Skip to content

Category: Hackerterrorcybercyber

Project Zero

Fortune has a kind of home story on Project Zero, explaining what it is, how it came to be and who the people in there are.

If you do not know what Project Zero is and why it is important, it’s a good starting point.

If you know about Project Zero, it’s still a fun read because of all the parentheses that read »x declined to be interviewed for this story.«

1 Comment

Rotterdam Containerterminal down due to Ransomware Attack on Maersk

Apparent Maersk has been cybered by some Ransomware and the Rotterdam Container Terminal as well as other things are offline right now.

Zeventien containerterminals van APM in Rotterdam en andere delen van de wereld zijn aangevallen door hackers. Het gaat om een ransomware-aanval.

Logistiek.nl

Volgens een bron bij APM Terminals, de container terminal tak van Maersk dat het hoofdkantoor in Rotterdam heeft, liggen waarschijnlijk wel 50 containerterminals er uit. ,,Ik was op het hoofdkantoor toen de aanval plaatsvond. Binnen een uur lag alles plat.”

  — AD
Leave a Comment

The Cryptowars, twenty years ago

So there was this article in Motherboard, pointed out to me by a very young friend of mine. It’s an FBI memo written in 1995 during the Unabomber investigation, about a mysterious, close-knit group of gamers, playing D&D.

The article gives hardly any context at all, but that kind of memo during this time is not unusal or even remarkable, from a historical perspective.

So here is a bit of historic perspective, not quite in chronological order.

John Gilmore

A lot of this, from a US point of view, revolves around the person of John Gilmore. Gilmore was an early Sun Microsystems employee and hardware (VLSI chip) designer, and this part of his career made him financially independent. He’s also politically active, libertarian,  and coined the famous saying »The Net interprets censorship as damage and routes around it.«

1 Comment

Scaleway now with 2FA

Cloud Provider Scaleway now has ARM64 based bare metal in Amsterdam. They are also now offering 2FA auth based on Google Authenticator (or other, compatible 2FA apps).

No U2F token support, yet, though (but still a better solution than steam).

This blog is hosted on a Scaleway instance.

Leave a Comment

Shit found on github: crashos

Infinite Fun in Infinite Combinations:

CrashOS is a tool dedicated to the research of vulnerabilities in hypervisors by creating unusual system configurations. CrashOS is a minimalist Operating System which aims to lead to hypervisor crashs, hence its name. You can launch existing tests or implement your owns and observe hypervisor behaviour towards this unusual kernel.

I think you might want to talk to your hoster first.

Leave a Comment

Google Chrome integrates Adblocker

The Ad and Adblock situations both are now so bad that even Google considers integrating an Adblocker by default into the Chrome browser.

This is a twofold action. It’s purpose is of course to filter out ads, the worst of the worst in annoyance and the obvious malvertising. It’s purpose is also to take back control on adblocking, because it will let through acceptable ads according to the Coalition for Better Ads standards.

CfBA condemns Popups, Sound, Prestitials and Large Stickies on the Desktop, and more on mobile.

It will be interesting to see if it changes anything. People are truly beyond caring.

1 Comment

Microsoft fixed Wannacrypt on XP in February, didn’t release

The Register reports:

[O]ur analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy systems in mid-February but only released them to the public last Friday after the world was engulfed in WannaCrypt.

Here’s the dates in the patches:

  • Windows 8 RT (64-bit x86): Feb 13, 2017
  • Windows 8 RT (32-bit x86): Feb 13, 2017
  • Windows Server 2003 (64-bit x86): Feb 11, 2017
  • Windows Server 2003 (32-bit x86): Feb 11, 2017
  • Windows XP: Feb 11, 2017
  • Windows XP Embedded: Feb 17, 2017

This is bad.

7 Comments

WSJ on Government Backdoors, intentional and unintentional

The episode underscores the folly of the U.S. law enforcement demand that tech companies install backdoors into their devices and services.

the WSJ comments. This time the leak is an unintentional backdoor the NSA used to get onto devices. The NSA used the Vulnerabilities Equities Process to determine that ETERNALBLUE is burnt and informed Microsoft, which then promptly generated an urgent critical patch, which did not make it out to systems in the field fast enough.

There is little difference according to the WSJ between flaws being used as government backdoors, and intentional government backdoors, which may be detected and abused, or leaked. So this whole Wannacry(pt) thing is a very good example of what will happen with Government mandated backdoors in systems.

Leave a Comment

Rittal sends USB sticks that act as keyboards – as advertisement

Holger Köpke got a USB stick (article in German) that supposedly is from data center equipment maker Rittal, unsolicited, in the mail. Of course he did not plug it into a device, it could be anything.

He then (from his first comment in the same article) set up a test VM on a scratch device, inserted the USB stick there and the stick identified not as USB memory, but as a USB HID, a keyboard. Seemed that he was right not to trust it. Sends a mail to Rittal explaining them why he thinks this is dangerous, and asks if this is indeed legit.

Gets a response (another article in German), a letter as a PDF sent by email.

1 Comment