* Posts by ds33d8977JH3%3£1

7 publicly visible posts • joined 22 May 2018

'Facebook takes data from my phone – but I don't have an account!'


Same going on with the Samsung purchased from PCWorld.co.uk. I am of the opinion there is a modern day version of the Phoebus Cartel in operation with the players being at least Microsoft, Facebook & Google because I am surprised that reports from ActionFraud.Police.uk can disappear from their systems.

As we only deal with a call centre, its virtually impossible to identify who is at the other end of the phone despite what they might tell us, plus call centre staff invariably don't take ownership of calls and follow reports through to conclusion, its just passed on to those higher up to make "difficult" decisions for the proles.

One other elephant in the room, is the ability to update firmware on a variety of chips found within computers and peripherals and yet no manufacturer provides a tool to verify its their firmware.

Only Mitre's Copernicus tool can check the bios if you are a large enough company with near identical computers.

The Intel ME Cleaner found on GitHub which partially de-blobs Intel CPU's means its technically possible to install malware inside an Intel CPU as the measures put in place by Intel to ensure the ME has not been tampered with is not sufficient to spot its been partially de blobbed, but who can show me a security product that checks the Intel ME cleaner is genuine?

Who cares if you have DD dev/zero'ed or dev/random'ed your hard drive before reinstalling your OS again if its your, bios, cpu and harddrive hiding the malware for you?

Check out ModSprites HDDHack to find out how to insert malware into your hard drive controller, if you want to know more!

Now lets see what page on the comments the bots push this down to says the cynic.

UK.gov's use of black box algorithms to decide stuff needs watching


One way or another the Tories will get the deficit and national debt down as we are not out of the woods just yet, but I also suspect some people will stop using public services like the NHS; those that cant avoid public services will just have to put up with being a product, like some other businesses view those that interact with them.

Govts are just the ultimate monopoly business, your taxes are just the cost so find a different provider where possible if it can save money. The quality of service will be variable though, some will be better some will be worse as the Govt is heavily resourced in some areas but not others.

Its interesting concerns about data skewing or data bias will exist in the data sets, sure it can exist in the data sets, so perhaps being a minority in a country may not be the best place to be located in the world with some algorithms, due to genetic differences and the possibility of rare conditions not being spotted, but it also depends on the "remit" of the algorithm.

Most algo's will be performing important but boring tasks, like looking for 2d (xrays) or 3d (mri scans) pixel patterns to determine if someone has lung cancer or breast cancer, a highly boring but highly paid job. These algo's could be highly effective as there is no boredom, reduction in attention to detail to contend with, a way for the Govt to reduce medical negligence claims even if its just used for highlighting suspects for further human investigation and/or confirmation, so its a cost saving exercise in one way, whilst helping to direct money into areas of research which can further enhance our collective knowledge with a reduction in potential suffering.

However I cant help but be remind of this https://www.youtube.com/watch?v=zUQgthIs7pM

especially if the algo's and/or equipment sensors are not good enough compared to a human with greater intuition not yet included in the algo and/or data set.

Advanced VPNFilter malware menacing routers worldwide


Well some of these routers have normal processors running a Linux distro, and there is certainly no ASLR measures in place on some of these routers from what I have seen, let alone any sort of anti-malware or anti virus protection built in, not that it should be needed on Linux if people believe the popular theme that Linux doesn't need such things.

Reading the blog https://blogs.cisco.com/security/talos/vpnfilter I'm amazed Cisco have such oversight of the internet around the world and appear to be sure it can brick these vendors devices, still I'm sure the vendor's and industry on the whole wont mind a bit of planned obsolesce when these devices do eventually get bricked. Its good for business.

Lets hope there is not some sort of Spectre or Meltdown equivalent on the cpu's running these routers or someone has found a way to update some of the other chips on these devices, because to date, no manufacturer when contacted has been able to provide a tool to check the firmware hasn't been updated with malware, which seems like a very big elephant in the room when it comes to IT security in general, not to mention some devices wont allow the re-installation or downgrade of firmware, just to clear out whats installed already.

So many possibilities, hindered by ease of use and industry standard practices.

Zuckerberg gets a night off: Much-hyped Euro grilling was all smoke, absolutely no heat


Criminals run the world

Criminals run the world, this show is just part of the Bread & Circus that's been going on since before Roman times, in fact probably since at least the ancient Egyptians or Babylonians, my history is not that great.

We do live in a system that keeps us busy in a myriad of ways, question is, how many of you spend your time doing what you want to do? Or do you keep falling for what your rulers want you to do, yanking your chain is just one of the methods to keep you busy, ya'll know.

High-end router flinger DrayTek admits to zero day in bunch of Vigor kit


Re: Story image kudos

"* Hacker wearing hoodie AND balaclava (in case the tape over his webcam is hacked?);"

Being around people is invariably enough to give away secrets as no one bothers to disable the microphones, hard to do on your smart phone admittedly, but most modern laptops monitors with the mike and camera side by side, can be popped open so you can unplug the cable to the microphone in just a few minutes.

Lets not forget in the olden days when mobiles first started to appear, sometimes it was impossible to have a conversation because the microphone picked up so much background noise. Its physically impossible to add an algo to filter the background noise to a microphone, but further up the chain it is, so who can intercept the raw unfiltered sound in your device before the filter?

GCHQ - Always listening to their customers.


Re: who's leaving their admin panels open for the world to attack?

Telnet can be your friend


Unless you are monitoring and accounting for every packet going in and out, just how do you tell when you have been hacked?

Microsoft, Google: We've found a fourth data-leaking Meltdown-Spectre CPU hole


[s]So far, no known exploit code is circulating in the wild targeting the fourth variant.[/s]

Having compromised the major antivirus companies, is anyone really surprised at the above statement?