No longer content to let the marginal figures he surrounded himself with in the hope that they might come to love The Great Again, Trump has begun firing senior wafflers. Today's elemination list includes Secretary of State Rex Tillerson and Undersecretary of State Steve Goldstein. Make "You're Fired", Great Again!
Category Archives: Security
NSA's Payload for the 'Phuctorable' MikroTik Routers Found
Kaspersky Inc has published an analysis (archived) of a MS Windows rootkit, therein nicknamed "Slingshot".
The item exhibits the traditional smell of USG-authored shitware, e.g. validly-signed Windows drivers for the persistence layer. However the more interesting aspect is that it is spread via infected routers, of a type which, astonishingly even for consumer shitware, forces the execution of a x86 Windows binary for initial configuration.
An infected router dutifully augments this configurator with a rootkit installer; the rootkit, in turn, contains the typical keylogger and saved-password-collector, network topology probe, etc. components.
The more interesting and "unmentioned/unmentionable" aspect is however the identity of the router's manufacturer:
MikroTik. That very same Latvian USG shill company that's been deploying routers with nonfunctional RNGs and trivially-Phuctorable SSH keys for its entire existence. And dutifully spreads obfuscatory squid ink whenever the danger of public exposure seems acute.
US FBI And Canadian Mounties Kill Startup After Entrapment Campaign
The CEO of cellular phone hardware startup Phantom Secure was arrested following a joint entrapment campaign conducted by the US FBI and Canadian Mounties (archived). Phantom Secure specialized in reselling Blackberry phones that had been substantially improved through the removal of frivilous shit like cameras and microphones while loading the improved devices with a more mininalist operating system image.
Memcached DDoS Attacks Lead To Record Breaking Levels Of Wank
A recent wave of amplified DDoS attacks utilizing wrongly configured memcached servers has lead to unprecedented levels of wank among the self described "seekootity community" in recent days. The attacks work by sending spoofed UDP packets to the maliciously unsecured servers triggering the servers to respond by spewing data at the target destination.
The wank comes from an obvious solution which neuters the offending nuissance memcached installations. The memcached servers capable of being recruited into DDoS attacks are also vulnerable to being issued a "flush-all" command which will cause the server to register everything in its cache as expired. This denies an ongoing denial of service attack cached items to dump on a target (archived).
The wankers are naturally compelled to wank about the supposed ethics and inconveniences this obvious solution imposes on the dangerous idiots operating nuissance machines.
Arrangements Being Made For Donald Trump To Meet Kim Jung Un
Numerous outlets are reporting that arrangements are being made for Best Korean Leaders Donald Trump and Kim Jong Un to meet.
Mining Rig Heist In Iceland: Arrests Made But No Material Recovered
Reports are emerging that allege 600 Bitcoin mining rigs and other supporting materials were stolen from a data center in Iceland between December 2017 and January 2018 (archived). No materials have been recovered and out of 11 arrests related to the investigation, local police are only keeping two suspects in custody.
Favorable electricity prices in Iceland have set the island up to be one of the first regions where power consumption for Bitcoin mining exceeds power consumption for other purposes.
Dublin Looters Destroy Grocery Store
Looters in Dublin, Ireland appropriated a piece of construction equipment and removed structural material from a Lidl grocery store to achieve ingress and egress from the premises (archived). Reports out of Ireland and Airstrip One suggest a state of chaos amid routine winter weather self declared local authorities are apparently no longer capable of handling.
SSL Certificate Reseller Leaks Private Keys
The CEO of SSL certificate reseller Trustico emailed the private keys for more than 23,000 keypairs to an employee of their "root authority" as part of a request to have the certificates mass revoked (archived). The identity of the mysterious "CEO" of Trustico has eluded reports though a fellow identifying himself at this time as "product manager Zane Lucas" (WOT:nonperson) has apparently been responsding to press inquiries. At other times in press releases related to Trustico have mentioned a "Zane Lucas, director" (archived). How Trustico acquired customer private keys appears to be related to their now unreachable website having offered an online "private key generator" which it directed customers too.
"Facebook Live" Fails To Stop Man With Gun, One Dead
A North Carolina man was shot while using Facebook's Live video feature to "out" suspected drug dealers in his community (archived). Both parties involved in the incident have felony convictions for selling cocaine, however the party armed with a firearm survived while the party armed with social media did not. The deceased's last words were:
"You on Live"
Police Chief Donnie Gay who talked to the social media wielder "on Live" minutes before the shooting offered that he though the fellow would get beat up rather than getting shot dead for recreationally outing drug dealers.
Apple Hands Over More Keys
Apple surrendered to Oriental Socialism and moved encryption keys for Chinese users to Chinese servers at the behest of Party officials. According to Reuters, 'Chinese authorities can now get a Chinese legal order and tell Apple to hand over user data. Apple will have no choice but to comply with the order." Apple already complies with U.S. Department of [in]Justice requests, and appears poised to work with "Party officials" worldwide. The Chinese just get preference for assembling the merchandise.