Thursday, July 31, 2014

BadUSB Code

The humble USB stick - developed joined by Israel's M-Systems and IBM at the turn of the century - has been shown to be subject to firmware abuse by Karsten Nohl, the chief scientist with Berlin's SR Labs, who says that hackers can easily load malicious software onto the control chips seen on modern low-cost sticks.
Originally known as a DiskOnKey, the Universal Serial Bus (USB) stick has evolved considerably over the years, mainly with the addition of on-device chipsets to speed up the rate at which data can written to, and read from, the flash member held on the unit.
With the assistance of fellow researcher Jakob Lell, Nohl claims to have reverse-engineered the firmware that controls the basic communication functions of the USB stick.

Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
99% BAD HARDWARE WEEK: If you have access to national security don't use USB. Is the vulnerability only rectricted to USB or to any Plug and Play device ? If so, we shall soon have the whole line of BAd TM products: BAd malware SSD, BAD Phones, BAD Wireless mouse. Evil TM Printer and so on !

Wednesday, July 30, 2014

Dr. Strangelove or: How I Learned to Stop Worrying and Love the IoT Bomb

 Dr. Strangelove classic or: How I Learned to Stop Worrying and Love the Bomb ends with annihilation of 99.999% of the world’s population.
Security was also a hot topic at the roundtable, with Intel arguing that IoT needs its own security model in order to protect data.

Sunday, July 27, 2014

Cheering robots replace real fans at Korean baseball !

What about robot cheerleaders ? Probably in motivation phase 2.
99% BAD HARDWARE WEEK: Here is the final killer app:
Users can upload their own face to the robot so it can be seen at the stadium !

Thursday, July 24, 2014

Oracle releases unbreakable ? Linux kernel

ORACLE HAS ANNOUNCED the release of its Linux distribution Oracle Linux 7.Oracle Linux 7 is the latest release of the company's version of its enterprise grade Linux flavour that is a fork of Red Hat Enterprise Linux.

Windows is security disaster !

"The Microsoft Windows Kernel Mode Cryptographic Primitives Library -- Cryptography Next Generation (CNG) -- is a general purpose, software-based, cryptographic module which provides FIPS 140-2 Level 1 cryptography."  

FIPS 140-2 Level 1 the lowest, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent.
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry Cryptography Next Generation Cryptographic Implementations  Version 6.3.9600
99% BAD HARDWARE WEEK: Windows storage server is thus the lovest level of security, unable even for physical tamper-evidence and role-based authentication.

I Know Where Your Cat Lives – even kitties aren't safe

In a world of spying, surveillance leaks and advanced analytics tracking our every move, a new website is tracking the locations of a million cats.
99% BAD HARDWARE WEEK: Don't try to use them for your plans. We watch you !

An Open Letter from Researchers in Cryptography and Information Security

 The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.

PSEUDO-SECURITY: NSA infiltrated RSA security more deeply than thought

The academic researchers said it took about an hour to crack a free version of BSafe for Java using about $40,000 worth of computer equipment. It would have been 65,000 times faster in versions using Extended Random, dropping the time needed to seconds, according to Stephen Checkoway of Johns Hopkins.
The use of pseudo-random processes 

to generate secret quantities can result in pseudo-
security.  A sophisticated attacker may find it easier to reproduce
the environment that produced the secret quantities and to search the
resulting small set of possibilities than to locate the quantities in
the whole of the potential number space.

Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult.

99% BAD HARDWARE WEEK: recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications.

Wednesday, July 23, 2014

1989: Why WAIS will Change the World ?

Wide Area Information Servers Concepts was a paper that was widely distributed that painted some of the vision for the project.
 It had many of the features that came prominent in the World Wide Web (document identifiers), Altavista/Google (Internet based search engines), Siri (searching multiple servers at once in different ways), client-server systems, payment systems, Reddit (distributed editors to play a role in prioritizing documents), integrated personal/corporate/wide area searching (does not really exist yet).
99% BAD HARDWARE WEEK: First World Wide Web server started the same year. 1989.

Tuesday, July 22, 2014

Moore is dead !. No more free transistors

“16nm/14nm is essentially a 20nm metal stack with a better, but more costly transistor,” says Mentor’s Sawicki. This is backed up by a forecast from the Linley Group, which shows the number of transistors that can be bought per dollar at each node likely has peaked.
“The focus will be on system integration using 2D and 3D technologies instead of just scaling transistors,”
99% BAD HARDWARE WEEK: From the next year  your dollar will buy less transistors !


Stacked Die Are Coming Soon.
Wang said that for a 100mm² die, yield drops from 500 good chips per wafer at 28nm to 419 at 7nm. For a large, complex 400mm² die, the yield drops from 63 to 31.
In contrast, yields are significantly higher using smaller die packaged together compared with one highly integrated large die.

Will 450mm ever happen ?

The memory players are saying: ‘We don’t want to go 450mm. We’ll never go 450mm,’ “ said Dave Hemker, senior vice president and chief technology officer at Lam Research. 

It’s no surprise that Nikon is moving full speed ahead with 450mm. The company’s largest customer is Intel, one of the proponents of 450mm technology.

And, as happens with all high-stakes gambles—particularly in the wake of EUV’s perpetual delays—there are bets being placed that 450mm will never happen

Thursday, July 17, 2014

Microsoft's cut 18 000 without paste

  Microsoft is set to cut more than 6,000 jobs in an announcement expected early Thursday, according to sources familiar with the matter, as it trims its newly acquired Nokia phone business and reshapes itself as a cloud-computing and mobile-friendly software company.99% BAD HARDWARE WEEK: Microsoft on Thursday said it plans to eliminate up to 18,000 jobs, or 14% of its work force, in a bid to streamline the company following the acquisition of Nokia’s devices and services business.    

Apple + IBM = ?

Apple Inc. and International Business Machines Corp. are teaming up to provide business apps for the iPhone and iPad, taking aim at BlackBerry Ltd.’s core enterprise client base.
The Waterloo, Ont.-based smartphone maker’s shares were hit hard after Tuesday’s announcement as investors considered the potential threat to BlackBerry.

Tuesday, July 15, 2014

US says global reach needed to gut "fraudsters," "hackers," and "drugsters "

In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border.
99% BAD HARDWARE WEEK: Like Chancellor Merkel, Bundeswehr, and 99% such a targets.

Saturday, July 12, 2014

Windows Server 2003 still lacks critical security features !!

Windows Server 2003 lacks critical security features and is near the end of it's extended support lifecycle
99% BAD HARDWARE WEEK: Great ! But who says ? Check here.

However, NSA now believes that for Wi ndows Server 2003, the default file and regi stry ACL s are gen erally suffici ent giv en the following assumptions: ƒ Within  Group Policy or Local Secu rity Policy, the “ Network acess : Let Everyone permissions apply to anonymous users” security option is set to be Disabled .
The Microso ft Windows Server 2003 guide’s discussion on “Securing the File System,” lists optional security permissions for executables located primarily within the %System Root%\system 32 dire ctory, stating that these permissions should be set only if the  above-mentioned option is n o t configured . However, NSA recommends setting these permissions regardless .

Friday, July 11, 2014

Microsoft's Tick Tock strategy: NSAless Windows 9s by the end of year !

"Whoever controls the operating system can control all the data on the computers using it."

A Chinese state TV broadcast laid into Microsoft and its Windows 8 operating system on Wednesday, saying the amount of personal data the system is capable of collecting, and the profile of Chinese society it would be capable of producing,
“will be more precise and up-to-date than that collected by our National Bureau of Statistics.”

According to My Digital Life, the screenshot is from Build 6.4.9788 of Windows 9 which was recently spotted in Windows Store logs. The screenshot shows a Start Button, but redesigned with influences from Windows 8’s Metro UI.
While the screenshot does have the words “Windows 8.1 Pro” on the desktop, Neowin reports that early builds of Windows 9 inside Microsoft still use this branding. This could also mean that technically speaking, Windows 9 is only an incremental update from Windows 8.1 — analogous to Windows 98 SE and Windows ME.
99% BAD HARDWARE WEEK: Sneak attack on China state competencies ? However, if you own X86 server hardware than do you do the same ? And how do you do all of you ?

Tuesday, July 08, 2014

Samsung, Intel, Dell Team Up On Standards For Connected Gadgets

 Samsung Electronics, Intel Corp and Dell have joined to establish standard ways for household gadgets like thermostats and light bulbs to talk to each other, at odds with a framework backed by Qualcomm, LG Electronics and other companies.
The new Open Interconnect Consortium, like the Qualcomm-supported AllSeen Alliance, aims to establish how smart devices work together in a trend increasingly called the Internet of Things.

Sunday, July 06, 2014

Nine out of 10 users in NSA-intercepted conversations are not original targets

The Washington Post revealed the stunningly high percentage of innocent web crawlers snared in the National Security Administration’s web after a four-month examination of documents turned over by ex-agency contractor Edward Snowden.
In its story, The Post said it had reviewed 160,000 emails and IM conversations, along with 7,900 documents lifted from 11,000 online accounts.
All the documents were provided to the paper by Snowden, and they illustrated how the NSA ensnared unwitting targets and non-targets during the course of daily business.
One analyst described a day’s work: “1 target, 38 others on there.”

Saturday, July 05, 2014

Servers in Berlin and Nuremberg - are under surveillance by the NSA

99% BAD HARDWARE WEEK: Who is behind and how is here.

This page is powered by Blogger. Isn't yours?