2019-06-24 @ 07:56: déjà vus Personal

Lately I’m experiencing many déjà vus. Since I’m already used to that, it feels like falling down the rabbit hole most time. Maybe there’s a glitch in the matrix.

President Trump has promised to cure cancer, eradicate AIDS, and ensure that American astronauts land on Mars if he wins a second term. “We will push onward with new medical frontiers. We will come up with the cures to many, many problems, to many, many diseases—including cancer and others and we’re getting closer all the time,” Trump said to a cheering crowd at his rally in Orlando, Florida, on Tuesday night. “We will eradicate AIDS in America once and for all and we’re very close. We will lay the foundation for landing American astronauts on the surface of Mars.”

Source: The Daily Beast

To my mind there are more important things to do than landing astronauts on the surface of Mars. Like having proper and affordable health care.

A global survey of attitudes towards science has revealed the scale of the crisis of confidence in vaccines in Europe, showing that only 59% of people in western Europe and 50% in the east think vaccines are safe, compared with 79% worldwide.
Around the globe, 84% of people acknowledge that vaccines are effective and 92% say their child has received a vaccine. But in spite of good healthcare and education systems, in parts of Europe there is low trust in vaccines. France has the highest levels of distrust, at 33%.
There have been major measles outbreaks in a number of countries, which have spread across the continent, linked to vaccine hesitancy.

Source: The Guardian

This is entirely good news, as it will solve lots of issues in this world. People who vaccinate and those who don’t are like the yin and the yang. We need you!

The Irish government plans to ban the sale of new petrol and diesel vehicles by 2030, as part of a major strategy to protect the environment.
The aim is to ensure that all new cars and vans on Irish roads in 11 years’ time are electric vehicles.
The proposed legislation was among 180 measures in the government’s Climate Action Plan, published on Monday.
The document also includes a target to implement an EU-wide ban on non-recyclable plastic by 2030.

Source: BBC

That will cause a massive raise on the second-hand car market.

Hackers at the Central Intelligence Agency, with the help of colleagues from the British spy agency MI5, developed malware to secretly spy on targets through their Samsung Smart TVs, according to new documents published by WikiLeaks.
On Tuesday, WikiLeaks dumped a large cache of documents allegedly coming from the CIA’s hacking unit. Julian Assange’s organization dubbed the release, which it says it’s the first in a series, as “Vault 7,” and billed it as the largest-ever of confidential CIA intelligence documents.

Source: VICE

I said it once and I say it again: Using smart-home technology maybe convenient, but it’s not smart.

Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels. The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels. There are patches that address most of these vulnerabilities. If patches can not be applied, certain mitigations will be effective. We recommend that affected parties enact one of those described below, based on their environment.

Source: https://www.openwall.com/lists/oss-security/2019/06/17/5

Scanning your computer for malware viruses is important to keep it running smoothly. This also is true for your QLED TV if it’s connected to Wi-Fi! Prevent malicious software attacks on your TV by scanning for viruses on your TV every few weeks.

Source: Samsung

Why does the TV need Internet access anyway? No Samsung devices for me then. Never ever.

If that’s true, shouldn’t the government declassify everything? In other words, if you got nothing to hide, do not wear clothes!

About two years ago Theresa May said:

[..] that last night’s London terror attacks mean that the Internet cannot be allowed to provide a “safe space” for terrorists and therefore working cryptography must be banned in the UK.

Source: https://boingboing.net/2017/06/04/theresa-may-king-canute.html

The German interior ministry said today:

Das Bundesinnenministerium ist dem Vorwurf entgegengetreten, es wolle Anbieter von Messenger-Diensten wie WhatsApp zur Entschlüsselung der Kommunikation ihrer Nutzer zwingen. Die Bundesregierung halte an dem Prinzip “Sicherheit durch Verschlüsselung und Sicherheit trotz Verschlüsselung” fest, sagte ein Sprecher der dpa. Er betonte: “Wir wollen weiterhin keine Hintertüren oder Verschlüsselungsverbote.”
Damit Terroristen und Bandenmitglieder ihre Kommunikation nicht durch die Nutzung verschlüsselter Messenger-Dienste komplett abschotten könnten, müssten die Provider aber einen “staatlichen Zugriff als gesetzlich geregelte Ausnahme” ermöglichen. Einen Gesetzentwurf hierzu gebe es jedoch noch nicht, sagte der Sprecher. “Wir stehen hier noch am Anfang einer Lösungsfindung.”

Source: https://www.heise.de/-4447537

To my mind it seems like most of the politicians do not realize that cryptography has something to do with mathematics, rather than with sets of rules like who’s (dis)allowed to do what.

2019-06-12 @ 07:59: RAMBleed Bugs | Security

RAMBleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes. The implications of violating arbitrary privilege boundaries are numerous, and vary in severity based on the other software running on the target machine. As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key. However, RAMBleed can be used for reading other data as well.
RAMBleed is based on a previous side channel called Rowhammer, which enables an attacker to flip bits in the memory space of other processes. We show in our paper that an attacker, by observing Rowhammer-induced bit flips in her own memory, can deduce the values in nearby DRAM rows. Thus, RAMBleed shifts Rowhammer from being a threat not only to integrity, but confidentiality as well. Furthermore, unlike Rowhammer, RAMBleed does not require persistent bit flips, and is thus effective against ECC memory commonly used by server computers.

RAMBleed

Now imagine you put your stuff into the cloud ….


  • About

    We never asked for this.