A number of AMD products, including the recent Ryzen series, were found to be susceptible to a cache-powered side channel similar to Intel's infamous "Meltdown" design flaw. Via this side channel, unprivileged processes are able to read memory belonging to privileged ones at a quite respectable 588.9 kB/s. Continue reading
Author Archives: asciilifeform
Jury Hangs After Prosecution Fails To Make CIA "Vault 7" Case
The show trial of Joshua Schulte, a USG servant who was accused of leaking CIA-authored malware, has ended with a hung jury (archived). Schulte remains in USG custody. Continue reading
Airstrip One: NHS To Deny "Non-Critical" Care To Racists, Sexists
The British National Health Service has officially permitted its staff to deny medical treatment to patients whom they have deemed to be "racist or sexist". (archived)
Presently, the decree applies only to "non-critical" medical care.
Harvard Chemistry Chair Arrested Over "False Statements To USG Agencies"
Charles M. Lieber, chairman of Harvard University's Department of Chemistry, and member of the U.S. Academy of Sciences, was arrested and charged with fraud for "making false statements to US government agencies". Continue reading
OpenBSD Mail Server OpenSMTPD Allows Remote Exectution Of Arbitrary Shell Commands As Root
A remotely-exploitable vulnerability for OpenSMTPD, OpenBSD's mail server, present since May 2018, has been made public (archived). It enables an attacker to execute arbitrary shell commands with root privileges.
Notably, the proof-of-concept exploit makes use of routines which first made an appearance in the Morris worm of 1988.
Existence Of Big Botnet Made From Small Routers Announced
A great many types of vulnerability-by-design in consumer routers have been public for a rather long time: Linksys, MikroTik, NETGEAR, TP-Link, and other vendors, have — for the entire history of this product type — been selling boxes that are, essentially, public toilets, free for the remote taking by any reasonably-intelligent teenager.
It appears that this "news" has finally percolated down through the drains and into the dark cellars where USG gendarmerie dwell. As part of their regular work to force the replacement of systems containing old, burned NSA-authored vulnerabilities, with new and fresh ones — USG.FBI have recently turned their attention to consumer routers.
The lively petri dish of self-propagating shitware now commonly known to be dwelling in the NSA victims' home routers, has been officially blamed on Putin's omnipotent DNC-diddling brigade. Respectable, non-terrorist USG subjects will, presumably, be issued new, "clean" routers, in the nearest future.
The burning of these vulnerabilities was handled by having "researchers" affiliated with Cisco unveil the presence of a botnet populated by ~500,000 small routers commandeered by an artful piece of malware which persists across device reboots (archived). Meanwhile, Cisco continues having its own profound and self-inflicted security issues.
US Kangaroo Court Issues Conviction For Kidnapped Antivirus Operator
On May 16, 2018, A USG kangaroo court convicted one Mr. Ruslan Bondars, a "non-citizen"1 of USG marionette state Latvia, of "one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage".
Mr. Bondars was brutally kidnapped under colour of law by USG.FBI thugs, with the cooperation of local quislings;2 held incommunicado and flown in secret to USA; brought to "trial" — and summarily convicted of all charges — for operating a WWW site called Scan4you. This appears to have been a service essentially-identical to more well-known items like VirusTotal (the latter — acquired by Google in 2012, reputedly for $0.5B USD); visitors could submit executables and view results from testing their submissions against popular MS-Windows antivirus programs.
However, unlike VirusTotal and other USG properties, Scan4you did not forward all user submissions to USG agents (Microsoft, alphabet-soup agencies, et al). In the words of the prosecuting Freisler:
"Scan4you differed from legitimate antivirus scanning services in multiple ways. For example, while legitimate scanning services share data about uploaded files with the antivirus community and notify their users that they will do so, Scan4you instead informed its users that they could upload files anonymously and promised not to share information about the uploaded files with the antivirus community."
Mr. Bondars now faces a 35-year sentence, "…as a warning to those who aid and abet criminal hackers".
The "Newton's Laws" governing this type of witch trial are, of course, quite well-known:
"Practically speaking, understand that one does not get to exist in the US sphere without being a tool of the USG.
You can't have a bank that does banking : either it does policing work for the USG or it gets burned down. You can't be an investor : either you push the USG agenda ad idem or else they come take your shit." —
"On how the factored 4096 RSA keys story was handled, and what it means to you." (Mircea Popescu)
It appears that the NATO Reich is moving ahead with its long-term plan to add vulnerability research to the list (already occupied by, e.g., banking) of formally declared Reich monopolies.
Mr. Bondars is a citizen of the USSR, and appears to have been, along with millions of others, "unpersoned" by the USG Baltic Bantustan formed after the May 1990 destruction of the Latvian Soviet Socialist Republic. Citizenship under the new regime was not granted to all persons lawfully residing there under the old one, but was contingent on demonstrating knowledge of the local monkey language (about a fifth of the population qualified) and taking a loyalty oath to the new quisling government. ↩
Explicitly credited by USG: "The Government of Latvia, including the Latvia State Police International Cooperation Department, the Latvia State Police Cybercrime Unit, and the General Prosecutor’s Office of the Republic of Latvia – International Cooperation Division, provided assistance and support during the investigation." ↩
Microsoft Again Introduces New Vulnerabilities Via Update: This Time In A "Meltdown" Patch
Microsoft has been caught red-handed in an act proudly continuing an old tradition: introducing a trivially-exploitable privesc vulnerability into its Windows product line under the cover of a patch for the infamous Meltdown Intel misfeature.
Europol Arrests Unnamed Man For Politely Persuading Eurobanks To Part With Cash
On Monday, March 26, armed thugs representing themselves as "Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies" arrested a yet-unnamed "mastermind" — who stands accused of causing "cumulative losses of over EUR 1 billion for the financial industry". And apparently this is not difficult:
"In all these attacks, a similar modus operandi was used. The criminals would send out to bank employees spear phishing emails with a malicious attachment impersonating legitimate companies. Once downloaded, the malicious software allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs. This provided them with the knowledge they needed to cash out the money."
I.e. chair warmers were asked politely to install "Back Orifice" — and they (whether out of stupidity, or in exchange for a cut of the take — we are not told) obliged. As for MS-Windows, installed on bank infrastructure and in ATM boxes all over Europe: it, in turn, worked precisely as it was designed to work.
As of the time of this writing, the number of "bank employees" arrested in connection with their indispensable work in making this heist possible — stands at: zero. Likewise, the number of Microsoft executives held to answer for the very existence of "infectious attachments" as a concept — stands also at zero.1
The "mastermind" and his merry men also stand accused of Bernankeization without a license:
"Databases with account information were modified so bank accounts balance would be inflated, with money mules then being used to collect the money."
Magicking money into existence from thin air is, we learn, A-OK when carried out from a well-pedigreed bag of lard parked in an Aeron in New York — but not so much when it is done by non-bluebloods and on the wrong side of the Atlantic.
The accused, presently nameless — and held incommunicado — also stand to be punished for the unforgivable USG.crime of having "laundered via cryptocurrencies".
On the other hand, the EU bureaucracy informs us that the "perpetrator" of this "crime" supposedly was "vacationing in Spain" — rather suspiciously similar to the previous three major USG.kidnapping-under-the-colour-of-law victims; evidently crafting a replacement cover story for USG thugs' free hand in lifting people straight from the streets of Bucharest & elsewhere, would overrun the budget? ↩
Nine Citizens of Iran Given the Honour of Inclusion in USG.FBI's 'Wanted List'
On Friday, March 23, USG once more indulged its recently-acquired taste for indicting in absentia loyal soldiers of a sovereign nation — this time, nine signals-intelligence professionals residing in, and lawful citizens of, Iran. For carrying out their duties in service to their sovereign, USG saw it fit to charge (archived OCR) them in USG kangaroo court with the USG.crime of "Conspiracy to Commit Computer Intrusions".
For the role of "victims" of this "crime", USG chief prosecutor Rosenstein cast:
"… 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund",
from whom the "criminals" have "stolen" "…more than 31 terabytes of academic data and intellectual property".
Interestingly, the most unforgivable USG.crime committed by the accused appears to have been a successful attempt to… re-create, in-house, "SciHub":
"The members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, which they used to steal research, and other academic data and documents, including, among other things, academic journals, theses, dissertations, and electronic books. The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields. The defendants stole at least approximately 31.5 terabytes of academic data and intellectual property, which they exfiltrated to servers outside the United States that were under the control of members of the conspiracy… …Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular U.S.-based and foreign universities."
I.e. roughly the same act of "terrorism" for which Aaron Swartz was hanged in New York in 2013.
It is worth noting that, while USG at one time, not so long ago, had "long hands" in Iran, these hands have recently acquired a tendency to get abruptly shortened — Iranian-style. Therefore it remains unclear how, if at all, USG intends to bring the nine "criminals" to "justice". And one may safely suppose that the only people likely to hang in connection to this "conspiracy"… are the remaining USG moles in Iran, who supplied Rosenstein and his assistant Freislers with their "evidence".
"31337 w4r3z" in our time.