'All Your Data ❝Я❞ Belong To Us' Thread - Page 2

ewmayer · 2017-05-15, 03:25

[I link to Mish here not because he's any kind of crypto expert but because both of his posts contain nice annoted sets of links]

WannaCry Cyber Attack Hits 99 Countries, FedEx, Nissan, Hospitals, Universities with NSA Developed Malware: Five Questions. | MishTalk

Microsoft Blasts NSA, CIA for "Stockpiling Vulnerabilities" Criminal Negligence by NSA? | MishTalk

How to Accidentally Stop a Global Cyber Attacks | MalwareTech -- On why the U.S., ironically enough given NSA's role in developing the weaponized malware in question, was mostly spared.

Top NSA Whistleblower: Ransomware Hack Due to "Swindle of the Taxpayers" by Intelligence Agencies | Washington's Blog -- some choice harsh verbiage from ex-NSA-analyst "legend" William Binney.

paulunderwood · 2017-05-15, 12:29

I wonder how much money has been "given" to M$ to date by the UK's NHS. Surely the powers that be must have known the XP is obsolete as will be later versions of Windoze OS one day. Of course, because of the bloat, hardware needs to be updated. So much for "total cost of ownership"!

ewmayer · 2017-09-29, 00:04

Report Exposes Flaws In Link Shorteners That Reveal Sensitive Info About Users And Track Their Offline Movements | Techdirt

ewmayer · 2017-10-13, 22:37

With Virtual Machines, Getting Hacked Doesn’t Have to Be That Bad | The Intercept

paulunderwood · 2017-10-16, 10:25

https://www.theguardian.com/technolo...vernment-warns

lavalamp · 2017-10-16, 12:03

Quote:

Originally Posted by paulunderwood

https://www.theguardian.com/technolo...vernment-warns

Is WPA2 entirely software based or does it have hardware requirements also? I wonder how hard this would be to patch up.

From the article it seems as though they're saying the protocol was cracked, rather than the encryption, but I'm not entirely sure.

retina · 2017-10-16, 12:24

Quote:

Originally Posted by lavalamp

Is WPA2 entirely software based or does it have hardware requirements also? I wonder how hard this would be to patch up.

It is software (or firmware I guess). It can be patched. But in reality it won't be patched. Most devices won't get a patch from the manufacturer. And if they did, "no one" knows how to install it anyway, or even that it needs installing, or even that there is something to install. Welcome to the world of insecure devices.

Quote:

Originally Posted by lavalamp

From the article it seems as though they're saying the protocol was cracked, rather than the encryption, but I'm not entirely sure.

The ~~key~~ 8-digit WPS negotiation was broken many years ago. Some newer devices have workarounds for that problem. But the encryption is secure in that no one has yet broken AES (that we know of anyway).

Edit: It wasn't the key, but the "secret" device number.

ewmayer · 2017-10-24, 20:58

An interesting angle on the WPA2 vulnerability:

The recent catastrophic Wi-Fi vulnerability was in plain sight for 13 years behind a corporate paywall | privateinternetaccess.com

Quote:

When this week’s KRACK wi-fi vulnerabity hit, I saw a series of tweets from Emin Gür Sirer, who’s mostly tweeting on bitcoin topics but seemed to know something many didn’t about this particular Wi-Fi vulnerability: it had been in plain sight, but behind paywalls with corporate level fees, for thirteen years. That’s how long it took open source to catch up with the destructiveness of a paywall.

Apparently, WPA2 was based on IEEE standards, which are locked up behind subscription fees that are so steep that open source activists and coders are just locked out from looking at them. This, in turn, meant that this vulnerability was in plain sight for anybody who could afford to look at it…. [W]hile ordinary activists and coders were locked out of reviewing these documents, the NSA and the like had no shortage of budget to pay for subscriptions to these specifications. Thus, the IEEE’s paywall was lopsiding the security field toward mass surveillance, away from security.

ewmayer · 2017-11-12, 02:14

Why You Should NEVER Buy an Amazon Echo or Even Get Near One | naked capitalism

Dr Sardonicus · 2017-11-12, 15:25

Quote:

Originally Posted by ewmayer

Why You Should NEVER Buy an Amazon Echo or Even Get Near One | naked capitalism

Fascinating. The idea of cross-referencing to identify voices -- in particular, voice commands -- occurred to me while watching the Star Trek: The Next Generation episode Brothers (8 Oct, 1990). Commander Data was able, merely by imitating Captain Picard's voice, to commandeer the Enterprise and lock everyone else out from voice command of computer. The thought immediately occurred to me: Wait a minute! Doesn't the computer know Captain Picard is somewhere else?

Now, I don't expect these voice-activated "assistants" to be as sophisticated as the Enterprise's computer, so perhaps a high-quality recording of the owner's voice could be used to cause mischief...

There's another kind of voice activated "assistant" heavily advertised of late -- remote controls, in particular Comcast TV and internet services. I don't know enough details about what you can tell the remote to do, or how good its recognition capabilities are, but the potential for running up pay-per-view or other extra charges is amusing to contemplate.

ewmayer · 2017-11-17, 01:40

The NSA Needs to Stop Hacking | The Week

2017-10-13, 22:37	#15
ewmayer ∂²ω=0 Sep 2002 República de California 5·2,351 Posts	With Virtual Machines, Getting Hacked Doesn’t Have to Be That Bad \| The Intercept Last fiddled with by ewmayer on 2017-10-13 at 22:38

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Cause this don't belong in the milestone thread	bcp19	Data	30	2012-09-08 15:09
GPU TF vs DC/LL data	bcp19	GPU to 72	0	2011-12-02 16:41
Opinions/Suggestions for Data Collection thread	kar_bon	No Prime Left Behind	19	2008-11-27 09:27
Data available?	Prime95	LMH > 100M	10	2007-06-22 23:55
Deutscher Thread (german thread)	TauCeti	NFSNET Discussion	0	2003-12-11 22:12

2017-05-15, 03:25	#12
ewmayer ∂²ω=0 Sep 2002 República de California 5×2,351 Posts	[I link to Mish here not because he's any kind of crypto expert but because both of his posts contain nice annoted sets of links] WannaCry Cyber Attack Hits 99 Countries, FedEx, Nissan, Hospitals, Universities with NSA Developed Malware: Five Questions. \| MishTalk Microsoft Blasts NSA, CIA for "Stockpiling Vulnerabilities" Criminal Negligence by NSA? \| MishTalk How to Accidentally Stop a Global Cyber Attacks \| MalwareTech -- On why the U.S., ironically enough given NSA's role in developing the weaponized malware in question, was mostly spared. Top NSA Whistleblower: Ransomware Hack Due to "Swindle of the Taxpayers" by Intelligence Agencies \| Washington's Blog -- some choice harsh verbiage from ex-NSA-analyst "legend" William Binney.

2017-05-15, 12:29	#13
paulunderwood Sep 2002 Database er0rr 2×3³×83 Posts	I wonder how much money has been "given" to M$ to date by the UK's NHS. Surely the powers that be must have known the XP is obsolete as will be later versions of Windoze OS one day. Of course, because of the bloat, hardware needs to be updated. So much for "total cost of ownership"!

2017-09-29, 00:04	#14
ewmayer ∂²ω=0 Sep 2002 República de California 5·2,351 Posts	Report Exposes Flaws In Link Shorteners That Reveal Sensitive Info About Users And Track Their Offline Movements \| Techdirt

2017-10-16, 10:25	#16
paulunderwood Sep 2002 Database er0rr 4482₁₀ Posts	https://www.theguardian.com/technolo...vernment-warns

2017-11-12, 02:14	#20
ewmayer ∂²ω=0 Sep 2002 República de California 5·2,351 Posts	Why You Should NEVER Buy an Amazon Echo or Even Get Near One \| naked capitalism

2017-11-17, 01:40	#22
ewmayer ∂²ω=0 Sep 2002 República de California 5·2,351 Posts	The NSA Needs to Stop Hacking \| The Week