little monkey

elstel.org

by Elmar Stellnberger

a̅tea v0.8.4: important security fix

Category: programs,
Source: SecuritySW,
Language: en,
Type:
update
.
In v0.8 we fixed an error that arose when the key obtained via X509_get_X509_PUBKEY was freed independently of the X509 certificate though it in deed is part of the cert. The error was found in networking.c. At the same time the author grepped for other usages of the X509_get_X509_PUBKEY function in all other files. It is a miracle why grep did not return any result at that time. Consequently the same error remained unfixed in dane-unbound.c and dane-direct.c. I had been a bit in wonder that this was the only point where the function was used but I did trust in the result of grep. For now I had discovered the error simply by reading the sources. Make sure you do not use any version before 0.8.4 without manually adding this fix because it is a severe security issue. It may crash a̅tea when a TLSA record contains a full cert or pubkey rather than a hash of it (which will be hardly used in practice though the TLSA response could be spoofed to pretend this)!



a̅tea v0.8.3 / micro fix for --no-check-cert

Category: programs,
Source: SecuritySW,
Language: en,
Type:
update
.
--no-check-cert now again works without having to state --no-check-time. Before it triggered a null dereferencing if --no-check-time was not given.



ECJ judgment against the parallel justice of the ECT

Category: general,
Source: info,
Language: en,
Type:
update
.
On September 2nd, the Court of Justice of the European Union passed a groundbreaking judgment: The parallel justice of the ECT (Energy Charter Treaty) is illegal. It is thwarting the switch to renewables, for example by requiring the Netherlands to pay billions in compensation to the coal companies UNIPER and RWE and by intimidating governments across Europe. Italy has already left the contract. France, Spain, Poland, Greece and Slovenia are calling for the entire EU to exit or want to exit themselves. Unfortunately, the ruling from September is not yet legally binding. Corresponding judgments are expected not before 2022. Over a million people have already signed the petition against the ECT which we have linked.



2020: Assassinated Environmental and Land Defenders

Category: general,
Source: info,
Language: en,
Type:
update
.
According to Global Witness more than 227 people were assassinated in 2020 who were engaging to protect nature and/or their base of live/living. The numbers are higher in reality because the data can not be collected correctly in countries with infringement of press freedom an civil liberties. According to Water Protector Legal Collective (WPLC) it were 331. Global Witness demonstrates that since the Paris Agreement there were four environmental defenders murdered each week. The numbers are on the rise and are now according to GW twice the number of 2013. WPLC says that 70% of the people killed were involved in in indigenous and land rights. Indigenous people are according to GW affected with a third of all killings right above the average as they only pose 5% of all global inhabitants. The deadliest countries were Columbia with 65 people being killed – since the end of the FARC the numbers have risen even more – Mexico with 30 people being killed, the Philippines with 29 and Brazil with 20 people officially counted.



Plans to Assassinate and to Kidnap Assange

Category: general,
Source: info,
Language: en,
Type:
new
.
According to Yahoo News the CIA had plans to kidnap Assange and bring him to the US where he would face trial. Under the Trump administration it was even thought to assassinate Julian Assange or other WikiLeaks members, more or less as vengance to the disclosure of the Vault 7 material, though some intelligence officials argue that this would have been illegal. The CIA sees Wikileaks as a non government intelligence agency and not as a news outlet. In deed Wikileaks helped Edward Snowden to get from Hong Kong to Russia. Pompeo also claimed that Wikileaks would have encouraged its followers to find jobs at the CIA. Wikileaks has gone from a target of collection to a target of disruption – as apparently also the author of elstel.org. This included paralyzing Wikileaks's digital infrastructure, disrupting its communications, provoking internal disputes within the organization by planting damaging information, and stealing WikiLeaks members’ electronic devices, according to three former officials. The author of this web page has previously reported about deleted emails and a stolen gpg card for elstel.org; not yet about stolen and returned safety copies of the DualSat solver and about people being threatened. Actions like this seem to be taken without proper justification: We reported in our last message that it would not have been possible to sue Assange without invented allegations because the New York Times published almost the same key material for the concerned cases. As it now turned out that there were plans to assassinate Assange this should stop his extradition to the US given reasonable assumptions about the independence of the justice system. The Russians had even plans to sneak Assange out of the Ecuadorian embassy and to bring him to Russia. The plans seem to have been thwarted by Western Intelligence even before a gunfight, a car crashing into that one of Assange or a forced halting of his plane before taking off – as all of what has been thought of to block him from getting to Russia. “A former U.S. national security official confirmed that U.S. intelligence had access to video and audio feeds of Assange within the embassy but declined to specify how it acquired them.”