With the young TMSR OS project beginning to take shape, quite a few "developer teams" and "communities" are finding themselves depreciated. From MUSL's legacy developers disqualifying themselves over hieroglyph fixations to the rEFInd developer's silent satisfaction leaving him out, an increasing amount of code is finding itself liberated from herd driven debasement. Continue reading
Category Archives: Software
Jury Hangs After Prosecution Fails To Make CIA "Vault 7" Case
The show trial of Joshua Schulte, a USG servant who was accused of leaking CIA-authored malware, has ended with a hung jury (archived). Schulte remains in USG custody. Continue reading
Cisco Lays Off And Pivots While Huawei Grows
USG.NSA collaborator Cisco Systems announced a layoff of an undisclosed number of workers last month as well as a pivot to software (archived). Continue reading
OpenWRT Package Checksums Not Checked Opening MITM Opportunities And Further Downstream Havok
Alternative router firmware distribution OpenWRT is seeing a vulnerability allowing its package manager to be MITM'd publicized (archived). OpenWRT's fork of opkg, used as a package manager and running as root, fails to check checksums when parsing package lists. Successful use of the MITM to place a payload opens the rest of the doors to ownership. Routing remains a live battleground.
OpenBSD Mail Server OpenSMTPD Allows Remote Exectution Of Arbitrary Shell Commands As Root
A remotely-exploitable vulnerability for OpenSMTPD, OpenBSD's mail server, present since May 2018, has been made public (archived). It enables an attacker to execute arbitrary shell commands with root privileges.
Notably, the proof-of-concept exploit makes use of routines which first made an appearance in the Morris worm of 1988.
Entire Argentine Judiciary Paralyzed As Computers Stop Working For Them
Argentina's courts are paralyzed after the Lex100 system they use for everything stopped working six days ago (archived). This is not the first time the system has gone down (archived), but it is the longest time Argentina's courts have been without this one system they built everything they do around. This makes the pretense of Argentina having a legal profession still more laughable than it already was. Continue reading
Oracle Appears To Join Microsoft In Re-Keying NSA Backdoors With 334 "Security" Patches In Dump
Oracle has released security 334 patches across 93 products to deal with a variety of issues, and many of the things being patched against are exploitable remotely (archived). Earlier this week Microsoft hyped their release of USG.NSA endorsed changes to crypt32.dll with great urgency.
USG.NSA And Microsoft Push "Emergency" Windows Crypto Update While Depreciating Windows 7
Yesterday's "Patch Tuesday" for Microsoft Windows included a "fix" promoted loudly through USG alligned media outlets that allegedly repairs X.509 "PKI" certificate validation in Microsoft's crypt32.dll (archived). The usual suspects are loudly herding Windows users to update in a way that strongly suggests geopolitical considerations may have pushed the USG.NSA to burn a number of their cultivated backdoors as they tend to do from time to time.
Past behavior of the actors involved suggests that as before, the patch is not going to be an actual fix so much as a subtle rekeying of the orfice. Serendipitously this patch was released immediately after Microsoft stopped issuing patches for Windows 7 creating an intense opportunity for Microsoft to collect "upgrade license" revenue with the endorsement of the USG "National Security" apparatus using the pitch that the USG already adopted the upgrade for its machines. The line between USG agency and USG "enterprise" continues become increasingly squishy.
The is the first time the USG.NSA has allowed itself to be explicitly named in Microsoft marketing materials as the contributor to a "fix" suggesting an ongoing marketing partnership between the two may be budding.
Warner Brothers Signs Computer To Make Decisions For Them
Warner Brothers has signed a deal to turn over all sorts of decisions in the film making process to a computer (archived). Decisions the computer is expected to make for executives include "How much is X star worth in Y type of flick?" and "What flicks do we really want to bid on at the festivals?"
SHA1 Collisions Get Cheaper
The price of producing SHA1 collisions has gotten cheaper with a recent demonstration of "chosen prefix" attacks producing SHA1 collisions (archived). The method demonstrated is alleged to be roughly ten times less expensive than the one that produced the first SHA1 collisions back in 2017.