Friday, April 18, 2014

Who is anonymous Heartbleed informer ?

The 2-year-old bug is thought to have affected nearly two-thirds of the Web. If attackers were aware of the bug, which is still unclear, they could have stolen a frightening number of users’ login information from sites ranging from social networks to financial institutions.
Friday, March 21 or before - Neel Mehta of Google Security discovers Heartbleed vulnerability.
Friday, March 21 10.23 -  Bodo Moeller and Adam Langley of Google commit a patch for the flaw (This is according to the timestamp on the patch file Google created and later sent to OpenSSL, which OpenSSL forwarded to Red Hat and others). The patch is then progressively applied to Google services/servers across the globe.
 99% BAD HARDWARE WEEK: Here are some new security kids on the block. 
Snowden used TAILS.

Thursday, April 17, 2014

Internet sites by size

99% BAD HARDWARE WEEK: There are only few supernovas: Google, Facebook, Yahoo

Wednesday, April 16, 2014

Internet of NSA things: Open SSL is not the only case

Polar SSL still uses weakened Intel's random generator.
99% BAD HARDWARE WEEK: And it is used in some 25 system files.
CTR_DRBG based on AES-256 (NIST SP 800-90). As you know Polar SSL is intended for embeded and IoT connected things !, with the minimum complete TLS stack requiring under 60KB of program space and under 64KB of RAM

LATEST: Heartbleed exploits have begun Even 19 years old could do it, why not NSA ?
Luckily latest impact report from National Cyber Awareness System finds that thanks gods, clay tablets are not impacted at all !

CVSS Severity (version 2.0):  CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/AU:N/C:P/I:N/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity (Required attack complexity): Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information


Open SSL spring cleaning

Changes so far to OpenSSL 1.0.1g since the 11th include:
  • Splitting up libcrypto and libssl build directories
  • Fixing a use-after-free bug
  • Removal of ancient MacOS, Netware, OS/2, VMS and Windows build junk
  • Removal of “bugs” directory, benchmarks, INSTALL files, and shared library goo for lame platforms
  • Removal of most (all?) backend engines, some of which didn’t even have appropriate licensing
  • Ripping out some windows-specific cruft
  • Removal of various wrappers for things like sockets, snprintf, opendir, etc. to actually expose real return values
  • KNF of most C files
  • Removal of weak entropy additions
  • Removal of all heartbeat functionality which resulted in Heartbleed SINCE MARCH 2012
99% BAD HARDWARE WEEK: No problem if you change your Open SSL passwords now. All remained stored in OUR servers. Hehehe. What about added entropy and opened passwords at open SSL ? Well, nice confidence catch.
 Here is a brief history of Intel's randomness.

 The EFF SSL Observatory is a project to investigate the certificates used to secure all of the sites encrypted with HTTPS on the Web.

Friday, April 11, 2014

Facebook's Heartbleed security hole affected Cisco Mobile Experiences

  Cisco Connected Mobile Experiences

Connected Mobile Experiences (CMX) is a Wi-Fi platform that can help organizations deliver customized, location-based mobile services to end users. The CMX license on the Cisco MSE includes:
Here is complete list for all companies and services.
99% BAD HARDWARE WEEK: That is why Facebook was informed before anyone else ! WHo might be behind ? Let me guess. Open SSL with Heartbleed security hole was applied at Cisco without any control ?? YES, NSA used it !
Currently, the NSA has a trove of thousands of such vulnerabilities that can be used to breach some of the world’s most sensitive computers, according to a person briefed on the matter.  
See below Yahoo login and password, easily extracted though being heavily SSL encrypted !


Thursday, April 10, 2014

Hot entertainment: Boeing 747 catched fire (again)

Staff on the flight to Heathrow from Dallas/Fort Worth with 274 passengers on board smelt an “acrid, electrical burning smell” about two hours from London

Last year frightened passengers on board a British Airways flight told how they heard their pilot making a Mayday distress call 36,000ft above the Atlantic on November 14
The captain radioed for help when smoke filled the cockpit of the Boeing 777 plane carrying 220 passengers - and accidentally turned on the public address system. 
After putting on oxygen masks the crew immediately contacted air traffic control. They switched on the cabin address system, and the start of their Mayday call was heard by passengers.
Passengers were told there had been an electrical fault. It is believed the smoke was caused by a fan in the cockpit which overheated.
99% BAD HARDWARE WEEK: Fire after two hours ! Malaysian airlines could catch it in 20 minutes. Imagine driving airplane with only one working engine trying to return home
in complete darkness, and you are in MH 370. What if closed engine had on power generator ? Then even your radio will not funtion.

US Exaflops supercomputer in year 2023

99% BAD HARDWARE WEEK: Probably immersed in cooling fluid. It will draw no less than 20 MW of power. Applications will run only in 2024.

Wednesday, April 09, 2014

MH 370 flight cover : How Inmarsat detected pings at the places even don't get covered with satellite beams ??

Light blue are uncovered areas for IOR satellite that allegedly handshaked MH370, pinged hours later !! after its disappearance ! However another Inmarsat satellite,  from east could track it, but obviously it wasn't, because its area of coverage was never searched !! PROBABLY NO ONE SATELLITE HASN'T IT EVER DETECTED ! Search area was at Perth Inmarsat beam area IOR 17 thou the same pings can be too from IOR 13 and IOR 14 NONOPERATIONAL Inmarsat beams  !! HOWEVER to reach IOR 17 MH 370 should be previously detected by IOR 15 and IOR 16 BEAMS , BUT IT HAS BEN NEVER !. Thus, PERTH PINGS ARE IMPOSSIBLE AND FAKE !HERE BELOW IN RED DOTTED LINES IS POSSIBLE AREA OF LAST PING. AND CRASH SITE:

Last irregular ping happened when MH370 missed Cocos (Keeling) island !

Monday, April 07, 2014

Apple in Holy war with Google

From: Steve Jobs
Date: October 24, 2010 6:12:41 PM PDT
To: ET
- 2011: Holy War with Google
- all the ways we will compete with them
- Apple is in danger of hanging on to old paradigm too long (innovator’s dilemma)
- Google and Microsoft are further along on the technology, but haven’t quite figured it out yet
- tie all of our products together, so we further lock customers into our ecosystem
- 2015: new campus
 99% BAD HARDWARE WEEK: But who are the muslims in this Holy war ? Why Facebook isn't mentioned ? Probably because certain religious orientation. :)

This page is powered by Blogger. Isn't yours?