Monday, September 30, 2013

NBC.exe malware has stolen private data even from CIA and FBI directors

including First Lady Michelle Obama, CIA Director John Brennan, and then-FBI Director Robert Mueller.
___________________________  
99% BAD HARDWARE WEEK: No one of 46 existing antivirus packages detected it.Again there is no dilemma, now we are nor safe nor private !.

United States of Surveillance


When President Obama changed course and decided not to press forward unilaterally on planned strikes against Bashar Al Assad’s regime, he was effectively heeding that constitutional catechism. Congress and the public had signaled their opposition to military action, and Obama responded by acknowledging the need for congressional support. After decades of presidents ordering foreign interventions without consulting the House and Senate, his move represented a dramatic and welcome reversal.
On the NSA, Obama has made the opposite calculation. Footage of missile attacks leaves lasting impressions, but surveillance by its nature is covert, and so the public reaction to it has been diffuse. Although some congressmen have objected to the programs, the Foreign Intelligence Surveillance Court has cavalierly blessed them, and citizens have tended to protest only when they feel their personal rights are threatened.
___________________________  
99% BAD HARDWARE WEEK:

Saturday, September 28, 2013

NSA: Girlfriends love habits of US national interest

PDF
Ellard's letter said that there have been 12 incidents of unauthorised surveillance at the NSA and that these included NSA people performing lookups on their girlfriends.
The NSA agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier, the document said. Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners
___________________________  
99% BAD HARDWARE WEEK: Here is a hint. Take a foreign girl and you can spy her forever ! Quite legally, and you will even be payed for it !

Friday, September 27, 2013

You can lock your YouTube safety mode ONLY after you sign in !

So. who will make you then safe from YouTube owner  ? Thus, no safe mode locking without looking for who was looking for safety?
___________________________  
99% BAD HARDWARE WEEK: Hehe

Tuesday, September 24, 2013

Why NIST SP 800-90A currently is not recommended ?

To insure that the points P and Q have been generated appropriately, additional self-test
procedures shall be performed whenever the instantiate function is invoked. Test section specifies that known-answer tests on the instantiate function be performed prior to creating
an operational instantiation. As part of these tests, an implementation of the generation
procedure in [X9.62] shall be called for each point (i.e., P and Q) with the appropriate
domain_parameter_seed value that was used to generate that point. The point returned
shall be compared with the corresponding stored value of the point. If the generated value
does not match the stored value, the implementation shall halt with an error condition.
___________________________  
99% BAD HARDWARE WEEK: Dual_EC_DRBG is valid as much as initial P and Q randomality test against given instances is correct. But are they correct ? That is why NIST SP 800-90A is not recommended by NIST itself. Microsoft added support for the standard, including the elliptic curve random-number generator, in a Vista update in February 2008, though it did not make the problematic generator the default algorithm.
Asked why Microsoft supported the algorithm when two of its own employees had shown it to be weakened, a second Microsoft senior manager who spoke with WIRED said that while the weakness in the algorithm and standard was “weird” it “wasn’t a smoking gun.” It was more of an “odd property.”

Hehe ANOMALITY.

From now on for computer intrusion the rest of life in prison !

Justice Department proposal classifies most computer crimes as acts of terrorism. 
 From now for computer intrusion proposed rest of life in prison
The Justice Department is urging Congress to quickly approve its Anti-Terrorism Act (ATA), a twenty-five page proposal that would expand the government's legal powers to conduct electronic surveillance, access business records, and detain suspected terrorists.
___________________________  
99% BAD HARDWARE WEEK: NSA too? Nooooo, its only metadata (email content , phone numbers, people with you, your bank account, your travel , sexual, political habits etc)  not the intrusion, surveillance or terrorism, babe. :)
Seems that Big Brother became even bigger ! And that is not the end of its growth ! Imagine you hired a detective to eavesdrop on someone. He might plant a bug in their office. He might tap their phone. He might open their mail. The result would be the details of that person's communications. That's the "data."
Now imagine you hired that same detective to surveil that person. The result would be details of what he did: where he went, who he talked to, what he looked at, what he purchased -- how he spent his day. That's all metadata.
When the government collects metadata on people, the government puts them under surveillance. When the government collects metadata on the entire country, they put everyone under surveillance.  
When Google does it, they do the same thing. Metadata equals surveillance; it's that simple.

Sunday, September 22, 2013

Android was a target for 79 percent of all malware threats to mobile operating systems in 2012


Android was a target for 79 percent of all malware threats to mobile operating systems in 2012 with text messages representing about half of the malicious applications, according to the study from the government agencies, which was published by Public Intelligence website.
 ___________________________  
99% BAD HARDWARE WEEK:

RSA: BSafe is not safe !

There is, however, one tiny little exception to this rule. What if P and Q aren't entirely random values? What if you chose them yourself specifically so you'd know the mathematical relationship between the two points?

In this case it turns out you can easily compute the next PRG state after recovering a single output point (from 32 bytes of RNG output). This means you can follow the equations through and predict the next output. And the next output after that. And on forever and forever.****

This is a huge deal in the case of SSL/TLS, for example.
In the worst case a modestly bad but by no means worst case, the NSA may be able to intercept SSL/TLS connections made by products implemented with BSafe.
___________________________  
99% BAD HARDWARE WEEK:

Saturday, September 21, 2013

Operation Black Tulip


2011-07-10 14:38:43,"da644d18103f132b74b507baa976d86c","Stichting TTP Infos CA","3D9170996B0486764ACA7199F7BEA6BC","2011-07-19 15:08:06.000","*.google.com","CN=*.google.com,SN=PK000100123475,OU=Knowledge Department,L=US,O=Google Inc,C=US
___________________________  
99% BAD HARDWARE WEEK: Here
According to the report, at least 300,000 unique IP addresses in Iran used the bad Google certificates.
As an user I feel like a pig in Tehran. OH almost to forget. In jargon Black Tulip has the same meaning like Flying Pig. Seemingly impossible.

Friday, September 20, 2013

IBM shocking Systems and Technology 2013 revenue

o Revenue: $24.9 billion, down 3 percent, down 1 percent adjusting for currency:

-  Software revenue up 4 percent, up 5 percent adjusting for currency;

-- Key branded middleware up 9 percent; up 10 percent adjusting for currency;

-  Services revenue down 4 percent, down 1 percent adjusting for currency;

-- Global Business Services revenue down 1 percent, up 2 percent adjusting for currency;

-  Services backlog of $141 billion, up 3 percent, up 7 percent adjusting for currency;

-  Systems and Technology revenue down 12 percent, down 11 percent adjusting for currency:


-- System z mainframe revenue up 10 percent; up 11 percent adjusting for currency;

-  Growth markets revenue flat, up 1 percent adjusting for currency;

-  Business analytics revenue up 11 percent;

-  Smarter Planet revenue up more than 25 percent in first half;

-  Cloud revenue up more than 70 percent in first half;
___________________________  
99% BAD HARDWARE WEEK: Revenues from System z mainframe server products increased 10 percent compared with the year-ago period. Total delivery of System z computing power, as measured in MIPS (millions of instructions per second), increased 23 percent.
We have a new law: Total System revenue is half of computing power rise . :)

Israel based company Cvidya opened NSA access to Belgacom, Belarus , Germany etc

In June 2013 Beltelecom launched an anti-fraud system based on the hardware and software of cVidya. This system allows identify this type of fraud such as illegal IP-telephony.
Distinctive features of the anti-fraud system are its ability to detect fraudulent activity in real time by using signaling exchange information between switches and PBXs. The purchased software allows analysis of subscriber behavior during different periods of time.

cVidya was awarded the Supply Chain Innovation Award in recognition of their implementation of DealerMap® at Vodafone D2, Germany.
___________________________  
99% BAD HARDWARE WEEK:  Who was mysterious an US based venture capital fund ? Let me guess. NSA? Or CIA?
Start up, cVidya, completed its initial funding round of $3 million of the total planned funding of $5 million. Stage One Ventures and an US based venture capital fund participated in the round of funding. The De-Kalo Ben Yehuda Investment Bank is assisting the company in sourcing the investors and closing the deal. The company is currently in the process of completing the additional $2 million of investment.

Man in the middle half success: How NSA broke into Belgacom GRX routers

Targeting roaming private smartphones. That might be or not owned by US citizen




FRAUD GUARD HAS BEEN BROKEN !

___________________________
99% BAD HARDWARE WEEK: Well this is called Obama's BELGATE ! Currently some open positions at BICS:


Thursday, September 19, 2013

NSA Monitors Financial World

Secret documents reveal that the main NSA financial database Tracfin, which collects the "Follow the Money" surveillance results on bank transfers, credit card transactions and money transfers, already had 180 million datasets by 2011. The corresponding figure in 2008 was merely 20 million. According to these documents, most Tracfin data is stored for five years.
The documents reveal how short-lived intelligence agencies' access to the financial world can be, as well as the fact that encryption actually can present problems, at least temporary ones, for the spies. According to one document, the agency had access to data from Western Union, a company that manages money transfers in over 200 countries, for quite some time. But in 2008 Western Union began to protect its data with high-grade encryption. This made access virtually impossible, as NSA staff members complain in one paper.
Well, BAD HARDWARE WEEK found that without Snowden. At SWIFT headquarter in Brussels, by taking administrator privilegies of its ISP provider.
___________________________
99% BAD HARDWARE WEEK:

Intel is not alone: Linus Torvalds Admits He's Been Asked To Insert Backdoor Into Linux

One question he was asked was whether a government agency had ever asked about inserting a back-door into Linux. Torvalds responded 'no' while shaking his head 'yes,' as the audience broke into spontaneous laughter.
___________________________  
99% BAD HARDWARE WEEK:

Wednesday, September 18, 2013

Intel KNEW for NSA trap function in RNG earlier than anyone else !

How Intel could know and nobody else? Intel actually has mobile division in Israel that manages security issues. Look at the date of  Composer XE 2013 Update 1 murky named as composer_xe_2013.1.117: 01.17.2013 ! That is 9 months earlier than NIST have published its RDRAND intristic as INSECURE.
___________________________  
99% BAD HARDWARE WEEK: Any strong encryption is based on RNG !. 13.6.2013 we find the following reference to Broadwell:
The difference between rdseed and rdrand intrinsics is that rdseed intrinsics meet the NIST
SP 800-90B and NIST SP 800-90C standards, while the rdrand meets the NIST SP 800-90A
standard.
extern unsigned char _addcarry_u32(unsigned char c_in, unsigned int
src1, unsigned int src2, unsigned int *sum_out);
extern unsigned char _addcarry_u64(unsigned char c_in, unsigned
__int64 src1, unsigned __int64 src2, unsigned __int64 *sum_out);
The intrinsic computes the sum of two 32/64 bit wide integer values (src1, src2) and a carryin value. The carry-in value is considered 1 for any non-zero c_in input value or 0 otherwise.
The sum is stored to a memory location referenced by sum_out argument:
*sum_out = src1 + src2 + (c_in !=0 ? 1 : 0)
The intrinsic does not perform validness check of a memory address pointed by sum_out thus
it cannot be used to find out if a sum produces carry-out without storing result of the sum. The
return value of the intrinsic is a carry-out value generated by sum. The sum result is stored into
memory location pointed by sum_out argument.
Thus, Intel is not anymore alone INSIDE !

Tuesday, September 17, 2013

NIST Recommending against the use of SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation !

Recommending against the use of SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation: NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used.
___________________________  
99% BAD HARDWARE WEEK: WHY? Because NSA trap function is inside ! As of September 9th  2013 !

Google's SSL/TSL is broken !

According to AlFardan, Bernstein, Paterson, Poettering and Schuldt (a team from Royal Holloway, Eindhoven and UIC) the RC4 ciphersuite used in SSL/TLS is broken. If you choose to use it -- as do a ridiculous number of major sites, including Google -- then it may be possible for a dedicated attacker to recover your authentication cookies. The current attack is just on the edge of feasibility, and could probably be improved for specific applications.
___________________________
99% BAD HARDWARE WEEK: But some Google employees resisted
I am so glad I resisted pressure from Intel engineers to let /dev/random rely only on the RDRAND instruction.   To quote from the article below: All SSL people will be under the sign of BEAST :::::)

Monday, September 16, 2013

Huddle respects your CLOUD privacy !


But Huddle was CIA's Qtel investment !
___________________________  
99% BAD HARDWARE WEEK:

NSA has been hacking Belgian Telecom and ISP for two years


Because the Belgian government is the main shareholder of the telecommunications company, the case is also politically very sensitive. Premier Di Rupo (PS) would today before trading comity communicate about the case.
The NSA's Tracfin data bank also contained data from the BELGIUM's Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a "target," according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency's "tailored access operations" division. One of the ways the agency accessed the data included reading "SWIFT printer traffic from numerous banks," the documents show. 

"When he was running the Army's Intelligence and Security Command, Alexander brought many of his future allies down to Fort Belvoir for a tour of his base of operations, a facility known as the Information Dominance Center. It had been designed by a Hollywood set designer to mimic the bridge of the starship Enterprise from Star Trek, complete with chrome panels, computer stations, a huge TV monitor on the forward wall, and doors that made a 'whoosh' sound when they slid open and closed. Lawmakers and other important officials took turns sitting in a leather 'captain's chair' in the center of the room and watched as Alexander, a lover of science-fiction movies, showed off his data tools on the big screen.

 ___________________________  
99% BAD HARDWARE WEEK: The Inquirer confidently reports that only administrative passwords have been hacked for two years and no any damage !! Hahahahahhahahahahah.
Wow. Ironically, that reminds me that current USA government AES standard is just invented in Beliguim ! It is based on the Rijndael cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen
Holy cow , that is called NSA success ! 

Sunday, September 15, 2013

How FBI Magneto script and Google broke broke into your computers


The payload for the Tor Browser Bundle malware above is hidden in a variable called “magneto”.
Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. REMOTE ATTACKER TO FIREFOX BROWSER WAS GOOGLE CORP. TOO !

External Source: CONFIRM
Name: https://bugzilla.mozilla.org/show_bug.cgi?id=857883
Hyperlink:https://bugzilla.mozilla.org/show_bug.cgi?id=857883

Yes NSA did it 231 times in 2011. Budget documents say the $652 million project has placed “covert implants,” sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions

___________________________  
99% BAD HARDWARE WEEK proof: Find more at National Vulnerability Center  (driven by NIST and National Cyber Security Division). ALL RECENT STORIES RELATED WITH SNOWDEN LEAKS WHERE ACTUALLY TO DIVERT PUBLIC TO USE THEN  BREACHED TOR "SECURE" NETWORK !!!

Saturday, September 14, 2013

No more spying , no more cheap jet fuel for Google founders !

Google Inc. founders Larry Page and Sergey Brin may have to dig deeper to operate their fleet of private jets, after the U.S. Department of Defense ended a little-known arrangement that for years allowed the tech billionaires to travel on sharply discounted jet fuel bought from the Pentagon.

The relationship with the Google founders already is part of an ongoing audit by NASA's inspector general, an official in that office said. The cheap fuel for the Google executives came courtesy of a special agreement with NASA, whose Ames Research Center is based at Moffett Federal Airfield, a former U.S. Navy base that is the most convenient airport to Google's Mountain View, Calif., headquarters, about three miles away.

Three of the Google founders' jets, including the 767, took off from Moffett for Croatia this past July. The departures were just before the wedding in Croatia of Mr. Page's brother-in-law, held in a medieval hill town near the Adriatic coast. Mr. Page, the Google CEO, attended as a groomsman and was photographed sporting an eyeglass-like Google Glass computer at the altar.
___________________________  
99% BAD HARDWARE WEEK:

Friday, September 13, 2013

Random number generator Trojan !

'Our Trojan is capable of reducing the security of the produced random number from 128 bits to n bits, where n can be chosen.
We tested the Trojan for n = 32 with the NIST random number test suite and it passed for all tests. The higher the value n that the attacker chooses, the harder it will be for an evaluator to detect that the random numbers have been compromised.'" 
___________________________  
99% BAD HARDWARE WEEK:

Fantastico: NSA inside your Google account

Buried in a Brazilian television report on Sunday was the disclosure that the NSA has impersonated Google and possibly other major internet sites in order to intercept, store, and read supposedly secure online communications. The spy agency accomplishes this using what's known as a "man-in-the-middle (MITM) attack," a fairly well-known exploit used by elite hackers.
Besides Petrobras, e-mail and internet services provider Google’s infrastructure is also listed as a target. The company, often named as collaborating with the NSA, is shown here as a victim.
Other targets include French diplomats – with access to the private network of the Ministry of Foreign Affairs of France – and the SWIFT network, the cooperative that unites over ten thousand banks in 212 countries and provides communications that enable international financial transactions. All transfers of money between banks across national borders goes through SWIFT.
___________________________
99% BAD HARDWARE WEEK:

On AES hardware implementations

In November 2010 Endre Bangerter, David Gullasch and Stephan Krenn published a paper which described a practical approach to a "near real time" recovery of secret keys from AES-128 without the need for either cipher text or plaintext. The approach also works on AES-128 implementations that use compression tables, such as OpenSSL. Hardware instructions support gives faster decryption.
___________________________
99% BAD HARDWARE WEEK: You have TOP secret 256 bit AES implementation at your PC OR YOU HAVE NOTHING ! There is no more or less security as some marketing is trying to sell. But simply, you have it or you don't have at it all.

Thursday, September 12, 2013

NSA even on your phone

According to one leaked presentation, it was even possible to track a person's whereabouts over extended periods of time, until Apple eliminated this "error" with version 4.3.3 of its mobile operating system and restricted the memory to seven days.
___________________________  
99% BAD HARDWARE WEEK:

Wednesday, September 11, 2013

ARM delivers first 64bit processor in iPhone 5C

And here’s the double whammy: ARM is likely to charge higher royalty fees for the new chips. Andrew Dunn, an analyst at RBC Capital Markets, explained in a note, “Should this mark the beginning of 64-bit in smartphones, this should help underpin ARM’s upward trajectory in overall royalty rate following a decade of declines.”
Little surprise, then, that ARM’s share price has risen more than 80% in the last 12 months.

SAMSUNG: ME 64 bit TOO !
___________________________  
99% BAD HARDWARE WEEK: I remember well, some 30 years ago about an article in IEEE Transactions on some 64 processors that sounded than like a science fiction. Then only to be found in Cray supercomputers. And now in your phone ! Who would say and predict ?

Intel's Broadwell finally without NSA backdoor trap function !


Some new instructions have been added in the upcoming Intel architecture code named Broadwell. Composer XE 2013 Update 1 has added inline assembly and intrinsic support for
these instructions. Intrinsics are defined in immintrin.h.
extern int _rdseed16_step(unsigned short *random_val);
extern int _rdseed32_step(unsigned int *random_val);
extern int _rdseed64_step(unsigned __int64 *random_val);
These intrinsics generate random numbers of 16/32/64 bit wide random integers. These
intrinsics are mapped to the hardware instruction RDSEED. The generated random value is
written to the given memory location and the success status is returned - 1 if the hardware
returned a valid random value, and 0 otherwise !.
The difference between rdseed and rdrand intrinsics is that rdseed intrinsics meet the NIST
SP 800-90B and NIST SP 800-90C standards, while the rdrand meets the NIST SP 800-90A
standard.

 ___________________________  
99% BAD HARDWARE WEEK: NIST SP 800-90 RBG has NSA implemented backdoor trap function. Now you can check yourself. Document number: 321414-003 US 12 January 2011
 Please note Crypto coprocessor in Broadwell system chip on picture above.

Monday, September 09, 2013

The public comments on new NIST Random bit generator DRAFT will close on November 6, 2013 !

 Previous NISTSP800-90 RBG standard has implemented NSA backdoor trap.
All trap theories were well known long before PGP and others so called  STRONG cryptography schemes has been introduced. It's knowledge is not NSA blame,  but blame of persistent ignorance of computer science community !
___________________________  
99% BAD HARDWARE WEEK NIST COMMENT: There was a trap function INSIDE STRONG cryptography schemes for 22 years !

Backdoors Found In Bitlocker, FileVault and TrueCrypt?

A backdoor would allow anyone with the access to read, copy, modify and even delete files without the user knowing it. Imagine how much power the government would have over the people. I shudder at the possibilities...
Never in history has one agency of the U.S. government had the capacity, as well as the legal authority, to collect and store so much electronic information. Leaked NSA documents show the agency sucking up data from approximately 150 collection sites on six continents. The agency estimates that 1.6 percent of all data on the Internet flows through its systems on a given day -- an amount of information about 50 percent larger than what Google processes in the same period. 
___________________________  
99% BAD HARDWARE WEEK: Dystopia, an imaginary place where everything is as bad as it can be

Obama administration had restrictions on NSA reversed in 2011

 The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency’s use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans’ communications in its massive databases.


Never in history has one agency of the U.S. government had the capacity, as well as the legal authority, to collect and store so much electronic information. Leaked NSA documents show the agency sucking up data from approximately 150 collection sites on six continents. The agency estimates that 1.6 percent of all data on the Internet flows through its systems on a given day -- an amount of information about 50 percent larger than what Google processes in the same period. 

NSA Illegally Gorged on U.S. Phone Records for Three Years
Beside, only 125 analysts can touch that database. :)
Of course, not accounting Israel, GB etc. etc. :) 
 ___________________________  
99% BAD HARDWARE WEEK: President candidate needs to give something NSA in return for his second mandate ? Let me remind you, Putin too got a lot of president mandates thanks to favors to his former employer KGB.

Sunday, September 08, 2013

SWAT team killed 107 years old terrorist


Centenarian Monroe Isadore shot at police and was killed when a SWAT team gassed his bedroom and broke down his door. It's unclear what might have set off the confrontation.

___________________________  
99% BAD HARDWARE WEEK: At least, we are now absolutely secure.

Friday, September 06, 2013

NSA did it all !

N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.  Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.” 
“I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.” 
"In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs," says one document. "It is the price of admission for the US to maintain unrestricted access to and use of cyberspace."
The New York Times says that it was asked not to publish the leaked materials, but did so anyway. It also reported that at one time the US government insisted that a hardware company install a backdoor into its kit before it was sent overseas. This request was met, it said. After some sleuthing, I'm pretty certain this is a reference to the Dual_EC_DRBG pseudorandom number generator scheme described in NIST SP 800-90. The weakness is that Dual_EC_DRBG appears to contain a backdoor, and anyone who knows the backdoor can totally break the PRNG. The weakness was first described in a rump session talk at CRYPTO 2007 and was subsequently discussed by Bruce Schneier in Wired.
To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. 
All TLS versions were further refined in RFC 6176 in March 2011 removing their backward compatibility with SSL such that TLS sessions will never negotiate the use of Secure Sockets Layer (SSL) version 2.0.
 
Website protocol support
Protocol
version
Website
support[12]
Security[12][13]
SSL 2.0 27.4% Insecure
SSL 3.0[n 1] 99.7% Insecure[n 2][n 3][n 4][n 1]
TLS 1.0 99.3% Insecure[n 2][n 3][n 4][n 5]
TLS 1.1 14.5% Depends on cipher[n 2][n 3][n 4][n 5]
TLS 1.2 17.0% Depends on cipher[n 2][n 3][n 4][n 5]
 
Browser support for TLS
Browser Platforms TLS 1.0 TLS 1.1 TLS 1.2
Chrome 0–21 Android, iOS, Linux, Mac OS X,
Windows (XP, Vista, 7, 8)[a][b]
Yes No No
Chrome 22–28 Android, iOS, Linux, Mac OS X,
Windows (XP, Vista, 7, 8)[a][b]
Yes[14] Yes[14] No[14]
Chrome 29-current Android, iOS, Linux, Mac OS X,
Windows (XP, Vista, 7, 8)[a][b]
Yes[14] Yes[14] Yes[15]
Firefox 1–18 Android, Linux, Mac OS X, Windows (XP, Vista, 7, 8)[c][b] Yes[16] No[17] No[18]
Firefox 19-current Android, Linux, Mac OS X, Windows (XP, Vista, 7, 8)[c][b] Yes[16] Yes, disabled by default[17][19] No[18]
Firefox 24- (Beta, Aurora, Nightly) Android, Linux, Mac OS X, Windows (XP, Vista, 7, 8)[c][b] Yes[16] Yes, disabled by default[17][19] Yes, disabled by default[18][20][19]
IE 6 Windows (98, 2000, ME, XP)[d] Yes, disabled by default No No
IE 78 Windows (XP, Vista)[d] Yes No No
IE 89 Windows 7[d] Yes Yes, disabled by default Yes, disabled by default
IE 9 Windows Vista[d] Yes No No
IE 10 Windows (7, 8)[d] Yes Yes, disabled by default Yes, disabled by default
IE 11 (Preview) Windows (7, 8)[citation needed] 8.1[citation needed][d] Yes Yes[citation needed] Yes[citation needed]
Opera 5–7 Linux, Mac OS X, Windows Yes[21] No No
Opera 8–9 Linux, Mac OS X, Windows Yes Yes, disabled by default[22] No
Opera 10–12 Linux, Mac OS X, Windows[e] Yes Yes, disabled by default Yes, disabled by default
Opera 14–15 Linux, Mac OS X, Windows[f] Yes Yes[23] No[23]
Opera 16-current Linux, Mac OS X, Windows[f] Yes Yes[24] Yes[24]
Safari 4 Mac OS X, Windows (XP, Vista, 7), iOS 4.0[f] Yes[citation needed] No No
Safari 5-current Mac OS X (incl. 10.8[citation needed]),
Windows (XP, Vista, 7)[g]
Yes No No
Safari 5–current iOS 5.0–[h] Yes Yes Yes


Here is the list of companies that implemented NSA flawed pseudorandom generator standard: IBM, HP, Cisco, Apple, Intel, BlackBerry, Symantec, McAfee, Open SSL, RSA , Oracle etc, etc. 


The Truth Behind the Pentium Bug 1995 : Intel to promote the Pentium as a CPU for scientific and engineering applications, as well as the best engine for mainstream software that relies primarily on integer operations.However, the chance of this happening randomly is only about 1 in 360 billion. Usually, the error appears around the 9th or 10th decimal digit. The chance of this happening randomly is about 1 in 9 billion.
___________________________  
99% BAD HARDWARE WEEK:  Since 2006 alas there have not been neither privacy, nor security and no prosperity. Regardless of what officials say. :(

Thursday, September 05, 2013

Intel's Avoton: Goodbye FSB


___________________________  
99% BAD HARDWARE WEEK:

Wednesday, September 04, 2013

Intel's HAswell + 128MB eDRAM off die


___________________________  
99% BAD HARDWARE WEEK:

This page is powered by Blogger. Isn't yours?