mersenneforum.org  

Go Back   mersenneforum.org > Math Stuff > Tales From the Crypt(o)

Reply
 
Thread Tools
Old 2020-02-04, 10:33   #199
henryzz
Just call me Henry
 
henryzz's Avatar
 
"David"
Sep 2007
Cambridge (GMT)

7×811 Posts
Default

Quote:
Originally Posted by retina View Post
That sort of request often sounds worse than it is. Often to request permission to do one thing they have to ask permission to do loads more than they need. Of course, you never know if they take advantage or not.
henryzz is offline   Reply With Quote
Old 2020-02-04, 22:54   #200
kriesel
 
kriesel's Avatar
 
"TF79LL86GIMPS96gpu17"
Mar 2017
US midwest

2×3×677 Posts
Default

Quote:
Originally Posted by paulunderwood View Post
"I'll even kiss a Sunset pig" -- Joni Mitchell, California, Blue, 1971. Earlier than that?
Much earlier.
https://www.straightdope.com/columns...s-or-the-fuzz/
kriesel is online now   Reply With Quote
Old 2020-02-04, 22:58   #201
kriesel
 
kriesel's Avatar
 
"TF79LL86GIMPS96gpu17"
Mar 2017
US midwest

2·3·677 Posts
Default

Quote:
Originally Posted by retina View Post
I wonder how many times you can click "Deny". And whether it has any actual effect.

The Kaspersky terms are remarkable for length of listing all the things they will capture and forward to headquarters unless in most of the world the user opts out. (Europe is very sensibly opt-in.) Far too long for a screen capture.

Last fiddled with by kriesel on 2020-02-04 at 22:58
kriesel is online now   Reply With Quote
Old 2020-02-05, 05:23   #202
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

25×173 Posts
Default

Quote:
Originally Posted by henryzz View Post
That sort of request often sounds worse than it is.
Once you give them the power ...
retina is online now   Reply With Quote
Old 2020-02-05, 23:25   #203
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

260308 Posts
Default

Researcher: Backdoor mechanism still active in devices using HiSilicon chips | ZDNet
Quote:
Russian security researcher Vladislav Yarmak has published today details about a backdoor mechanism he discovered in HiSilicon chips, used by millions of smart devices across the globe, such as security cameras, DVRs, NVRs, and others.

A firmware fix is not currently available as Yarmak did not report the issue to HiSilicon citing a lack of trust in the vendor to properly fix the issue.

In a detailed technical rundown that Yarmak published on Habr earlier today, the security researcher says the backdoor mechanism is actually a mash-up of four older security bugs/backdoors that were initially discovered and made public in March 2013, March 2017, July 2017, and September 2017.

"Apparently, all these years HiSilicon was unwilling or incapable to provide adequate security fixes for [the] same backdoor which, by the way, was implemented intentionally," Yarmak said.

How the backdoor works

According to Yarmak, the backdoor can be exploited by sending a series of commands over TCP port 9530 to devices that use HiSilicon chips.

The commands will enable the Telnet service on a vulnerable device.

Yarmak says that once the Telnet service is up and running, the attacker can log in with one of the six Telnet credentials listed below, and gain access to a root account that grants them complete control over a vulnerable device.

These Telnet logins have been found in previous years as being hardcoded in the HiSilicon chip firmware, but despite the public reports, Yarmak says the vendor chose to leave them intact and disable the Telnet daemon instead.

Proof-of-concept code

Because Yarmak did not intend to report the vulnerability to HiSilicon, firmware patches are not available. Instead, the security researcher has created proof-of-concept (PoC) code that can be used to test if a "smart" device is running on top of HiSilicon system-on-chip (SoC), and if that SoC is vulnerable to attacks that can enable its Telnet service.

If a device is found to be vulnerable, in his Habr write-up the Russian researcher is adamant that device owners should ditch and replace the equipment.

"Taking into account earlier bogus fixes for that vulnerability (backdoor, actually) it is not practical to expect security fixes for firmware from [the] vendor," Yarmak said. "Owners of such devices should consider switching to alternatives."

In the case that device owners can't afford the price of new equipment, Yarmak recommends that users "should completely restrict network access to these devices to trusted users," especially on device ports 23/tcp, 9530/tcp, 9527/tcp -- the ports that can be exploited in attacks.

The proof-of-concept code is available on GitHub. Build and usage instructions for the PoC are available in the Habr post.

As for the impact, Yarmak says that the vulnerable HiSilicon chips most likely ship with devices from countless of white-label vendors, under numerous brands and labels. Here, he cited the work of another researcher who in September 2017 tracked down a similar backdoor mechanism in HiSilicon firmware that was being used by DVRs sold by tens of vendors.
ewmayer is online now   Reply With Quote
Old 2020-02-26, 18:23   #204
xilman
Bamboozled!
 
xilman's Avatar
 
May 2003
Down not across

17·593 Posts
Default

Pets not being fed
xilman is offline   Reply With Quote
Old 2020-02-27, 12:19   #205
S485122
 
S485122's Avatar
 
Sep 2006
Brussels, Belgium

22·383 Posts
Default

I just installed a fresh copy of Windows 10 1909 for someone, applied the latest patches.

In Edge, Bing is the second search engine even if one has 4 others, and can't be removed but this was already so.

The help key, the suggestions for more information ... all turn up a Bing search with Edge. This new feature can be disabled by a third party hack changing the calls to Edge to calls to your default browser...

But you still need another hack in your browser to redirect the search from Bing to your preferred search engine. And my experience with Bing is very poor : the same search about a Microsoft KB article, didn't turn up anything relevant in the first page(s) of Bing results, while with Google, the Microsoft article I looked for, was first in the results. This fact is very relevant to the subject of this thread : it would imply that Microsoft can't spare resources to properly index its own sites, the resources are needed for the profiling of the chattels* ;-)
(* Microsoft PR would prefer to speak about "members of the public".)

It goes further than that : it seems that searches for local documents are mandatorily also handled by Bing, this would imply that Microsoft has an index of your local files, the old "setting" to turn that feature of has disappeared. Once again a registry hack exists, disallowing Bing to be used for local searches. I am not sure that hack still works in this, or even older versions of Windows 10, because I suspect those changes came with one of the latest updates, possibly in December but more likely in January.

This suspicion is strengthened by the fact that at that same time Office for desktop was "upgraded" by a service pack to use Bing at some places in the help functionalities, with no possibility to turn it off (unlike the plethoric "Research" engines one can turn off one by one.) This enhancement was also issued Office 2013.

Part of the other Windows 10 taking over of our data can still me disabled via the privacy settings (for instance the infamous "anonymously send your gestures and typing to Microsoft in order to better help you.".)

I am surprised that I couldn't find any documentation about those changes on the Web. And documenting them properly would be difficult for me : it implies installing an old version of Windows and only applying the updates through manual downloads since otherwise one only gets the latest cumulative upgrade. The alternative would be to analyse the binaries of the upgrades of that period.

Jacob
S485122 is offline   Reply With Quote
Old 2020-03-03, 03:50   #206
kriesel
 
kriesel's Avatar
 
"TF79LL86GIMPS96gpu17"
Mar 2017
US midwest

2·3·677 Posts
Default

Quote:
Originally Posted by S485122 View Post
I just installed a fresh copy of Windows 10 1909 for someone, applied the latest patches.

In Edge, Bing is the second search engine even if one has 4 others, and can't be removed ...
MS Office
Star Office
Open Office ...> Libre Office

Win10 Win7 in VM on Linux?
kriesel is online now   Reply With Quote
Old 2020-03-03, 10:19   #207
S485122
 
S485122's Avatar
 
Sep 2006
Brussels, Belgium

22·383 Posts
Default

Quote:
Originally Posted by kriesel View Post
MS Office
Star Office
Open Office ...> Libre Office

Win10 Win7 in VM on Linux?
I don't deny there are alternatives.
I was just pointing out how the operating system, with the biggest market share by far, is forcing choices on its users and harvesting their data .

Jacob
S485122 is offline   Reply With Quote
Old 2020-03-09, 19:04   #208
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

23×17×83 Posts
Default

Quote:
The Met Police set up live facial recognition cameras in east London. One passerby who didn’t want to have his face scanned and so covered up his face was issued a £90 fine.#bbctbq pic.twitter.com/S7Lt6oMApV

— paulusthewoodgnome (@woodgnomology) 8 March 2020
Literally Gestapo-worthy stuff.

Last fiddled with by ewmayer on 2020-03-09 at 19:04
ewmayer is online now   Reply With Quote
Old 2020-03-09, 19:38   #209
paulunderwood
 
paulunderwood's Avatar
 
Sep 2002
Database er0rr

2×11×149 Posts
Default

Quote:
Originally Posted by ewmayer View Post
Literally Gestapo-worthy stuff.
To be fair, he did tell the rozzers to " off".

However, I deplore this sort of invasive technology. They won't be happy until they have a probe up your ae.

Last fiddled with by paulunderwood on 2020-03-09 at 19:44
paulunderwood is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cause this don't belong in the milestone thread bcp19 Data 30 2012-09-08 15:09
GPU TF vs DC/LL data bcp19 GPU to 72 0 2011-12-02 16:41
Opinions/Suggestions for Data Collection thread kar_bon No Prime Left Behind 19 2008-11-27 09:27
Data available? Prime95 LMH > 100M 10 2007-06-22 23:55
Deutscher Thread (german thread) TauCeti NFSNET Discussion 0 2003-12-11 22:12

All times are UTC. The time now is 23:19.

Wed Jul 8 23:19:57 UTC 2020 up 105 days, 20:53, 0 users, load averages: 1.03, 1.19, 1.27

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.