0 Persons are tagged with #backdoor

#backdoor

biophil@diaspora-fr.org
Phil

Des pirates chinois ont infiltré les données de millions d’Américains !

Quand la surveillance tourne au cauchemar

La surveillance de masse par les moyens de communication est internationale. Elle n’est possible que grâce à des portes dérobées légales chez les opérateurs. Aux États-Unis, c’est justement celles-ci qui ont été exploitées par des hackers chinois pour « écouter » les Américains.

#surveillance #gafam #nsa #bigbrother #backdoor #porte_dérobée #vie_privée #vieprivée #hackers #snowden

Quand la surveillance tourne au cauchemar : des pirates chinois ont infiltré les données de millions d’Américains !

La surveillance de masse par les moyens de communication est internationale. Elle n’est possible que grâce à des portes dérobées légales chez les opérateurs. Aux États-Unis, c’est justement...

3 Likes
3 Likes
3 Comments
florida_ted@diasp.org
Ted

China-backed hackers have exploited Backdoors of several U.S. telecom and internet providers.

CALEA requires that any “communications provider,” such as a phone company or internet provider, must provide the government all necessary assistance to access a customer’s information when presented with a lawful order. In other words, if there is a means to access a customer’s data, the phone companies and internet providers must provide it.

“There’s no way to build a backdoor that only the ‘good guys’ can use,” said Signal president Meredith Whittaker, writing on Mastodon.

https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/

#BackDoor #US #law #CommunicationsAssistanceForLawEnforcementAct #CALEA

The 30-year-old internet backdoor law that came back to bite | TechCrunch

China reportedly hacked the wiretap systems required by U.S. internet providers under a 1994 U.S. wiretapping law.

4 Likes
7 Comments
1 Shares
anonymiss@despora.de
anonymiss

U.S. #Wiretap Systems Targeted in #China - Linked #Hack

Source: http://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b

The #surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn’t be determined if systems that support foreign #intelligence surveillance were also vulnerable in the breach.

Like all backdoors, this #backdoor is also a #security risk and not a gain.

#news #cybersecurity #cybercrime #privacy #politics #police #justice #communication #crime #Problem #USA #fail #hacker #Software #vulnerability #spy

3 Likes
anonymiss@despora.de
anonymiss

#CSAM Regulation Update: Dutch #Intelligence agency weighs in

Source: https://berthub.eu/articles/posts/dutch-intel-service-csam-update/

The resulting situation is regarded by #AIVD as too large a risk for our #digital #resilience. (…) Applying detection orders to providers of end-to-end encrypted communications entails too large a #security risk for our digital resilience.

#news #backdoor #encryption #e2e #chat #communication #surveillance #bigbrother #cybercrime #cybersecurity #chatcontrol #privacy #eu #politics #Software #Europe #Smartphone #mobile

One person like that
faab64@venera.social
Farhad

This is fucking evil.

The majority of those killed and injured were medical staff and hospital workers who are still using those outdated devices.

This proves that American based electronic devices have backdoors that Israeli military is aware of and in many cases are behind their implementation.

Remember many years ago working on debugging a Micron memory IC, we came across an undocumented block in the device that seems to be a small microprocessor connected to the ID network of the device, but also had connection to the main controller of the DDR memory.

After almost a week on trying to figure out what that was we were told that it's part of an internal company safety control device that is not open to public or even us developing hardware reliability test of it.

After some hacking we found that it was ising some modified version of the one wire hardware protocol and could be activated before the Bios or the RomCode of the CPU, SoC was activated. The function was a backdoor included in almost all Micron flash memory and DDR chips to give NSA access to the devices without the knowledge of companies using those ICs. The same goes with all communication ICs and network chips.

I am sure the same is in almost all SD cards and battery controller devices and it's definitely what Israeli military used to hack these devices and commit the latest cyber terrorism since outbreak of the Stoxnet a few years ago.

#Lebanon #CyberTerrorism #Israel #CyberAttack #Terrorism #Technology #Hacking #Backdoor #Technology
#Politic

4 Likes
1 Comments
1 Shares
faab64@diasp.org
Farhad 🆓🇵🇸 ☮️Now

This is fucking evil.

The majority of those killed and injured were medical staff and hospital workers who are still using those outdated devices.

This proves that American based electronic devices have backdoors that Israeli military is aware of and in many cases are behind their implementation.

Remember many years ago working on debugging a Micron memory IC, we came across an undocumented block in the device that seems to be a small microprocessor connected to the ID network of the device, but also had connection to the main controller of the DDR memory.

After almost a week on trying to figure out what that was we were told that it's part of an internal company safety control device that is not open to public or even us developing hardware reliability test of it.

After some hacking we found that it was ising some modified version of the one wire hardware protocol and could be activated before the Bios or the RomCode of the CPU, SoC was activated. The function was a backdoor included in almost all Micron flash memory and DDR chips to give NSA access to the devices without the knowledge of companies using those ICs.

I am sure the same is in almost all SD cards and battery controller devices and it's definitely what Israeli military used to hack these devices and commit the latest cyber terrorism since outbreak of the Stoxnet a few years ago.

#Lebanon #CyberTerrorism #Israel #CyberAttack #Terrorism #Technology #Hacking #Backdoor #Technology
#Politics

2 Likes
4 Comments
jonny101@pod.geraspora.de
-jonny-

Years ago I was wondering what this init freedom thing was all about. Today in the wakes of regreSSHion and xzUtils it dawns on me.

This article has been written in 2022 but could not be more up to date today.

#gnu #linux #foss #init #freedom #devuan #debian #backdoor #systemd

The fight for Init Freedom

Distro Walk – Devuan

Devuan, with its promise of Init Freedom, provides users an alternative to systemd as an init process.

Long-time Linux users may remember a time when Debian was viewed as a collection of anarchists, with radical ideas about voting and decision-making. At times, Debian was even the lone dissenter among distributions about decisions made by the Free Software Foundation. However, over the years, Debian has developed its own hierarchy along the way to becoming the source for some two-thirds of active distributions. Today, the Debian derivative most reminiscent of early Debian is Devuan [1], which forked from Debian in 2014 over how decisions were made and the technical connotations of using systemd. Recently, two Devuan developers – fsmithred, who builds the live images and helps with support, and golinux, the community manager – took the time to recall Devuan's past and why their issues are still relevant today. Because Devuan lacks a formal hierarchy, they emphasize that their remarks are "unofficially official."

In 2014, major Linux distributions were transitioning from SysVinit to systemd as an init process – init being the first process to start on a system and the one that manages other processes. Ubuntu had started using Upstart a decade earlier with little controversy. By contrast, systemd was controversial from its earliest days. To start with, systemd is much more than an init system. Rather, as contributor dasein described on the Debian User Forums, "calling systemd an init system is like calling an automobile a cup holder" [2]. That is, while systemd includes the functions of an init system, dasein said systemd is also "an effort to recreate large portions of existing userspace (including login, job scheduling, and networking, just to name a few) inside a single process traditionally reserved for the sole purpose of starting *nix userspace. (Just in case it isn't clear, there is a huge difference between starting userspace (init) and being userspace (systemd).)"

From this perspective, not only is systemd overkill, but it is a violation of the basic tenet of Unix development that an application does only one thing and does it very well. As Christopher Barry stated in the Linux Kernel Archive, this philosophy is what makes Linux "a collection of simple modular components that could be plugged together at will to do real work" [3] – an operating system that is both flexible and accessible. Just as importantly, a modular structure allows the pieces to be assembled in different ways, so that each distribution can be unique. By contrast, systemd imposes a structure on all Linux systems that reduces variety – which is convenient in some ways, but needlessly limiting in time-honored ways.

As expected, the Debian mail forums debated these perspectives extensively. Unsurprisingly, the discussion culminated in a General Resolution among Debian users, with many Debian officials favoring systemd. The winning option was to use systemd, but at the same time, a more general resolution to favor systemd placed last – a decided ambiguity. Although rarely stated in so many words, much of the dissatisfaction implied that the decision to use systemd was imposed by the Debian hierarchy upon the general membership.

Whether this implication was valid is besides the point. Many believed it was. On November 24, 2014, the Devuan fork was announced. The intention was "to produce a reliable and minimalist base distribution that stays away from the homogenization and lock-in promoted by systemd" [4].
Introducing Init Freedom

Rather than being seen as simply an anti-systemd project, Devuan calls its position Init Freedom (Figure 1). The name invokes Richard Stallman's four essential freedoms, although the idea itself might seem less basic. Devuan's Init Freedom page [5] simply defines the idea as being "about restoring a sane approach to PID1 [init] that respects portability, diversity, and freedom of choice," assuming that the value of these goals is self-evident.
Figure 1: Devuan supports a choice of init alternatives.

In practice, Init Freedom means supporting a choice of init freedoms. Although systemd advocates often maintain that supporting multiple init systems would make packaging more difficult, from its first release, Devuan has continually added init alternatives without any apparent difficulties. Today, in addition to the default SysVinit, Devuan lists six alternatives: OpenRC, runit, sinit, s6, 66-devuan, and Shepherd, and it is open to considering others. Fsmithred suggests that most people simply use sysVinit, although OpenRC and runit, which use SysVinit scripts, are also available. Scripts are also being developed for runit and to extend usability of other shipped alternatives. For those interested in learning more, discussion can be found on the Dev1 Galaxy Forum [6] and on Devuan's IRC channel [7].

In addition, the Init Freedom page lists other Linux distributions that offer systemd-free alternatives, as well as other Unices such as the BSD Family. DistroWatch also offers a search filter for distros without systemd – currently, 97, a total far higher than many might suspect, although it includes only a handful of major distributions, such as MX Linux, Alpine Linux, and KNOPPIX [8]. Devuan keeps in close touch with these distributions, especially on the Dev1 Galaxy Forum.

Fsmithred adds that, "We rely heavily on Debian. Most of the packages in Devuan are unchanged from Debian. We only fork packages that require systemd. There is collaboration between Devuan and Debian on a few packages, and we occasionally send bug fixes or patches upstream to Debian for packages we do not fork."
Beyond Init Freedom

Devuan is usually referred to in terms of Init Freedom – often with the obviously mistaken assumption that it is a lost cause. However, Devuan also features Docker images and community-developed ARM packages. Chimaera, the latest Devuan release, also includes an option to not install PulseAudio to enable simultaneous speech synthesis in both a graphical and console session. In addition, at least one Devuan-derivative exists, Maemo Leste, whose goal is "to provide a free and open source Maemo experience on mobile phones and tablets like the Nokia N900, Motorola Droid 4, Motorola Bionic, PinePhone, PineTab, Allwinner tablets, and more" [9]. Although Devuan might be a niche distribution, clearly it is a thriving one.

But can Devuan's cause become mainstream? It's not impossible. Linux is in an era in which large parts of it are being written. If PulseAudio can be replaced with PipeWire – which is currently happening – then systemd's obsolescence is not impossible, either. Meanwhile, for those who disagree with the majority, Devuan provides a workable alternative, while keeping the early spirit of Debian alive.

Source: https://www.linux-magazine.com/Issues/2022/260/Devuan

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux

Full system compromise possible by peppering servers with thousands of connection requests.

3 Comments
2 Shares
One person like that
anonymiss@despora.de
anonymiss

#XZ #Backdoor: Times, damned times, and scams

However, I believe that he is actually from somewhere in the UTC+02 (winter)/UTC+03 (DST) timezone, which includes Eastern Europe (EET), but also Israel (IST), and some others. Forging time zones would be easy — no need to do any math or delay any commits. He likely just changed his system time to Chinese time every time he committed.

source: https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and

#security #software #time #news #hack #linux #timezone

XZ Backdoor: Times, damned times, and scams

Some timezone observations on the recently discovered backdoor hidden in an xz tarball.

5 Likes
1 Shares
rainerhgw@diasp.org
Rainer Sokoll ✅

Regarding the #backdoor in #xz-utlis.
I'm by no means a programmer, but I know there is a concept called "reproducible builds". From my understanding, reproducible builds guarantee that the the compiled artifacts are made from a given source, without altering the source code.
I've learned the the source code in the git repository did not contain any backdoors, but the the downloadable tarball did.
Shouldn't be there a mechanism making sure that the tarball matches the source code?

2 Likes
4 Comments
2 Likes
2 Shares
One person like that