'All Your Data ❝Я❞ Belong To Us' Thread

[paulunderwood]

Should the $2 trillion company Apple be allowed to sell AirTags in the light that they can be used to stalk and ultimately rape women?

[ewmayer]

Quote:

Originally Posted by kriesel

Wired article on the 2011 RSA network penetration, now that the 10-year nondisclosure period has expired https://www.wired.com/story/the-full...nally-be-told/

Late to reading this post - so, long story short, the data security experts who set up RSA's key-distribution infrastructure don't understand the concept of "air gap" (bolds mine):

Quote:

RSA executives told me that the part of their network responsible for manufacturing the SecurID hardware tokens was protected by an “air gap”—a total disconnection of computers from any machine that touches the internet. But in fact, Leetham says, one server on RSA’s internet-connected network was linked, through a firewall that allowed no other connections, to the seed warehouse on the manufacturing side. Every 15 minutes, that server would pull off a certain number of seeds so that they could be encrypted, written to a CD, and given to SecurID customers. That link was necessary; it allowed RSA’s business side to help customers set up their own server that could then check users’ six-digit code when it was typed into a login prompt. Even after the CD was shipped to a client, those seeds remained on the seed warehouse server as a backup if the customer’s SecurID server or its setup CD were somehow corrupted.

I love the "through a firewall that allowed no other connections" woo-woo, which seems to be implying "OK, not air-gapped, but just allowed to connect to one outside server, and via a *firewall*, so still pretty gosh-darn secure." And said connection was set up to offload chunks of data every 15 minutes to be written to CD and mailed to SecureID customers, but was not even monitored to spot unusual network traffic.

[kriesel]

Also:

Code:

The building was swept for bugs. Multiple executives insisted that they  did find hidden listening devices—though some were so old that their  batteries were dead

RSA was redundantly compromised.

[retina]

https://www.theregister.com/2022/02/...ernet_gateway/

Quote:

As The Register reported when the Gateway was announced in January 2021, Cambodia's regime will require all internet service providers and carriers to route their traffic through the Gateway. Revocation of operating licences or frozen bank accounts are among penalties for non-compliance.

All incoming traffic to Cambodia will also be required to pass through the Gateway and be subject to censorship.

Human Rights Watch's analysis of the Gateway suggests it will "allow the government to monitor all internet activities and grant the authorities broad powers to block and disconnect internet connections."

Quote:

Originally Posted by https://forums.theregister.com/forum/all/2022/02/14/cambodia_national_internet_gateway/#c_4414697

It is my opinion that the truth can survive the harshest attacks thrown against it whereas the lie needs a strong fortress of censorship and propaganda to protect it.

[Dr Sardonicus]

Quote:

Originally Posted by retina

Quote:

A similar sentiment:

Quote:

Originally Posted by Poor Richard's Almanack

A lie stands on one leg, truth on two.

[slandrum]

Quote:

Originally Posted by retina

Quote:

I really wish this were true, but this day and age the truth seems to need its own propaganda machine to avoid being ignored or drowned out.

https://papers.ssrn.com/sol3/papers....act_id=2731160

https://www.quantamagazine.org/crypt...ices-20220225/

I like the last two paragraphs of this article because of theological aspect of secrecy..a bit of irony.

[retina]

https://contrachrome.com/

Google Chrome, which – by design – is all about you.

[retina]

https://www.priv.gc.ca/en/opc-news/n...22/nr-c_220601

Quote:

The Tim Hortons app asked for permission to access the mobile device’s geolocation functions, but misled many users to believe information would only be accessed when the app was in use. In reality, the app tracked users as long as the device was on, continually collecting their location data.

The app also used location data to infer where users lived, where they worked, and whether they were travelling. It generated an “event” every time users entered or left a Tim Hortons competitor, a major sports venue, or their home or workplace.

The investigation uncovered that Tim Hortons continued to collect vast amounts of location data for a year after shelving plans to use it for targeted advertising, even though it had no legitimate need to do so.

...

Location data is highly sensitive because it can be used to infer where people live and work, reveal trips to medical clinics. It can be used to make deductions about religious beliefs, sexual preferences, social political affiliations and more.

Install ALL the apps. Nothing can possibly go wrong.

_______________________________________________________________________________________________

And there's more:
https://arstechnica.com/information-...ltra-stealthy/

Quote:

When an administrator starts any packet capture tool on the infected machine, BPF bytecode is injected into the kernel that defines which packets should be captured,” the researchers wrote. “In this process, Symbiote adds its bytecode first so it can filter out network traffic that it doesn’t want the packet-capturing software to see.”

One of the stealth techniques Symbiote uses is known as libc function hooking. But the malware also uses hooking in its role as a data-theft tool. “The credential harvesting is performed by hooking the libc read function,” the researchers wrote. “If an ssh or scp process is calling the function, it captures the credentials.”

Use an external device to monitor your traffic. don't trust the machine to faithfully report on itself. It will lie to you.

[retina]

https://arstechnica.com/information-...ows-otherwise/

Quote:

The researchers devised a proof-of-concept attack that hijacks a login session with a secret probe that comes in the form of a session ID token that has been modified from the one the client app was expecting. While the logon will fail and require the user to re-enter the password, it would be trivial for anyone controlling the Mega platform to simply accept the returned ID.

Once the process has been completed 512 times, the entity carrying out the attack—possibly a malicious insider, a nation-state that has surreptitiously hacked the platform, or Mega officials working with a secret court order—will recover the entire RSA private key, which is used to encrypt all other keys and key material.

https://nitter.net/KimDotcom/status/1539426611870986240

Quote:

Because Bram and Mathias created backdoors for the Chinese Govt so that all Mega files can be decrypted by them. Same shady guys who just made a deal with the US and NZ Govt to get out of the US extradition case by falsely accusing me. Delete your Mega account. It’s not safe.

It's in the "cloud" so it must be better. Store ALL your data there, nothing can possibly go wrong.