Security | Qntra

Apple Keeps OSX Users Stuck On Vulnerable Git Version

Posted on April 19, 2016 by Aaron 'BingoBoingo' Rogier

For people wondering how the FBI can get in the iPhone's panties without Apple's permission¹ researcher named Rachel Kroll has found a code execution bug in OSX inherited through a vulnerable version of Git (archived). Actual Macintosh computer operating systems including versions 5 through 9 are unaffected by this vulnerability and the historical Apple Computer company which produced that software never fraudulently offered invulnerability from attacks involving physical possession of the device as a selling point of the Newton. Kroll's discovery is likely one of many severe vulnerabilities introduced in "Apple" software since the historical Apple Computer company ceased making software for computing machines. Git 'er done!

Though the entire discussion was a social engineering farce. ↩

Docker On List Of Companies Taking Quiet CIA Funding

Posted on April 15, 2016 by Aaron 'BingoBoingo' Rogier

The Intercept has published a list of 38 companies involved in the datamining business¹ that take undisclosed funding from the venture capital arm of the United States Central Intelligence Agency (archived). Among these companies was one not often though of in conjunction with the data mining business, Docker who develops software that leverages containers to ease the automated deployment of various kinds of application software. Docker last attracted the attention of Qntra when their employee and Debian founder Ian Murdock died following a violent encounter with police. Following his death Docker Inc. managed his affairs. Consider Docker harmful. Sorry for your loss. Peace in our time.

Edit: Here is a link to a previous discussion of the CIA money disbursement machine. Many of the funded companies go beyond datamining and in fact engage in all kinds of snake oil. Some even produce products available for "civilian" use. ↩

Putin Providing Material Support To Trump-Clinton Candidacy

Posted on April 13, 2016 by Aaron 'BingoBoingo' Rogier

As the candidacies of Donald Trump-Clinton and Hilary Rodham-Clinton have begun facing struggles these past few week in their respective races to replace Hussein Bahamas as the president of the United States, Russian president Vladimir Putin has decided to give their campaigns a shot in the arm. Putins aid has come in the form of bringing national security back in mix of froth being fed into the social engineering hopper. For the past few days Russian SU-24 warplanes have been making simulated attack runs against the guided missile destroyer USS Donald Cook. The warplanes have been making the passes without any visible armament and have reportedly come within 30 feet of the ship. A Russian KA-27 helicopter has even joined in the fun circling the Donald Cook several times. How much of an effect Putin's intervention in the remaining portion of the primary election process has remains to be seen.

3D Printed Objects Are A New Frontier For Enterprising Pirates Thanks To Reverse Engineering From Audio

Posted on April 11, 2016 by Aaron 'BingoBoingo' Rogier

A new paper published in the journal Science demonstrates that audio recordings taken during 3D printing can be used to reverse engineer the design of the printed objects (archived). The technique demonstrated is limited in that certain settings like printer temperature are not collected in the audio recording, but there are other side channels by which this information may be obtained. This technique even allows reverse engineering designs from low quality smart phone audio recordings. Sorry for your loss.

FBI Director Comey Admits To Taping Over Webcam After Speech

Posted on April 10, 2016 by Aaron 'BingoBoingo' Rogier

During a question and answer session following a speech at Kenyon College, FBI Director James Comey admitted he taped over his laptop's webcam to avoid being spied upon. Taping over laptop webcams is a popular though weak method for ensuring a computer can not visually spy on your person. The stronger and correct method to mitigate these concerns is physically disconnecting the laptop's web camera and its microphone. Depending on the level of concern about a computers integrity actual mitigations for privacy concerns may be applied all the way through actually airgapping a machine.

More Sourceforge Fail

Posted on April 10, 2016 by shinohai

User d3k4y on reddit has reported that the Sourceforge version of pywallet contains malicious code that will send users private keys to a remote server located at bieber.atwebpages.com (source, archived). Once a well-known source for a variety of software downloads, the site has steadily declined into a haven for malware and other assorted junk. This incident serves as a reminder of the importance of always verifying checksums of any software before attempting to run it in a live environment.

Shapeshift.io Hacked

Posted on April 8, 2016 by Aaron 'BingoBoingo' Rogier

On Reddit Shapeshift.io's Erik Voorhees announced that the cryptocoin exchange had been infiltrated by attackers and its infrastructure compromised. In the announcement Voorhees states that no customer funds were lost because they don't hold any, but it is uncertain if the service had an operating "hot wallet" to take. Given the severity of the breach the service has been taken offline and Voorhees insists that customer funds will be returned and Shapeshift will be rebuilt in a new environment before resuming service.

Weak RNG Assists Man's Lottery Fortune

Posted on April 8, 2016 by shinohai

Iowa prosecutors have recently uncovered evidence that a former computer security worker modified a RNG used to pick numbers for several State lotteries. Eddie Raymond Tipton has already been tried and convicted on two counts of fraud, but officials only recently uncovered the manner in which he was able to produce the winning numbers for six different drawings worth millions between 2005-2011.

Investigators found that Tipton introduced a rootkit that used specially crafted DLL's to redirect drawings based on specific conditions, using an algorithm he could easily solve. ArsTechnica reported that it was unclear "if officials have tightened the requirements to make future tampering harder" by trashing all their Microsoft computers and using a more secure Linux-based distribution instead.

Furry Perverts Hack Radio Stations To Evangelize Their Filth

Posted on April 8, 2016 by Aaron 'BingoBoingo' Rogier

A number of radio stations in the United States have had their regular programming interrupted by hackers and instead were made to broadcast the erotic material of a particularly noxious species of pervert (archived). The perverts alternately know as Furries or FurFags have an obsession with fucking and being fucked while wearing animal themed costumes of construction similar to those worn by sports team mascots. The freaks managed to hijack radio station transmitters connected to the internet to spread their filth. The furfag menace draws members from all three genders: female, male, and mayo. Continue reading →

Raptor Engineering Laments Dire State Of x86 And CPU Industry At Large

Posted on April 4, 2016 by Aaron 'BingoBoingo' Rogier

Today Timothy Pearson of Raptor Engineering issue a dire lamentation to the Free Software Foundation Europe mailing list asking:

Are you willing to continue to use FOSS software inside the ever-shrinking x86 "software jail", or are you possibly willing to give up some cost or performance advantages in order to retain full control of the software running on your hardware?

Continue reading →

Qntra - Herald Of The Most Serene Republic

Category Archives: Security