VoltPillager: Researchers Compromise Intel SGX With Hardware-Based Undervolting Attack

Security researchers out of the University of Birmingham have crafted another attack against Intel Software Guard Extensions (SGX) when having physical motherboard access and using their "VoltPillager" hardware device they assembled for about $30 USD.

Two years ago Plundervolt was widely publicized for compromising Intel's SGX security by manipulating the CPU frequency/voltage as able to through software interfaces. By carefully undervolting the Intel CPUs when executing enclave computations they were able to ultimately compromise the integrity of SGX.

The impact of Plundervolt was already limited as typically the software needs root/administrative rights to access the CPU voltage/frequency MSRs or other kernel interfaces for manipulating them. But in response to Plundervolt, motherboard vendors began offering options to allow disabling voltage/frequency interface controls on their systems. Following Plundervolt, security researchers at the University of Birmingham in the UK began exploring a hardware-based attack on SGX.

https://www.phoronix.com/scan.php?page=news_item&px=VoltPillager-HW-Undervolt

#research #VoltPillager #undervolting #attack #intel #sgx
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Photoshop CC v19 installer for Linux

This bash script helps you to install Photoshop CC version 19 on your Linux machine using wine behind the scene and sets some necessary components up for the best performance

🚀 Features

✅ downloads necessary components and installs them (vcrun, atmlib, msxml...)

✅ downloads photoshop.exe installer

✅ reates photoshop command and a desktop entry

✅ wine dark mode

✅ supports graphic cards like (intel, Nvidia)

✅ saves the downloaded files in your cache directory

✅ It's free and you will not need any license key

✅ works on any Linux distribution

https://github.com/Gictorbit/photoshopCClinux

#linux #wine #photoshop
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

North Korean hackers stole more than $300 million to pay for nuclear weapons, says confidential UN report

New York (CNN)North Korea's army of hackers stole hundreds of millions of dollars throughout much of 2020 to fund the country's nuclear and ballistic missile programs in violation of international law, according to a confidential United Nations report.

The document accused the regime of leader Kim Jong Un of conducting "operations against financial institutions and virtual currency exchange houses" to pay for weapons and keep North Korea's struggling economy afloat. One unnamed country that is a member of the UN claimed the hackers stole virtual assets worth $316.4 million dollars between 2019 and November 2020, according to the document.
The report also alleged that North Korea "produced fissile material, maintained nuclear facilities and upgraded its ballistic missile infrastructure" while continuing "to seek material and technology for these programs from overseas."

North Korea has for years sought to develop powerful nuclear weapons and advanced missiles to pair them with, despite their immense cost and the fact that such a pursuit has turned the country into an international pariah barred by the UN from conducting almost any economic activity with other countries.

https://edition.cnn.com/2021/02/08/asia/north-korea-united-nations-report-intl-hnk/index.html

#northkorea #hacker #un #report
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

In-depth dive into the security features of the Intel/Windows platform secure boot process

This blog post is an in-depth dive into the security features of the Intel/Windows platform boot process. In this post I'll explain the startup process through security focused lenses, next post we'll dive into several known attacks and how there were handled by Intel and Microsoft. My wish is to explain to technology professionals not deep into platform security why Microsoft's SecureCore is so important and necessary.

https://igor-blue.github.io/2021/02/04/secure-boot.html

#intel #windows #secure #boot #security
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

If you are still releasing custom ROMs/kernels with permissive, YOU ARE LITERALLY BACKDOORING YOUR USERS!

Remember when I said using SELinux permissive is really bad? Here is a privilege escalation PoC where the only requirement is SELinux permissive. If you are still releasing custom ROMs/kernels with permissive, YOU ARE LITERALLY BACKDOORING YOUR USERS!

https://nitter.nixnet.services/topjohnwu/status/1359054106019565571

https://github.com/vvb2060/Magica

#selinux #backdooring #customrom #topjohnwu #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

This is how we lost control of our faces

The largest ever study of facial-recognition data shows how much the rise of deep learning has fueled a loss of privacy.

Now a new study shows just how much this enterprise has eroded our privacy. It hasn’t just fueled an increasingly powerful tool of surveillance. The latest generation of deep-learning-based facial recognition has completely disrupted our norms of consent.

https://www.technologyreview.com/2021/02/05/1017388/ai-deep-learning-facial-recognition-data-history/

https://arxiv.org/pdf/2102.00813.pdf

#ai #deep #learning #facial #recognition #data #privacy #study #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Stash - an organizer for your porn

What is Stash?

Stash allows you to organize and view your own collection of adult video and image files. Think of it like a private PornHub site for your personal porn collection.

View your content

Preview and view all of your scenes and galleries from your web browser on your PC, tablet or phone. Stash directly streams videos to your web browser. Stash supports streaming of a large variety of formats and codecs to most web browsers.

Curate your content

Rate your scenes, and tag them with performers, tags, movies and studios. Filter and sort your content with a variety of filter and sorting options.

Stash also allows you to derive scene metadata from video filenames. Alternatively, you can scrape scene metadata from websites using community-curated scrapers.

https://stashapp.cc/

https://github.com/stashapp/stash/releases

#stash #porn #organizer
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Fedora on the PinePhone: Pipewire Calling!

https://odysee.com/@linmob:3/fedora-on-the-pinephone-pipewire-calling:1

#linux #fedora #pinephone #pipwire #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Farmers Are Having to Hack Their Own Tractors Just to Make Repairs

Owners are turning to hacked software from Eastern Europe as farm equipment companies won't license it to them directly.

Usually the word "hacking" implies breaking into someone else's data, but farmers are having to hack their own farm equipment just to keep it running, reports Freethink. Companies like John Deere won't license out the software necessary to diagnose and fix their increasingly complex farm equipment, forcing owners to source that software online.

https://www.thedrive.com/news/39158/farmers-are-having-to-hack-their-own-tractors-just-to-make-repairs

#farmers #hackers #tractors #hacking #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

The Great Firewall Cracked, Briefly. A People Shined Through.

China’s censors finally blocked Clubhouse, but not before users were able to bypass the caricatures painted by government-controlled media and freely discuss their hopes and fears.

For years, the Chinese government has prevented its 1.4 billion people from speaking freely online. A digital wall separated them from the rest of the world.

Then, for a precious few days, that wall was breached.

Clubhouse, a new social media app that emerged faster than the censors could block it, became a place for Mandarin Chinese speakers from the mainland and anywhere else to speak their minds. They had a lot to say.

In Clubhouse’s audio chatrooms, people from the mainland joined those from Taiwan, Hong Kong, the global Chinese diaspora and anybody else who was interested to share thoughts. The topics ranged from the politically charged (repression of Muslims in China’s Xinjiang region, the 1989 Tiananmen Square crackdown, censorship) to the mundane (hookups) to the unexpected (hemorrhoids).

The Chinese government blocked the app Monday afternoon. I knew it was coming, and yet I still didn’t expect to feel so dismayed.

For that brief moment, people in China proved that they are as creative and well spoken as people who enjoy the freedom to express themselves. They lined up, sometimes for hours, to wait for their turns to speak. They argued for the rights of the government loyalists to speak despite their disagreements. They held many honest, sincere conversations, sometimes with tears and sometimes with laughter.

https://www.nytimes.com/2021/02/09/technology/china-clubhouse.html

https://www.nytimes.com/2021/02/08/world/asia/china-clubhouse-blocked.html

#china #asia #clubhouse #blocked #GreatFirewall #repression #digitalwall #censorship #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Court Orders Telegram To Block Pirated Movies, TV Shows and Music

A court has ordered Telegram to block access to pirated movies, TV shows and music following a lawsuit filed in Israel. Local anti-piracy group ZIRA complained that the messaging platform does not properly respond to takedown notices, contrary to Telegram's claims that it does. Telegram is now working with rightsholders to implement the injunction.

Last November, the RIAA and MPAA nominated popular messenger app Telegram for inclusion on the USTR’s ‘notorious markets’ list, claiming that the platform doesn’t do enough to combat piracy.

A month later, the EU added the service to its own ‘Counterfeit and Piracy Watch List’, noting that along with other social media platforms, Telegram “lags behind” in respect of efforts to combat piracy.

This opinion is shared by Israel-based anti-piracy group ZIRA. Last year, ZIRA – which represents local media companies – took its complaints to court, hoping to force Telegram to take a more serious approach to infringement mitigation.

https://torrentfreak.com/court-orders-telegram-to-block-pirated-movies-tv-shows-and-music-210210/

#tg #telegram #court #order #block #pirated #movies #music #riaa #mpaa #piracy #watchlist
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

North Dakota Senate bill targets 'monopolistic' app stores

Proponents of a North Dakota Senate bill say the legislation would clamp down on app stores seen as monopolistic, but opponents see it as interference and potentially harmful.

Sen. Kyle Davison, R-Fargo, on Tuesday introduced Senate Bill 2333 to the Senate Industry, Business and Labor Committee. The bill would ban app stores such as Apple and Google Play from requiring app developers to exclusively use their app store and payment system, and prohibit retaliating. Violations would be considered an unlawful practice under state law, opening a door to lawsuits.

"The purpose of the bill is to level the playing field for app developers in North Dakota and protect customers from devastating, monopolistic fees imposed by big tech companies," said Davison, referring to a 30% fee imposed by Apple and Google on in-app purchases, which he said penalizes small app developers "by raising prices and limiting choices for consumers."

Proponents of the bill said it addresses concerns of a monopoly by Apple and Google.

https://telegra.ph/North-Dakota-Senate-bill-targets-monopolistic-app-stores-02-11

via bismarcktribune.com

https://www.legis.nd.gov/assembly/67-2021/bill-actions/ba2333.html

#usa #monopolistic #appstores #apple #DeleteApple #google #DeleteGoogle
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Facebook Is Said to Be Building a Product to Compete With Clubhouse

The social network, which has a history of cloning its competitors, has started working on an audio chat product.

SAN FRANCISCO — Facebook is building an audio chat product that is similar to the popular young app Clubhouse, according to two people with knowledge of the matter, as the social network aims to expand into new forms of communication.

Clubhouse, a social networking app, has gained buzz for letting people gather in audio chat rooms to talk about various topics. Mark Zuckerberg, Facebook’s chief executive, has been interested in audio communication forms, said the people with knowledge of the matter, and he appeared in the Clubhouse app on Sunday to chat about augmented and virtual reality.

Facebook executives have ordered employees to create a similar product, known internally as Fireside, said the people, who were not authorized to speak publicly. The product is in its earliest stages of development, they said, and the project’s code name could change.

“We’ve been connecting people through audio and video technologies for many years and are always exploring new ways to improve that experience for people,” Emilie Haskell, a Facebook spokeswoman, said.

A representative for Clubhouse declined to comment.

https://www.nytimes.com/2021/02/10/technology/facebook-building-product-clubhouse.html

#facebook #DeleteFacebook #Clubhouse
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

The Crypto-Chernobyl

In recent history the mining, petroleum, and nuclear industries have all had their share of environmental disasters. These are household names that every school child learns: Chernobyl. Fukushima. Deepwater. Kingston. Valdez. However you may not know that as you read this, the tech industry is having it’s own environmental disaster moment and you may have heard its name: Bitcoin.

For those of you living in a monastery for the last decade, bitcoin is a computer protocol that provides a speculative digital pseudo-asset that is traded between individuals around the world. It is a system that aims to transcend borders, banks and laws. It’s notoriously difficult to frame bitcoin in traditional concepts because it defies many traditional terms. It’s not a currency, it’s not a payment system, it’s barely used to transact, it doesn’t support an economy, it’s not correlated to anything, and it’s unclear if there is any meaningful way to value it.

Rather that use traditional economic terms, I prefer to discuss it purely in more conceptual parlance. Cryptocurrency is an intentionally ambiguous term about a set of technologies which aim to reinvent money from first principles independent of existing power structures. Many writers, including myself, have written that the only meaningful way to describe bitcoin is as an investment bubble built around the narrative of populist rage at economic inequality and the broken state of our economy.

However, behind the philosophical ambiguities of the investment narrative there is a very concrete piece of software that is running on servers across the world. It is an enormously power-hungry and wasteful system that involves doing massive number of trial computations (a process called mining) in parallel across the world in a form of lottery in which computers race to confirm transactions. The more power you can waste, the more bitcoins you can probabilistically win in exchange for your energy waste.

Over the past ten years people have set up thousands of warehouses of computer hardware dedicated to run 24/7 consuming power and performing the trial computations required by the protocol. Left unregulated and uncontrolled this now consumes the equivalent power of several medium-sized nation states to keep it all running. Today it just passed the energy consumption of Argentina, a country of 45 million people.

The protocol itself is a runway environmental disaster that incentives an ever increasing amount of waste that can only increase with time. Increasing energy waste is an central and irremovable part of the design. Projections about this energy waste paint a bleak future.

https://www.stephendiehl.com/blog/chernobyl.html

#crypto #chernobyl #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Ransomware Attacks: What Are They And How to Protect Yourself

Did you know that as much as 90% of cyberattacks are the result of human error? So, keeping up to date with proper security practices is more important than ever…and ransomware attacks are no different, threats are ever growing, and we need to be aware of the devastating damage that can follow an attack.

Large-scale attacks are also up by 273% in only the first quarter of this year, with ransomware rising by a significant 90%. So, it’s about time that we take the threat of ransomware seriously!

https://www.youtube.com/watch?v=ZiSiVi4t2oY

#ransomware #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Watch hackers on your own honeypot server

At FOSDEM, two developers presented a nifty way to build your own SSH honeypot and look over the hackers' shoulders.

A honeypot is an intentionally vulnerable server that is introduced to the Internet with the purpose of attracting attackers. For example, it can be used to study the latest attack techniques that are currently in use. But not only for security experts, also as an admin a honeypot can be useful.

https://fosdem.org/2021/schedule/event/asciinema_honeypot/attachments/slides/4666/export/events/attachments/asciinema_honeypot/slides/4666/Watch_the_Asciinema_Replay_of_Your_Home_Made_Honeypot.pdf

https://github.com/ContainerSSH/auditlog/blob/main/codec/asciinema/format.go

#asciinema #honeypot #ssh #hacker #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Proofpoint sues Facebook

Proofpoint is filing a lawsuit to stop Facebook from seizing domain names used for security testing and training.

https://beta.documentcloud.org/documents/20476844-proofpoint-facebook-lawsuit

#proofpoint #facebook #DeleteFacebook #lawsuit
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

#google #DeleteGoogle #advice #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

The Pocket Guide to Cyber Security

#guide #cybersecurity #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

The Great Firewall of...America? WTZ!

This past week on Feb 2 - Feb 7, 2021 a massive attack was conducted on encrypted services, particular VPN's. VPN traffic was throttled to near unusability.

Basically in 2021, the Great Firewall of the USA was turned on. And then abrubtly turned off.

Purpose of the action was unknown. No party stepped up to acknowledge and aside from me, no one has stepped up to call any Internet Provider of their egregious action against privacy minded people.

Why did this attack happen?
Why did the attack stop?

https://www.youtube.com/watch?v=38za1LYj2XQ&t=1

#usa #greatfirewall #firewall #internet #attack #privacy #thinkabout #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

‘Windows is sh*t:’ Linux Users and The Technical Superiority Problem

“Windows is shit.” “That’s garbage, don’t use it.” “I don’t understand why anyone uses that crap.” ~Toxic nerds on the internet, since forever.

https://medium.com/linuxforeveryone/windows-is-sh-t-linux-users-and-the-technical-superiority-problem-196a597aa860

#linux #windows #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag