Jump to content

sman

Honorary Members
  • Content Count

    965
  • Joined

  • Last visited

About sman

  • Rank
    Elite Member

Recent Profile Visitors

4,332 profile views
  1. @exile360Good suggestion. maybe MBAM can write to the Senate/very senator as brave has done.
  2. Briton Audrey Schoeman revived after six-hour cardiac arrest "https://www.bbc.com/news/uk-50681489" Audrey Schoeman's heart was "dead" for more than six and a half hours A British woman whose heart stopped beating for six hours has been brought back to life in what doctors have described as an "exceptional case". Audrey Schoeman developed severe hypothermia when she was caught in a snowstorm while hiking in the Spanish Pyrenees with her husband in November. Doctors say it is the longest cardiac arrest ever recorded in Spain. Mrs Schoeman, who has made a near-full recovery after the ordeal, says she hopes to be hiking again by spring. The 34-year-old, who lives in Barcelona, began having trouble speaking and moving during severe weather in the Pyrenees, later falling unconscious. Her condition worsened while waiting for emergency services and her husband Rohan believed she was dead. At a press conference on Thursday, Mr Schoeman told Catalan channel TV3: "I was trying to feel a pulse... I couldn't feel a breath, I couldn't feel a heartbeat." When the rescue team arrived two hours later, Mrs Schoeman's body temperature had fallen to 18C. Upon arrival at Barcelona's Vall d'Hebron Hospital, she had no vital signs. But the low mountain temperatures which made Mrs Schoeman ill also helped to save her life, her doctor Eduard Argudo has said. "She looked as though she was dead," he said in a statement. "But we knew that, in the context of hypothermia, Audrey had a chance of surviving." Hypothermia had protected her body and brain from deteriorating while unconscious, Mr Argudo said, despite also bringing her to the brink of death. He added: "If she had been in cardiac arrest for this long at a normal body temperature, she would be dead."
  3. Brave warns US Senate & Congress: foreign state actors can use targeted ads to run code on US government computers, exploiting conventional browsers "https://brave.com/malvertising-homeland-security/" Brave has written to the US Senate and Congress Homeland Security Committees about a serious national security vulnerability. In a letter sent to the US Senate and Congress Homeland Security Committees today, Brave warns that conventional web browsers allow foreign state actors to execute code on US government computers by using targeted online ads. US federal agency and employee computers and devices are vulnerable to cyberattack by foreign state actors and criminals using “malvertising”. As the US National Security Agency has reported, “advertising has been a known malware distribution vector for over a decade”. Brave provides the Committees with a comparative table of the security protections of web browsers, and urges them to ensure that every federal employee is provided with a web browser that blocks malvertising by default. Today, Brave launches the next-generation Brave 1.0 on all platforms.
  4. Qualcomm’s new Snapdragon 8c and 7c processors will power cheaper ARM laptops "https://www.theverge.com/circuitbreaker/2019/12/5/20997402/qualcomm-arm-midrange-windows-laptop-processors-8c-7c-8cx-snapdragon" Qualcomm has had big ambitions for ARM-powered Windows laptops for years. At its annual Snapdragon Tech Summit, the chipmaker revealed its biggest play yet: the Snapdragon 8c and the Snapdragon 7c, two new processors that are designed to create a new lineup of ARM chips for Windows laptops. The 8c is positioned as a replacement for the Snapdragon 850 processor, Qualcomm’s second-generation Windows ARM chip. The 7c is an entirely new entry-level product that’s meant to compete with budget Windows laptops on the low end of the hardware spectrum. Last year’s 8cx isn’t going anywhere; it’ll remain a top-of-the-line flagship option for those who want the absolute best performance. On the spec side, Qualcomm says that the 8c will offer up to 30 percent improved performance compared to the Snapdragon 850. It’ll feature a Kryo 490 CPU, Adreno 675 GPU, and an integrated X24 LTE modem for connectivity. Manufacturers will also be able to pair it with an X55 5G modem.
  5. A lively band.. I really love country music and used to watch TCN network, but of late it has become premium , so watching the YT channel of it in freeintertv..
  6. "http://www.freeintertv.com/view/id-3334/1-1-0-1"
  7. CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections. "https://seclists.org/oss-sec/2019/q4/122" From: "William J. Tolley" <william () breakpointingbad com> Date: Wed, 04 Dec 2019 19:37:07 -0700 Hi all, I am reporting a vulnerability that exists on most Linux distros, and other *nix operating systems which allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website. Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections. Most of the Linux distributions we tested were vulnerable, especially Linux distributions that use a version of systemd pulled after November 28th of last year which turned reverse path filtering off. However, we recently discovered that the attack also works against IPv6, so turning reverse path filtering on isn't a reasonable solution, but this was how we discovered that the attack worked on Linux. Adding a prerouting rule to drop packets destined for the client's virtual IP address is effective on some systems, but I have only tested this on my machines (Manjaro 5.3.12-1, Ubuntu 19.10 5.3.0-23). This rule was proposed by Jason Donenfeld, and an analagous rule on the output chain was proposed by Ruoyu "Fish" Wang of ASU. We have some concerns that inferences can still be made using slightly different methods, but this suggestion does prevent this particular attack. There are other potential solutions being considered by the kernel maintainers, but I can't speak to their current status. I will provide updates as I receive them. I have attached the original disclosure I provided to distros () vs openwall org and security () kernel org below, with at least one critical correction: I orignally listed CentOS as being vulnerable to the attack, but this was incorrect, at least regarding IPv4. We didn't know the attack worked against IPv6 at the time we tested CentOS, and I haven't been able to test it yet. William J. Tolley Beau Kujath Jedidiah R. Crandall Breakpointing Bad & University of New Mexico ************************************************* **General Disclosure: We have discovered a vulnerability in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android which allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. This vulnerability works against OpenVPN, WireGuard, and IKEv2/IPSec, but has not been thoroughly tested against tor, but we believe it is not vulnerable since it operates in a SOCKS layer and includes authentication and encryption that happens in userspace. It should be noted, however, that the VPN technology used does not seem to matter and we are able to make all of our inferences even though the responses from the victim are encrypted, using the size of the packets and number of packets sent (in the case of challenge ACKs, for example) to determine what kind of packets are being sent through the encrypted VPN tunnel.
  8. Europe’s digital future starts now! We equip Europe with key technologies such as browsers and an independent search engine. "https://cliqz.com/en/" A New Search Engine Cliqz Journey "https://0x65.dev/blog/2019-12-05/a-new-search-engine.html"
  9. Wow @David H. Lipman a myriad of alerts collection.. could not play flash version(.swf) had to convert .swf to .mp4 and watch in player.. I too will miss flash, since I use chrome extn's to capture flash media (YT, other sites embedded media)..
  10. Faulty Driver Coding Exposes Microsoft Windows to Malware Risks "https://www.technewsworld.com/story/86187.html" Numerous driver design flaws by 20 different hardware vendors expose Microsoft Windows users to widespread security compromises that can cause persistent malware attacks. A report titled "Screwed Drivers," which Eclypsium security researchers presented at DEF CON last weekend, urges Microsoft to support solutions to better protect against this class of vulnerabilities. Microsoft should blacklist known bad drivers, it recommends. The insecure drivers problem is widespread, Eclypsium researchers found, with more than 40 drivers from at least 20 different vendors threatening the long-term security of the Windows operating system. The design flaws exist in drivers from every major BIOS vendor, including hardware vendors Asus, Toshiba, Nvidia and Huawei, according to the report. The research team discovered the coding issues and their broader impacts while pursuing an ongoing hardware and firmware security study involving how attackers can abuse insecure software drivers in devices. "Since our area of main focus is hardware and firmware security, we naturally gravitated into looking at Windows firmware update tools," said Mickey Shkatov, principal researcher at Eclypsium. "Once we started the process of exploring the drivers these tools used we kept finding more and more of these issues," he told the E-Commerce Times. The driver design flaws allow attackers to escalate user privilege so they can access the OS kernel mode. That escalation allows the attacker to use the driver as a proxy to gain highly privileged access to the hardware resources, according to the report. It opens read and write access to processor and chipset I/O space, model specific registers (MSR), control registers (CR), debug registers (DR), physical memory and kernel virtual memory. "Microsoft has a strong commitment to security and a demonstrated track record of investigating and proactively updating impacted devices as soon as possible. For the best protection, we recommend using Windows 10 and the Microsoft Edge browser," a Microsoft spokesperson said in comments provided to the E-Commerce Times by company rep Rachel Tougher.
  11. China Introduces Mandatory Face Scans For New Mobile Phone Users "https://www.bbc.com/news/world-asia-china-50587098" People in China are now required to have their faces scanned when registering new mobile phone services, as the authorities seek to verify the identities of the country's hundreds of millions of internet users. The regulation, announced in September, was due to come into effect on Sunday. The government says it wants to "protect the legitimate rights and interest of citizens in cyberspace". China already uses facial recognition technology to survey its population. It is a world leader in such technologies, but their intensifying use across the country in recent years has sparked debate. What are the new rules? When signing up for new mobile or mobile data contracts, people are already required to show their national identification card (as required in many countries) and have their photos taken. But now, they will also have their faces scanned in order to verify that they are a genuine match for the ID provided. China has for years been trying to enforce rules to ensure that everyone using the internet does so under their "real-name" identities. In 2017, for example, new rules required internet platforms to verify a user's true identity before letting them post online content. The new regulation for telecom operators was framed by the Ministry of Industry and Information Technology as a way to "strengthen" this system and ensure that the government can identify all mobile phone users. Most Chinese internet users access the web via their phones. Xinjiang police 'monitor citizens by app' 'Deepfake' app causes fraud and privacy fears in China China teen killing sparks internet boot camp debate Jeffrey Ding, a researcher on Chinese artificial intelligence at Oxford University, said that one of China's motivations for getting rid of anonymous phone numbers and internet accounts was to boost cyber-security and reduce internet fraud. But another likely motivation, he said, was to better track the population: "It's connected to a very centralised push to try to keep tabs on everyone, or that's at least the ambition." Are people worried? When the regulations were announced in September, the Chinese media did not make a big deal of it. But online, hundreds of social media users voiced concerns about the increasing amount of data being held on them. "People are being more and more strictly monitored," one user of the Sina Weibo microblogging website said. "What are they [the government] afraid of?" In September, the Chinese government said it planned to "curb and regulate" the use of facial recognition technology in schools after reports a university was trialling using it to monitor the attendance and behaviour of students. Mr Ding said it was clear that there is increasing backlash against China's widespread adoption of facial recognition technology. Such criticism used to focus on fears of data theft, hacking and abuses by commercial companies, he said. However, increasingly, citizens seem willing to criticise how the Chinese government might exploit such data to track the population.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.