The telemetry spyware which lead to Windows 10 users being banned from a number of torrent trackers has now arrived for Windows 7 and 8 in Microsoft's latest batch of "updates" (archived). Attempting to stop the reporting of data to Microsoft on infected machines requires a firewall between the machine and the wider internet, though euthanasia is likely the only effective remedy in the long run for machines subjected to this infection. Any operator of serious internet ventures ought to be giving serious consideration to following in the footsteps of the torrent trackers and deal with Windows users through shunning and the quarantine of their machines. It would also likely be prudent to consider any cryptographic key material living on a machine running Windows to be in the possession of Microsoft or soon to be in the possession of Microsoft.
Category Archives: Shitware
Mozilla Vulnerability Hoard Compromised For a Year
This weekend news emerged that the Mozilla Foundation's Bugzilla tracker's hoard of vulnerabilities in the Firefox web browser had been breached for more than a year and potentially as long as two years. By Mozilla's own admission critical security vulnerabilities left unfixed for months had been available to the breaching party who had complete access to a goldmine of ways to abuse Mozilla users that Mozilla itself had been sitting on. Mozilla's handling of this episode has been nothing short of abusive to its users. Continue reading
Many Network Appliances Leak Master TLS Private Keys Through "Forward Secrecy"
Florian Weimer has published a paper (pdf, txt) showing that a wide variety of purpose built network hardware leaks transport layer security keys when forward secrecy is enabled. The leaks occur due to faulty RSA signatures produced when the RSA software uses an optimization derived from the "Chinese Remainer Theorem" without any further hardening or error checking. The problem with the Chinese Remainer Theorem optimization has been known since 1996 when Arjen Lenstra brought these concerns about faults during RSA signature generation into the literature (pdf, png). Two decades later GNUTLS, PolarSSL and Libgcrypt lack checks for this potential calamity by default, though other software implementations have ways to disable checks. With the affected appliances once the signature flaw occurs the "forward secrecy" key agreement protocol serves as a channel for acquiring the private key. Continue reading
XT Node Blacklists Fail to Prevent DDoS Attack
Mike Hearn and Gavin Andressen recently chose to use the Bitcoin-XT project to attempt to provoke a hard fork in the blockchain to increase the block size limit. Users who support Gavin's code to hard fork the network to increase the block size, began switching to, and launching Bitcoin-XT nodes. After Mike Hearn's declaration of war, the number of XT-Nodes on the network began to increase. However Mike Hearn began seeing a pattern of nodes getting attacked by heavy DDoS attacks. Continue reading
Silicon Valley City Contemplates Surveillance Equipment on Garbage Trucks
The San Jose Mercury News reports that the government of San Jose is contemplating the use of garbage trucks as a platform for mounting license plate readers (archived). The plan involves piping data collected from garbage truck mounted surveillance equipment directly to the San Jose police department. Four police cars operated by the San Jose police department already are fitted with license plate readers, but expanding their deployment to the city's sanitation livery would allow for complete coverage of all of the city's streets every week. San Jose is currently currently struggling with ways to leverage technology to counteract the personnel losses in its police department which has roughly 950 officers this year, a number which is expected to contract to 800 officers sometime next year. San Jose has in the past been referred to as an unofficial "Capital" of Silicon Valley. Technology firms with a substantial presence in San Jose include Adobe, Xilinx, Cisco, and the North American headquarters for Korean firm Samsung.
Wikipedia Bans Hundreds of Accounts Over Alleged Paid Editing
Wikipedia's latest scandal involves the site's administrators banning hundreds of accounts over what they are calling an "extortion ring" involving more than 200 articles which were promotional in nature. Wikipedia alleges that the operators of this "extortion" ring were taking money from individuals and businesses on a subscription basis in order to maintain positive and informative articles on the subjects. This service was alleged to have cost about $30 a month which is far below the typical "yellow page" listing rate, though the charge is getting the venture cast as an "extortion and protection" racket (archived). Continue reading
BIP-101 Syndicate Shares Fiat Ties, Opposition to Actual Bitcoin
Upon a Crunchbase investigation of the companies attached to the open letter (text) published on Blockchain.info's blog supporting BIP-101, a correlation arose that indicates these companies have most likely been compromised for some time. All of these companies who have been known to employ heavy KYC terms, are heavily funded by fiat institutions that want to pervert Bitcoin. Continue reading
Small Mining Firm Takes Regulatory Compliance Pill, Moves to the Dark Side
A small mining firm referring to itself as HashingSpace Corporation has pushed out a press release bragging that they have retained the services of IdentityMind Global to implement anti money laundering, know your customer, and other criminal regulatory services antithetical to Bitcoin. IdentityMind Global claims to have relationships with "more than 40" "virtual currency businesses" most of which serve as interfaces between fiat currency and Bitcoin. HashingSpace professes to primarily be a mining and miner hosting operation that also just happens to provide other services like a "wallet" and Bitcoin ATMs. On social media earlier this summer HashingSpace has claimed to possess 5 petahashes of mining hardware, an amount eerily similar to that claimed by GAW Miners before their collapse.
Many Pools Rejecting XT in Favor of Other Undefined Fork
A handful of large mining pools including those operated by BTCChina and Bitfury have rejected Mike Hearn and Gavin Andressen's XTCoin proposal in favor of a different forking change which would leave them still more influence on their forked blockchain. The pools currently authoring blocks which support the proposal known as BIP 100 currently compromise a bit more than 50% of the hashrate, an amount which if BIP 100 actually had any working implementations would be insufficient to trigger a switch without an attack orphaning all blocks without a "triggering" vote.
At the moment BIP 100 exists as a proposal requesting comments, so it is not possible at the time of this writing to describe any of its points with certainty beyond votes for it being a clear repudiation of the XT effort. As BIP 100 exists now it preserves the 32 MB maximum message size as a hard explicit limit which the blocksize limit must stay under on a BIP 100 forked chain. With so many particulars of BIP 100 not being set in stone yet, it is not unlikely that support for it may wane though at the moment support is likely to persist as a repudiation of the XT effort to hijack Bitcoin.
Twitter Forbids Monitoring Politicians' Deleted Tweets
A group calling itself the Open State Foundation reports that Twitter has denied API access for all of the accounts the Open State Foundation operates which track the deleted tweets of politicians and diplomats. They report that Twitter made the decision after a thoughtful internal discussion because: Continue reading