Feeds

back to article Mozilla accuses Gamma of dressing up dictators' spyware as Firefox

Firefox-maker Mozilla claims spook supplier Gamma International disguises its spyware as the popular web browser - and wants it to stop. The non-profit software foundation slapped a cease-and-desist demand on UK-based FinFisher developer Gamma. In the legal letter, Mozilla said its Firefox trademark is being violated and that …

COMMENTS

This topic is closed for new posts.
Gold badge

An opportunity for AV companies

Most popular software packages are digitally signed these days. It would be fairly simple to write code to check a list of a hundred or so "most popular" packages (all recent versions) and check that their certs are correct. It wouldn't take very long either, since the cost is essentially one pass of your directory tree plus one signature check for each of the whitelisted apps that it finds. As "heuristic" checks go, this strikes me as whole lot more useful than hosing your OS, which is what some of the AV companies seem to do.

If the AV companies won't bother, perhaps MS would like to consider it for their own monthly malware scan (from Windows Update). Since I'm a generous bloke, I hereby put the idea of "using digital signatures for their intended purpose" into the public domain.

2
0
Anonymous Coward

Cease and desist?

Sod that,

Litigation, litigation, litigation....sue,sue,sue.

That will end them.

2
1
Bronze badge

Re: An opportunity for AV companies

Package check-summing and gpg-signing has been around on well designed OS's for quite a long time now. Say, digital signing Apt had implemented in 2003 and Debian adopted since 2005. md5/sha- verification of the contents of a package has been there perhaps since the dawn of time.

2
0
Bronze badge

Re: An opportunity for AV companies

I seem to remember that this is how virus scanners *used* to work, before they went "Heuristic" - they'd scan your HDD and created MD5s from your files for later comparison.

2
0
Silver badge

Cease and desist

IS the start of litigation.

2
0
Bronze badge

Re: An opportunity for AV companies

Windows has had various warnings against running/downloading unsigned binaries for years. However the freetard brigade have consistently whined that it's all part of some grand conspiracy against them and part of some devious plot to extract money out of them.

1
5

Re: An opportunity for AV companies

You are assuming there is trust in the signing process? I'm sure any government could bend the arm of MS or issuer to sign their binary to ensure it gets installed. All it would take is one to sign it, and be trusted by all computers regardless of country.

2
0
Bronze badge

Re: An opportunity for AV companies

@phiz: So on the off chance that some government might just possibly be able to compromise a cert auth, we should instead allow anybody to spoof applications by having no signing process at all? It's not a case of "every signed app must be implicitly trusted", but instead "anything not signed should be treated as potentially compromised"

There would be nothing to stop app authors also providing their own verification mechanisms if they're really that worried about a CA being compromised. And the minute a single CA was identified as being compromised in any way, it'd pretty much kill their business off.

0
0
Gold badge

Re: An opportunity for AV companies

"You are assuming there is trust in the signing process?"

No, I am not. I am assuming that the AV vendor builds the whitelist themselves and verifies that (for example) the version of Firefox.exe on the customers machine matches one of the versions of Firefox that the AV vendor has seen in their own lab.

I am also assuming that the bad guys can't just switch to Trojanising *unpopular* software, because their infection strategy depends on popularity. Therefore, the whitelist would not need to be unmanageably large in order to be effective.

1
0
Gold badge

Re: An opportunity for AV companies

"I seem to remember that this is how virus scanners *used* to work"

It's similar, certainly, so we know it is scalable up to quite ridiculously large numbers, but there is a difference. Traditional AV uses signatures of unknown EXEs to see if they contain known viruses. I'm suggesting using the signatures of known EXEs to see if they contain unknown viruses.

1
0
Stop

The 'legitimate' monetisation of cyber-warfare. What could possibly go wrong...

1
0
jai
Silver badge

The company did not respond to our requests at the time of writing.

Best to check if there are two copies of "Firefox" installed on the El Reg computers.

3
0
Silver badge
Thumb Down

Loathsome purveyors of malware. I do hope Mozilla make them pay for the damage that's being caused to their reputation.

What sort of odious software engineer is happy to work on this stuff?

15
1
Thumb Down

People with responsibilities, that's who. We don't all live in your hippie utopia.

4
26
Silver badge
Flame

@unwarranted triumphalism

Since you voluntarily accepted the "responsibilities" of being a fucking scumbag by choosing to work for these sorts of companies, how well do you sleep at night knowing your "responsibilities" are killing innocent people?

Sleep tight, scumbag. Sleep lightly.

6
4
Silver badge

re: People with responsibilities

Responsibility? I think the word you're looking for is greed.

1
0

Where can we download the source?

Firefox is distributed under the Mozilla Public license, https://www.mozilla.org/MPL/2.0/, which as I understand it requires distribution of "... any Modifications that You create or to which You contribute, must be under the terms of this License."

Where can I download the source code of the changes and updates Gamma has made?

8
2

Re: Where can we download the source?

I imagine here is a security-exception escape clause, especially the last sentence:

__________

4. Inability to Comply Due to Statute or Regulation

If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Software due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be placed in a text file included with all distributions of the Covered Software under this License. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it.

__________

0
4

Re: Where can we download the source?

I imagine that Gamma would like to be covered by that clause, but arn't they just a commercial company with no special privileges?

3
0

Re: Where can we download the source?

I'm suspecting the laws in various countries make exceptions for commercial interests dealing with defense, security, and law-enforcement parties. There's the notorious secrecy law surrounding RIM/Blackberry and law enforcement a while back; but the details are no longer in my memory.

0
0
Bronze badge

Re: Where can we download the source?

I may have misunderstood, but from what I read I thought they were re-packaging their spyware to look like a Firefox executable to the OS, but that it wasn't FF in any way.

Did I read wrong?

1
0

Re: Where can we download the source?

Can't see the downvote.

I'm simply offering a conjecture based on the wording copied straight out of the agreement.

0
0
Silver badge
Thumb Up

Re: Can't see the downvote

votes. Mentioning downvotes is like a red rag to a bull round here.....

0
0
FAIL

Wrong audience

" . . .to trick them into installing FinSpy on their Windows PCs."

I may be dead wrong . . but haven't the people, worth monitoring, ditched that OS a long time ago ? As long as $GOV targets Windows PCs, the real hacks have nothing to worry about. A BSD version - now that would be cute.

3
4
Gold badge

Re: Wrong audience

Actually, I think you are dead wrong. Whilst it is true that anyone specialising in cyber-warfare probably isn't running XP, there are plenty of other criminal types who use computers in much the same way that I use a car. For example, I believe Bin Laden's hideout had a number of Windows machines.

0
0
Silver badge

Re: I may be dead wrong

You are. The idea that political activism is tied to a particular operating system is genuinely pathetic. Real activism requires you to get out there and do something, no OS required.

Good use of, commas though.

0
0
Bronze badge
Facepalm

So what you're saying is....

"“Gamma’s software is entirely separate, and only uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion.”

Fowler stressed FinSpy does not affect Firefox. “Gamma’s software is entirely separate, and only uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion,” Fowler claimed."

It sounds like Gamma's software is entirely separate, and only uses Mozilla's brand and trademarks to lie and mislead as one of the methods for avoiding detection and deletion. Do I have that right?

3
0
Silver badge

Could not happen if ...

If our PK infrastructure so horribly broken, this type of thing would be impossible. As Ken Hagan above mentions, even the existing one will allow a patch.

1
0
Anonymous Coward

Another take/solution

Parallels to earlier Firefox story:

http://www.theregister.co.uk/2013/04/16/mozilla_threatens_teliasonera

- Gamma is selling technology to snoop on citizens.

- Mozilla community opposes this behaviour - and asks Thawte to rescind all the Gamma certificates.

- Thawte of course refuses to do so and Mozilla responds that Thawte's root certificate won't be included in the future versions.

I foresee this as plausible as Firefox removing TeliaSonera's certificates.

2
0
Bronze badge

So your PC security has been Thwarted !

Yep,

it does seem to of make any Thawte certificate near worthless.

0
0
This topic is closed for new posts.