dangoodin

dangoodin , 1 day ago to random

Trump has presented himself as a champion for crypto, including at a San Francisco fundraiser this month with tech executives during which he slammed Democrats' attempts to regulate the crypto sector.

https://www.reuters.com/world/us/gemini-founders-donate-1-mln-bitcoin-trump-2024-06-20/

dangoodin , 1 day ago to random

To all the left of center people planning to sit out the election, or vote for someone other than Biden: can we at least agree that life under Trump will be infinitely worse than under Biden in so many important ways?

dangoodin , 14 days ago to random

The damage resulting from Orange Felon retaking the White House will be unprecedented and irreparable, with less privileged people disproportionately paying the price. It's beyond me how anyone considering themselves left of center isn't doing everything in their power (including voting for Biden) to head off this train wreck.

https://www.nytimes.com/interactive/2024/06/07/us/politics/trump-policy-list-2025.html?unlocked_article_code=1.yE0.HGUJ.n4G0j7au9_es&smid=url-share

dangoodin , 17 days ago to random

A reminder that if you're a member of a union or consider yourself pro labor you should avoid buying from Amazon whenever possible.

https://www.404media.co/amazons-ai-warehouses-isolate-workers-impact-union-organizing-new-report-finds/

dangoodin , 26 days ago to random

If you're mad at Biden for his policies toward Israel/Gaza, you will be absolutely apoplectic if Trump retakes the White House.

https://www.washingtonpost.com/politics/2024/05/27/trump-israel-gaza-policy-donors/

dangoodin , 30 days ago to random

A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack.

The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application package courtrooms use to record, play back, and manage audio and video from proceedings. Its maker, Louisville, Kentucky-based Justice AV Solutions, says its products are used in more than 10,000 courtrooms throughout the US and 11 other countries. The company has been in business for 35 years.

Researchers from security firm Rapid7 reported that a version of the JAVS Viewer 8 available for download on javs.com contained a backdoor that gave an unknown threat actor persistent access to infected devices. The malicious download, planted inside an executable file that installs the JAVS Viewer version 8.3.7, was available no later than April 1, when a post on X (formerly Twitter) reported it. It’s unclear when the backdoored version was removed from the company’s download page. JAVS representatives didn’t immediately respond to questions sent by email.

https://arstechnica.com/security/2024/05/crooks-plant-backdoor-in-software-used-by-courtrooms-around-the-world/

dangoodin , 30 days ago to random

For more than four days, a server at the very core of the Internet’s domain name system was out of sync with its 12 root server peers due to an unexplained glitch that could have caused stability and security problems worldwide. This server, maintained by Internet carrier Cogent Communications, is one of the 13 root servers that provision the Internet’s root zone, which sits at the top of the hierarchical distributed database known as the domain name system, or DNS.

Given the crucial role a root server provides in ensuring one device can find any other device on the Internet, there are 13 of root servers geographically dispersed all over the world. Normally, the 13 root servers—each operated by a different entity—march in lockstep. When a change is made to the contents they host, it generally occurs on all of them within a few seconds or minutes at most.
Strange events at the C-root name server

This tight synchronization is crucial for ensuring stability. If one root server directs traffic lookups to one intermediate server and another root server sends lookups to a different intermediate server, the Internet as we know it could collapse. More important still, root servers store the cryptographic keys necessary to authenticate some of intermediate servers under a mechanism known as DNSSEC. If keys aren’t identical across all 13 root servers, there’s an increased risk of attacks such as DNS cache poisoning.

For reasons that remain unclear outside of Cogent—which declined to comment for this post—the c-root it’s responsible for maintaining suddenly stopped updating on Saturday. Stéphane Bortzmeyer, a French engineer who was among the first to flag the problem in a Tuesday post, noted then that the c-root was three days behind the rest of the root servers.

https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/

dangoodin , 30 days ago to random

Last summer, two years after an upside-down American flag was flown outside the Virginia home of Justice Samuel A. Alito Jr., another provocative symbol was displayed at his vacation house in New Jersey, according to interviews and photographs.

This time, it was the “Appeal to Heaven” flag, which, like the inverted U.S. flag, was carried by rioters at the Capitol on Jan. 6, 2021. Also known as the Pine Tree flag, it dates back to the Revolutionary War, but largely fell into obscurity until recent years and is now a symbol of support for former President Donald J. Trump, for a religious strand of the “Stop the Steal” campaign and for a push to remake American government in Christian terms.

https://www.nytimes.com/2024/05/22/us/justice-alito-flag-appeal-to-heaven.html

dangoodin , 1 month ago to random

Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers said Tuesday.

The unknown attackers behind the compromise infected at least four servers inside kernel.org, the Internet domain underpinning the sprawling Linux development and distribution network, the researchers from security firm ESET said. After obtaining the cryptographic hashes for 551 user accounts on the network, the attackers were able to convert half into plaintext passwords, likely through password-cracking techniques and the use of an advanced credential-stealing feature built into the malware. From there, the attackers used the servers to send spam and carry out other nefarious activities. The four servers were likely infected and disinfected at different times, with the last two being remediated at some point in 2011.

An infection of kernel.org came to light in 2011, when kernel maintainers revealed that 448 accounts had been compromised after attackers had somehow managed to gain unfettered, or “root,” system access to servers connected to the domain. Maintainers reneged on a promise to provide an autopsy of the hack, a decision that has limited the public’s understanding of the incident.

In 2014, ESET researchers said the 2011 attack likely infected kernel.org servers with a second piece of malware they called Ebury. The malware, the firm said, came in the form of a malicious code library that, when installed, created a backdoor in OpenSSH that provided the attackers with a remote root shell on infected hosts with no valid password required. In a little less than 22 months, starting in August 2011, Ebury spread to 25,000 servers. Besides the four belonging to the Linux Kernel Organization, the infection also touched one or more servers inside hosting facilities and an unnamed domain registrar and web hosting provider.

A 47-page report summarizing Ebury's 15-year history said that the infection hitting the kernel.org network began in 2009, two years earlier than the domain was previously thought to have been compromised. The report said that since 2009, the OpenSSH-dwelling malware has infected more than 400,000 servers, all running Linux except for about 400 FreeBSD servers, a dozen OpenBSD and SunOS servers, and at least one Mac.

https://arstechnica.com/security/2024/05/ssh-backdoor-has-infected-400000-linux-servers-over-15-years-and-keeps-on-spreading/

dangoodin , 1 month ago to random

A second Boeing whistleblower has died. Josh Dean, a former mechanical engineer and quality auditor at Spirit AeroSystems, had flagged a manufacturing defect in a pressure bulkhead of the 737 MAX. He died Tuesday, two weeks after suddenly taking ill, being intubated and confined to the ICU. He filed a formal complaint against Boeing last year.

Dean's death comes two months after a separate Boeing whistleblower was found dead in his car from a gunshot wound to the head. John Barnett was due to appear for day 3 of depositions but never showed. His body, and a gun in his hand, were eventually found in a parking garage. I'm not aware of any surveillance video showing him driving there that day.

Are these deaths coincidences? A diabolical conspiracy? Either seems entirely plausible to me.

https://www.seattletimes.com/business/whistleblower-josh-dean-of-boeing-supplier-spirit-aerosystems-has-died/

dangoodin , 2 months ago to random

Every version of PuTTY released over the past 7 years contains a critical vulnerability that allows for the recovery of certain types of secret encryption keys, specifically 521-bit ECDSA. An adversary in possession of a “few dozen signed messages” and the public key can recover the private key. I’m curious to know how widely this vulnerability is likely to be felt. I’m guessing most people have already replaced keys with only 512 bits, which I’m further guessing are already susceptible to factorization. Can anyone confirm or disabuse me of these guesses?

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

dangoodin , 2 months ago to random

Behold the pyramid scheme known as cryptocurrency mining. Man allegedly consumed $3.5 million of computing resources from Amazon and Microsoft to generate $1 million worth of digital coin.

The real crime here is all the energy consumed.

https://www.justice.gov/usao-edny/pr/nebraska-man-indicted-multi-million-dollar-cryptojacking-scheme

dangoodin , 2 months ago to random

by @briankrebs

Sisense declined to comment when asked about the veracity of information shared by two trusted sources with close knowledge of the breach investigation. Those sources said the breach appears to have started when the attackers somehow gained access to the company’s Gitlab code repository, and in that repository was a token or credential that gave the bad guys access to Sisense’s Amazon S3 buckets in the cloud.

Customers can use Gitlab either as a solution that is hosted in the cloud at Gitlab.com, or as a self-managed deployment. KrebsOnSecurity understands that Sisense was using the self-managed version of Gitlab.

Both sources said the attackers used the S3 access to copy and exfiltrate several terabytes worth of Sisense customer data, which apparently included millions of access tokens, email account passwords, and even SSL certificates.

The incident raises questions about whether Sisense was doing enough to protect sensitive data entrusted to it by customers, such as whether the massive volume of stolen customer data was ever encrypted while at rest in these Amazon cloud servers.

It is clear, however, that unknown attackers now have all of the credentials that Sisense customers used in their dashboards.

https://krebsonsecurity.com/2024/04/why-cisa-is-warning-cisos-about-a-breach-at-sisense/

dangoodin , 2 months ago to random

I can't understand why anyone privacy conscious enough to use incognito would ever use Chrome going forward. Google has clearly shown its contempt for user privacy by collecting this data in the first place and agreeing to delete it only after facing legal pressure. Such a shame that a browser as well engineered as Chrome is such a privacy nightmare.

https://arstechnica.com/tech-policy/2024/04/google-agrees-to-delete-private-browsing-data-to-settle-incognito-mode-lawsuit/

dangoodin , 2 months ago to random

Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian.

The compression utility, known as xz Utils, introduced the malicious code in versions ​​5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it.

The first signs of the backdoor were introduced in a February 23 update that added obfuscated code, officials from Red Hat said in an email. An update the following day included a malicious install script that injected itself into functions used by sshd, the binary file that makes SSH work. The malicious code has resided only in the archived releases—known as tarballs—which are released upstream. So-called GIT code available in repositories aren’t affected, although they do contain second-stage artifacts allowing the injection during the build time. In the event the obfuscated code introduced on February 23 is present, the artifacts in the GIT version allow the backdoor to operate.

The malicious changes were submitted by JiaT75, one of the two main xz Utils developers with years of contributions to the project.

“Given the activity over several weeks, the committer is either directly involved or there was some quite severe compromise of their system,” an official with distributor OpenWall wrote in an advisory. “Unfortunately the latter looks like the less likely explanation, given they communicated on various lists about the ‘fixes’” provided in recent updates.

https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/

alice , 3 months ago (edited 3 months ago) to random

[Thread, post or comment was deleted by the author]

dangoodin , 3 months ago to random

A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday.

The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

https://arstechnica.com/security/2024/03/hackers-can-extract-secret-encryption-keys-from-apples-mac-chips/

dangoodin , 3 months ago to random

I'm surprised to find almost zero intel on the cause of yesterday's Meta meltdown. For better or worse -- mainly the latter -- Meta's monopoly power is awfully close to being critical infrastructure. How can it go down and 24 hours later we still have no idea why?

dangoodin , 4 months ago to random

I love this

ergative , 4 months ago to random

Hey, friends, a quick reminder that although Make America Kittens Again (MAKA) has been blocked from Chrome, it still works on Firefox:

Firefox: https://addons.mozilla.org/en-GB/firefox/addon/make-firefox-kittens-again/

(MAKA is a browser extension that replaces all images whose metadata includes the word 'Trump' with a creative-commons picture of a kitten. Here's what it did to the front page of today's NYTimes for me.)

dangoodin , 4 months ago to random

This story about Elmo spreading democracy-threatening election misinfo on Twitter is precisely why everyone needs to treat that platform like the pariah it is. No, you sticking around to counter the misinfo won't help. That's like raking leaves in a wind storm. And yes, I know there's community there, but mingling there does you and all of us more harm than good.

The most effective thing you can do is stop giving Twitter oxygen and allowing it to become just another fringe outlet, like 4chan or Daily Caller. With the very real prospect Trump will retake the White House, this stuff matters.

Free link:

https://www.nytimes.com/2024/01/25/us/politics/elon-musk-election-misinformation-x-twitter.html?unlocked_article_code=1.QU0.XdEo.wABJTW_W19AD&smid=url-share

dangoodin , 5 months ago to random

This 2006 post from Daring Fireball, using hair-splitting and innuendo to excoriate an article I wrote on the growing hack threats facing Macs, hasn't aged well.

https://daringfireball.net/2006/05/good_journalism

dangoodin , 5 months ago to random

Does anyone know of any attacks, either PoC or in the wild, that use malicious printer cartridges to infect printers? I saw this article from 2022

https://www.action-intell.com/2022/10/05/hp-bug-bounty-program-finds-reprogrammable-chips-open-printers-to-malware/

It says that HP's Bug Bounty program found such attacks are possible, but there are no details about who reported the bug that made such attacks possible. I remain skeptical about the accuracy.

Any help from experts in the form of pointers to attacks or analysis about whether printer cartridges are a viable infection vector would be much appreciated.

rberger , 5 months ago to random

We're living in the enshittocene, in which the forces of enshittification are turning everything from our cars to our streaming services to our dishwashers into thoroughly enshittifified piles of shit. Call it the Great Enshittening…

• @pluralistic
  #enshittocene
  https://pluralistic.net/2024/01/13/solidarity-forever/