mersenneforum.org  

Go Back   mersenneforum.org > Math Stuff > Tales From the Crypt(o)

Reply
 
Thread Tools
Old 2022-01-21, 08:33   #287
paulunderwood
 
paulunderwood's Avatar
 
Sep 2002
Database er0rr

4,211 Posts
Default

Should the $2 trillion company Apple be allowed to sell AirTags in the light that they can be used to stalk and ultimately rape women?
paulunderwood is online now   Reply With Quote
Old 2022-01-27, 23:27   #288
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

112×97 Posts
Default

Quote:
Originally Posted by kriesel View Post
Wired article on the 2011 RSA network penetration, now that the 10-year nondisclosure period has expired https://www.wired.com/story/the-full...nally-be-told/
Late to reading this post - so, long story short, the data security experts who set up RSA's key-distribution infrastructure don't understand the concept of "air gap" (bolds mine):
Quote:
RSA executives told me that the part of their network responsible for manufacturing the SecurID hardware tokens was protected by an “air gap”—a total disconnection of computers from any machine that touches the internet. But in fact, Leetham says, one server on RSA’s internet-connected network was linked, through a firewall that allowed no other connections, to the seed warehouse on the manufacturing side. Every 15 minutes, that server would pull off a certain number of seeds so that they could be encrypted, written to a CD, and given to SecurID customers. That link was necessary; it allowed RSA’s business side to help customers set up their own server that could then check users’ six-digit code when it was typed into a login prompt. Even after the CD was shipped to a client, those seeds remained on the seed warehouse server as a backup if the customer’s SecurID server or its setup CD were somehow corrupted.
I love the "through a firewall that allowed no other connections" woo-woo, which seems to be implying "OK, not air-gapped, but just allowed to connect to one outside server, and via a *firewall*, so still pretty gosh-darn secure." And said connection was set up to offload chunks of data every 15 minutes to be written to CD and mailed to SecureID customers, but was not even monitored to spot unusual network traffic.
ewmayer is offline   Reply With Quote
Old 2022-01-28, 00:20   #289
kriesel
 
kriesel's Avatar
 
"TF79LL86GIMPS96gpu17"
Mar 2017
US midwest

2×5×659 Posts
Default

Also:
Code:
The building was swept for bugs. Multiple executives insisted that they  did find hidden listening devices—though some were so old that their  batteries were dead
RSA was redundantly compromised.
kriesel is offline   Reply With Quote
Old 2022-02-15, 07:02   #290
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

23×283 Posts
Default Hope it works out for you Cambodia

https://www.theregister.com/2022/02/...ernet_gateway/
Quote:
As The Register reported when the Gateway was announced in January 2021, Cambodia's regime will require all internet service providers and carriers to route their traffic through the Gateway. Revocation of operating licences or frozen bank accounts are among penalties for non-compliance.

All incoming traffic to Cambodia will also be required to pass through the Gateway and be subject to censorship.

Human Rights Watch's analysis of the Gateway suggests it will "allow the government to monitor all internet activities and grant the authorities broad powers to block and disconnect internet connections."
Quote:
Originally Posted by https://forums.theregister.com/forum/all/2022/02/14/cambodia_national_internet_gateway/#c_4414697
It is my opinion that the truth can survive the harshest attacks thrown against it whereas the lie needs a strong fortress of censorship and propaganda to protect it.
retina is online now   Reply With Quote
Old 2022-02-15, 14:35   #291
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

10110110010012 Posts
Default

Quote:
Originally Posted by retina View Post
Quote:
Originally Posted by https://forums.theregister.com/forum/all/2022/02/14/cambodia_national_internet_gateway/#c_4414697
It is my opinion that the truth can survive the harshest attacks thrown against it whereas the lie needs a strong fortress of censorship and propaganda to protect it.
A similar sentiment:
Quote:
Originally Posted by Poor Richard's Almanack
A lie stands on one leg, truth on two.
Dr Sardonicus is offline   Reply With Quote
Old 2022-02-15, 14:51   #292
slandrum
 
Jan 2021
California

7·61 Posts
Default

Quote:
Originally Posted by retina View Post
Quote:
Originally Posted by https://forums.theregister.com/forum...way/#c_4414697
It is my opinion that the truth can survive the harshest attacks thrown against it whereas the lie needs a strong fortress of censorship and propaganda to protect it.
I really wish this were true, but this day and age the truth seems to need its own propaganda machine to avoid being ignored or drowned out.
slandrum is offline   Reply With Quote
Old 2022-04-01, 04:05   #293
jwaltos
 
jwaltos's Avatar
 
Apr 2012
Oh oh.

24·29 Posts
Default

https://papers.ssrn.com/sol3/papers....act_id=2731160
jwaltos is offline   Reply With Quote
Old 2022-04-19, 22:16   #294
jwaltos
 
jwaltos's Avatar
 
Apr 2012
Oh oh.

24×29 Posts
Default

https://www.quantamagazine.org/crypt...ices-20220225/

I like the last two paragraphs of this article because of theological aspect of secrecy..a bit of irony.
jwaltos is offline   Reply With Quote
Old 2022-04-24, 02:52   #295
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

23·283 Posts
Default

https://contrachrome.com/

Google Chrome, which – by design – is all about you.
retina is online now   Reply With Quote
Old 2022-06-12, 05:14   #296
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

23×283 Posts
Default

https://www.priv.gc.ca/en/opc-news/n...22/nr-c_220601
Quote:
The Tim Hortons app asked for permission to access the mobile device’s geolocation functions, but misled many users to believe information would only be accessed when the app was in use. In reality, the app tracked users as long as the device was on, continually collecting their location data.

The app also used location data to infer where users lived, where they worked, and whether they were travelling. It generated an “event” every time users entered or left a Tim Hortons competitor, a major sports venue, or their home or workplace.

The investigation uncovered that Tim Hortons continued to collect vast amounts of location data for a year after shelving plans to use it for targeted advertising, even though it had no legitimate need to do so.

...

Location data is highly sensitive because it can be used to infer where people live and work, reveal trips to medical clinics. It can be used to make deductions about religious beliefs, sexual preferences, social political affiliations and more.
Install ALL the apps. Nothing can possibly go wrong.

_______________________________________________________________________________________________

And there's more:
https://arstechnica.com/information-...ltra-stealthy/
Quote:
When an administrator starts any packet capture tool on the infected machine, BPF bytecode is injected into the kernel that defines which packets should be captured,” the researchers wrote. “In this process, Symbiote adds its bytecode first so it can filter out network traffic that it doesn’t want the packet-capturing software to see.”

One of the stealth techniques Symbiote uses is known as libc function hooking. But the malware also uses hooking in its role as a data-theft tool. “The credential harvesting is performed by hooking the libc read function,” the researchers wrote. “If an ssh or scp process is calling the function, it captures the credentials.”
Use an external device to monitor your traffic. don't trust the machine to faithfully report on itself. It will lie to you.
retina is online now   Reply With Quote
Old 2022-06-22, 22:57   #297
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

23×283 Posts
Default Mega says it can’t decrypt your files. New POC exploit shows otherwise

https://arstechnica.com/information-...ows-otherwise/
Quote:
The researchers devised a proof-of-concept attack that hijacks a login session with a secret probe that comes in the form of a session ID token that has been modified from the one the client app was expecting. While the logon will fail and require the user to re-enter the password, it would be trivial for anyone controlling the Mega platform to simply accept the returned ID.

Once the process has been completed 512 times, the entity carrying out the attack—possibly a malicious insider, a nation-state that has surreptitiously hacked the platform, or Mega officials working with a secret court order—will recover the entire RSA private key, which is used to encrypt all other keys and key material.
https://nitter.net/KimDotcom/status/1539426611870986240
Quote:
Because Bram and Mathias created backdoors for the Chinese Govt so that all Mega files can be decrypted by them. Same shady guys who just made a deal with the US and NZ Govt to get out of the US extradition case by falsely accusing me. Delete your Mega account. It’s not safe.
It's in the "cloud" so it must be better. Store ALL your data there, nothing can possibly go wrong.
retina is online now   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cause this don't belong in the milestone thread bcp19 Data 30 2012-09-08 15:09
GPU TF vs DC/LL data bcp19 GPU to 72 0 2011-12-02 16:41
Opinions/Suggestions for Data Collection thread kar_bon No Prime Left Behind 19 2008-11-27 09:27
Data available? Prime95 LMH > 100M 10 2007-06-22 23:55
Deutscher Thread (german thread) TauCeti NFSNET Discussion 0 2003-12-11 22:12

All times are UTC. The time now is 11:34.


Sun Jul 3 11:34:01 UTC 2022 up 80 days, 9:35, 0 users, load averages: 1.29, 1.32, 1.33

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.

≠ ± ∓ ÷ × · − √ ‰ ⊗ ⊕ ⊖ ⊘ ⊙ ≤ ≥ ≦ ≧ ≨ ≩ ≺ ≻ ≼ ≽ ⊏ ⊐ ⊑ ⊒ ² ³ °
∠ ∟ ° ≅ ~ ‖ ⟂ ⫛
≡ ≜ ≈ ∝ ∞ ≪ ≫ ⌊⌋ ⌈⌉ ∘ ∏ ∐ ∑ ∧ ∨ ∩ ∪ ⨀ ⊕ ⊗ 𝖕 𝖖 𝖗 ⊲ ⊳
∅ ∖ ∁ ↦ ↣ ∩ ∪ ⊆ ⊂ ⊄ ⊊ ⊇ ⊃ ⊅ ⊋ ⊖ ∈ ∉ ∋ ∌ ℕ ℤ ℚ ℝ ℂ ℵ ℶ ℷ ℸ 𝓟
¬ ∨ ∧ ⊕ → ← ⇒ ⇐ ⇔ ∀ ∃ ∄ ∴ ∵ ⊤ ⊥ ⊢ ⊨ ⫤ ⊣ … ⋯ ⋮ ⋰ ⋱
∫ ∬ ∭ ∮ ∯ ∰ ∇ ∆ δ ∂ ℱ ℒ ℓ
𝛢𝛼 𝛣𝛽 𝛤𝛾 𝛥𝛿 𝛦𝜀𝜖 𝛧𝜁 𝛨𝜂 𝛩𝜃𝜗 𝛪𝜄 𝛫𝜅 𝛬𝜆 𝛭𝜇 𝛮𝜈 𝛯𝜉 𝛰𝜊 𝛱𝜋 𝛲𝜌 𝛴𝜎𝜍 𝛵𝜏 𝛶𝜐 𝛷𝜙𝜑 𝛸𝜒 𝛹𝜓 𝛺𝜔