Thursday, July 31, 2014
BadUSB Code
The humble USB stick - developed joined by Israel's M-Systems and IBM
at the turn of the century - has been shown to be subject to firmware
abuse by Karsten Nohl, the chief scientist with Berlin's SR Labs, who
says that hackers can easily load malicious software onto the control
chips seen on modern low-cost sticks.
Originally known as a DiskOnKey, the Universal Serial Bus (USB) stick has evolved considerably over the years, mainly with the addition of on-device chipsets to speed up the rate at which data can written to, and read from, the flash member held on the unit.
With the assistance of fellow researcher Jakob Lell, Nohl claims to have reverse-engineered the firmware that controls the basic communication functions of the USB stick.
Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
___________________________
99% BAD HARDWARE WEEK: If you have access to national security don't use USB. Is the vulnerability only rectricted to USB or to any Plug and Play device ? If so, we shall soon have the whole line of BAd TM products: BAd malware SSD, BAD Phones, BAD Wireless mouse. Evil TM Printer and so on !
Originally known as a DiskOnKey, the Universal Serial Bus (USB) stick has evolved considerably over the years, mainly with the addition of on-device chipsets to speed up the rate at which data can written to, and read from, the flash member held on the unit.
With the assistance of fellow researcher Jakob Lell, Nohl claims to have reverse-engineered the firmware that controls the basic communication functions of the USB stick.
Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
___________________________
99% BAD HARDWARE WEEK: If you have access to national security don't use USB. Is the vulnerability only rectricted to USB or to any Plug and Play device ? If so, we shall soon have the whole line of BAd TM products: BAd malware SSD, BAD Phones, BAD Wireless mouse. Evil TM Printer and so on !
Wednesday, July 30, 2014
Dr. Strangelove or: How I Learned to Stop Worrying and Love the IoT Bomb
Dr. Strangelove classic or: How I Learned to Stop Worrying and Love the Bomb ends with annihilation of 99.999% of the world’s population.
Security was also a hot topic at the roundtable, with Intel arguing that IoT needs its own security model in order to protect data.
___________________________
99% BAD HARDWARE WEEK:
Sunday, July 27, 2014
Cheering robots replace real fans at Korean baseball !
What about robot cheerleaders ? Probably in motivation phase 2.
___________________________
99% BAD HARDWARE WEEK: Here is the final killer app:
Users can upload their own face to the robot so it can be seen at the stadium !
Thursday, July 24, 2014
Oracle releases unbreakable ? Linux kernel
ORACLE HAS ANNOUNCED the release of its Linux distribution Oracle Linux 7.Oracle Linux 7 is the latest release of the company's version of its
enterprise grade Linux flavour that is a fork of Red Hat Enterprise
Linux.
___________________________
99% BAD HARDWARE WEEK:
___________________________
99% BAD HARDWARE WEEK:
Windows is security disaster !
"The Microsoft Windows Kernel Mode Cryptographic Primitives Library -- Cryptography Next Generation (CNG) -- is a general purpose, software-based, cryptographic module which provides FIPS 140-2 Level 1 cryptography."
FIPS 140-2 Level 1 the lowest, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent.
Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry Cryptography Next Generation Cryptographic Implementations Version 6.3.9600
___________________________
99% BAD HARDWARE WEEK: Windows storage server is thus the lovest level of security, unable even for physical tamper-evidence and role-based authentication.
I Know Where Your Cat Lives – even kitties aren't safe
In a world of spying, surveillance leaks and advanced analytics tracking our every move, a new website is tracking the locations of a million cats.
___________________________
99% BAD HARDWARE WEEK: Don't try to use them for your plans. We watch you !
An Open Letter from Researchers in Cryptography and Information Security
The choice is not whether to allow the NSA to spy. The choice is between a
communications infrastructure that is vulnerable to attack at its core and one
that, by default, is intrinsically secure for its users. Every country,
including our own, must give intelligence and law-enforcement authorities the
means to pursue terrorists and criminals, but we can do so without
fundamentally undermining the security that enables commerce, entertainment,
personal communication, and other aspects of 21st-century life. We
urge the US government to reject society-wide surveillance and the subversion
of security technology, to adopt state-of-the-art, privacy-preserving
technology, and to ensure that new policies, guided by enunciated principles,
support human rights, trustworthy commerce, and technical innovation.
___________________________
99% BAD HARDWARE WEEK:
___________________________
99% BAD HARDWARE WEEK:
PSEUDO-SECURITY: NSA infiltrated RSA security more deeply than thought
The academic researchers said it took about an hour to crack a free version of BSafe for Java using about $40,000 worth
of computer equipment. It would have been 65,000 times faster in
versions using Extended Random, dropping the time needed to seconds,
according to Stephen Checkoway of Johns Hopkins.
99% BAD HARDWARE WEEK: recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications.
The use of pseudo-random processes
to generate secret quantities can result in pseudo-
security. A sophisticated attacker may find it easier to reproduce
the environment that produced the secret quantities and to search the
resulting small set of possibilities than to locate the quantities in
the whole of the potential number space.
Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult.
99% BAD HARDWARE WEEK: recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications.
Wednesday, July 23, 2014
1989: Why WAIS will Change the World ?
Tuesday, July 22, 2014
Moore is dead !. No more free transistors
“16nm/14nm is essentially a 20nm metal stack with a better, but more costly transistor,” says Mentor’s Sawicki. This is backed up by a forecast from the Linley Group, which shows the number of transistors that can be bought per dollar at each node likely has peaked.
“The focus will be on system integration using 2D and 3D technologies instead of just scaling transistors,”
___________________________
99% BAD HARDWARE WEEK: From the next year your dollar will buy less transistors !
3D
Stacked Die Are Coming Soon.
Wang said that for a 100mm² die, yield drops from 500 good chips per wafer at 28nm to 419 at 7nm. For a large, complex 400mm² die, the yield drops from 63 to 31.
In contrast, yields are significantly higher using smaller die packaged together compared with one highly integrated large die.
___________________________
99% BAD HARDWARE WEEK:
Wang said that for a 100mm² die, yield drops from 500 good chips per wafer at 28nm to 419 at 7nm. For a large, complex 400mm² die, the yield drops from 63 to 31.
In contrast, yields are significantly higher using smaller die packaged together compared with one highly integrated large die.
___________________________
99% BAD HARDWARE WEEK:
Will 450mm ever happen ?
The memory players are saying: ‘We don’t want to go 450mm. We’ll never
go 450mm,’ “ said Dave Hemker, senior vice president and chief
technology officer at Lam Research.
It’s no surprise that Nikon is moving full speed ahead with 450mm. The company’s largest customer is Intel, one of the proponents of 450mm technology.
And, as happens with all high-stakes gambles—particularly in the wake of EUV’s perpetual delays—there are bets being placed that 450mm will never happen.
___________________________
99% BAD HARDWARE WEEK:
It’s no surprise that Nikon is moving full speed ahead with 450mm. The company’s largest customer is Intel, one of the proponents of 450mm technology.
And, as happens with all high-stakes gambles—particularly in the wake of EUV’s perpetual delays—there are bets being placed that 450mm will never happen.
___________________________
99% BAD HARDWARE WEEK:
Thursday, July 17, 2014
Microsoft's cut 18 000 without paste
Microsoft is set to cut more than 6,000 jobs in an announcement expected early Thursday, according to sources familiar with the matter, as it trims its newly acquired Nokia phone business and reshapes itself as a cloud-computing and mobile-friendly software company.99% BAD HARDWARE WEEK: Microsoft on Thursday said it plans to eliminate up to 18,000 jobs, or 14% of its work force, in a bid to streamline the company following the acquisition of Nokia’s devices and services business.
Apple + IBM = ?
Apple Inc. and International Business Machines Corp. are teaming up to provide business apps for the iPhone and iPad, taking aim at BlackBerry Ltd.’s core enterprise client base.
The Waterloo, Ont.-based smartphone maker’s shares were hit hard after Tuesday’s announcement as investors considered the potential threat to BlackBerry.
___________________________
99% BAD HARDWARE WEEK:
Tuesday, July 15, 2014
US says global reach needed to gut "fraudsters," "hackers," and "drugsters "
In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border.
___________________________
99% BAD HARDWARE WEEK: Like Chancellor Merkel, Bundeswehr, and 99% such a targets.
Saturday, July 12, 2014
Windows Server 2003 still lacks critical security features !!
Windows Server 2003 lacks critical security features and is near the end of it's extended support lifecycle
___________________________
99% BAD HARDWARE WEEK: Great ! But who says ? Check here.
However, NSA now believes that for Wi ndows Server 2003, the default file and regi stry ACL s are gen erally suffici ent giv en the following assumptions: Within Group Policy or Local Secu rity Policy, the “ Network acess : Let Everyone permissions apply to anonymous users” security option is set to be Disabled .
The Microso ft Windows Server 2003 guide’s discussion on “Securing the File System,” lists optional security permissions for executables located primarily within the %System Root%\system 32 dire ctory, stating that these permissions should be set only if the above-mentioned option is n o t configured . However, NSA recommends setting these permissions regardless .
Friday, July 11, 2014
Microsoft's Tick Tock strategy: NSAless Windows 9s by the end of year !
"Whoever controls the operating system can control all the data on the computers using it."
A Chinese state TV broadcast laid into Microsoft and its Windows 8 operating system on Wednesday, saying the amount of personal data the system is capable of collecting, and the profile of Chinese society it would be capable of producing,
“will be more precise and up-to-date than that collected by our National Bureau of Statistics.”
According to My Digital Life, the screenshot is from Build 6.4.9788 of Windows 9 which was recently spotted in Windows Store logs. The screenshot shows a Start Button, but redesigned with influences from Windows 8’s Metro UI.
While the screenshot does have the words “Windows 8.1 Pro” on the desktop, Neowin reports that early builds of Windows 9 inside Microsoft still use this branding. This could also mean that technically speaking, Windows 9 is only an incremental update from Windows 8.1 — analogous to Windows 98 SE and Windows ME.
___________________________
99% BAD HARDWARE WEEK: Sneak attack on China state competencies ? However, if you own X86 server hardware than do you do the same ? And how do you do all of you ?
Tuesday, July 08, 2014
Samsung, Intel, Dell Team Up On Standards For Connected Gadgets
Samsung Electronics, Intel Corp and Dell have joined to establish standard ways for household gadgets like thermostats and light bulbs to
talk to each other, at odds with a framework backed by Qualcomm, LG
Electronics and other companies.
The new Open Interconnect Consortium, like the Qualcomm-supported AllSeen Alliance, aims to establish how smart devices work together in a trend increasingly called the Internet of Things.
___________________________
99% BAD HARDWARE WEEK:
The new Open Interconnect Consortium, like the Qualcomm-supported AllSeen Alliance, aims to establish how smart devices work together in a trend increasingly called the Internet of Things.
___________________________
99% BAD HARDWARE WEEK:
Sunday, July 06, 2014
Nine out of 10 users in NSA-intercepted conversations are not original targets
The Washington Post revealed the stunningly high percentage of innocent web crawlers snared in the National Security Administration’s web after a four-month examination of documents turned over by ex-agency contractor Edward Snowden.
In its story, The Post said it had reviewed 160,000 emails and IM conversations, along with 7,900 documents lifted from 11,000 online accounts.
All the documents were provided to the paper by Snowden, and they illustrated how the NSA ensnared unwitting targets and non-targets during the course of daily business.
___________________________
99% BAD HARDWARE WEEK:
One analyst described a day’s work: “1 target, 38 others on there.”
Saturday, July 05, 2014
Servers in Berlin and Nuremberg - are under surveillance by the NSA
- Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA.
- Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.
- Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.
- The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
// START_DEFINITION /* Global Variable for Tor foreign directory servers. Searching for potential Tor clients connecting to the Tor foreign directory servers on ports 80 and 443. */ $tor_foreign_directory_ip = ip('193.23.244.244' or '194.109.206.212' or '86.59.21.38' or '213.115.239.118' or '212.112.245.170') and port ('80' or '443'); // END_DEFINITION
99% BAD HARDWARE WEEK: Who is behind and how is here.