September morning 15 years ago.

On 8 Mar 2017 17:40, "Admin CampusCiti via kictanet" <kictanet@lists.kictanet.or.ke> wrote:

Kivuva

All I can is this:-

Sisi kwisha!

Ali Hussein Hussein & Associates +254 0713 601113 / 0770906375

Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin. com/in/alihkassim Blog: www.alyhussein.com

"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought". ~ Albert Szent-Györgyi

Sent from my iPad

On 8 Mar 2017, at 3:32 PM, Mwendwa Kivuva via kictanet <kictanet@lists.kictanet.or.ke > wrote:

Wikileaks released CA hacking tools codenamed Vault 7.

Basically, everybody that maters has been hacked ... even if they use Signal, Telegram, or the best security tools. Funny how Telegram tried to console its users "The good news is that for the moment all of this is irrelevant for the majority of Telegram users. If the CIA is not on your back, you shouldn't start worrying just yet. And if it is, it doesn't matter which messaging apps you use as long as your device is running iOS or Android."

Now we are in the age of another new-normal - that encryption only protects you from parochial entities.

Below is the full release by Telegram: http://telegra.ph/Wikileaks- Vault7-NEWS

What does the "Year Zero" and "Vault 7" stuff from Wikileaks mean?

TelegramMarch 7, 2017

Wikileaks has released a new set of documents they called "Year Zero". According to these documents, the CIA had created "its own NSA" with "even less accountability". The newly discovered hacking arsenal of the agency includes techniques that reportedly permit the CIA to go around the encryption of messaging apps like WhatsApp or Signal by hacking people's smartphones and collecting audio and message traffic before encryption is applied.

This is not an app issue. It is relevant on the level of devices and operating systems like iOS and Android. For this reason, naming any particular app in this context is misleading.

Say what?

To put "Year Zero" into familiar terms, imagine a castle on a mountainside. That castle is a secure messaging app. The device and its OS are the mountain. Your castle can be strong, but if the mountain below is an active volcano, there's little your engineers can do.

So in the case of "Year Zero", it doesn't matter which messenger you use. No app can stop your keyboard from knowing what keys you press. No app can hide what shows up on your screen from the system. And none of this is an issue of the app.

So who can fix this?

It is now up to the device and OS manufacturers, like Apple, Google, or Samsung, to fix their volcanoes back into mountains.

Luckily, in the case of "Year Zero", the mountain isn't exactly a volcano. It's rather just a big mountain that is full of secret tunnels and passages. The tools from "Vault 7" are like a map of those tunnels. Now that device and OS manufacturers like Apple and Google will get this map, they can start filling in the holes and boarding up the passages. This will require many hours of work and many security updates, but eventually they should be able to take care of most of the problems.

Who is affected?

The good news is that for the moment all of this is irrelevant for the majority of Telegram users. If the CIA is not on your back, you shouldn't start worrying just yet. And if it is, it doesn't matter which messaging apps you use as long as your device is running iOS or Android.

The published docs did not include details on how to recreate and use the CIA cyberweapons. Wikileaks said they will hold off such publications until it becomes clear how these weapons should be "analyzed, disarmed and published."

This means that your neighbor next door won't likely get access to the newly discovered tools before they are neutralized.

What can I do?

There are some general steps you can take to increase the security of your device:

Don't use rooted or jailbroken devices unless you're 400% sure you know what you're doing. Never install apps from unknown or untrusted sources. Keep your device up to date and always install the security updates it offers. Pick a manufacturer that offers long term updates for their products. Remember that devices that aren't supported anymore have an increased risk of being vulnerable.

These measures will only protect you from "Year Zero" exploits when your device and OS manufacturers implement the relevant fixes, but following these tips can already make you much safer against many of the known security threats you'd be otherwise exposed to.

To sum up

"Year Zero" is not an app issue. It applies to devices and operating systems and will require security updates from their respective manufacturers to mitigate the threats. Naming any particular app in this context is misleading.

Wikileaks claims that the CIA has had a map of undiscovered secret tunnels and passages in your mountain for several years. The CIA could use them to look inside your castle and read data from your phone screen, before any app gets a chance to encrypt it. It is possible that some of the tunnels from the secret maps have been or will be discovered by actors other than the CIA.

The most important news is that after this leak, the device and OS manufacturers will finally get these maps as well. And so Samsung, Apple, Google, and others will be able to get to work and make their mountains impassable for the CIA and anyone who tries to follow in their footsteps. ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh

On 8 March 2017 at 11:11, Ngigi Waithaka via kictanet <kictanet@lists.kictanet.or.ke > wrote:

Hi,

Anyone interested in top-notch cyber-war tools and techniques, it doesn't

get better than this...

https://wikileaks.org/ciav7p1/

As we discuss Internet privacy etc, it's important to know friendly

countries have such an arsenal of tools that are or could be used to spy on

us.

--

Regards,

Waithaka Ngigi

Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building

T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000

www.at.co.ke

______________________________ _________________

kictanet mailing list

kictanet@lists.kictanet.or.ke

https://lists.kictanet.or.ke/ mailman/listinfo/kictanet

Twitter: http://twitter.com/kictanet

Facebook: https://www.facebook.com/ KICTANet/

Unsubscribe or change your options at

https://lists.kictanet.or.ke/ mailman/options/kictanet/ kivuva%40transworldafrica.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for

people and institutions interested and involved in ICT policy and

regulation. The network aims to act as a catalyst for reform in the ICT

sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors

online that you follow in real life: respect people's times and bandwidth,

share knowledge, don't flame or abuse or personalize, respect privacy, do

not spam, do not market your wares or qualifications.

______________________________ _________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/ mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/ KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/info% 40campusciti.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

______________________________ _________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/ mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/ KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/ kmachuhi%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/wangarikabiru%40yahoo....

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafr...

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

@Mwendwa, that was an argument that was made when Parliament was considering the ratification of the agreement between Kenya and US on biological threats and I thought perhaps we should pay closer attention to these numerous agreements that we're too eager to sign. Or the fact that financial assistance offered to us for research almost always results in the financier owning the information. @Mark, it is quite likely that their own ethical hackers didn't know of these vulnerabilities. Now that they do, we must bring them to account going forward on what is being done to mitigate this. No I do not think it is possible to hold Google, iOS or Samsung accountable at this juncture. Of course there is the part where Google and Apple seem confident on having 'fixed it' https://techcrunch.com/2017/03/07/apple-says-most-vulnerabilities-in-wikilea... and https://techcrunch.com/2017/03/08/google-is-the-latest-company-to-brush-off-... Maybe Zuckerberg wasn't so wrong after all- People no longer have an expectation of privacy in this age. On Wed, Mar 8, 2017 at 9:03 PM, Mwendwa Kivuva via kictanet < kictanet@lists.kictanet.or.ke> wrote:

On 8 March 2017 at 20:07, K Machuhi via kictanet <kictanet@lists.kictanet.or.ke> wrote:

...

What is the worst that can happen when CIA or DCI for that matter gains such intimate access to our private lives from texts and CDRs?

Prepare for it or else enrol in a Smoke Signal Communications class.

Possibly, humankind's rights to privacy was buried in rumble one bright September morning 15 years ago.

I had a longer response to this, but I will make its short with an illustration, and allows us to digest.

Kenya GDP vs US GDP year 2015: Kenya : $63.4 billion per year United States : $18.04 trillion per year

Relative value ratio: Unites States : 284.5 Kenya : 1

Relative value Comparison: United States : 2850% larger Kenya : 99.65% smaller

So lets compare notes on those GDP percentages after 10 years with that reasoning where we have one state have access to all our insights, while we have zero of theirs. When you look at surveillance in terms of how it affects parochial people who have no friction with the state is loosing the bigger picture. It means your patents, research, trade secrets, business deals are all with the big brother. When Kenya goes to negotiate a business deal with US, they already know what we discussed in private, and have already a counter proposal to which we don't have any counter offer. This is just one example.

http://www.wolframalpha.com/input/?i=kenya+gdp+vs+US+gdp

Regards ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/kaninimutemi%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- *Mercy Mutemi, Advocate*.