Asus recently settled with the United States Federal Trade Commission over complaints related to the appalling security and security related instructions of its wireless home network routers. The complaint was sparked by an incident in February 2014 where numerous parties discovered a text file disclosing their router's status as open to exploitation by anyone were placed on hard drives attached to the routers for the purpose of shared storage. The attached hard drives serving as shared cloud storage for the entire world was contrary to expectations set in marketing literature for the devices. The action following the complaint which lead to this settlement creates a precedent for civil suits against various Internet of Shit device makers for their security lapses and negligent instructions provided to users. The potential for these torts to collide with backdoors created for "law enforcement"when those backdoors fall into public use is an exciting legal frontier. The full text of the consent order is presented below: Continue reading
Category Archives: Security
British Pound Falling
Airstrip One's currency the pound, long detached from the sterling that is frequently mentioned in association with it, has fallen ~2% against the embattled United States dollar in today's trading. This would otherwise not be particularly notable as the pound has been falling against the United States dollar in the seven decades following the Bretton Woods accords, but this latest drop comes amid news that London mayor Boris Johnson have moved support the United Kingdom independence movement which advocates Airstrip One divorcing the failing European Union. Like other fiat powers Airstrip One and its entrenched order have been struggling in the face of Bitcoin's proposition of sound money. Airstrip One has also experienced increasing internal tension with northern portions of the archipelago seeking independence from London.
Emergency Physicians Fail Matt DeHart
On August 7th, 2010 paramedics and law enforcement personnel delivered former drone operator and journalist Matt DeHart to an Emergency Room after a harsh interrogation where he was drugged. He was mistakenly diagnosed as being in a psychotic break when he was actually being interrogated and persecuted by agents of the United States government from the FBI and other government agencies. This failure of clinical judgement and the legal persecution of DeHart which followed, where he was wrongfully targeted with assorted espionage and child pornography related charges as cover for the United States Government's effort to suppress his journalistic output and completely destroy his personhood raises serious questions. It is becoming increasingly imperative that medical practitioners seriously consider that patients presenting with complaints of Government persecution may be grounded in the reality of their circumstances. Clinicians would be well advised to explore means by which they may leverage resources including inpatient hospital placement to protect patients from hostile government agents in order to avoid malpractice torts in the future.
Tor And HTTP Gzip Leak Local Time Zone
Softpedia reports that an interaction between Tor and HTTP Gzip compression can narrow down the location of a server hosting Tor hidden services by leaking the local time zone (archived). This allows investigators to substantially narrow down the geographic location of a Tor hidden service server.
Linux Mint Server Compromised, Spread Malware
As reported by The Linux Mint Blog (archived), their own webserver has been compromised. An admin named Clem alleges that on February 20th, Bulgarian attackers changed a URL pointing to an ISO file for "Linux Mint 17.3 Cinnamon edition." Unsuspecting users were instead sent to "5.104.175.212" (archived) which hosted a modified file containing "Tsunami" (archived) malware. WordPress is blamed in the same blog post for having given unauthorized access to a www-data shell. Of course these kinds of tricks are easily defeated by the use of strong cryptography such as GPG, but that kind of hygiene is beyond the patience the typical Linux user can be expected to muster. The blog post also mentions various md5sum signatures of the supposedly correct files, but these unreliable checksums are not themselves contained within a signed statement.
Tampa Police Refuse To Work Plus Sized Star's Event After Insult
Police in Tampa, Florida are refusing to work a concert by American plus sized pop singer Beyonce after Beyonce produced a series of performances with anti-police themes (archived). Police aggression and killings have cultured a strong anti-police sentiment in the United States that crosses racial lines leaving "law enforcement" officers fumbling to present a positive public image as they are increasingly betrayed by members of own ranks.
Bitcoin Mining Difficulty Rises Above 163 Billion
Bitcoin mining difficulty recently ascended to 163,491,654,908.95925903, a "modest" 13.44% above previous leap. Transaction fees totalled 511.49155786 Bitcoins, comprising 1.00% of total miner rewards. Non-inflationary miner income has gradually risen in the past months, still recovering from damage wrecked by brinkmanship committed in the name of keeping Bitcoin free and useless (archived).
FBI iPhone Circle Jerk Theater
Substantial noise has been generated over the past several days concerning the fate of a colored plastic iPhone. The debate concerns whether Apple should provide agents of United States which would allow them to more effectively defeat iOS encryption through brute force. Given Apple's history of collaboration with this sort of agent it is perfectly reasonable to assume the assistance requested by the FBI from Apple has already been rendered (archived). So, why the loud public debate? Continue reading
UClibc Fixed getaddrinfo() Flaw Six Years Ago
This week brought news of a severe vulnerability in the Gnu C library's DNS handling functions. The UClibc maintainers received a ticket for this problem and corrected it in their C library six years ago (archived).
Google Unveils Glibc DNS Client Vulnerability, Many Bitcoin Implementations Affected
Today Google's online security blog unveiled a buffer overflow in the Gnu C library's DNS client (archived). The vulnerability allows the getaddrinfo function to overflow opening the doors to all manner of malice. This vulnerability affects all Bitcoin implementations compiled against the GNU C library which invoke DNS. This includes Bitcoin Core and the clients programmed to eventually fork into altcoins including the "Bitcoin" XT and "Bitcoin" "Classic" network clients. The reference Bitcoin implementation maintained by the Bitcoin Foundation is unaffected as DNS was excised from that client,1 and scripts are available for building the reference implementation against the musl C library.2 It is strongly recommended that Bitcoin users patch their preferred client3 to remove DNS or move to a client maintained by a team that cares about security and eliminating unnecessary attack surfaces in advance.