#bug

anonymiss@despora.de

#Intel #CPU "Alder Lake": #BIOS source code #leak

source: https://nitter.unixfox.eu/SttyK/status/1578582946352488448
github archive: https://web.archive.org/web/20221008040713/https://github.com/LCFCASD/ICE_TEA_BIOS

Intel Confirms #AlderLake BIOS Source Code Leak, New Details Emerge

source: https://www.tomshardware.com/news/intel-confirms-6gb-alder-lake-bios-source-code-leak-new-details-emerge

"Our proprietary #UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our #bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation." — Intel spokesperson.

So why is it not #OpenSource Intel?


#security #hack #software #news

ramnath@nerdpol.ch

#quote #jimstone

http://www.voterig.com/.y1.html
#How the #bug works:
You go to a store. Buy your stuff. The attendant at the counter has a cell #phone set to continuously scan for nearby devices. If a new device has been detected for the first time, the phone dings and the option appears to bug the device on the spot, even if the phone number is not known. Then, since you know the location of whoever you bugged from that point on, you can send people to rob/kidnap/murder and I just found out yesterday this is how the cartels get it done. This happened to me and it wrecked posting for Friday.

All of my devices can have the batteries taken out so I was able to lay low but it took an entire day to get "out of there" safely, I left long before sunrise and this is my first post afterward. The devices are still obviously bugged but since they would have no interest in me other than to rob me, if I am out of their zone there's no problem.

I was stupid with how I got bugged. I won't make the same mistake again, (count on it), I went into a small local store out in the boonies and bought a cheap shirt and a snack. I got into a conversation with the girl and told her I was out there with a metal detector looking for nuggets. (There is going to have to be a way to pay for this site when everything gets shut down,) and I am for a short time trying this because nuggets are EVERYWHERE in Mexico, it's not like the United States where 900,000 people have been over the gold sites, with a detector you have a real chance of making a living - Anyway, once she saw the detector that was it, she nailed my sh*t and my internet started running like crap, right there, in the store, during using the translator, live. I know how my devices act. I knew what happened right after she toyed with her phone for a bit.

I knew these bugs existed, but thought that only "privileged people" had access to them. That's not the case at all, as it turns out, if you pay enough for the bug you get the whole shebang and can do NSA level stuff where you just get close enough to someone to identify their devices and you can be bugged on the spot, even if they never knew you. This goes back to operation talpiot, minix, "the operating system under the operating system" - THAT. Your cell phone can NEVER be turned off unless it is one the battery can be taken out of, how can it possibly be turned off when if you go to charge it, a cute nicely formed motion video graphic of a charging battery shows up? "Off" is fiction, and the bugging software exploits that.

The normal bug that's relatively cheap requires knowing the phone number and it gets placed with a call that does not talk. All you have to do is pick up the phone. Even the cheap bug that requires the phone number can jump into every other device you have, the expensive bug turns your phone into one that can jump into any device that approaches.
SO HEADS UP: Bill Gates walks around in plain clothes for a reason. If you are in a shady area and you pull up in your Escalade dressed to the hilt, your devices can be nailed and this is one way "random and mysterious" robberies and carjackings can be accomplished.
The only defense agains this type of thing is to own devices with removable batteries, and those are getting few and far between. But are still somewhat readily available if you don't need one that can have 30 facebook pages open while streaming on zoom and uploading to TikTok, or your phone is not a fashion statement.

anonymiss@despora.de

(Time)Stamping Out The #Competition in #Ethereum

source: https://medium.com/@aviv.yaish/uncle-maker-time-stamping-out-the-competition-in-ethereum-d27c1cb62fef

Thus, a #miner who wishes to replace the last block on the #blockchain, can do so by #mining a new #block of its own which has a #timestamp which is low enough to increase the block’s mining difficulty. This can be useful, for example, in cases where this last block has high paying transactions, or in order to double-spend a transaction contained within the block. Another possibility is for an attacker to preemptively mine blocks with such false timestamps, in order to make sure they win in case of ties with other blocks which might be mined concurrently, or which might’ve been mined in the recent past but haven’t reached the attacker yet.

#scam #fail #software #attack #cybercrime #problem #money #finance #security #problem #news #bug #vulnerability

57b731e9@nerdpol.ch

Serious security vulnerability in Tails 5.0

Tor Browser in Tails 5.0 and earlier is unsafe to use for sensitive information.

The problem is that Tails 5.0 uses version 11.0.11 of the Tor Browser. This is based on a version of Firefox that contains vulnerabilities in its JavaScript interpreter. The current version of the Tor Browser is 11.0.13, and this new version is not vulnerable to the attacks that work against version 11.0.11 and earlier. If you use the Tor Browser with other OSes (not Tails), you should check to see that you have the newest version.

If you keep JavaScript disabled this vulnerability does not affect you. The Tor Browser makes it very easy to disable JavaScript. This problem will also not affect you if you don't enter any sensitive information into web sites.

If you start Tails today, Tails itself will warn you about this. Oddly the Tails home page has no such warning.

Here is the page about the vulnerability. https://tails.boum.org/security/prototype_pollution/

Here is the Tails home page. https://tails.boum.org/

The recommendation from Tails is that you don't use the Tor Browser in Tails until the next version of Tails is released. This should be version 5.1 and it should be released on 31 May 2022.

#tails #tor #tor-browser #vulnerability #bug #security #privacy #surveillance #firefox #mozilla

wroos@diasp.org

#Spotify #Bug #Linux

I am a happy puppy with the performance of my new Mint running my Intel NUC HTPC, but ran into a weird bug/annoyance with the Spotify app.
The window controls were gone, no X no _ like i had done a F11, but nothing reverted that, the only way to get the system menu and such, alt tab into another open window (then the bar at the bottom popped up again) or when no other program was running even a CTRL ALT F1 to get a Bash command line, and pkill -f his ass.
Weird.
Some googling shows it is a problem that also pops up on other systems (windows 7 in this case) and there the solution:

Close Spotify, remove ~/.config/spotify/window_position.prefs file and start Spotify again.

Nope, no joy, the file does exist, removing it does not solve the problem.
But, removing the file(s) .config/spotify/Users/"username"-user/prefs will revert Spotify to 'first startup' and you can login again, and change your settings back to what you like, while still having window controles and all is good in the world again ;-)

Another post showed:

It seems the window prefs file doesn't have an effect on modern versions of Spotify for Linux. Instead, in ~/.config/spotify/prefs, remove all lines referencing app.window.

But for me that just did not do the job so i remove all of them (adding a '.x' behind the filename, to make it easier to restore if things get even more borked).

actro@pluspora.com

Spass mit unresponsivem Rechner.. Dialoge zum Öffnen oder Speichern hakeln, flatpak-Anwendungen brechen beim Start ab.
Eintauchen ins Syslog liefert folgendes:

Feb 2 14:05:34 bolide dbus-daemon[718]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.1583' (uid=0 pid=33994 comm="hostnamectl set-hostname bolide ")
Feb 2 14:06:04 bolide systemd[1]: systemd-hostnamed.service: start operation timed out. Terminating.
Feb 2 14:06:04 bolide systemd[1]: systemd-hostnamed.service: Failed with result 'timeout'.
Feb 2 14:06:04 bolide systemd[1]: Failed to start Hostname Service.

Ratlosigkeit, Google hilft auch nicht so wirklich.
Einfach mal in den Backup-Kernel booten hilft dann. Der Fehler trat auf mit 5.10.0-10-amd64, unter 5.10.0-9-amd64 funktioniert alles prächtig.

Feb 2 14:19:50 bolide dbus-daemon[700]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.77' (uid=0 pid=6021 comm="hostnamectl set-hostname bolide ")
Feb 2 14:19:50 bolide systemd[1]: Starting Hostname Service...
Feb 2 14:19:50 bolide dbus-daemon[700]: [system] Successfully activated service 'org.freedesktop.hostname1'
Feb 2 14:19:50 bolide systemd[1]: Started Hostname Service.
Feb 2 14:19:55 bolide systemd[1]: systemd-localed.service: Succeeded.

Flatpak-Anwendungen laufen wieder rund und Dialoge sind blitzschnell da..
Also werde ich wohl der Sache mal etwas tiefer auf den Grund gehen..

#linux #kernel #bug

anonymiss@despora.de

#Honda Clocks Are Stuck 20 Years In The Past And There Isn't A #Fix

source: https://jalopnik.com/honda-clocks-are-stuck-20-years-in-the-past-and-this-mi-1848306970

There is no fix for the current issue. Honda says it’s investigating and if it does not find a fix, the clocks should correct themselves sometime in August.

The year 2022 bug D:

enter image description here

#bug #technology #car #fail #economy #software #news #clock #date