On 2/24/19 11:08 AM, Nex wrote: > On 2/23/19 11:07 AM, Scott Rea via dev-security-policy wrote: >> G’day Wayne et al, >> >> In response to your post overnight (included below), I want to assure you >> that DarkMatter’s work is solely focused on defensive cyber security, secure >> communications and digital transformation. We have never, nor will we ever, >> operate or manage non-defensive cyber activities against any nationality. >> >> Furthermore, in the spirit of transparency, we have published all our public >> trust TLS certificates to appropriate CT log facilities (including even all >> our OV certificates) before this was even a requirement. We have been >> entirely transparent in our operations and with our clients as we consider >> this a vital component of establishing and maintaining trust. >> >> We have used FIPS certified HSMs as our source of randomness in creating our >> Authority certificates, so we have opened an investigation based on Corey >> Bonnell’s earlier post regarding serial numbers and will produce a >> corresponding bug report on the findings. >> >> I trust this answers your concerns and we can continue the Root inclusion >> onboarding process. > > For clarity, are you rejecting all of the following articles and blog > posts as false and fabricated? > > 1. https://www.reuters.com/investigates/special-report/usa-spying-raven/ > 2. > https://theintercept.com/2016/10/24/darkmatter-united-arab-emirates-spies-for-hire/ > 3. > https://www.evilsocket.net/2016/07/27/How-The-United-Arab-Emirates-Intelligence-Tried-to-Hire-me-to-Spy-on-its-People/
The New York Times just published another investigative report that mentions DarkMatter at length, with additional testimonies going on the record: 4. https://www.nytimes.com/2019/03/21/us/politics/government-hackers-nso-darkmatter.html _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
