0 Persons are tagged with #backdoor

#backdoor

One person like that
anonymiss@despora.de
anonymiss

#XZ #Backdoor: Times, damned times, and scams

However, I believe that he is actually from somewhere in the UTC+02 (winter)/UTC+03 (DST) timezone, which includes Eastern Europe (EET), but also Israel (IST), and some others. Forging time zones would be easy — no need to do any math or delay any commits. He likely just changed his system time to Chinese time every time he committed.

source: https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and

#security #software #time #news #hack #linux #timezone

XZ Backdoor: Times, damned times, and scams

Some timezone observations on the recently discovered backdoor hidden in an xz tarball.

5 Likes
1 Shares
rainerhgw@diasp.org
Rainer Sokoll ✅

Regarding the #backdoor in #xz-utlis.
I'm by no means a programmer, but I know there is a concept called "reproducible builds". From my understanding, reproducible builds guarantee that the the compiled artifacts are made from a given source, without altering the source code.
I've learned the the source code in the git repository did not contain any backdoors, but the the downloadable tarball did.
Shouldn't be there a mechanism making sure that the tarball matches the source code?

2 Likes
4 Comments
2 Likes
2 Shares
One person like that
diane_a@diasp.org
𝕕𝕚𝕒𝕟𝕖𝕒

"A group of cybersecurity researchers has uncovered what they believe is an intentional backdoor in encrypted radios used by police, military, and critical infrastructure entities around the world. The backdoor may have existed for decades, potentially exposing a wealth of sensitive information transmitted across them, according to the researchers.

While the researchers frame their discovery as a backdoor, the organization responsible for maintaining the standard pushes back against that specific term, and says the standard was designed for export controls which determine the strength of encryption. The end result, however, are radios with traffic that can be decrypted using consumer hardware like an ordinary laptop in under a minute. "There's no other way in which this can function than that this is an intentional backdoor," Jos Wetzels, one of the researchers from cybersecurity firm Midnight Blue, told Motherboard in a phone call."

https://www.vice.com/en/article/4a3n3j/backdoor-in-police-radios-tetra-burst

#USA #militarygrade #morons #crypto #defectivebydesign #backdoor

Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios

The TETRA standard is used in radios worldwide. Security researchers have found multiple vulnerabilities in the underlying cryptography and its implementation, including issues that allow for the decryption of traffic.

8 Likes
2 Shares
gunnar@diasp.org
gunnar

"They found the analytics control and other privacy settings had no obvious effect on Apple’s data collection—the tracking remained the same whether iPhone Analytics was switched on or off.

“The level of detail is shocking for a company like Apple,” Mysk told Gizmodo."

WTF!?

"An independent test suggests Apple collects data about you and your phone when its own settings promise to “disable the sharing of Device Analytics altogether.”"

New Research Says

Apple Is Tracking You Even When Its Own Privacy Settings Say It’s Not

"For all of Apple’s talk about how private your iPhone is, the company vacuums up a lot of data about you. iPhones do have a privacy setting that is supposed to turn off that tracking. According to a new report by independent researchers, though, Apple collects extremely detailed information on you with its own apps even when you turn off tracking, an apparent direct contradiction of Apple’s own description of how the privacy protection works."

https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558

#tracking #apple #iphone #surveillance #prism #linux #bsd #gnulinux #safari #gizmodo #security #hackernews #analytics #privacy #computer #smartphones #phones #phone #spying #backdoor

Apple Tracks You Even With Its Own Privacy Protections on, Study Says

An independent test suggests Apple collects data about you and your phone when its own settings promise to “disable the sharing of Device Analytics altogether.”

4 Likes
4 Comments
1 Shares
anonymiss@despora.de
anonymiss

#WordPress installer #attack race

source: https://smitka.me/2022/07/01/wordpress-installer-attack-race/

The attacker uses the #Certificate Transparency Log to find new WordPress #installations. It works because you usually generate the #SSL certificate when you set up a hosting space. When the certificate is issued, the record appears in the public log.

...

It takes only 4 minutes from the certificate issue to abuse the installer (but in some cases, the attacker managed to do it in under 1 minute).

#internet #blog #security #backdoor #problem #www #web #software #install #news

WordPress installer attack race

“The Famous WordPress 5-Minute Install” was great. Unfortunately, today it can cause serious security problems. The typical scenario is to upload core files to your host, open the insta…

One person like that
1 Shares
anonymiss@despora.de
anonymiss

Exclusive: At least $1 billion of client funds missing at #FTX

source: https://www.reuters.com/markets/currencies/exclusive-least-1-billion-client-funds-missing-failed-crypto-firm-ftx-sources-2022-11-12/

They said the "backdoor" allowed Bankman-Fried to execute commands that could alter the #company's financial records without alerting other people, including external auditors. This set-up meant that the movement of the $10 billion in funds to #Alameda did not trigger internal #compliance or accounting red flags at #FTX, they said.

#money #finance #crypto #backdoor #crime #cybercrime #news #fail #cryptocurrency #insolvency

Exclusive: At least $1 billion of client funds missing at FTX

While it is known that FTX moved customer funds to Sam Bankman-Fried's Alameda trading desk, the missing funds are reported here for the first time. The financial hole was revealed in records that 'SBF' shared with other senior executives a week ago.

5 Likes
3 Shares
danie10@squeet.me
Danie

High‑impact UEFI vulnerabilities discovered (again) in over a hundred of models of Lenovo consumer laptops

Bild/Foto
Yes, two of the drivers immediately caught attention by their very unfortunate (but surprisingly honest) names: SecureBackDoor and SecureBackDoorPeim. I also seem to recall Lenovo had a similar issue about 5 or 6 years ago, so not a first time.

Altogether, the list of affected devices contains more than one hundred different consumer laptop models with millions of users worldwide, from affordable models like Ideapad-3 to more advanced ones like Legion 5 Pro-16ACH6 H or Yoga Slim 9-14ITL05. The full list of affected models with active development support is published in the Lenovo Advisory.

Bottom line though is, if you have a consumer Lenovo device, you really want to check if there is a firmware update.

See https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/

#technology #security #vulnerability #lenovo #backdoor
#Blog, ##backdoor, ##lenovo, ##security, ##technology, ##vulnerabilty

3 Likes
1 Comments
greyedout@sysad.org
greyedout

Don't listen to what they say follow the #money going out the #backdoor

They have the peoples money and they are investing in #Bitcoin and #cryptocurrency dont let them take you for a #sucker

Buffett

bitcoin-hater-warren-buffett-invests-500-million-in-digital-bank-offering-crypto-products/

#news #politics #plandemic #inflation #economy #Biden #democrats #bankers #globalists #bitcoin #Ethereum #gold #zionism #communism #globalism #economy #currency #economics #frauds #liars #deceivers #inflation #deflation #goldmansachs #communism #globalism #economy #currency #economics #frauds #liars #deceivers #inflation #deflation #hedgefunds #lockdowns #vaccines #NewNormal #nwo #banksters #rothschild #bildeberg #jpmorgan #rockefeller #warburg #soros #economicslavery #debt #currency #fiat #money #falseflag #plutocracy #plutonomy #oligarchy #europe #refugres #shameofeurope #inhumanity #2nd-amendment, #freedom #mandate #FBI #PoliticalPersecution #tyranny

1 Shares