Just because it's (mostly) encrypted, doesn't mean it's not commonplace for a service provider to sit in the middle and do the ethical. For HTTPS requested server name indication is still in plaintext at the start of the flow thus it's trivial to block HTTPS requests to wehaveawarranttoblockthissite.com Plus many don't type the https:/// themselves so in that case a bad actor can possibly capture a visitors authentication/session cookies (if browser is dumb or cookies were set wrong).
I set up my home like this with a DSC panel and Evisalink or whatever it's called.
The Envisalink emulates an IT100 serial interface to the panel over IP so you can interface it with your own custom software. I wrote a PHP script that would watch the zones and turn on the insteon lights to 10% for 5 minutes when the local weather station's solar radiation index was a certain threshold. It would also email me if the garage door was left open with no movement..
I recently looked at the code and wondered what I ate when I wrote it...
If the Linux default kernel options compiled in such a way that it turned your computer into a toaster, it shouldn't matter. Pretty much every distro provides their own customized build and releases it through their own package management system. A distro designed for use in toasters should be mindful of what features, patches and mitigation apply to them... conversely a server or desktop flavor should have specific applicable tuning. If you are running the wrong distro, that's another topic. The job of a developer is to code with flexibility enabling or supporting the use cases of the hardware or software in it's ecosystem. Also, disabling SMT globally is probably stupid. If you are concerned timing attack vectors from SMT in a particular application or in kernel space, you can mitigate such issues using CPU scheduling options such as isolcpus which will still allow you set the affinity of some SMT optimized applications onto a shared core. The operating system or hypervisor should be the broker of the memory or CPU resources when you are working with a hypervisor or operating system that properly supports it.
So can I obtain and unlock (through sketchy means) the automotive factory service software to reprogram the vehicle order to match the currently installed replacement hardware so that future reprogramming works as intended? And reprogram the hardware as required?
I think you mean best practices. You can't just update the routing protocol and expect people to use it properly. You can't fix incompetence by simply changing standards all the time.
Really, this attack was made possible by a whole lot of incompetence at many layers.
Since data is trivially tiered especially when dealing with services the carriers provide in house, expect to be able to get cheap limited data plans with unlimited "Chat". Or you might find even though Chat uses data, the carrier might charge a small premium to have access onto their Chat infrastructure.
It might also be similar how you can get a LTE phone where the operators do VoLTE, yet offer plans without data or charge you for minutes at voice rates instead of the VoLTE data rate.
Assuming it's an air-gapped system you've already been able to silently install malicious software onto once before, that is located in a building you can get close to the power infrastructure before the transformer... there might be better, more efficient ways.
There is auto plate number recognition everywhere. Almost every vehicle in all 7 emirates has a RFID tag on the windshield because there is one toll road in Dubai. Abu Dhabi has cameras above the road every few feet. There is CCTV in every mall / parking lot / almost every intersection. All cell phones are from one of two carriers, with major government influence. The entire country has coverage. Many buildings have femtocells or carrier approved repeater solutions installed. They employ Cell-On-Wheels solutions to augment their network during local events. Owning a cell phone to receive inbound calls (on the cell network) does not cost anything. You can even place all your calls collect.
The UAE doesn't need this. It doesn't change anything. If they need to find you, they know where you are and where you've been. TBH I'm surprised these smart plates don't do APNR/facial recognition of all the things around it.
That said, it's the only place I've been and felt safe to leave my mostly empty wallet on a crowded beach. They have some of the lowest crime rates while being a country with a huge wealth disparity. They have a huge public infrastructure investment including roads to nowhere and super cheap useful public services (still no income tax) You can drive pretty much anywhere - there is not really "private property" land in the American sense. If you look lost while driving near a palace or military installation late at night, expect to be followed (or even stopped) an innocuous looking Nissan Sunny with security. You see the Sheikh walking about in public like "just another guy" because he doesn't seem to have enemies in the country. You could probably meet him if you had something useful/helpful to say to him.
It's a different world there. I suggest you visit with an open mind.
I don't know if you are being sarcastic or not, but I think it's high time an open standards group works on creating standards for deviating from existing standards to ensure propriety.
If the remaining good older/affordable apple hardware dies, this is my prediction
"Server" xserve -> mac pro -> mac mini -> linux pc
Photo/Video content creators mac pro -> mac pro -> imac/pc
"home users" imac -> imac -> mac book air -> ipad
students macbook air -> ipad/chrome book
programmers/mobile content creators mackbook pro -> macbook pro -> macbook air like macbook
Iphone users iphone -> iphone -> iphone
iPod touch users ipod -> iphone
Apple used to have software manufacturers pushing/backing their platform. When it comes to general purpose computing, who's still doing that? Adobe? nah.. Microsoft? please... Avid? you're better off on HP. Autodesk? no. What do mac users do now that needs compute power? Dual boot windows and write on Slashdot blogs...
IMHO Apple needs to step up their game in the PC market, become cost competitive to bring up their user base, or abandon it.
I too am running an equivalent era factory water-cooled HP z800 with 2x X5687 quad 3.6ghz. I have a stack of dead power supplies I will eventually repair myself... the gods of planned obsolescence will have to wait.
Technically if there was no route to 1.1.1.1 before since it wasn't in the BGB tables, they are now attracting it like a magnet. It will no longer follow default routes until it has nowhere to go... there is now a destination.
My young stepson has been a walking iPhone X commercial since his father got one. He said something about the iPhone X being faster than laptops. Facts don't matter anymore when the masses are misguided, right from the ripe ol' age of seven... and what do you even do in this situation...
You guys need thicker tin-foil. Having a VM does not prevent the host from becoming vulnerable connecting to an un-trusted network. Since the host controls all the resources of the guest, neither the guest or host operating system is safe from being tracked/hacked etc. on an un-trusted network. if you don't trust the underlying software (or backing hardware), don't connect it to an un-trusted network!
Would a separate OS hooked up to the same keyboard/display and having a separate controller manage the keyboard and display connections make things more secure?? Or would this just another piece of hardware to hide a key logger? I think it's more hardware redundant useless hardware to keep secure. A piece of limited purpose hardware that would go obsolete before the rest of the more expensive hardware attached to it.
I don't think you can do better on the same device than using dual secure boot w/ firmware verification and encrypted drives for each OS. Unfortunately, I don't think x86 computing has ever properly cared about security so you're SOL for truly secure computing on un-trusted networks... too many independent micro-controllers in an x86 system where you can't verify the firmware. Too many legacy holes.
Warning! Kaspersky Alerts Users of Malware and 'Blockchain Abuse'
Kaspersky Labs warns users of a possible exploit in cryptocurrency blockchains that would allow malicious actors to distribute malware or even images depicting child abuse.
The warning is the result of research of INTERPOL Cyber threat experts, a group that includes a Kaspersky employee.
They warn that the extra space provided in each transaction, intended for notes, messages and as a space to allow additional functions to be built on top of the blockchain, could in fact be used to spread malicious code or worse.
Kaspersky's report states:
"The design of the blockchain means there is the possibility of malware
being injected and permanently hosted with no methods currently available
to wipe this data. This could affect 'cyber hygiene' as well as the sharing
of child sexual abuse images where the blockchain could become a safe haven
for hosting such data."
The blockchain, as CoinTelegraph readers are assuredly aware, is the virtually unmodifiable public ledger that acts as the backbone for the Bitcoin network. Once someone commits data to the blockchain, it is there forever unless more than 51 % of bitcoin miners decide to mine on a modified blockchain that doesn't include that data. That would be what is called a "hardfork" and would be extremely difficult if not impossible to pull off, with the current number of bitcoin users.
Despite Kaspersky's recent warnings, storing illegal data in a compressed manner has been a concern for the Bitcoin community for a while. In fact, links to sites containing child abuse images have already been found in early blockchain blocks and storing an image in a hashed form has also been accomplished.
Blockchain transactions don't provide enough room to store illegal images in an uncompressed form effectively. What INTERPOL and Kaspersky seem to be concerned about is either compressed, hashed, images on the Bitcoin blockchain or uncompressed images on alternative coin blockchains that allow for more space.
Encrypted and compressed data needs to be uncompressed and decrypted with an algorithm. Theoretically, since an algorithm is just a set of rules to interpret data, any code can be turned into any other kind of code. Even the words of this text could, in theory, be "decrypted" into an image of the algorithm creator's choosing. It seems extremely unlikely that Bitcoin users would be subject to prosecution for possession or distribution of child pornography, when those images don't "exist" without proper decrypting software.
A more realistic concern would be a small script embedded into the blockchain that either forces the download and install of more powerful code or somehow manages to run a damaging script in the few kilobytes of space provided. It seems it would be difficult to get those scripts to run without user interaction. Nevertheless, Kaspersky implies that even our private keys could be at risk.
"[Blockchain malware] could also enable crime scenarios in the future such
as the deployment of modular malware, a reshaping of the distribution of
zero-day attacks, as well as the creation of illegal underground
marketplaces dealing in private keys which would allow access to this
data."
Kaspersky stressed that they are believers in decentralized technology like the blockchain, but pointed out that their role is to identify threats before they become reality. At press time, there is no kno
Slashdot Mirror
Wait 10 more years until everyone else has given up trying to keep/exploit a 20 year old device on the internet
Just because it's (mostly) encrypted, doesn't mean it's not commonplace for a service provider to sit in the middle and do the ethical.
For HTTPS requested server name indication is still in plaintext at the start of the flow thus it's trivial to block HTTPS requests to wehaveawarranttoblockthissite.com
Plus many don't type the https:/// themselves so in that case a bad actor can possibly capture a visitors authentication/session cookies (if browser is dumb or cookies were set wrong).
I set up my home like this with a DSC panel and Evisalink or whatever it's called.
The Envisalink emulates an IT100 serial interface to the panel over IP so you can interface it with your own custom software. I wrote a PHP script that would watch the zones and turn on the insteon lights to 10% for 5 minutes when the local weather station's solar radiation index was a certain threshold.
It would also email me if the garage door was left open with no movement..
I recently looked at the code and wondered what I ate when I wrote it...
If the Linux default kernel options compiled in such a way that it turned your computer into a toaster, it shouldn't matter.
Pretty much every distro provides their own customized build and releases it through their own package management system.
A distro designed for use in toasters should be mindful of what features, patches and mitigation apply to them... conversely a server or desktop flavor should have specific applicable tuning. If you are running the wrong distro, that's another topic.
The job of a developer is to code with flexibility enabling or supporting the use cases of the hardware or software in it's ecosystem.
Also, disabling SMT globally is probably stupid. If you are concerned timing attack vectors from SMT in a particular application or in kernel space, you can mitigate such issues using CPU scheduling options such as isolcpus which will still allow you set the affinity of some SMT optimized applications onto a shared core. The operating system or hypervisor should be the broker of the memory or CPU resources when you are working with a hypervisor or operating system that properly supports it.
So can I obtain and unlock (through sketchy means) the automotive factory service software to reprogram the vehicle order to match the currently installed replacement hardware so that future reprogramming works as intended? And reprogram the hardware as required?
Consider some person is going to be present of the US in 20, 30 years.
Decryption: The inaugural unwrapping of the new US present.
I for one welcome our orwellian ov+++NO_CARRIER
I think you mean best practices. You can't just update the routing protocol and expect people to use it properly.
You can't fix incompetence by simply changing standards all the time.
Really, this attack was made possible by a whole lot of incompetence at many layers.
In the end, DNS will likely fix everything...
https://www.rfc-editor.org/rfc...
Since data is trivially tiered especially when dealing with services the carriers provide in house, expect to be able to get cheap limited data plans with unlimited "Chat". Or you might find even though Chat uses data, the carrier might charge a small premium to have access onto their Chat infrastructure.
It might also be similar how you can get a LTE phone where the operators do VoLTE, yet offer plans without data or charge you for minutes at voice rates instead of the VoLTE data rate.
Ted Stevens, is that you??
Assuming it's an air-gapped system you've already been able to silently install malicious software onto once before, that is located in a building you can get close to the power infrastructure before the transformer... there might be better, more efficient ways.
Sorry, 200... assuming no overhead/checksum additional data required to ensure efficient transmission
That's only 2000 hours to get 1MB of information...
So yeah... there might be faster, more efficient ways...
Interestingly, in the UAE, when you go over 120km/h, federated cars make a beeping sound and display a warning triangle.
They don't often enforce traffic infractions with real police officers. They usually just send you an SMS instead of pulling you over.
It's a different world there.
You've never lived in the UAE, have you?
There is auto plate number recognition everywhere.
Almost every vehicle in all 7 emirates has a RFID tag on the windshield because there is one toll road in Dubai. Abu Dhabi has cameras above the road every few feet.
There is CCTV in every mall / parking lot / almost every intersection.
All cell phones are from one of two carriers, with major government influence. The entire country has coverage. Many buildings have femtocells or carrier approved repeater solutions installed. They employ Cell-On-Wheels solutions to augment their network during local events. Owning a cell phone to receive inbound calls (on the cell network) does not cost anything. You can even place all your calls collect.
The UAE doesn't need this. It doesn't change anything. If they need to find you, they know where you are and where you've been. TBH I'm surprised these smart plates don't do APNR/facial recognition of all the things around it.
That said, it's the only place I've been and felt safe to leave my mostly empty wallet on a crowded beach.
They have some of the lowest crime rates while being a country with a huge wealth disparity.
They have a huge public infrastructure investment including roads to nowhere and super cheap useful public services (still no income tax)
You can drive pretty much anywhere - there is not really "private property" land in the American sense. If you look lost while driving near a palace or military installation late at night, expect to be followed (or even stopped) an innocuous looking Nissan Sunny with security.
You see the Sheikh walking about in public like "just another guy" because he doesn't seem to have enemies in the country. You could probably meet him if you had something useful/helpful to say to him.
It's a different world there. I suggest you visit with an open mind.
I don't know if you are being sarcastic or not, but I think it's high time an open standards group works on creating standards for deviating from existing standards to ensure propriety.
If the remaining good older/affordable apple hardware dies, this is my prediction
"Server"
xserve -> mac pro -> mac mini -> linux pc
Photo/Video content creators
mac pro -> mac pro -> imac/pc
"home users"
imac -> imac -> mac book air -> ipad
students
macbook air -> ipad/chrome book
programmers/mobile content creators
mackbook pro -> macbook pro -> macbook air like macbook
Iphone users
iphone -> iphone -> iphone
iPod touch users
ipod -> iphone
Apple used to have software manufacturers pushing/backing their platform. When it comes to general purpose computing, who's still doing that? Adobe? nah.. Microsoft? please... Avid? you're better off on HP. Autodesk? no. What do mac users do now that needs compute power? Dual boot windows and write on Slashdot blogs...
IMHO Apple needs to step up their game in the PC market, become cost competitive to bring up their user base, or abandon it.
I too am running an equivalent era factory water-cooled HP z800 with 2x X5687 quad 3.6ghz.
I have a stack of dead power supplies I will eventually repair myself... the gods of planned obsolescence will have to wait.
Wait, but isn't that because more complex instruction sets...
I mean, it's in the name of the architecture dude...
Technically if there was no route to 1.1.1.1 before since it wasn't in the BGB tables, they are now attracting it like a magnet.
It will no longer follow default routes until it has nowhere to go... there is now a destination.
If this is a consumer thing, why not index on the biggest raw costs to what make the chip suitable to it's purpose.
Transistor density, clock speed, and maybe R&D costs.
My young stepson has been a walking iPhone X commercial since his father got one. He said something about the iPhone X being faster than laptops. Facts don't matter anymore when the masses are misguided, right from the ripe ol' age of seven... and what do you even do in this situation...
The last time I seeded a cloud, I just had to install OpenStack
You guys need thicker tin-foil. Having a VM does not prevent the host from becoming vulnerable connecting to an un-trusted network. Since the host controls all the resources of the guest, neither the guest or host operating system is safe from being tracked/hacked etc. on an un-trusted network. if you don't trust the underlying software (or backing hardware), don't connect it to an un-trusted network!
Would a separate OS hooked up to the same keyboard/display and having a separate controller manage the keyboard and display connections make things more secure?? Or would this just another piece of hardware to hide a key logger? I think it's more hardware redundant useless hardware to keep secure. A piece of limited purpose hardware that would go obsolete before the rest of the more expensive hardware attached to it.
I don't think you can do better on the same device than using dual secure boot w/ firmware verification and encrypted drives for each OS. Unfortunately, I don't think x86 computing has ever properly cared about security so you're SOL for truly secure computing on un-trusted networks... too many independent micro-controllers in an x86 system where you can't verify the firmware. Too many legacy holes.
Old news... From the actual block chain itself:
"http://cointelegraph.com/news/113806/warning-kaspersky-alerts-users-of-malware-and-blockchain-abuse
Warning! Kaspersky Alerts Users of Malware and 'Blockchain Abuse'
Kaspersky Labs warns users of a possible exploit in cryptocurrency blockchains
that would allow malicious actors to distribute malware or even images
depicting child abuse.
The warning is the result of research of INTERPOL Cyber threat experts, a group
that includes a Kaspersky employee.
They warn that the extra space provided in each transaction, intended for
notes, messages and as a space to allow additional functions to be built on top
of the blockchain, could in fact be used to spread malicious code or worse.
Kaspersky's report states:
"The design of the blockchain means there is the possibility of malware
being injected and permanently hosted with no methods currently available
to wipe this data. This could affect 'cyber hygiene' as well as the sharing
of child sexual abuse images where the blockchain could become a safe haven
for hosting such data."
The blockchain, as CoinTelegraph readers are assuredly aware, is the virtually
unmodifiable public ledger that acts as the backbone for the Bitcoin network.
Once someone commits data to the blockchain, it is there forever unless more
than 51 % of bitcoin miners decide to mine on a modified blockchain that
doesn't include that data. That would be what is called a "hardfork" and would
be extremely difficult if not impossible to pull off, with the current number
of bitcoin users.
Despite Kaspersky's recent warnings, storing illegal data in a compressed
manner has been a concern for the Bitcoin community for a while. In fact, links
to sites containing child abuse images have already been found in early
blockchain blocks and storing an image in a hashed form has also been
accomplished.
Blockchain transactions don't provide enough room to store illegal images in an
uncompressed form effectively. What INTERPOL and Kaspersky seem to be concerned
about is either compressed, hashed, images on the Bitcoin blockchain or
uncompressed images on alternative coin blockchains that allow for more space.
Encrypted and compressed data needs to be uncompressed and decrypted with an
algorithm. Theoretically, since an algorithm is just a set of rules to
interpret data, any code can be turned into any other kind of code. Even the
words of this text could, in theory, be "decrypted" into an image of the
algorithm creator's choosing. It seems extremely unlikely that Bitcoin users
would be subject to prosecution for possession or distribution of child
pornography, when those images don't "exist" without proper decrypting
software.
A more realistic concern would be a small script embedded into the blockchain
that either forces the download and install of more powerful code or somehow
manages to run a damaging script in the few kilobytes of space provided. It
seems it would be difficult to get those scripts to run without user
interaction. Nevertheless, Kaspersky implies that even our private keys could
be at risk.
"[Blockchain malware] could also enable crime scenarios in the future such
as the deployment of modular malware, a reshaping of the distribution of
zero-day attacks, as well as the creation of illegal underground
marketplaces dealing in private keys which would allow access to this
data."
Kaspersky stressed that they are believers in decentralized technology like the
blockchain, but pointed out that their role is to identify threats before they
become reality. At press time, there is no kno