The demise of the WikiLeakS.org website has led to the creation of a new slightly graphically enhanced website design at http://WikiLeakS.CH
This has a new design and offers some snippets of "news" on the front page, which is dominated by a Twitter feed and the never ending request for money.
Yet again, PayPal appear to have suspended the Wikileaks.org donations account, as they have done in the past. Whether this will be permanent this time, remains to be seen.
http://wikileaks.ch/support.html
There now seems to be a separate
Julian Assange Defence Fund
Please donate directly to the Julian Assange and other WikiLeaks Staff Defence Fund. These funds will be used exclusively for defence costs
What financial auditing or transparency there is for this new Fund, is a mystery.
The alleged "Submissions" page is still a fiction
http://wikileaks.ch/submissions.html
There is still no longer any method of submitting new whistleblower leaks to WikiLeakS.CH (not even in plaintext , let alone using any encryption), so it is very misleading of them to pretend that there is.
This WikiLeakS.CH website does not publish any email or phone or postal contact details for the WikiLeaKs.org project.
They are not even re-publishing the editor@sunshinepress.org etc. email addresses that they used to.
Incredibly, this website does not have any kind of Digital Certificate, not even a self signed one. Therefore there is no SSL/TLS encryption to protect sensitive personal data like names, emails and phone numbers etc from being snooped when submitting a web form.
However there are now two such web forms, one for Journalists to Register to perhaps, if they are lucky, be put on the list of "reliable and trustworthy organizations" to "collaborate" with on "future releases".
http://wikileaks.ch/media.html
All of the the 17 fields on this web form are marked as mandatory, including email address and mobile phone numbers.
What a gift to any Government agency or others monitoring the unencrypted web form traffic.
There is also now a Mirrors page
http://wikileaks.ch/mirrors.html
Wikileaks Mirrors
Wikileaks is currently under heavy attack.
In order to make it impossible to ever fully remove Wikileaks from the Internet, you will find below a list of mirrors of Wikileaks website and CableGate pages.
If you want to add your mirror to the list, see our Mass Mirroring Wikileaks page
Mirror ListThe mirror list will be published when we will have at least 50 mirrors
Why wait until they "have at least 50 mirrors ? Surely a couple of high bandwidth mirrors would be more useful than 50 low bandwidth ones ? The legal jurisdictions of these mirrors is also an issue.
This second unencrypted web form:
http://wikileaks.ch/mass-mirror.html
is even more of a candidate for SSL/TLS encryption protection, since it asks for Login Details and Passwords to allow wikileaks to upload arbitarary content to mirror sites.
They are asking for:
IP Address of your server *
add ":port" if you are using a port other than 22 for SSH or 21 for FTP, IPv6 should be written with brackets [ ] like [2001:67e::44]:22Login we should use to access this server *
Password we should use, ONLY if we should use FTP
absolute path where we should upload the html data. *
Hostname you configured on your http server to serve the pages (if not www.wikileaks.org) *
How stupid does anyone have to be to simply hand such details over to wikileaks, without any encryption and even without establishing two way contact with them first ?
It is all very well stating that
I know that this may be dangerous if I host a www.wikileaks.org virtual host, and I'm ok with this risk. *
but they really should explain the risks properly and provide some protection for volunteers.
- There is no promise to provide any legal or financial support, or even advice, in return for someone being stupid enough to publicly mirror the controversial wikileaks content at their own expense.
- What if the unencrypted form with its login details is intercepted by third parties and then used to upload fake whistleblower documents, or versions which have tracking cookies, web bugs, malicious javascript embedded in (.pdf) or (.doc) files etc ?
- What if these unencrypted logon details are used (by third parties or by wikileaks insiders) to access the web server logfiles to snoop on visitors to these mirrors ?
- Rogue mirror operators will be able to gather some useful Communications Traffic Data about the wikileaks infrastructure and perhaps about individual PCs being used by the wikileaks staff.
They also claim that
Our content is only html/css/javascript/png static files, so we don't require much resource to host it.
Does that mean that they will not upload any video clips or (.pdf) or (.zip) or (.doc) content from the original WikiLeakS.org wiki whistleblower submissions ?
Recent Comments