Skip to content

Investigate potential attempt to compromise SVS #2238

Closed
@garrettr

Description

@garrettr

Kevin Poulsen just tweeted a snippet of code that he says he received on his SecureDrop. The code snippet is incomplete, but it appears to be an attempt to exfiltrate sensitive data from the airgapped Secure Viewing Station (SVS).

Normally we would prefer to discuss potential security issues privately, in order to develop and deploy a fix without encouraging potential exploitation in case this really is a security vulnerability. In this case, the cat's out of the bag thanks the issue being reported publicly on Twitter, so we feel it's best to discuss it on an open forum in the interest of transparency.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions