wildcard

Cyber-security 101 Information thread

360 posts in this topic

Spambot leaks more than 700m email addresses in massive data breach

Alex Hern      Aug. 30, 2017

"Millions of passwords also contained in breach, a result of spammers collecting information in attempt to break in to users’ email accounts.

More than 700m email addresses, as well as a number of passwords, have leaked publicly thanks to a misconfigured spambot, in one of the largest data breaches ever.

The number of real humans’ contact details contained in the dump is likely to be lower, however, due to the number of fake, malformed and repeated email addresses contained in the dataset, according to data breach experts.

Troy Hunt, an Australian computer security expert who runs the Have I Been Pwned site, which notifies subscribers when their data ends up in breaches, wrote in a blog post: “The one I’m writing about today is 711m records, which makes it the largest single set of data I’ve ever loaded into HIBP. Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe.”

It contains almost twice the records, once sanitised, than those contained in the River City Media breach from March, previously the largest breach from a spammer."   

[ Spam email operator's faulty backup leaks 1.37bn addresses  ]

[  https://www.theguardian.com/technology/2017/mar/06/email-addresses-spam-leak-river-city-media  ]

snip

https://www.theguardian.com/technology/2017/aug/30/spambot-leaks-700m-email-addresses-huge-data-breach-passwords

3 people like this

Share this post


Link to post
Share on other sites

FDA Recalls Nearly One Half Million Pacemakers Over Hacking Fears

Swati Khandelwal   Aug. 31, 2017

"Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking.
The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to run the batteries down or even modify the patient's heartbeat, potentially putting half a million patients lives at risk.
A pacemaker is a small electrical battery-operated device that's surgically implanted in the chest of patients to help control their heartbeats. The device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate.

Six types of pacemakers, all manufactured by health-tech firm Abbott (formerly of St. Jude Medical) are affected by the recall, which includes the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure.
All the affected models are radio-frequency enabled cardiac devices—typically fitted to patients with irregular heartbeats and patients recovering from heart failure—and were manufactured before August 28th.
In May, researchers from security firm White Scope also analysed seven pacemaker products from four different vendors and discovered that pacemaker programmers could intercept the device using "commercially available" equipment that cost between $15 to $3,000."

snip

https://thehackernews.com/2017/08/pacemakers-hacking.html

BUT, The FDA was aware of this 4 years ago, so why wait until now to bring it up?  Ever hear of Hacker Barnaby Jack? A hacker born in New Zealand, who was scheduled to demonstrate how a pacemaker could be hacked from 30 ft away, and kill the person, back in 2013.  He never gave that demonstration because he died all of a sudden from a massive drug overdose, one week before he was due to demo what he knew.     https://en.wikipedia.org/wiki/Barnaby_Jack

Perhaps 5G couldn't affect these particular pacemakers, so all of a sudden you will need an update to be vulnerable once again? Something about all this simply stinks to high heaven.  Not so sure I'd do the upgrade.

3 people like this

Share this post


Link to post
Share on other sites

Or with the new 5G coming online they are scared that the old pacemakers will be affected by 5G and half a million people will drop dead, which will give cause to reconsider 5G and that's not what they want?  Don't know what's going on lately Breezy, it's a very weird world at the moment and seems to be getting worse by the day.  Never mind, onward and upward.

4 people like this

Share this post


Link to post
Share on other sites

@jessica now that's a really good thought! Anytime "they" do something, seemingly with other's welfare in mind, you can bet it is for their benefit,  not anyone else's.

3 people like this

Share this post


Link to post
Share on other sites

Equifax Says Cyberattack May Have Hit 143 Million Customers

Sept. 7, 2017       Brian Womack

Breach exposed Social Security and credit card numbers
‘Clearly a disappointing event for our company,’ CEO says

 

"Equifax Inc. said its systems were struck by a cyberattack that may have affected about 143 million U.S. customers of the credit reporting agency, shedding light on one of the largest and most intrusive breaches in history.

Intruders accessed names, Social Security numbers, birth dates, addresses and driver’s license numbers, Equifax said in a statement. Credit card numbers for about 209,000 consumers were also accessed, the company said. Equifax shares dropped more than 8 percent in after-hours trading.

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes," Chief Executive Officer Richard Smith said."

snip

https://www.bloomberg.com/news/articles/2017-09-07/equifax-says-cyber-intrusion-affected-143-million-customers

2 people like this

Share this post


Link to post
Share on other sites

WIRELESS ‘BLUEBORNE’ ATTACKS TARGET BILLIONS OF BLUETOOTH DEVICES

Sept. 12, 2017      Tom Spring  Update

"Researchers disclosed a bevy of Bluetooth vulnerabilities Tuesday that threaten billions of devices from Android and Apple smartphones to millions of printers, smart TVs and IoT devices that use the short-range wireless protocol.

Worse, according to researchers at IoT security firm Armis that found the attack vector, the so-called “BlueBorne” attacks can jump from one nearby Bluetooth device to another wirelessly. It estimates that there are 5.3 billion devices at risk.

“If exploited, the vulnerabilities could enable an attacker to take over devices, spread malware, or establish a ‘man-in-the-middle’ to gain access to critical data and networks without user interaction,” according to the company. “The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode… since the Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device.”

snip

https://threatpost.com/wireless-blueborne-attacks-target-billions-of-bluetooth-devices/127921/

The more IoT there is, the more this will happen.

 

 

 

3 people like this

Share this post


Link to post
Share on other sites

A good listen to nanogirls observations of what could well be our need to install our own fire wall to prevent our memories being taken out of our minds by the AI 20 min in is really interesting observations

 

 

2 people like this

Share this post


Link to post
Share on other sites

Piriform Hacked, CCleaner August Versions (v5.33.6162) Injected, Compromised

Sept. 18, 2017    

"In another large-scale attack that's bound to increase users' awareness on their systems' security, news have broken out that Piriform, creators of the popular CCleaner software tool (estimated to be instaled in some 130 million devices), have suffered a hack on their servers that compromised some installer packages of the software. Piriform, which was purchased by popular security software company Avast last July, was hacked last August, and the changes to the installer packages could potentially allow hackers to control the devices of more than two million users, the company and independent researchers said on Monday."

snip

https://www.techpowerup.com/237111/piriform-hacked-ccleaner-august-versions-v5-33-6162-injected-compromised

2 people like this

Share this post


Link to post
Share on other sites

CCleaner malware outbreak is much worse than it first appeared

Sept. 21, 2017     Dan Goodin

Microsoft, Cisco, and VMWare among those targeted with additional mystery payload.

"The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence. That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload.

 

Previously, researchers found no evidence that any of the computers infected by the booby-trapped version of the widely used CCleaner utility had received a second-stage payload the backdoor was capable of delivering. The new evidence—culled from data left on a command-and-control server during the last four days attackers operated it—shows otherwise. Of 700,000 infected PCs, 20 of them, belonging to highly targeted companies, received the second stage, according to an analysis published Wednesday by Cisco Systems' Talos Group.
Because the CCleaner backdoor was active for 31 days, the total number of infected computers is "likely at least in the order of hundreds," researchers from Avast, the antivirus company that acquired CCleaner in July, said in their own analysis published Thursday.

From September 12 to September 16, the highly advanced second stage was reserved for computers inside 20 companies or Web properties, including Cisco, Microsoft, Gmail, VMware, Akamai, Sony, and Samsung. The 20 computers that installed the payload were from eight of those targeted organizations, Avast said, without identifying which ones. Again, because the data covers only a small fraction of the time the backdoor was active, both Avast and Talos believe the true number of targets and victims was much bigger.

More fileless malware"

snip

https://arstechnica.com/information-technology/2017/09/ccleaner-malware-outbreak-is-much-worse-than-it-first-appeared/

2 people like this

Share this post


Link to post
Share on other sites

Electronically Targeted? A solution:

An Option from RichieFromBoston Youtube channel owner

 

Thank you, RichieFromBoston!

https://virtualshield.com/go/richie/

Err.....I am not sure whether this is good or not at all. JFYI.

However, I hear Richie has been stuffed around by electronic harassment while trying to post his stuff...about Child Sex Trafficking rings.

The reference with Pedo-Gate and big names of the world politics and corporate names certainly gets him targeted.

The thing is, this guy really goes into dodgy places, risking himself physically. I feel he is an earnest investigator....but that's just my opinion. Pls go watch his other stuff, too. SRA related stuff are closely included, so brace yourselves upon watching, please. 

His hard effort trying to save people are backed by lots people.

The insider-helpers are risking themselves to the max by helping Richie, and we heard (I think it was back in June 2017??) that one of his informer-helper in the US alphabet (international one) group got suddenly killed. Gone for a walk....never came back, apparently.

From those things, I tend to zoom into what Richie offers.

The thing is....look, no matter what, he clearly stated in the below vid that this is a promo, and giving out a promo discount for the new clients to the VirtualShield.com, whoever want to use the same service to cloak your ID etc, due to receiving crappy e-harassment from someone, somehow, as Richie does.

 

I'm not promoting the Virtualshield.com peeps. I had never used them either.

So this is a general suggestion to everyone at CHANI, that here's a food for a thought.

Pls do your own digging about the VS yourselves, and then decide what you want to do with this discounted offer.(・ω・)ノ

 

4 people like this

Share this post


Link to post
Share on other sites

Equifax Underestimated by 2.5 Million the Number of Potential Breach Victims

Robert Hackett             Oct. 2, 2017

snip  video

 

"Equifax has revised its estimate for the number of people potentially affected by its recent massive data breach to a total of 145.5 million people, 2.5 million more than it initially reported.

One of three main credit reporting agencies in the U.S. next to Experian and TransUnion, Equifax (EFX, +0.90%) stores a trove of highly sensitive personal and financial details about consumers. From mid-May through July, an as yet unidentified hacker group gained access to a large swathe of this data—including names, birthdates, street addresses, credit card numbers, and Social Security numbers—the company disclosed last month.

Equifax released the new estimate on Monday, a day after Mandiant, the computer forensics division of the cybersecurity firm FireEye (FEYE, +2.00%) that Equifax hired, completed its full review of the damage. Despite the higher figure, Equifax said that Mandiant “did not identify any evidence of additional or new attacker activity or any access to new databases or tables.”

Equifax said Mandiant also found no evidence of unauthorized activity on databases located outside of the United States."

snip

http://fortune.com/2017/10/02/equifax-credit-breach-total/

 

SO, UH, THAT BILLION-ACCOUNT YAHOO BREACH WAS ACTUALLY 3 BILLION

Lily Hay Newman    Oct. 3, 2017

"WHEN YAHOO DISCLOSED in December that a billion (yes, billion) of its users' accounts had been compromised in an August 2013 breach, it came as a staggering revelation. Now, 10 months later, the company would like to make a correction: That incident actually exposed three billion accounts—every Yahoo account that existed at the time.

On the one hand, this new information doesn't really change things in a practical sense, because the initial billion account estimate was already enormous—you could safely assume you were impacted—and Yahoo took protective steps for all users in December, like resetting passwords and unencrypted security questions. On the other hand, three billion accounts.

"They are as big as it gets," says Jeremiah Grossman, who worked as an information security officer at Yahoo for two years in the early 2000s and is now the chief of security strategy at SentinelOne. "Maybe Google or maybe Facebook, but the next mega-breach is not going to be orders of magnitude bigger.""

snip

https://www.wired.com/story/yahoo-breach-three-billion-accounts/

2 people like this

Share this post


Link to post
Share on other sites

'Bad Rabbit' ransomware strikes Ukraine and Russia

Oct. 24, 2017

"A new strain of ransomware nicknamed "Bad Rabbit" has been found spreading in Russia, Ukraine and elsewhere.
The malware has affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city, Kiev.
The cyber-police chief in Ukraine confirmed to the Reuters news agency that Bad Rabbit was the ransomware in question.
It bears similarities to the WannaCry and Petya outbreaks earlier this year.
However, it is not yet known how far this new malware will be able to spread.
"In some of the companies, the work has been completely paralysed - servers and workstations are encrypted," head of Russian cyber-security firm Group-IB, Ilya Sachkov, told the TASS news agency.
Two of the affected sites are Interfax and Fontanka.ru.
Meanwhile, US officials said they had "received multiple reports of Bad Rabbit ransomware infections in many countries around the world".
The US computer emergency readiness team said it "discourages individuals and organisations from paying the ransom, as this does not guarantee that access will be restored"."

snip

One security firm, Eset, has said that the malware was distributed via a bogus Adobe Flash update.
Researcher Kevin Beaumont has posted a screenshot that shows Bad Rabbit creating tasks in Windows named after the dragons Drogon and Rhaegal in TV series Game of Thrones.
The outbreak bears similarities to the WannaCry and Petya ransomware outbreaks that spread around the world causing widespread disruption earlier this year."

http://www.bbc.com/news/technology-41740768

1 person likes this

Share this post


Link to post
Share on other sites

Uber Paid Hackers to Delete Stolen Data on 57 Million People

Nov. 21, 2017     Eric Newcomer

snip   video at link

"Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said."

snip

https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data

3 people like this

Share this post


Link to post
Share on other sites

Computer chip flaw may affect billions of devices, fix could sap performance

Jan. 4, 2018

"Information stored on every desktop computer, smartphone and cloud server since 1995 could be accessed by hackers if two hardware bugs are exploited, a new report has warned.

On Wednesday, security researchers at Google Project Zero disclosed technical details on two security flaws that allow hackers to engage in unauthorized reads of a computer’s memory data, which may contain sensitive information such as passwords.

The researchers discovered that the vulnerabilities affect many CPUs, including those from Intel, Advanced Micro Devices (AMD) and ARM Holdings, as well as the devices and operating systems running on it.

The first method of attack, known as Spectre, can be exploited by hackers to dissolve the barrier that separates different applications and trick otherwise error-free applications into leaking information stored on their memory.

Last year, researchers demonstrated how hackers could utilize “speculative execution” – a technique used by most modern processors to optimize performance – to gain access to sensitive information.

In order to improve speeds, modern processors execute certain functions speculatively, or before it is known whether they are needed. The technique prevents the delay that would come from executing the functions after they are requested.

Jann Horn, a lead researcher for Project Zero who first reported both vulnerabilities, discovered that attackers can take advantage of this technique in order to read information on the system’s memory that should be inaccessible.

In the original report, researchers said the vulnerability affects “billions of devices” that use microprocessors from Intel, AMD, and ARM

The second flaw, known as Meltdown, allows hackers to “melt” security boundaries between user applications and the operating system normally enforced by hardware. Hackers can exploit the vulnerability to gain access to the memory of other programs and the operating system, which could include passwords and other sensitive data."

snip

https://www.rt.com/usa/414955-intel-processors-meltdown-spectre/

 

 

6 people like this

Share this post


Link to post
Share on other sites

Security flaw my ass. Sounds more like an engineered backdoor to me.  This whole thing reeks of NSA. 

6 people like this

Share this post


Link to post
Share on other sites

Jim Stone. More on the Intel processor debacle on site…
—————
http://82.221.129.208/.zj4.html

January 22/23 2018

A reader told me to set up a Gofundme for this site. ANSWER: I can’t set up a gofundme because the site is auto banned there.

After this latest processor debacle, I backed up to using a 10 year old AMD laptop to do this web site. It works GREAT with Knoppix, I am not having any performance issues at all, not even with graphics creation. I never got any dirt on AMD but am being careful anyway.

I am going to quickly go over the real reason Intel is having problems (again) for those who do not know.
I have mentioned how Intel intentionally put back doors into all their processors for the NSA numerous times over the last 7 years. Problem: Someone inside the NSA did a job 500X worse than Snowden, and released all the hackware that exploits these back doors to the general public 8 months ago. I did a short report on it and left it at that. The media stayed predominantly silent because it was not any sort of snowden game, it was real damage. All the world’s hackers have these tools now, and the “wrong people” are now getting hacked.

So a huge stupid reason that blamed all processors for the “problem” was made up and a dream story about some idiot reading “thousands of pages of Intel processor manuals” and finding the bug was made up. But I knew that was a lie (intrinsically simply knew) because I knew about the prior enormous breach at the NSA and know how much American intelligence lies and back stabs. They’ll drag AMD and ARM into this just to cover up a pet project they had going with Intel. I was waiting for this to happen, because it had to.

Low and behold, through a screwed up press release, they admitted that the problem was not how the processors write to memory, WHEN THEY STATED THE FIX MADE CHANGES TO THE BIOS THAT WAS NOW CAUSING ENORMOUS PROBLEMS WITH INTEL PROCESSORS THAT RECEIVE THE PATCH. if it was a memory caching issue, that would be handled by a patch to operating systems (as the original lie stated), NOT THE BIOS (which the “fix” actually ended up being for.) By modifying the bios they can instruct parts of the computer to not work, (thereby “fixing” the problem,) but the holes in the system are so huge that the processors can’t properly cope with closing them.

As it is beginning to turn out, the problem is not fixable, and any server, desktop or laptop anywhere can be raped on a whim. It will never be possible for me to secure the message window, Ebay can’t secure their stuff, NOTHING can be secured and the world is now at the mercy of not only the intelligence agencies, but now also random hackers. The following report explains how, and what the real solution to the problem is.

EFFECTIVE IMMEDIATELY: INTEL WARNS EVERYONE TO NOT INSTALL MELTDOWN FIXES

Gee, I wonder why. Perhaps because there is no legit fix so why bother! I am not going to link the article I found that references this because it ends with a hideous lie that tells people to ignore the problem and I won't link that type of report, I'll glean the relevant info and drop it. The article at least reveals ALL PATCHES ARE FIRMWARE PATCHES, NOT SOFTWARE PATCHES, WHICH PROVES WITHOUT QUESTION I WAS RIGHT ALL ALONG - INTEL GOT BUSTED FOR VULNERABILITIES RELATED TO IT'S VPRO CORE AND ANYTHING THAT HAD CENTRINO TECH ROLLED INTO IT, WHICH MEANS CORE2, I SERIES, AND ANYTHING ELSE (EVEN THE ATOM AND CELERON) RELEASED AFTER 2008. THIS BUG IS NOW IN PRACTICALLY EVERYTHING INTEL. Software patch? MY ***!!!

 

None of the fixes can possibly work, because they are like trying to attach a fifth piston in a 4 cylinder engine.

Intel processors are designed to function fully subservient to the NSA and now that they got busted for it, there is nothing they can do to fix it. The "patch", which has now been revealed to try to fix the problem by tweaking the BIOS (and not the operating system, that was a lie all along and I said that all along because I knew it all along) causes the computers that get them to behave like they are drunk, with random crashes, reboots, and total general instability and for some reason, once the "patch" is applied, it cannot be undone because it screws the BIOS. CUTE.

6 people like this

Share this post


Link to post
Share on other sites

KEY IPHONE SOURCE CODE GETS POSTED ONLINE IN 'BIGGEST LEAK IN HISTORY'

Feb. 7, 2018     Lorenzo Franceschi-Bicchierai 

"Source code for iBoot, one of the most critical iOS programs, was anonymously posted on GitHub.

 

Update, February 8, 08:27 a.m.: Apple filed a copyright takedown request with GitHub and forced the company to remove the code.

Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve.

The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS."

snip

https://motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak

2 people like this

Share this post


Link to post
Share on other sites

FedEx admits unsecured server left THOUSANDS of customers' data exposed, including passports and photo IDs

Feb. 16, 2018     Reuters  & Cheyenne MacDonald

"A server containing personal information from more than 119,000 FedEx customers may have been left unsecured for several years, security researchers have found.

A new report has revealed an Amazon S3 bucket containing thousands of scanned documents from US and international citizens was publicly accessible until this week.

The global package delivery company said on Thursday it has secured some of the customer identification records that were visible earlier this month on the unsecured server.

So far, FedEx says it has found no evidence that private data was 'misappropriated.'

snip  image

The server stored more than 119,000 scanned documents from U.S. and international citizens, such as passports, driving licenses, and security identification, according to a report from security research firm Kromtech.

Kromtech said its researchers found the unsecured server on Feb. 5 and it was closed to public access on Wednesday.

The data was stored on a Amazon S3 storage server and collected by a company FedEx acquired in 2014, Bongo International, which calculated international shipping prices and provided other services."

snip

http://www.dailymail.co.uk/sciencetech/article-5400755/FedEx-admits-server-left-THOUSANDS-customers-exposed.html

3 people like this

Share this post


Link to post
Share on other sites

 

QAnon - KEYSTONE, BOOM, ORIG, Make it Rain, Vault 7, Class Action Lawsuit (AND I'M BACK!)

add any comments you have about the keystone, BOOM, ORIG, Make it Rain / RainMaker from the Vault 7 Wikileaks, or anything related to a potential CLASS ACTION LAWSUIT for US Citizens

3 people like this

Share this post


Link to post
Share on other sites

Just a note to add to DAR's post above regarding INTEL/AMD, as I thought I had read something about the two combining efforts.

Intel and AMD team up: A future Core chip will have Radeon graphics inside  from Nov. 2017

https://www.pcworld.com/article/3235934/components-processors/intel-and-amd-ship-a-core-chip-with-radeon-graphics.html

So for gamers this will be great, as long as Intel corrects their bigger problems, right?

3 people like this

Share this post


Link to post
Share on other sites

Hackers Found Using A New Code Injection Technique to Evade Detection

Mohit Kumar      April 13, 2018

snip  image

"While performing in-depth analysis of various malware samples, security researchers at Cyberbit found a new code injection technique, dubbed Early Bird, being used by at least three different sophisticated malware that helped attackers evade detection.

As its name suggests, Early Bird is a "simple yet powerful" technique that allows attackers to inject malicious code into a legitimate process before its main thread starts, and thereby avoids detection by Windows hook engines used by most anti-malware products.

The Early Bird code injection technique "loads the malicious code in a very early stage of thread initialization, before many security products place their hooks—which allows the malware to perform its malicious actions without being detected," the researchers said.

The technique is similar to the AtomBombing code injection technique that does not rely on easy-to-detect API calls, allowing malware to inject code into processes in a manner that no anti-malware tools can detect."

snip  video

https://thehackernews.com/2018/04/early-bird-code-injection.html

1 person likes this

Share this post


Link to post
Share on other sites

Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious

Jürgen Schmidt        May 5, 2018

 

"New flaws and even more patches - "Spectre Next Generation" is just around the corner. According to information exclusively available to c't, researchers have already found eight new security holes in Intel processors.

The vulnerabilities known as Spectre and Meltdown shook the IT world to its foundations: researchers proved that there is a fundamental design flaw in all modern processors with serious repercussions for system security (see c't issue 3/2018). After several patches were released, it seemed everything would be fine after all, although some experts warned that more revelations could follow. But the hope remained that the manufacturers could solve the problem with a few security updates.

As it turns out, we can bury that hope. A total of eight new security flaws in Intel CPUs have already been reported to the manufacturer by several teams of researchers. For now, details on the flaws are being kept secret. All eight are essentially caused by the same design problem – you could say that they are Spectre Next Generation.

c't has exclusive information on Spectre-NG, which we have been able to verify in several ways – we double and triple checked all the facts. Nonetheless, we will not publish technical details as long as there is still a chance that manufacturers will get their security updates ready before the details of the flaws become public. However, we will use our information to report about future releases of patches and provide background information."

snip

https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html

From November 2017   Brian Lunduke

What is MINIX? The most popular OS in the world, thanks to Intel

"You might not know it, but inside your Intel system, you have an operating system running in addition to your main OS, MINIX. And it’s raising eyebrows and concerns."

snip

https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.html

1 person likes this

Share this post


Link to post
Share on other sites

DolphinAttack: Inaudible Voice Command---Your Phone Is Not Safe

:;(∩´﹏`∩);: This thing has been mentioned since 2016 but it's resurfacing now.

It's almost like some seasonal thing like flu but we get that happen in our field often.

Instead of throwing the issue off over the shoulder instantly, I'm trying to think that maybe there's some weird reason why the story resurfaced today....

'Dolphin' attacks fool Amazon, Google voice assistants

  • 7 September 2017

http://www.bbc.com/news/technology-41188557

(c)guoming zhang 2017 Published on 2017/08/31

A quick run on the story:

(c)NewsPad 2018 published on 2018/05/10
1 person likes this

Share this post


Link to post
Share on other sites

One cannot help but think of other instances where this might be used, as in being used for hacking defense systems.  "smartphones"  uh huh  

1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now