back to article Canadian govt snoops emit their own malware detection tool, eh

Canada's Communications Security Establishment has open-sourced its own malware detection tool. The Communications Security Establishment (CSE) is a signals intelligence agency roughly equivalent to the United Kingdom's GCHQ, the USA's NSA and Australia's Signals Directorate. It has both intelligence-gathering and advisory …

  1. Michael H.F. Wilkinson Silver badge

    Looks like even Canadian Spooks

    are living up to the reputation of Canadians being nice (or at least they are trying).

    My two brief visits (both Quebec City (well worth a visit), so there may be sampling bias) generally confirm this reputation, although I do not doubt there are exceptions to be found (like everywhere). The food was good, I must say, with the French influence clearly noticeable (hey, it's Quebec!). Having said that, I do not doubt people will want to scrutinize the code for any "telemetry" before wanting to use it

  2. John Smith 19 Gold badge
    Unhappy

    "automatically recognizes the various file formats.. and triggers the analysis of each file.”

    Errm.

    Should that not read "reads file name and checks claimed file type against internal evidence" to start with?

    Otherwise it seems a tad trusting.

    Cautious thumbs up, provided a)It's available in source code b) No hidden functionality in library "black boxes" and c) 3rd party libraries sent with it can be swapped out with own (or freshly downloaded) copies of them (and compared with them).

    Sorry to sound paranoid Canada, but y'know, signals intelligence agencies have a bit of a reputation.

    Nothing personal. It's just people don't trust them. :-(

    1. Doctor Syntax Silver badge

      Re: "automatically recognizes the various file formats.. and triggers the analysis of each file.”

      "Cautious thumbs up, provided a)It's available in source code"

      From the subhead: "Canada's Communications Security Establishment has open-sourced its own malware detection tool."

    2. JLV
      Black Helicopters

      Re: "automatically recognizes the various file formats.. and triggers the analysis of each file.”

      >Sorry to sound paranoid

      No worries, we understand, eh.

      Just so you know, CSIS (Canada's CIA/NSA/FBI/GCHQ equiv) just got a big new HQ a few years ago. Very posh, very $$$$.

      One of the motivations for the move was that its power draw was outstripping the capacity of the small-ish city in which it was located...

  3. Mr Dogshit
    Thumb Up

    Thanks Canadia!

  4. Anonymous Coward
    Anonymous Coward

    Other Nations sig ops will Blame Canada https://www.youtube.com/watch?v=bOR38552MJA for cutting off an easy code injection path. :)

  5. Anonymous Coward
    Anonymous Coward

    As Canada are a member of Five Eyes

    This almost certainly was OK'd in some form by the others members before it was released.

    https://en.wikipedia.org/wiki/Five_Eyes

  6. amanfromMars 1 Silver badge

    Canada ..... Making a NATO Prison Break for Occupation of Higher Ground? Bravo CSE, ...if it be true

    Nothing in it is commercial technology and the CSE says it is “easily integrated in to existing cyber defence technologies.”

    And that is the same as saying, and it will be perfectly understood to those in the know, it is easily weaponised for cyber attacks.

  7. Alistair
    Windows

    While I get the cautious cynicism (and i have a good bit of my own on this), I will point out that the 5 eyes dancing together bit doesn't quite fly. CSE and CCIS have several times in the last dozen or so years called everyone else out. Most notably over an invoice for yellowcake.

    Perhaps this can replace MWB since it was co-opted....

    1. Doctor Syntax Silver badge

      "the 5 eyes dancing together"

      +1 for mixed metaphor of the day.

  8. Anonymous Coward
    Anonymous Coward

    to make us all as safe as Canada

    Oh, thank heaven. You have no idea how many nights I lose sleep wishing I was as safe as Canada.

  9. John Smith 19 Gold badge
    Unhappy

    Canada. What all North America could be like..

    Without a huge herd of drug addled gun toting trigger happy loons living down South..*

    *The US definition of "mass shooting" is "more than 5 people involved." So far the US has had 326 mass shootings this year. I think the US will do something about this quite soon.

    They will probably raise the number of people you have to shoot to qualify.

    1. Anonymous Coward
      Anonymous Coward

      Re: Canada. What all North America could be like..

      Surely the obvious way to adjust the statistics is they'll start to do it based on the Net Worth of the individuals.....that way poor people will count less.

  10. sloshnmosh

    APKaye

    I downloaded the source for APKaye and it looks promising.

    It basically runs a script to download DEX2Jar and JDGUI and APKtool and their dependancies on a 'NIX machine to decompile an Android app (.apk) and checks the manifest file for permissions using the stock manifest from a well known Google device to report dangerous or unknown permissions of an app.

    It runs a STRINGS command looking for any hardcoded URL's or IP addresses and also checks the META files SHA's to see if the app has been repacked and other tests.

    All of these tests can be configured to add your own flags making it a very decent tool.

    I am looking to see about porting it to Android.

    Thanks Canada!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020