* Posts by NonSSL-Login

360 posts • joined 13 Nov 2015


FBI paid renegade developer $180k for backdoored AN0M chat app that brought down drug underworld


Cat and mouse game

[i]"Operation Trojan Shield has shattered any confidence the criminals may have in the use of hardened encrypted devices," Grossman concluded.[/i]

What will happen is that in future some richer criminals will pay to have the phones pentested before they put faith in to them. Simply seeing traffic going to a few different IP addresses and the amount of data being similar or more than any message or image sent would have set of alarm bells in this case.

Remember Anonymous? It/they might be back, and it/they are angry with Elon Musk


Anyone can be anonymous

Its not from one of the core anonymous groups and likely one person. Seems kinda obvious if you know their stuff.

If anyone other than an individual was involved they would have told him to make it less drivel and more concise.

Normally the hacks have been done already before a video is made and you get the idea this guy doesn't know about sql injections yet alone a buffer overflow. Not that a PR spokesman needs to have those skills but in the past they did...

Anyone can be anonymous, that is how the group was made. Anyone who hacks something or protests can attribute it to the name/cause and keep the movement going so to speak. But there was/is a core group which is mostly quiet and I am sure a few will splinter to be in the limelight again when the hackers get a good target and making money from ransomware dies off...

GCHQ boss warns China can rewrite 'the global operating system' in its own authoritarian image


Re: Global operating system

In this particular topic one assumes Global operating system = Communication networks.

If you don't want to use chinese or russian hardware in your telephone and internet structure then you have to make your own equipment. Same with China and Russia if they want to get rid of western technology out of theirs.

The problem is we can't trust our own UK or US government to do the right thing when creating our own equipment as they are hellbent in creating back doors and breaking the security, so its not much better than accepting the superior chinese 5g hardware for example.

He talks about "industry standards" and its those standards both the GCHQ and the NSA like infiltrate and sway to a point they are insecure and not fit for purpose. Until they get off their mass surveillance horse I dont see how they can complain about foreign gear.

Bank of England ponders minting 'Britcoin' to sit alongside the Pound


Re: Shitcoin.....

I don't want to put a label on any crypto as being for criminals but Monero/XMR is preferable over bitcoin because of its anonymous nature.

Bitcoin just more well known among the public and easier to buy, which is probably why its used in ransomware etc but I wouldn't be surprised if it gets changed in to XMR, moved around a bit and then even possibly converted back to bitcoin or another coin later.


I think the only use for it would be similar to the USDT coin or whatever it is which crypto exchanges have more as a coin that reflects the price of the USD, so it can be used as a trading pair or to move your assets out of volatile crypto to a more stable fiat based crypto.

It alllows crypto exchanges that don't deal with any fiat (you cannot put money in or out, only move crypto in and out of the exchange) to have a safe space. Probably more regulation and big sam looking over you if you have real money wallets although i'm not 100% on that.


The world desperately needs to get away from the US control of payment systems such as Visa, Paypal etc. Too much control of money under the influence of sometimes just one person/country.


Re: And may they experience the same hell the rest of us

The blockchain is a decentralised public ledger/database of information which cannot be deleted, leaving a public verified log of every transaction between bitcoin addresses/wallets.

Additions can be made that show the movement of coins between one address another, which is how it is known how much is in each wallet.

Only those with the keys to a wallet can initiate a move of bitcoin between wallets which other machines connected to the blockchain verify with crypto/maths and after so many write to the blockchain to confirm, its written as a done deal.

Its useful because its distributed, a standard, and not modifiable. Banks and services have lots of internal and unique ways of doing things with different charges, especially between banks so the fact this is a standard and cheaper than most other setups is good for them as well as not being editable. Its possible for a banks system to be hacked and a bank balance edited. While there are checks and balances, it can still be done by IT administrators among others. With a blockchain they cannot edit this value. They can only move digits from one place to another, leaving a trail.

For banks it can create standards and lower costs, while also giving them more ways to play with making money, as well as being able to do everything they can already do with it. Not necessarily a good thing where banks are involved.

It can be used as a way to prove ownership of items such as art or even cargo containers. If two copies of an expensive painting turn up, in the future it will be the person who can prove they have ownership of the painting because they still maintain ownership of its certificate on the blockchain.

Movement of shipping and signing off ownership can all be done on a distributed blockchain that all companies can see and build their systems to read the blockchain as a central database.

As to if Bitcoin or CoinX is needed, as well as the different blockchains, over some other standard un-editable shared database.....I don't think we can trust any bank or organisation to come up with a standard without everyone else trying to make their own standard too. Its like asking the media companies to get involved with the nice and easy and cheap standard Netflix them they all deciding there is more profit making their own Disney+, Amazon Prime/whatever streaming service, giving us a fragmented more costly market thats not connected,

Signal app's Moxie says it's possible to sabotage Cellebrite's phone-probing tools with booby-trapped file


Re: On a more serious note...

If he doesn't, Celebrite can never be sure they have closed all 'known' vulnerabilities in their software which would keep their evidence in court questionable.

Ok they will most likely start compiling with address randomising and stuff with the compiler and other features to make it more difficult to exploit but its slim they will find all the original bugs, especially when they have to parse so many different types of files.

I have a feeling the software will leak to a site like the Piratebay in the near future and some reverse engineering coders will have some fun if their phone ever gets confiscated at the border or by the police :D

United States' plan to beat China includes dominating tech standards groups – especially for 5G


Re: "Plan [...] includes dominating tech standards groups"

We already know what happens when the US influences tech standards groups....naff security that the NSA can abuse for mass survelliance.

No thanks to more of that.

Update on PHP source code compromise: User database leak suspected


Re: Legacy is always a problem

It can be costly to upgrade to Wife 2.0 depending on how long Wife one was in place.

Chrome 90 goes HTTPS by default while Firefox injects substitute scripts to foil tracking tech



Brave does upgrade connections to HTTPS automatically by default and has done so for at least 6 months, despite being based on Chromium.

It also has an icon in the url bar to turn of strict HTTPS for the current site you are on.

What annoyed me with Chrome a few years back is when they decided to hide the HTTP/HTTPS from the URL bar so if you wanted to copy and paste a domain from the url bar to say ping it, you also got the invisible HTTP/HTTPS meaning you had to edit the paste every time.

Looking forward to more advances in the browser anti-tracking and also keeping an eye on Googles 'new privacy features' which will do nothing to increase my privacy.

Security pro's time-travelling Twitter bot suspended after posting download link for Adobe Acrobat for MS-DOS


Repeal Copyright Laws - Save Culture

Copyright laws are so overpowered that companies now just delete content and suspend accounts after emails from automated bots, even though they know a majority may be wrong, because they are scared of being sued under ridiculous copyright laws.

Copyright laws need to be brought back inline with how they were originally, not Disneys and Hollywoods life + 70 years or whatever monstrosity they lobbied for and got.

Culture is being lost and in some cases no created at all because of harsh copyright laws. Don't get me started on anti-circumvention parts and Sonys HDCP stuff through its part in the HDMI standards organisation....

US newspaper's 'Biden will hack Russia' claim: A good way to reassure Putin you'll leave him alone



This announcement was not for Russia but propaganda for American citizens to give the impression that anything Russia and China can do with hacking, America can do too. They are constantly hacking targets but have maybe slacked a little with choosing enough proper targets.

These days though, foreign governments seem to be ahead of the US with actual hacking. The US is too busy with mass surveillance and building backdoors in to American products and worldwide standards that they often have the keys to begin with and don't even need to reverse engineer software to get their exploits.

But a good news article in news outlets that are happy to do the governments bidding can at least change public perception of the truth.

GitHub bug briefly gave valid authenticated session cookies to wrong users


Lies, damn lies and statistics

2020 stats have monthly active users of Github at 40 million. 0.001% is 400 users affected unless im still half asleep and need more caffeine.

PR department obviously though 0.001% looked better than 400 users having full access to code they should not have access too.

Brave buys a search engine, promises no tracking, no profiling – and may even offer a paid-for, no-ad version



If it gives good search results, i'm there!

I use DuckDuckGo as my main search engine but have to use Google occasionally when DDG fails me. As much as I hate to admit it, Google still gives the best search results most of the time. If DDG just gets optimised more then I will never have to use the evil Google again but for now, its an occasional necessary evil.

Bing I was never keen on but do love its birds eye view maps which is so much better than Googles satellite view, so that is my current map search engine.

I use Brave Browser (Even if my User Agent might say something different....) and happy to support them if the cost is small and reasonable.

Ease of switching and good results to keep those that switched is key for success here!

Revealed: The military radar system swiped from aerospace biz, leaked online by Clop ransomware gang


Too often

UK ISP's often send firmware updates to their routers. Sometimes a few times a week when they get it wrong the first times.

Often around midnight to 2am they would update and reboot, causing a smart device in the bedroom to flash brightly to tell me it had no wifi access and causing some random wifi lights not to reconnect.

Removing ISP's routers out the equation solves 99/100 problems

1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?


Re: KeePass implementations

KeePassXC is great for linux and KeePassDX on android is a good pairing with it as both support v4 databases with the different encryption options which many other versions don't.

Uncle Sam accuses three suspected North Korean govt hackers of stealing $1.3bn+ from banks, crypto orgs

Black Helicopters

Re: Really?

The North Koreans must have found the NSA's implants so the US can afford to go public with the accusations and the fact they got the keys to the crypto wallets, via another agency of course.

Amazing how companies get the crypto returned but not individuals.

Brave browser leaks visited Tor .onion addresses in DNS traffic, fix released after bug hunter raises alarm


Its been there a good few months.

Considering how well the Tor browser goes to avoid fingerprintable data to be sent, down to things like the window size, I did wonder if Brave sends its Own UserAgent and other info which would make it stand out like a sore thumb on the Tor network,.

Just 2.6% of 2019's 18,000 tracked vulnerabilities were actively exploited in the wild


Lies, damn lies and statistics

How many of those 18,000 were local exploits rather than remote?

How many of the exploits were auth bypass or remote code execution vs some cross script issue that needs interaction from an admin while logged in?

How often were the same RCE and privilege escalation used because no other exploits were needed?

My honour, I rest my case.

Signal boost: Secure chat app is wobbly at the moment. Not surprising after gaining 30m+ users in a week, though


Depends on what you want. Short version, if you just want basic secure chats with friends or some groups, use signal. If you like all the bells,whistles and pretty stuff + more functionality and not so worried about security/nasty threat actors, use Telegram. There is nothing to stop you using both and getting the best of both worlds.

Signal is encrypted with end to end and does some neat tricks to store any data it has to in a way that signal can't read it itself. Its great as a replacement SMS program but obviously only msg's send from other signal users will be encrypted so it relies on more people on it to be more useful as an encrypted SMS replacement.

Signal only recently introduced groups and while the feature is pretty basic, it works just fin for group chats. Encrypted voice calls work ok too as long as you have a decent data connection.

Telegram isn't as secure by default as Signal (doesnt encrypt one to one chats unless you manually set it as a private chat) but has more features. Lots more animated stickers/icons if you like that kind of thing in your chat but where it stands out is the extra things you can do with it, especially in group chats. Polls, bots that do things. An API so you can create your own bot/do your own thing which relates to whatever interest you have.

Telegram has introduced some features Signal had like messages that delete after however long you set. Good for security in case someone got psychical access to your phone to read your messages but also as a way of keeping your phone and chat clean.

World’s largest dark-web marketplace shuttered after Euro cybercops cuff Aussie


Blip in the Matrix

I assume a take-down means a temporary void before the sellers and buyers move to another site and start building reputation again as if nothing happened.

The cops get the server so can maybe link bitcoin addresses to accounts, of which most of the sellers would not be on an exchange so not immediately identifiable.

Communication for sales on such sites usually use PGP so they will get a lot of encrypted messages and mostly metadata, which we all know can be useful.

Overall with all the money spent for what is gained on these big operations, I wonder if its always worth it or its just keeping people in jobs.

Trump administration bans eight Chinese apps


The US wants to be in charge of every payment system in the world so it controls the whole flow of money. Saying that, most of this seems to Trump having a hissy fit over China for his own reasons.

Paypal and VIsa blocking payments to come companies on behalf of the US government and also their media cartels, aka the RIAA & MPAA/Hollywood, shows they cannot be trusted to do so.

Give me a non-US option and I will use it. I will continue to use Alipay over Paypal but really need a nice alternative to Google/Apply pay as paying by phone tapping is so handy (+secure due to token and outlets not getting your actual card details) and the only reason I have held off getting the Hauwei P40 Pro. Been hoping with Trump on his way out all the Huawei bullshit will be out the window in time for me to get a useful P50 Pro.

If I was a business, I would probably prefer to keep information to my local country. As an individual, its preferable to give my data to China & Russia as I don't trust my own government and it's allies to use the information against me me in some form or another.

Whistleblowers have come to us alleging spy agency wrongdoing, says UK auditor IPCO


Spineless oversight

Probably not as serious as driving on the wrong side road and causing an accident that kills someone and then scurrying them back home from abroad.

'Long-standing vulns' in 5G protocols open the door for attacks on smartphone users


Of course it is

Ignoring things like the SS7 protocol and other backwards compatibility issues, and badly configured firewalls that try and patch some of them, its obvious the NSA and GCHQ will continue to have a hand in making sure future protocols and hardware are insecure as they have come to rely on abusing the system for so long.

Look at us all shouty on this hand about Chinese 5G equipment while on the other hand quietly subverting security in protocols, software and standards to maintain the status quo.

Backwards compatibility needs to be scrapped and a more secure gateway is needed to keep old equipment/3rd world countries still connected rather than the everything connected + trust system currently in play.

US Treasury, Dept of Commerce hacks linked to SolarWinds IT monitoring software supply-chain attack


Novel Techniques

FireEye said they was hacked with “novel techniques”. A supply train hack isn't that novel of an idea these days but the update and communicating over the trusted apps protocol is. Its been bugging me since they announced it what it could be and this sounds like it fits.

All this attack on Hauwei saying the chinese will use their hardware to infiltrate everyone and now we have news that its the Russians using American owned software that could potentially pwn Americas top ten comms companies. Oh and all five branches of the US military, the NSA, the Pentagon, The Office of the President of the US etc.

Some kind of irony there.

Crooks posing as COVID-19 'cold chain' company phished EU for vaccine intel, says IBM


Shake the tree and see what falls out

Not every fishing trips starts with an exact end goal in mind.

Sometimes the data and results you see along the way dictates the path you take and gives you further direction.

Not every fishing trip has to end with a success but you hope to learn something along the way which will be useful on the next trip.

No, the creator of cURL didn't morph into Elon Musk and give away Bitcoins. But his hijacked Twitter page tried to


Re: About the Stockholm geolocation

Its even better to have a zombie machine of a home computer/scan for proxies on home isp netwoprks to bounce through so you get an ISP AS for when certain services block VPN/Data centre ip's. A home ISP looks much more legit and the IP address gets a better risk rating and less likely to throw up extra checks.

No surprise they tried a local IP address. Its common sense.

One year after server hackers left NordVPN red-faced, firm's first colocated setup is online


Caring about data

People worried about dodgy apps stealing all that personal data don't seem to be worried about all the legit apps doing it all day every day....

Here's US Homeland Security collaring a suspected arsonist after asking Google for the IP addresses of folks who made a specific search


Stupid Gets Caught

Looking up a location on Google Maps to get a better idea of the area is something I often do after reading some news stories. Always figured someone somewhere would be able to use the search results to make me a suspect.

After watching CSI programs im sure I have Googled "How to dispose of a body completely" or similar just out of interest, Pretty sure my search terms would set off alarm bells despite being too lazy to commit any crime.

So thank god for VPN's, random User agent switching addons, noscript, pi-holes and all the little things you can run to not appear on a watchlist and waste the time of authorities.

From knowing years ago that they were flagging people who took certain books out of a library and to now knowing about mass surveillance post Snowden, everyone, including criminals should know what they are doing is logged and traceable.

At least everyone should know by now you don't take your mobile phone out with you to commit a crime. That situation should only happen if its spur of the moment of you are stupid.

P.S.After hearing how IPV6 wouldnt affect privacy but knowing all along it would, here is a clear case of IPV6 pointing to someone to validate the other data (being logged in to google while doing searches doesnt help either ;P). On IP4 it would have been a shared by thousands carrier grade NAT IP address that would have ended at that router.

Huawei's UK code reviewers say Chinese mega-corp is still totally crap at basic software security. Bad crypto, buffer overflows, logic errors...


Re: Not sure about this...

We are probably still doing the checking as there is hope that Trump loses the election and we can then go back to installing the better Huawei kit we want to install. Even though a Nokia deal has been talked about im sure we are just biding our time in the hope of the sanctions being dropped if Biden wins.

Biden is anti-chinese too and akin to the devil in disguise so it might be a false hope.

Bottom line is we want the cheaper + better Hauwei kit.

Bad news for 'cool dads' trying to bond with their teens: China-owned TikTok and WeChat face US download ban by Sunday


It's not quite a Facebook where everyone posts everything they do daily and informs the NSA exactly who they know and how along with pictures for their facial recognition database plus telephone numbers.

Its more akin to twitter where you follow people and make comments on their videos. So its mostly that nasty metadata you are sharing compared to Facebook where you give everything including all your likes, dislikes and views on everything so that NSA algorithms can decide if you might say something nasty one day about america so they have an excuse to search all your luggage and computers next time you go through one of their airports.


Tik Tik is bad mmmkay and should be banned

But not if the US own it. The app is fine then.

Quantum fuzzy logic or brazen attack on another country because they have an app as popular as their own and want everyone using just US owned apps and hosting for NSA spying reasons? Me cynical and asking rhetorical questions?!

By now everyone should be able too see how these attacks on TikTok/Huawei/Anything chinese that gets popular, are protectionist control actions by the US, not based on any reality of threat. Unfortunately this is going to push China to start working more closely with Russia and its other allies more and at the same reduce it's need for anything American. Ultimately the US is shooting itself in the foot politically and economically over the long term to what is a short term gain, if it is indeed even that.

Still sore Trump fcked up my purchase of the P40 pro. Hopefully someone else will use the Leica cameras in their models. Not that some countries will be able to use the cameras to make videos on any non-US apps....

Video encoders using Huawei chips have backdoors and bad bugs – and Chinese giant says it's not to blame


Re: Number of commentards who cannot RTFA

The article and headline was written to deceive from the start.

I wish there was a way we could block certain authors on el reg who are poisoning the site with this stupidity.

Thumb Down

Re: "The hardcoded password is a deliberate backdoor."

It only doesn't look good because the article is written as a hatchet job by an Author in America.

The title makes it looks like there are backdoors in Huawei chips. There isn't.

We all know chipsets get used in multiple hardware projects from different companies and they often use the same badly written software one company wrote which often has vulnerabilities. Think IP cameras/DVR's for example.

Totally different to all the American Cisco backdoors and vulnerabilities that we find month after month. hard coded credentials/keys and other backdoors before we we even get to the vulnerabilties.

This has sod all to do with Huawei really but its written to make them look bad. The registers lack of impartiality when it comes to stuff like Huawei is why it is becoming less trusted among peers.

What happens when holes perfect for spyware are found in the engine room of millions of Qualcomm-based phones? Let's find out


If only...

Would love to get a Huawei P40 pro which doesn't use the American Qualcomm chip but Trump has buggered up how useful it would due to his attacks on Huawei over security depriving their phones of the play store.

Maybe its a ploy to make us all buy Qualcomm backdoored...erm....vulnerable chipset phones that the NSA and co can have full control of, because this whole political thing is nothing about security.

UK Defence Committee chair muses treating TikTok like Huawei: So eyeball its code then ban it from the country?


Even amateurs are finding hard coded credentials...I mean the more plausible deniability version of debug keys that engineers forgot to remove....in Cisco kit.

No need for the experts to look when theres on average 5 backdoors/pre-uth exec/RCE found every month anyway :P

Remember kids, its ok for google software to send everything to the mothership about you for Uncle Sam and the NSA but China is bad mmkay, their software might do something....

Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twist


Secrets elsewhere

Some places have so much security to protect their information and products but that often goes out the window when they pass that information to another company to work with.

Having worked for a translation company that for example translated Tank manuals for users and mechanics, printouts would be left all over the place including left in the printer trays for hours.

Even applying standards and being promised certain procedures, you dont know whats happening behind closed doors of outsourced work in other companies.

FYI: Someone's scanning gateways, looking for those security holes Citrix told you not to worry too much about


Scout Motto - Be Prepared

Even if there is no current exploit for a new vulnerability just published, pre-scanning the net with Masscan for possible targets gives you a fresh clean list to run an exploit against if one appears shortly after. Allowing to you mass pwn much faster when then time arises using your lean list of pre-fingerprinted targets and a potentially more complete list than Shodan.

US govt: Julian Assange tried to recruit hacker to steal hush-hush dirt and we should know – the hacker was an informant


Re: I keep seeing this word "hacker" ...

While some of Lulzsec may have been immature and not more than skids, there was some real talent there too.

Even a skid needs to work out the best workflow and exfiltration methods when dealing with intelligence organisations.

Apple-Google COVID-19 virus contact-tracing API to bar location-tracking access


Re: one app per country?

It makes more sense to throw the tracking app idea out the window altogether.

Judging distances via bluetooth is a shambles to begin with due to how all different phones with different chipsets output the BT signal and how they receive it. Working on that flawed data and advising people (advising them what exactly?) based on that is pointless,

Even if you accept someone will change their behaviour based on the app, we have to assume everyone has a mobile phone and installs the app. There would be so many holes and missing information in the big picture, I just dont see it being useful in any way at all. Except for goverments to have one database to easily track who interacts with who, without waiting for the NSA and GHCQ's to do the search through their collated phone mast info instead. /Cynic


Re: Makes a change

One assumes Google will still slurp and keep the location data for themselves. Just not sharing it with others....except the obligatory NSA, FBI, CIA etc.

It has always bugged me how Google has got away with bundling Bluetooth permissions with location so they can get location on apps that don't need it. There is no need for the app for bluetooth scales to need the location permission but impossible to use it if you deny,

Of course, having bluetooth in hair brushes, toothbrushes, toasters etc is another debate on its own...

Hey, China. Maybe you should have held your hackers off for a bit while COVID-19 ravaged the planet. Just a suggestion


Re: Cisco Kit

The software than runs on top where all the exploits have been found have been coded by Cisco themselves, I assume in their American HQ.


We know that outsourced Russian hackers are not allowed to use any Russian words or fonts in their code, so have to be careful to scrub usual fingerprints like home directories with Russian names that compilers like to stick in and such like.

We also know that the CIA have used Russian companies certificates in their malware and plant foreign language fingerprints like the above compiler home directories.

Not to mention all the stolen and re-used code from other countries cyber-offence teams. So yeah attribution is hard, so we have to go with best guess. It should be sold as definitive unless we are 100% and thats hard, even if we go by previous knowledge as again, that could be wrong for the same reason as above.


Cisco Kit

Given how many remote exploits there were for Cisco Kit in the last 30 days and how widely deployed they were, I would expect every country with sophisticated cyber capabilities to be making the most of the vulnerabilities before they got patched.

The US gov were so noisy about Chinese Huawei kit being vulnerable yet here we are with US Cisco kit having vulnerability after vulnerability and with proof they are being exploited.

Hacking is one of those jobs that can be done at home during isolation lockdown

Yeah, that Zoom app you're trusting with work chatter? It lives with 'vampires feeding on the blood of human data'


Prime minister and cabinet

Noticed on the news that Boris is using Zoom to talk with other cabinet members.

Does the UK government have anyone who advises on software and security matters? I mean they were all using whatsapp well after it was known that backups were sent to the cloud without encryption so...im guessing not.

Its not as if its a government who could be discussing sensitive info...oh wait, I'll get my coat.

Hey, friends. We know it's a crazy time for the economy, but don't forget to enable 2FA for payments by Saturday


Saturday b0rk3d

Tried to purchase something online today and got a message on my phone telling to verify the transaction in my banking app.

Tried opening the banking app and for the first time ever got an error about not being able to connect to my banks servers. Tried on cell data and home wifi but no use and the banks helpdesk was useless.

Ended up buying the item from ebay instead where it just worked without any extra prompts, phone messages or actions needed after pressing the checkout button.

I have a feeling some businesses are going to lose sales if this has been implemented badly.

Google: You know we said that Chrome tracker contained no personally identifiable info? Yeah, about that...


Re: ????

I think the point was some used Chrome only because Google promised not to track them with browser code and the lie was believed.

People generally trust companies not to lie straight to their face, even in this case.


Re: Survey answers

That pretty much guarantees you a spot on most BBC shows these days, even if you are utterly useless for the role!

Those that like Chrome as a browser should can to one of the alternatives using the same base code without the tracking stuff. Chromium, Brave, maybe Pale Moon or something similar.

'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc



Another example of what I assume is a government organisation gifted backdoor which shows that backdoors cannot be kept secret forever and once exposed, everyone can be screwed by every Tom,Dick and Harry.

All the US has to do now is to make a noise about foreign hardware having backdoors so everyone scrambles to buy US backdoored kit. oh wait...i'll get my coat.



Biting the hand that feeds IT © 1998–2021