Monday, September 30, 2013
NBC.exe malware has stolen private data even from CIA and FBI directors
United States of Surveillance
When President Obama changed course and decided not to press forward
unilaterally on planned strikes against Bashar Al Assad’s regime, he was
effectively heeding that constitutional catechism. Congress and the
public had signaled their opposition to military action, and Obama
responded by acknowledging the need for congressional support. After
decades of presidents ordering foreign interventions without consulting
the House and Senate, his move represented a dramatic and welcome
reversal.
On the NSA, Obama has made the opposite calculation.
Footage of missile attacks leaves lasting impressions, but surveillance
by its nature is covert, and so the public reaction to it has been
diffuse. Although some congressmen have objected to the programs, the
Foreign Intelligence Surveillance Court has cavalierly blessed them, and
citizens have tended to protest only when they feel their personal
rights are threatened.
___________________________
99% BAD HARDWARE WEEK:
Saturday, September 28, 2013
NSA: Girlfriends love habits of US national interest
PDF
Ellard's letter said that there have been 12 incidents of unauthorised
surveillance at the NSA and that these included
NSA people performing
lookups on their girlfriends.
The NSA agency was authorized to conduct “l
arge-scale graph analysis on very
large sets of communications metadata without having to check
foreignness” of every e-mail address, phone number or other identifier,
the document said. Because of concerns about infringing on the privacy
of American citizens,
the computer analysis of such data had previously been permitted only for foreigners.
___________________________
99% BAD HARDWARE WEEK: Here is a hint. Take a foreign girl and you can spy her forever ! Quite legally, and you will even be payed for it !
Friday, September 27, 2013
You can lock your YouTube safety mode ONLY after you sign in !
So. who will make you then safe from YouTube owner ? Thus, no safe mode locking without looking for who was looking for safety?
___________________________
99% BAD HARDWARE WEEK: Hehe
Tuesday, September 24, 2013
Why NIST SP 800-90A currently is not recommended ?
To insure that the points P and Q have been generated appropriately, additional self-test
procedures shall be performed whenever the instantiate function is invoked. Test section specifies that known-answer tests on the instantiate function be performed prior to creating
an operational instantiation. As part of these tests, an implementation of the generation
procedure in [X9.62] shall be called for each point (i.e., P and Q) with the appropriate
domain_parameter_seed value that was used to generate that point. The point returned
shall be compared with the corresponding stored value of the point. If the generated value
does not match the stored value, the implementation shall halt with an error condition.
___________________________
99% BAD HARDWARE WEEK: Dual_EC_DRBG is valid as much as initial P and Q randomality test against given instances is correct. But are they correct ?
That is why NIST SP 800-90A is not recommended by NIST itself. Microsoft added support for the standard, including the elliptic
curve random-number generator, in a Vista update in February 2008,
though it did not make the problematic generator the default algorithm.
Asked why Microsoft supported the algorithm when two of its own
employees had shown it to be weakened, a second Microsoft senior manager
who spoke with WIRED said that while the weakness in the algorithm and
standard was “weird” it “wasn’t a smoking gun.” It was more of an “odd
property.”
Hehe ANOMALITY.
From now on for computer intrusion the rest of life in prison !
Justice Department proposal classifies most computer crimes as acts of terrorism.
From now for computer intrusion proposed rest of life in prison
The Justice Department is urging Congress to quickly
approve its Anti-Terrorism Act (ATA), a twenty-five page proposal that
would expand the government's legal powers to conduct electronic
surveillance, access business records, and detain suspected terrorists.
___________________________
99% BAD HARDWARE WEEK: NSA too? Nooooo, its only metadata (email content , phone numbers, people with you, your bank account, your travel , sexual, political habits etc) not the intrusion, surveillance or terrorism, babe. :)
Seems that Big Brother became even bigger ! And that is not the end of its growth ! Imagine you hired a detective to eavesdrop on someone. He might
plant a bug in their office. He might tap their phone. He might open
their mail. The result would be the details of that person's
communications. That's the "data."
Now imagine you hired that same detective to surveil that person.
The result would be details of what he did: where he went, who he talked
to, what he looked at, what he purchased -- how he spent his day.
That's all metadata.
When the government collects metadata on people, the government puts
them under surveillance. When the government collects metadata on the
entire country, they put everyone under surveillance.
When Google does
it, they do the same thing. Metadata equals surveillance; it's that
simple.
Sunday, September 22, 2013
Android was a target for 79 percent of all malware threats to mobile operating systems in 2012
Android was a target for 79 percent of all malware threats to mobile operating systems in 2012 with text messages
representing about half of the malicious applications, according to the
study from the government agencies, which was published by Public
Intelligence website.
___________________________
99% BAD HARDWARE WEEK:
RSA: BSafe is not safe !
There is, however, one tiny little exception to this rule. What if
P and
Q aren't entirely
random values? What if you chose them yourself specifically so you'd
know the mathematical relationship between the two points?
In this case it turns out you can easily compute the next PRG state
after recovering a single output point (from 32 bytes of RNG output).
This means you can follow the equations through and predict the
next output. And the next output after that. And on forever and forever.****
This is a huge deal in the case of
SSL/TLS, for example.
In
the worst case a modestly bad but
by no means worst case, the
NSA may be able to intercept SSL/TLS connections made by products implemented with BSafe.
___________________________
99% BAD HARDWARE WEEK:
Saturday, September 21, 2013
Operation Black Tulip
2011-07-10 14:38:43,"da644d18103f132b74b507baa976d86c","Stichting TTP Infos CA","3D9170996B0486764ACA7199F7BEA6BC","
2011-07-19 15:08:06.000","*.google.com","CN=*.google.com,SN=PK000100123475,
OU=Knowledge Department,L=US,O=Google Inc,C=US
___________________________
99% BAD HARDWARE WEEK: Here
According to the report, at least 300,000 unique IP addresses in Iran used the bad Google certificates.
As an user I feel like a pig in Tehran. OH almost to forget. In jargon Black Tulip has the same meaning like Flying Pig. Seemingly impossible.
Friday, September 20, 2013
IBM shocking Systems and Technology 2013 revenue
o Revenue: $24.9 billion, down 3 percent, down 1 percent adjusting for currency:
- Software revenue up 4 percent, up 5 percent adjusting for currency;
-- Key branded middleware up 9 percent; up 10 percent adjusting for currency;
- Services revenue down 4 percent, down 1 percent adjusting for currency;
-- Global Business Services revenue down 1 percent, up 2 percent adjusting for currency;
- Services backlog of $141 billion, up 3 percent, up 7 percent adjusting for currency;
- Systems and Technology revenue down 12 percent, down 11 percent adjusting for currency:
-- System z mainframe revenue up 10 percent; up 11 percent adjusting for currency;
- Growth markets revenue flat, up 1 percent adjusting for currency;
- Business analytics revenue up 11 percent;
- Smarter Planet revenue up more than 25 percent in first half;
- Cloud revenue up more than 70 percent in first half;
___________________________
99% BAD HARDWARE WEEK: Revenues from System z mainframe server products
increased 10 percent compared with the year-ago period. Total delivery of System z computing power, as measured in MIPS (millions of instructions per second), increased 23 percent.
We have a new law: Total System revenue is half of computing power rise . :)
Israel based company Cvidya opened NSA access to Belgacom, Belarus , Germany etc
In June 2013
Beltelecom launched an anti-fraud system based on the
hardware and software of cVidya. This system allows identify this type
of fraud such as illegal IP-telephony.
Distinctive features of the anti-fraud system are its ability to detect
fraudulent activity in real time by using signaling exchange information
between switches and PBXs. The purchased software allows analysis of
subscriber behavior during different periods of time.
cVidya was awarded the Supply Chain Innovation Award in recognition of
their implementation of DealerMap® at
Vodafone D2, Germany.
___________________________
99% BAD HARDWARE WEEK: Who was mysterious
an US
based venture capital fund ? Let me guess. NSA? Or CIA?
Start up, cVidya, completed its initial funding round of $3 million of
the total planned funding of $5 million. Stage One Ventures and
an US
based venture capital fund participated in the round of funding. The
De-Kalo Ben Yehuda Investment Bank is assisting the company in sourcing
the investors and closing the deal. The company is currently in the
process of completing the additional $2 million of investment.
Man in the middle half success: How NSA broke into Belgacom GRX routers
Targeting roaming private smartphones. That might be or not owned by US citizen
FRAUD GUARD HAS BEEN BROKEN !
___________________________
99% BAD HARDWARE WEEK: Well this is called Obama's BELGATE ! Currently some open positions at BICS:
Thursday, September 19, 2013
NSA Monitors Financial World
Secret documents reveal that the main NSA financial database
Tracfin,
which collects the "Follow the Money" surveillance results on bank
transfers, credit card transactions and money transfers, already had 180
million datasets by 2011. The corresponding figure in 2008 was merely
20 million. According to these documents, most Tracfin data is stored
for five years.
The documents reveal how short-lived intelligence agencies' access to
the financial world can be, as well as the fact that encryption actually
can present problems, at least temporary ones, for the spies. According
to one document, the agency had access to data from Western Union, a
company that manages money transfers in over 200 countries, for quite
some time.
But in 2008 Western Union began to protect its data with
high-grade encryption. This made access virtually impossible, as NSA
staff members complain in one paper.
Well, BAD HARDWARE WEEK found
that without Snowden.
At SWIFT headquarter in Brussels, by taking administrator privilegies of its ISP provider.
___________________________
99% BAD HARDWARE WEEK:
Intel is not alone: Linus Torvalds Admits He's Been Asked To Insert Backdoor Into Linux
One question he was asked was whether a government agency had ever asked about inserting a back-door into Linux. Torvalds responded 'no'
while shaking his head 'yes,' as the audience broke into spontaneous
laughter.
___________________________
99% BAD HARDWARE WEEK:
Wednesday, September 18, 2013
Intel KNEW for NSA trap function in RNG earlier than anyone else !
How Intel could know and nobody else? Intel actually has
mobile division in Israel that manages security issues. Look at the date of Composer XE 2013 Update 1
murky named as composer_xe_2013.1.117:
01.17.2013 ! That is 9 months earlier than NIST have published its RDRAND intristic as INSECURE.
___________________________
99% BAD HARDWARE WEEK: Any strong encryption is based on RNG !. 13.6.2013 we find the following reference to Broadwell:
The difference between rdseed and rdrand intrinsics is that rdseed intrinsics meet the NIST
SP 800-90B and NIST SP 800-90C standards, while the rdrand meets the
NIST SP 800-90A
standard.
extern unsigned char _addcarry_u32(unsigned char c_in, unsigned int
src1, unsigned int src2, unsigned int *sum_out);
extern unsigned char _addcarry_u64(unsigned char c_in, unsigned
__int64 src1, unsigned __int64 src2, unsigned __int64 *sum_out);
The intrinsic computes the sum of two 32/64 bit wide integer values (src1, src2) and a carryin value. The carry-in value is considered 1 for any non-zero c_in input value or 0 otherwise.
The sum is stored to a memory location referenced by sum_out argument:
*sum_out = src1 + src2 + (c_in !=0 ? 1 : 0)
The intrinsic does not perform validness check of a memory address pointed by sum_out thus
it cannot be used to find out if a sum produces carry-out without storing result of the sum. The
return value of the intrinsic is a carry-out value generated by sum. The sum result is stored into
memory location pointed by sum_out argument.
Thus, Intel is not anymore alone INSIDE !
Tuesday, September 17, 2013
NIST Recommending against the use of SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation !
Recommending against the use of SP 800-90A Dual Elliptic Curve Deterministic Random Bit
Generation: NIST strongly recommends that, pending the resolution of the security concerns and the
re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A,
no longer be used.
___________________________
99% BAD HARDWARE WEEK: WHY? Because NSA trap function is inside ! As of September 9th 2013 !
Google's SSL/TSL is broken !
According to
AlFardan, Bernstein, Paterson, Poettering and Schuldt (a
team from Royal Holloway, Eindhoven and UIC) the
RC4 ciphersuite used in SSL/TLS is broken. If you choose to use it -- as do a ridiculous
number of major sites, including Google -- then it may be possible for a
dedicated attacker
to recover your authentication cookies. The current
attack is just on the edge of feasibility, and could probably be
improved for specific applications.
___________________________
99% BAD HARDWARE WEEK: But some Google employees resisted
I am so glad I resisted pressure from Intel engineers to let /dev/random
rely only on the RDRAND instruction. To quote from the article below:
All SSL people will be under the sign of BEAST :::::)
Monday, September 16, 2013
Huddle respects your CLOUD privacy !
But
Huddle was CIA's Qtel investment !
___________________________
99% BAD HARDWARE WEEK:
NSA has been hacking Belgian Telecom and ISP for two years
Because the Belgian government is the main shareholder of the telecommunications company, the case is also politically very sensitive. Premier Di Rupo (PS) would today before trading comity communicate about the case.
The NSA's Tracfin data bank also contained data from the BELGIUM's Brussels-based
Society for Worldwide Interbank Financial Telecommunication (SWIFT), a
network used by thousands of banks to send transaction information
securely. SWIFT was named as a "target," according to the documents,
which also show that the NSA spied on the organization on several
levels, involving, among others, the agency's "tailored access
operations" division. One of the ways the agency accessed the data
included reading "SWIFT printer traffic from numerous banks," the
documents show.
"When he was running the Army's Intelligence and Security Command,
Alexander brought many of his future allies down to Fort Belvoir for a
tour of his base of operations, a facility known as the
Information Dominance Center. It had been designed by a Hollywood set designer to
mimic the bridge of the starship Enterprise from Star Trek, complete
with chrome panels, computer stations, a huge TV monitor on the forward
wall, and doors that made a 'whoosh' sound when they slid open and
closed. Lawmakers and other important officials took turns sitting in a
leather 'captain's chair' in the center of the room and watched as
Alexander, a lover of science-fiction movies, showed off his data tools
on the big screen.
___________________________
99% BAD HARDWARE WEEK: The Inquirer confidently reports that only administrative passwords have been hacked for two years and no any damage !! Hahahahahhahahahahah.
Wow. Ironically, that reminds me that current USA government AES standard is just invented in Beliguim ! It is based on the Rijndael cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen
Holy cow , that is called NSA success !
Sunday, September 15, 2013
How FBI Magneto script and Google broke broke into your computers
The payload for the Tor Browser Bundle malware above is hidden in a variable called “magneto”.
Security researchers tonight are poring over a piece of malicious
software that takes advantage of a Firefox security vulnerability to
identify some users of the privacy-protecting Tor anonymity network.
Mozilla Firefox before 22.0, Firefox ESR
17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x
before 17.0.7 do not properly handle onreadystatechange events in
conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary
code via a crafted web site that triggers an attempt to execute data at
an unmapped memory location. REMOTE ATTACKER TO FIREFOX BROWSER WAS GOOGLE CORP. TOO !
External Source: CONFIRM
Name: https://bugzilla.mozilla.org/show_bug.cgi?id=857883
___________________________
99% BAD HARDWARE WEEK proof: Find more at National Vulnerability Center (driven by NIST and National Cyber Security Division). ALL RECENT STORIES RELATED WITH SNOWDEN LEAKS WHERE ACTUALLY TO DIVERT PUBLIC TO USE THEN BREACHED TOR "SECURE" NETWORK !!!
Saturday, September 14, 2013
No more spying , no more cheap jet fuel for Google founders !
Google Inc. founders Larry Page and Sergey Brin may have to dig deeper to operate their fleet of private jets, after
the U.S. Department of Defense ended a little-known arrangement that for years allowed the tech billionaires to travel on sharply discounted jet fuel bought from the Pentagon.
The relationship with the Google founders already is part of an ongoing audit by NASA's inspector general, an official in that office said.
The cheap fuel for the Google executives came courtesy of a special agreement with NASA, whose Ames Research Center is based at Moffett Federal Airfield, a former U.S. Navy base that is the most convenient airport to Google's Mountain View, Calif., headquarters, about three miles away.
Three of the Google founders' jets, including the 767, took off from
Moffett for Croatia this past July. The departures were just before the
wedding in Croatia of Mr. Page's brother-in-law, held in a medieval hill
town near the Adriatic coast. Mr. Page, the Google CEO, attended as a
groomsman and was photographed sporting an eyeglass-like Google Glass
computer at the altar.
___________________________
99% BAD HARDWARE WEEK:
Friday, September 13, 2013
Random number generator Trojan !
'Our Trojan is capable of reducing the
security of the produced random number from 128 bits to n bits, where n can be chosen.
We tested the Trojan for n = 32 with the NIST random number test
suite and it passed for all tests.
The higher the value n that the
attacker chooses, the harder it will be for an evaluator to detect that
the random numbers have been compromised.'"
___________________________
99% BAD HARDWARE WEEK:
Fantastico: NSA inside your Google account
Buried in a
Brazilian television report
on Sunday was the disclosure that the NSA has impersonated Google and
possibly other major internet sites in order to intercept, store, and
read supposedly secure online communications. The spy agency
accomplishes this using what's known as a "man-in-the-middle (MITM)
attack," a fairly well-known exploit used by elite hackers.
Besides Petrobras, e-mail and internet services provider Google’s
infrastructure is also listed as a target. The company, often named as
collaborating with the NSA, is shown here as a victim.
Other targets include French diplomats – with access to the private
network of the Ministry of Foreign Affairs of France – and the SWIFT
network, the cooperative that unites over ten thousand banks in 212
countries and provides communications that enable international
financial transactions. All transfers of money between banks across
national borders goes through SWIFT.
___________________________
99% BAD HARDWARE WEEK:
On AES hardware implementations
In November 2010 Endre Bangerter, David Gullasch and Stephan Krenn
published a
paper which described a practical approach to a "near real
time" recovery of
secret keys from AES-128 without the need for either
cipher text or plaintext. The approach also works on AES-128
implementations that use compression tables, such as OpenSSL.
Hardware instructions support gives faster decryption.
___________________________
99% BAD HARDWARE WEEK: You have TOP secret 256 bit AES implementation at your PC OR YOU HAVE NOTHING ! There is no more or less security as some marketing is trying to sell. But simply, you have it or you don't have at it all.
Thursday, September 12, 2013
NSA even on your phone
According to one leaked presentation, it was even possible
to track a person's whereabouts over extended periods of time, until
Apple eliminated this
"error" with version 4.3.3 of its mobile operating system and restricted
the memory to seven days.
___________________________
99% BAD HARDWARE WEEK:
Wednesday, September 11, 2013
ARM delivers first 64bit processor in iPhone 5C
And here’s the double whammy: ARM is likely to charge higher royalty
fees for the new chips. Andrew Dunn, an analyst at RBC Capital Markets,
explained in a note,
“
Should this mark the beginning of 64-bit in smartphones, this should
help underpin ARM’s upward trajectory in overall royalty rate following a
decade of declines.”
Little surprise, then, that ARM’s share price has risen more than
80% in the last 12 months.
SAMSUNG: ME 64 bit TOO !
___________________________
99% BAD HARDWARE WEEK: I remember well, some 30 years ago about an article in IEEE Transactions on some 64 processors that sounded than like a science fiction. Then only to be found in Cray supercomputers. And now in your phone ! Who would say and predict ?
Intel's Broadwell finally without NSA backdoor trap function !
Some new instructions have been added in the upcoming Intel architecture code named Broadwell. Composer XE 2013 Update 1 has added inline assembly and intrinsic support for
these instructions. Intrinsics are defined in immintrin.h.
extern int _rdseed16_step(unsigned short *random_val);
extern int _rdseed32_step(unsigned int *random_val);
extern int _rdseed64_step(unsigned __int64 *random_val);
These intrinsics generate random numbers of 16/32/64 bit wide random integers. These
intrinsics are mapped to the hardware instruction RDSEED. The generated random value is
written to the given memory location and
the success status is returned - 1 if the hardware
returned a valid random value, and 0 otherwise !.
The difference between rdseed and rdrand intrinsics is that rdseed intrinsics meet the NIST
SP 800-90B and NIST SP 800-90C standards, while the rdrand meets the NIST SP 800-90A
standard.
___________________________
99% BAD HARDWARE WEEK: NIST SP 800-90 RBG has NSA implemented backdoor trap function. Now you can check yourself. Document number:
321414-003 US 12 January 2011
Please note
Crypto coprocessor in Broadwell system chip on picture above.
Monday, September 09, 2013
The public comments on new NIST Random bit generator DRAFT will close on November 6, 2013 !
Previous NISTSP800-90 RBG standard has implemented NSA backdoor trap.
All trap theories were well known long before PGP and others so called STRONG cryptography schemes has been introduced. It's knowledge is not NSA blame, but blame of
persistent ignorance of computer science community !
___________________________
99% BAD HARDWARE WEEK NIST COMMENT: There was a trap function INSIDE STRONG cryptography schemes for 22 years !
Backdoors Found In Bitlocker, FileVault and TrueCrypt?
A backdoor
would allow anyone with the access to read, copy, modify and even delete files without the user knowing it. Imagine how much power
the government would have over the people. I shudder at the
possibilities...
Never in history has one agency of
the U.S. government had the capacity, as well as the legal authority, to
collect and store so much electronic information. Leaked NSA documents show the
agency sucking up data from approximately
150 collection sites on six
continents. The agency estimates that
1.6 percent of all data on the Internet flows
through its systems on a given day -- an amount of information about
50 percent larger than what
Google processes in the same period.
___________________________
99% BAD HARDWARE WEEK: Dystopia, an imaginary place where everything is as bad as it can be
Obama administration had restrictions on NSA reversed in 2011
The Obama administration
secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency’s
use of
intercepted phone calls and e-mails,
permitting the agency to
search deliberately for Americans’ communications in its massive
databases.
Never in history has one agency of
the U.S. government had the capacity, as well as the legal authority, to
collect and store so much electronic information. Leaked NSA documents show the
agency sucking up data from approximately
150 collection sites on six
continents. The agency estimates that
1.6 percent of all data on the Internet flows
through its systems on a given day -- an amount of information about
50 percent larger than what
Google processes in the same period.
NSA Illegally Gorged on U.S. Phone Records for Three Years
Beside, only 125 analysts can touch that database. :)
Of course, not accounting Israel, GB etc. etc. :)
___________________________
99% BAD HARDWARE WEEK: President candidate needs to give something NSA in return for his second mandate ? Let me remind you, Putin too got a lot of president mandates thanks to favors to his former employer KGB.
Sunday, September 08, 2013
SWAT team killed 107 years old terrorist
Centenarian Monroe Isadore shot at police and
was killed when a SWAT team gassed his bedroom and broke down his door. It's unclear what might have set off the confrontation.
___________________________
99% BAD HARDWARE WEEK: At least, we are now absolutely secure.
Friday, September 06, 2013
NSA did it all !
N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key
Provisioning Service, which can automatically decode many messages. If
the necessary key is not in the collection, a request goes to the
separate Key Recovery Service, which tries to obtain it.
Simultaneously, the N.S.A. has been deliberately weakening the
international encryption standards adopted by developers. One goal in
the agency’s 2013 budget request was to “influence policies, standards
and specifications for commercial public key technologies,” the most
common encryption method. Classified N.S.A. memos appear to confirm that the fatal weakness,
discovered by two
Microsoft cryptographers in 2007, was engineered by
the agency. The N.S.A. wrote the standard and aggressively pushed it on
the international group, privately calling the effort “a challenge in
finesse.”
“I would strongly recommend against anyone trusting their private data
to a company with physical ties to the United States.”
"In the future, superpowers will be made or broken based on the
strength of their cryptanalytic programs," says one document. "It is the
price of admission for the US to maintain unrestricted access to and
use of cyberspace."
The New York Times says that it was asked not to publish the leaked
materials, but did so anyway.
It also reported that at one time the US
government insisted that a hardware company install a backdoor into its
kit before it was sent overseas. This request was met, it said. After some sleuthing, I'm pretty certain this is a reference to the
Dual_EC_DRBG
pseudorandom number generator scheme described in NIST SP 800-90. The
weakness is that Dual_EC_DRBG appears to contain a backdoor, and anyone
who knows the backdoor can totally break the PRNG. The weakness was
first described in
a rump session talk at CRYPTO 2007 and was subsequently
discussed by Bruce Schneier in Wired.
To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol.
All TLS versions were further refined in RFC 6176
in March 2011 removing their backward compatibility with SSL such that
TLS sessions will never negotiate the use of Secure Sockets Layer (SSL)
version 2.0.
Browser support for TLS
| Browser |
Platforms |
TLS 1.0 |
TLS 1.1 |
TLS 1.2 |
| Chrome 0–21 |
Android, iOS, Linux, Mac OS X,
Windows (XP, Vista, 7, 8)[a][b] |
Yes |
No |
No |
| Chrome 22–28 |
Android, iOS, Linux, Mac OS X,
Windows (XP, Vista, 7, 8)[a][b] |
Yes[14] |
Yes[14] |
No[14] |
| Chrome 29-current |
Android, iOS, Linux, Mac OS X,
Windows (XP, Vista, 7, 8)[a][b] |
Yes[14] |
Yes[14] |
Yes[15] |
| Firefox 1–18 |
Android, Linux, Mac OS X, Windows (XP, Vista, 7, 8)[c][b] |
Yes[16] |
No[17] |
No[18] |
| Firefox 19-current |
Android, Linux, Mac OS X, Windows (XP, Vista, 7, 8)[c][b] |
Yes[16] |
Yes, disabled by default[17][19] |
No[18] |
| Firefox 24- (Beta, Aurora, Nightly) |
Android, Linux, Mac OS X, Windows (XP, Vista, 7, 8)[c][b] |
Yes[16] |
Yes, disabled by default[17][19] |
Yes, disabled by default[18][20][19] |
| IE 6 |
Windows (98, 2000, ME, XP)[d] |
Yes, disabled by default |
No |
No |
| IE 7–8 |
Windows (XP, Vista)[d] |
Yes |
No |
No |
| IE 8–9 |
Windows 7[d] |
Yes |
Yes, disabled by default |
Yes, disabled by default |
| IE 9 |
Windows Vista[d] |
Yes |
No |
No |
| IE 10 |
Windows (7, 8)[d] |
Yes |
Yes, disabled by default |
Yes, disabled by default |
| IE 11 (Preview) |
Windows (7, 8)[citation needed] 8.1[citation needed][d] |
Yes |
Yes[citation needed] |
Yes[citation needed] |
| Opera 5–7 |
Linux, Mac OS X, Windows |
Yes[21] |
No |
No |
| Opera 8–9 |
Linux, Mac OS X, Windows |
Yes |
Yes, disabled by default[22] |
No |
| Opera 10–12 |
Linux, Mac OS X, Windows[e] |
Yes |
Yes, disabled by default |
Yes, disabled by default |
| Opera 14–15 |
Linux, Mac OS X, Windows[f] |
Yes |
Yes[23] |
No[23] |
| Opera 16-current |
Linux, Mac OS X, Windows[f] |
Yes |
Yes[24] |
Yes[24] |
| Safari 4 |
Mac OS X, Windows (XP, Vista, 7), iOS 4.0[f] |
Yes[citation needed] |
No |
No |
| Safari 5-current |
Mac OS X (incl. 10.8[citation needed]),
Windows (XP, Vista, 7)[g] |
Yes |
No |
No |
| Safari 5–current |
iOS 5.0–[h] |
Yes |
Yes |
Yes |
Here is the list of companies that implemented NSA flawed pseudorandom generator standard:
IBM,
HP, Cisco, Apple, Intel, BlackBerry, Symantec, McAfee, Open SSL, RSA , Oracle etc, etc.
The Truth Behind the Pentium Bug 1995 : Intel to promote the Pentium as a CPU for scientific and engineering
applications, as well as the best engine for mainstream software that
relies primarily on integer operations.However, the chance of this happening randomly is only about 1 in 360
billion. Usually, the error appears around the 9th or 10th decimal
digit.
The chance of this happening randomly is about 1 in 9 billion.
___________________________
99% BAD HARDWARE WEEK: Since 2006 alas there have not been neither privacy, nor security and no prosperity. Regardless of what officials say. :(
Thursday, September 05, 2013
Intel's Avoton: Goodbye FSB
___________________________
99% BAD HARDWARE WEEK:
Wednesday, September 04, 2013
Intel's HAswell + 128MB eDRAM off die
___________________________
99% BAD HARDWARE WEEK:
