Amazon in line to get £300M contract to store your biometric data ~ Gordon Dimmack by JasonCarswell in TechSec

[–]BackwardsCompatible 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

They fined and arrested people over a TRIAL? I wouldn't want my face recorded either. Also what if I'm wearing a scarf cause it's cold? I guess anyone hiding their face is up to no good now. /s

I hate how this whole facial recognition thing is slowly spreading. China, airports, and so on. They will all probably claim "it's public space" but that shouldn't give them the right to tell us we cant hide our faces.

Epic Games Allegedly Sent a Player's Personal GDPR Data to a 'Random p Person' by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Rip, title typo. Sorry.

At Least 186 EU ISPs Use Deep-Packet Inspection to Shape Traffic, Break Net Neutrality by BackwardsCompatible in TechSec

[–]wizzwizz4 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Told you. Net neutrality no longer being enforced in the US affects the whole of the world. I really hope they don't get the EU to change the regulation ISPs do it here, too.

Obligatory "you don't need ISPs if they're going to do shit like this".

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]HeyImSancho 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

But dissenter, and gab, they're the evil!!! Mistake, or not, they knew, and concealed this; it's simple treachery for a buck, or worse.

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]happysmash27 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Windows Server 2003, not Windows 98, which has a significantly different core OS.

WhatsApp Discovers Surveillance Attack by BackwardsCompatible in TechSec

[–]Arkansas 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

our greatest ally

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]ikidd 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Damn that works pretty well.

There's also ReactOS which is Win98 reverse engineered and coded from scratch.

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Yes! And if we get lonely but don't want to put in the effort, there's always https://www.windows93.net/

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]Optimus85 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

This is why an open-source/open-architecture CPU seems more and more like a viable alternative: https://www.youtube.com/watch?v=L8jqGOgCy5M

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]magnora7 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

I think you are almost certainly correct. It's probably part of that $60 billion per year additional "black budget" the CIA gets that no one gets to know anything about.

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]zyxzevn 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

I think that Intel and AMD will have gotten quite a donation for backdooring all PCs. But we will probably not really know, until it is too late.

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]wizzwizz4 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

That article makes the claim:

  • A system that makes sure Intel's the only person allowed to write code for the IME allows Intel to write code that's accepted by the IME…
  • Therefore, Intel's allowed the NSA to write backdoors that are then given the Intel seal of approval and allowed on the IME.

This is faulty logic. Yes, the whole malware-prevention system is flawed if Intel releases IME software containing a backdoor (as they kind of accidentally did, by releasing buggy IME software without providing a way to invalidate that seal of approval, so an updated less-buggy IME system can just be replaced with the buggy one and then exploited as usual – which is only an issue if the attacker has IME-flashing ability, but is still a larger attack surface than strictly necessary) but that doesn't mean they're deliberately introducing backdoors into IME-signed code.

I think Intel should be making IME-free processors or making the code more open, but you're already trusting Intel when you buy their chips and install their microcode patches.

What I'd really like is if there was some mechanism like this:

  • You include a ROM chip (yes, ROM!) at a certain address space containing data like "I hereby trust /u/wizzwizz4 with the power to write to my IME".
  • You give Intel my public key and that data.
  • Intel gives you a certificate that links my public key and that data in such a way that my public key is only accepted if the ROM space contains that data.
  • I can then compile and sign IME code that, when provided in tandem with Intel's certificate, is accepted by the IME system.
  • (optional) Either Intel's certificate or my certificate is locked to a specific period of time according to the BIOS clock. This is the easy way to invalidate buggy code (wait until the certificate expires, then code signed with it isn't accepted any more) but since the clock isn't trusted it's also pretty much just smoke and mirrors.
  • (almost mandatory) The code that checks / loads the IME code is open source and the result of a deterministic compilation process (i.e. can be recompiled to produce a byte-for-byte identical result). This should be stored on ROM, not EEPROM, since nothing's checking to make sure it isn't overwritten.

This allows anyone to write code for the IME system in their device (so Puri.sm could just include an extra ROM chip and write their own IME code, then release updates to that IME system when bugs are found without having to go through Intel) without making it insecure.

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]magnora7 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Good points, but I think it was intentional. https://www.eteknix.com/nsa-may-backdoors-built-intel-amd-processors/

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]wizzwizz4 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

This isn't a backdoor, though. (And if you're talking about IME, it probably isn't intended to be a backdoor (despite being able to easily function as one) and there are several ways to mostly disable it. Still pretty rubbish, though.)

4 New Vulnerabilities in Most Intel CPUs by BackwardsCompatible in TechSec

[–]magnora7 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (0 children)

After finding out they deliberately built backdoors in to all intel processors a couple years ago, I find it hard to care anymore about Intel's CPU security. They've obviously built it to be backdoored in the deepest ways possible, so how can I expect to be secure? I can't.

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]Zettelkittel 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

XP is best XD

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]BackwardsCompatible 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Not only this, but businesses on legacy systems in general. My previous job had to stick with XP and Windows 7 due to the software and hardware restrictions of their legacy system. It was terrible.

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]Mnemonic[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Microsoft is still raking in millions from goverments all over the world to keep it patched because 'muh missle systems and stuff' run on it.

Not to mention systems life elevators, security cameras, audiorecording studios and what not that was 'super high-tech' back in the XP days, but way to costly to 'upgrade' with every windows iteration.

Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches by Mnemonic in TechSec

[–]d3rr 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

XP lives!

WhatsApp Discovers Surveillance Attack by BackwardsCompatible in TechSec

[–]d3rr 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Who is behind the software? The NSO Group is an Israeli company that has been referred to in the past as a "cyber-arms dealer".

Google Will Now Let You Automatically Delete Location and Activity History by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Agree, data is worth far too much money overall for the big corps to be passing on.

Google Will Now Let You Automatically Delete Location and Activity History by BackwardsCompatible in TechSec

[–]BackwardsCompatible[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Too much money behind it for them to really delete imo.

Google Will Now Let You Automatically Delete Location and Activity History by BackwardsCompatible in TechSec

[–]IdleHands 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

I have no trust in Google actuality deleting the data.

Google Will Now Let You Automatically Delete Location and Activity History by BackwardsCompatible in TechSec

[–]Timmy 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

For some reason this seems to be either a cost savings move for Google, or misdirection where the data will simply be moved elsewhere before being deleted.