mersenneforum.org  

Go Back   mersenneforum.org > Math Stuff > Tales From the Crypt(o)

Reply
 
Thread Tools
Old 2017-05-15, 03:25   #12
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

22·3·7·139 Posts
Default

[I link to Mish here not because he's any kind of crypto expert but because both of his posts contain nice annoted sets of links]

WannaCry Cyber Attack Hits 99 Countries, FedEx, Nissan, Hospitals, Universities with NSA Developed Malware: Five Questions. | MishTalk

Microsoft Blasts NSA, CIA for "Stockpiling Vulnerabilities" Criminal Negligence by NSA? | MishTalk

How to Accidentally Stop a Global Cyber Attacks | MalwareTech -- On why the U.S., ironically enough given NSA's role in developing the weaponized malware in question, was mostly spared.

Top NSA Whistleblower: Ransomware Hack Due to "Swindle of the Taxpayers" by Intelligence Agencies | Washington's Blog -- some choice harsh verbiage from ex-NSA-analyst "legend" William Binney.
ewmayer is offline   Reply With Quote
Old 2017-05-15, 12:29   #13
paulunderwood
 
paulunderwood's Avatar
 
Sep 2002
Database er0rr

3×5×263 Posts
Default

I wonder how much money has been "given" to M$ to date by the UK's NHS. Surely the powers that be must have known the XP is obsolete as will be later versions of Windoze OS one day. Of course, because of the bloat, hardware needs to be updated. So much for "total cost of ownership"!
paulunderwood is offline   Reply With Quote
Old 2017-09-29, 00:04   #14
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

22×3×7×139 Posts
Default

Report Exposes Flaws In Link Shorteners That Reveal Sensitive Info About Users And Track Their Offline Movements | Techdirt
ewmayer is offline   Reply With Quote
Old 2017-10-13, 22:37   #15
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

22×3×7×139 Posts
Default

With Virtual Machines, Getting Hacked Doesn’t Have to Be That Bad | The Intercept

Last fiddled with by ewmayer on 2017-10-13 at 22:38
ewmayer is offline   Reply With Quote
Old 2017-10-16, 10:25   #16
paulunderwood
 
paulunderwood's Avatar
 
Sep 2002
Database er0rr

394510 Posts
Default

https://www.theguardian.com/technolo...vernment-warns
paulunderwood is offline   Reply With Quote
Old 2017-10-16, 12:03   #17
lavalamp
 
lavalamp's Avatar
 
Oct 2007
Manchester, UK

2×3×227 Posts
Default

Quote:
Originally Posted by paulunderwood View Post
Is WPA2 entirely software based or does it have hardware requirements also? I wonder how hard this would be to patch up.

From the article it seems as though they're saying the protocol was cracked, rather than the encryption, but I'm not entirely sure.
lavalamp is offline   Reply With Quote
Old 2017-10-16, 12:24   #18
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

142368 Posts
Default

Quote:
Originally Posted by lavalamp View Post
Is WPA2 entirely software based or does it have hardware requirements also? I wonder how hard this would be to patch up.
It is software (or firmware I guess). It can be patched. But in reality it won't be patched. Most devices won't get a patch from the manufacturer. And if they did, "no one" knows how to install it anyway, or even that it needs installing, or even that there is something to install. Welcome to the world of insecure devices.
Quote:
Originally Posted by lavalamp View Post
From the article it seems as though they're saying the protocol was cracked, rather than the encryption, but I'm not entirely sure.
The key 8-digit WPS negotiation was broken many years ago. Some newer devices have workarounds for that problem. But the encryption is secure in that no one has yet broken AES (that we know of anyway).

Edit: It wasn't the key, but the "secret" device number.

Last fiddled with by retina on 2017-10-16 at 12:29
retina is online now   Reply With Quote
Old 2017-10-24, 20:58   #19
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

266348 Posts
Default

An interesting angle on the WPA2 vulnerability:

The recent catastrophic Wi-Fi vulnerability was in plain sight for 13 years behind a corporate paywall | privateinternetaccess.com
Quote:
When this week’s KRACK wi-fi vulnerabity hit, I saw a series of tweets from Emin Gür Sirer, who’s mostly tweeting on bitcoin topics but seemed to know something many didn’t about this particular Wi-Fi vulnerability: it had been in plain sight, but behind paywalls with corporate level fees, for thirteen years. That’s how long it took open source to catch up with the destructiveness of a paywall.

Apparently, WPA2 was based on IEEE standards, which are locked up behind subscription fees that are so steep that open source activists and coders are just locked out from looking at them. This, in turn, meant that this vulnerability was in plain sight for anybody who could afford to look at it…. [W]hile ordinary activists and coders were locked out of reviewing these documents, the NSA and the like had no shortage of budget to pay for subscriptions to these specifications. Thus, the IEEE’s paywall was lopsiding the security field toward mass surveillance, away from security.

Last fiddled with by ewmayer on 2017-10-24 at 21:00
ewmayer is offline   Reply With Quote
Old 2017-11-12, 02:14   #20
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

266348 Posts
Default

Why You Should NEVER Buy an Amazon Echo or Even Get Near One | naked capitalism
ewmayer is offline   Reply With Quote
Old 2017-11-12, 15:25   #21
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

141616 Posts
Default

Quote:
Originally Posted by ewmayer View Post
Fascinating. The idea of cross-referencing to identify voices -- in particular, voice commands -- occurred to me while watching the Star Trek: The Next Generation episode Brothers (8 Oct, 1990). Commander Data was able, merely by imitating Captain Picard's voice, to commandeer the Enterprise and lock everyone else out from voice command of computer. The thought immediately occurred to me: Wait a minute! Doesn't the computer know Captain Picard is somewhere else?

Now, I don't expect these voice-activated "assistants" to be as sophisticated as the Enterprise's computer, so perhaps a high-quality recording of the owner's voice could be used to cause mischief...

There's another kind of voice activated "assistant" heavily advertised of late -- remote controls, in particular Comcast TV and internet services. I don't know enough details about what you can tell the remote to do, or how good its recognition capabilities are, but the potential for running up pay-per-view or other extra charges is amusing to contemplate.
Dr Sardonicus is offline   Reply With Quote
Old 2017-11-17, 01:40   #22
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

22×3×7×139 Posts
Default

The NSA Needs to Stop Hacking | The Week
ewmayer is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cause this don't belong in the milestone thread bcp19 Data 30 2012-09-08 15:09
GPU TF vs DC/LL data bcp19 GPU to 72 0 2011-12-02 16:41
Opinions/Suggestions for Data Collection thread kar_bon No Prime Left Behind 19 2008-11-27 09:27
Data available? Prime95 LMH > 100M 10 2007-06-22 23:55
Deutscher Thread (german thread) TauCeti NFSNET Discussion 0 2003-12-11 22:12

All times are UTC. The time now is 09:45.


Tue Dec 7 09:45:21 UTC 2021 up 137 days, 4:14, 0 users, load averages: 1.92, 1.52, 1.41

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.