|
Angela Merkle Tree posted:the articles mention managers at the factories being pressured into altering the designs to add the chips. that seems a lot more complicated than subverting or altering another chip and ensuring that they make their way into the pick-and-place machine yeah that's what's getting me. like this poo poo's hard enough to do with a real design team already, getting a PCB change for a finicky on-bus intercept that can still pass QA? versus "yo, here's a sweet deal on bog standard flash components that definitely don't have a shady micro hiding in there no sir" we couldn't prevent the second one with multiple in-person meetings with the vendor and CM present, the PLA leaning on GM's is just unnecessary there's just much easier, cheaper, less short-rubber-hose pathways to getting this functionality
|
#
?
Oct 5, 2018 19:23
|
|
|
|
| # ? Jun 8, 2024 14:17 |
|
|
security conferences are basically digital state fairs of humanity.
|
|
#
?
Oct 5, 2018 19:43
|
|
|
Bulgakov posted:shhhhhhh, keep quiet until the meetings we have inside the executive conference bathrooms I thought our relationship was more than meetings 
|
|
#
?
Oct 5, 2018 20:13
|
|
|
Here's an article going around about how it would be implemented: https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/ basically flashing the BMC firmware with something it can pull off the internet, then then reading whatever it wants from memory
|
|
#
?
Oct 5, 2018 21:05
|
|
|
If this is what it takes for us to get remotely passable hardware trust for code integrity for ilo/idrac to be developed and become standard next decade, so loving be it
|
|
#
?
Oct 5, 2018 21:10
|
|
|
Potato Salad posted:If this is what it takes for us to get remotely passable hardware trust for code integrity for ilo/idrac to be developed and become standard next decade, so loving be it
|
|
#
?
Oct 5, 2018 21:32
|
|
|
Potato Salad posted:If this is what it takes for us to get remotely passable hardware trust for code integrity for ilo/idrac to be developed and become standard next decade, so loving be it
|
|
#
?
Oct 5, 2018 23:01
|
|
|
more about android usb attacks https://googleprojectzero.blogspot.com/2018/09/oatmeal-on-universal-cereal-bus.html
|
|
#
?
Oct 6, 2018 15:26
|
|
|
Nice work from Banksy, an actual video available now https://www.instagram.com/p/BomXijJhArX/
|
|
#
?
Oct 6, 2018 20:23
|
|
|
I just found a thing.quote:Rattlesnake Island is an 85 acre island resort in Lake Erie, located about a mile away from Put-In-Bay. With its own private airport and a marina that will accommodate the largest of yachts, there are a multitude of ways to arrive at Rattlesnake Island. Yes. Very private. And also, its members login page at http://members.rattlesnakeislandclub.com/ is http-only. I don't really know what to do with this information other than that I shouldn't touch the poop, but I thought to post it here.
|
|
#
?
Oct 6, 2018 20:36
|
|
|
not good to touch poop from a place called putin bay
|
|
#
?
Oct 6, 2018 20:56
|
|
|
MrMoo posted:Nice work from Banksy, an actual video available now pretty clearly performance art, and sloppily done at that since the "shredder" blades aren't even aligned in the right direction. auction house was almost certainly in on it as well as the work was hanging from the wall instead of in an easel and there's no way they don't go over something like that with a fine toothed comb to check for fakes. amusing, but amusing in the same way as the "You didn't say the magic word!" screen in Jurassic Park.
|
|
#
?
Oct 6, 2018 21:30
|
|
|
Shifty Pony posted:pretty clearly performance art, and sloppily done at that since the "shredder" blades aren't even aligned in the right direction. auction house was almost certainly in on it as well as the work was hanging from the wall instead of in an easel and there's no way they don't go over something like that with a fine toothed comb to check for fakes. 
|
|
#
?
Oct 6, 2018 23:14
|
|
|
Stereotype posted:that’s a stupid place to put a secret spy chip that clearly doesn’t fit the footprint at all. now I think this whole thing is stupid. it looks like those pads are connected to the chip next to it, which i looks like it's this "FLASH - NOR Memory IC 256Mb (32M x 8) SPI 104MHz 16-SOP" presumably the footprint is for an alternate flash chip depending on board configuration... or its the secret spot for the hacker chip
|
|
#
?
Oct 6, 2018 23:31
|
|
|
MrMoo posted:Nice work from Banksy, an actual video available now all hail the king of cheap juxtaposition. very thought provoking
|
|
#
?
Oct 6, 2018 23:36
|
|
|
Details on those Russians trying to hack the wifi at OCPW https://english.defensie.nl/topics/cyber-security/documents/publications/2018/10/04/gru-close-access-cyber-operation-against-opcw One of the laptops they seized had photos and metadata from previous operations. Also google.ru searches for OCPW related things. And cellphones that were activated on the closest cell tower to the GRU barracks. A+ opsec
|
|
#
?
Oct 6, 2018 23:37
|
|
|
why are all memes looking like political cartoons these days so many labels
|
|
#
?
Oct 7, 2018 00:18
|
|
|
I don't see DEBT anywhere in there, so it's not a political cartoon
|
|
#
?
Oct 7, 2018 00:19
|
|
|
a little tweaking and it could be loss
|
|
#
?
Oct 7, 2018 02:58
|
|
|
Carbon dioxide posted:I just found a thing. you found a web site! tell us your secrets
|
|
#
?
Oct 7, 2018 03:00
|
|
|
akadajet posted:all hail the king of cheap juxtaposition. very thought provoking welcome to like 90% of art half-assed inane commentary doesn’t become meaningful just because it takes 2000% longer to produce
|
|
#
?
Oct 7, 2018 03:04
|
|
|
Subjunctive posted:you found a web site! tell us your secrets idk they found an island site that is almost awkwardly shouting that it is also a fuckcabal while looking like a fan page for myst on free hosting
|
|
#
?
Oct 7, 2018 06:15
|
|
|
A VERY private resort!
|
|
#
?
Oct 7, 2018 06:16
|
|
|
Krebs has a recent post with an interesting tidbit quote:More than a decade ago when I was a reporter with The Washington Post, I heard from an extremely well-placed source that one Chinese tech company had made it onto Uncle Sam’s entity list because they sold a custom hardware component for many Internet-enabled printers that secretly made a copy of every document or image sent to the printer and forwarded that to a server allegedly controlled by hackers aligned with the Chinese government. https://krebsonsecurity.com/2018/10/supply-chain-security-is-the-whole-enchilada-but-whos-willing-to-pay-for-it/ he also seems to find the bloomberg piece credible
|
|
#
?
Oct 7, 2018 06:40
|
|
|
Raere posted:Details on those Russians trying to hack the wifi at OCPW Yeah I posted that already a couple of days ago. I've been reading some of the comments on Dutch news sites and such and it's amazing how some people still think it's some kind of big conspiracy to make Russia look bad. Putin's trolls and the idiots who parrot them always ask for evidence. How much more evidence could you possibly want? Only if Putin himself was caught while typing in a meterpreter session.. and even then.
|
|
#
?
Oct 7, 2018 07:46
|
|
|
Trabisnikof posted:Krebs has a recent post with an interesting tidbit
|
|
#
?
Oct 7, 2018 12:54
|
|
|
Carbon dioxide posted:I just found a thing. Sounds like you find a place that would very much like you to touch their poop
|
|
#
?
Oct 7, 2018 13:51
|
|
|
Raere posted:Details on those Russians trying to hack the wifi at OCPW huh, ive stayed in that marriott, weird
|
|
#
?
Oct 7, 2018 14:02
|
|
|
Wiggly Wayne DDS posted:krebs may be a big name but he's not that reliable. dhs bothered to talk about it as well: https://www.dhs.gov/news/2018/10/06/statement-dhs-press-secretary-recent-media-reports-potential-supply-chain-compromise a press release from the us government organization responsible for airport security, well i know i'm convinced.
|
|
#
?
Oct 7, 2018 17:15
|
|
|
Wiggly Wayne DDS posted:krebs may be a big name but he's not that reliable. dhs bothered to talk about it as well: https://www.dhs.gov/news/2018/10/06/statement-dhs-press-secretary-recent-media-reports-potential-supply-chain-compromise what makes you say he’s unreliable? what did he gently caress up
|
|
#
?
Oct 7, 2018 17:21
|
|
|
Wiggly Wayne DDS posted:krebs may be a big name but he's not that reliable. dhs bothered to talk about it as well: https://www.dhs.gov/news/2018/10/06/statement-dhs-press-secretary-recent-media-reports-potential-supply-chain-compromise “Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story. That is, we have no reason to doubt that the statements are not saying exactly what they should be saying.”
|
|
#
?
Oct 7, 2018 17:26
|
|
|
Trabisnikof posted:what makes you say he’s unreliable? what did he gently caress up not sure unreliable is the word but his scoops used to rely almost exclusively on having a friend who can read russian and hanging out on carder forums all day
|
|
#
?
Oct 7, 2018 17:44
|
|
|
Rufus Ping posted:not sure unreliable is the word but his scoops used to rely almost exclusively on having a friend who can read russian and hanging out on carder forums all day oh that’s fair, i was just throwing him on the pile of takes
|
|
#
?
Oct 7, 2018 17:52
|
|
|
Rufus Ping posted:not sure unreliable is the word but his scoops used to rely almost exclusively on having a friend who can read russian and hanging out on carder forums all day
|
|
#
?
Oct 7, 2018 17:54
|
|
|
Wiggly Wayne DDS posted:yeah pretty much he's wandered out of his area of expertise and throws out his opinions on hot topics of the day regardless of if he has anything informative to say dsyp
|
|
#
?
Oct 7, 2018 20:57
|
|
|
Shifty Pony posted:a little tweaking and it could be loss I certainly lost about a minute of my life looking at it that I'm not getting back
|
|
#
?
Oct 7, 2018 22:04
|
|
|
https://www.esquire.com/news-politics/politics/a23601640/mike-pence-china/ this isn't directly about the apple/amazon/etc story but it makes me wonder whether bloomberg's government sources are, shall we say, trumpy
|
|
#
?
Oct 7, 2018 22:07
|
|
|
Remember when that Panama Papers story was written about all those rich people dodging taxes and we got all this info from an amazing noble leaker but magically there were zero Americans mentioned anywhere? What a perfect black and white story, we know who all the bad guys are now! Not sure why I just thought of that.
|
|
#
?
Oct 8, 2018 01:36
|
|
|
wasnt the lack of americans explained by who needs panama when you got delaware
|
|
#
?
Oct 8, 2018 01:49
|
|
|
|
| # ? Jun 8, 2024 14:17 |
|
|
ymgve posted:wasnt the lack of americans explained by who needs panama when you got delaware Yeah, that and straight-up offshore banking and asset structuring is legal here versus other countries that at least pretend to have better laws (which is what the Panama Papers was more for)?
|
|
#
?
Oct 8, 2018 01:51
|
|