sman

Forced to act, better late than never..

The Wuhan coronavirus has spread person-to-person in the US for the 1st time - to the husband of a woman who went to China https://www.businessinsider.in/science/news/the-wuhan-coronavirus-has-spread-person-to-person-in-the-us-for-the-1st-time-to-the-husband-of-a-woman-who-went-to-china/articleshow/73781242.cms

FF when are you coming on board?

maybe helpful for Phd scholars for their project. people into RCE just to get an idea /test their skills.

One can get an idea of what is trending and how to improve upon and come out with a better tool or even come out with tools to better support it (with REC and legal hacking to know the vulnerabilities, shortfalls etc.)

But he said about having 3+ WIn 7 systems, so taking one offline doesn't make sense. and the question is what one can do with only offline working? Just gaming perhaps, watch some old media, a sheer waste of resources.

Herein comes legal hacking.. reverse engineer and knwo the functionality, then use it to create your own robust tools. Where there is a will , there is a way.

Then networked devices are not safe and as I said, securing the network is a must and going offline is not a solution, as he needs to secure his network for safety of the connected devices.and there r tools such as for IoT to secure your network in toto which should take care of it.

Strange. If your network is not secure, than you will land in problems, so having proper protection is a must and if it's taken care off, going offline for a part device doesn't gel.

There is a very interesting case of reverse engineering which the court found legal. read on in https://www.upcounsel.com/reverse-engineering-patent-infringement Prior to the Digital Millennium Copyright Act, many companies and individuals wondered whether reverse engineering was a legal process. A controversy between video game makers Nintendo and Atari laid out some of the early framework for the legality of reverse engineering. In the late 20th century, the Nintendo Entertainment Systems (NES) 8-bit device was one of the top options in the video gaming market. This device included a security mechanism called the 10-NES and restricted the use of games that didn't contain specific software and a chip. NES used this security mechanism to encourage developers of popular video games to enter into licensing contracts. The 8-bit was introduced to the U.S. market in 1986, which was the same year that Atari, a competing video gaming company, started reverse engineering the device. Atari used a method that monitored the communication between the game console and cartridge, but this didn't provide sufficient information. Next, Atari used a chemical peeling process to remove layers from the NES chips to examine the object code under a microscope. Even with these efforts, Atari could not reconstruct the code from the layers removed from the chips. When NES filed for copyright protection, the process included filing a listing of all object code. This document included the details that Atari was trying to find through the reverse engineering process. In order to gain access to the document, Atari filed a false lawsuit with claims that NES had sued Atari for infringement of copyright. Atari submitted falsified affidavits to the office, which granted them access to a copy of the listing document. Following this action, Atari began reproducing the software for its own video games. NES filed a lawsuit against Atari for copyright infringement. One issue brought up in the suit was whether Atari had the right to reverse engineer the security mechanism used in the NES 8-bit console. During the legal proceedings, the court determined that although Atari's method of obtaining the information was tainted, since the company filed false documents, it was legal to use reverse engineering. Going through the process of reverse engineering is considered fair use as long as it is necessary to understand the device or product. US trade secret law views RE as a proper means of learning a trade secret, https://www.softwarelitigationconsulting.com/articles/hiding-in-plain-sight-using-reverse-engineering-to-uncover-software-patent-infringement/

@exile360 @Pierre75 Why not experts look at RCE (Reverse Code Engineering)? 9 Best Reverse Engineering Tools for 2020 [Updated] https://www.apriorit.com/dev-blog/366-software-reverse-engineering-tools In this article, I will tell about the main tools that a modern software reverser uses in his work. This article is for readers, who are familiar with the Assembler language, network interaction principles, and have experience of programming for Windows using API functions. There are so many different software applications in the modern world, and the source code of the most of them is hidden from our sight. But there are a number of situations, when we do need to understand the logic of functioning of platforms and applications, their algorithms and specifics. That is when the legal software reversing is called up – a service provided by Apriorit software research department. There are a lot of products to make this task easier. We are going to discuss some of the best reverse engineering software; mainly it will be tools reverse engineering tools for Windows. Notice that you can learn more details about the process and nuances of Windows software reversing in this post (great example included). If you are more interested in iOS/OS X code reverse engineering software and approaches - take a look at this post prepared by our researches. How to Reverse Engineer Software (Windows) the Right Way https://www.apriorit.com/dev-blog/364-how-to-reverse-engineer-software-windows-in-a-right-way

Working offline for what purpose? than why look for 0patch at all? Mac address are unique, once set it's set forever. and 0patch updation is automatic. So, can't understand why to go offline in the first case?

Configuring the router to limit network devices with MAC address is the normal way to go, which would leave Lan access intact. But why need to go offline in the first case? as 0patch works to pacth in background with system online, going offline will defeat the purpose.

@Pierre75 Hardwired, is it a Lan?

Qatar Is Air-Conditioning the Outdoors Because of Climate Change https://www.gq.com/story/qatar-outdoor-air-conditioning Even if Qatar's strategy were financially feasible elsewhere, it is environmental lunacy: In areas without plentiful supplies of clean energy, the energy required to deploy artificial cooling on such a massive scale is bound to increase the production of greenhouse gases, exacerbating the conditions that made air-conditioning the outside necessary in the first place. As far as "solutions" go, it is roughly the equivalent of repairing a leaking dike by ripping a patch from a different, otherwise-undamaged section. But such objections are of little persuasive value to those who would have to deal with the fallout from turning the air conditioners off. "That's about survival," climate activist Neeshad Shafi told the Post. "It's too hot. That's the reality." Dubai rethinks air conditioned city plan https://www.coolingpost.com/world-news/dubai-rethinks-air-conditioned-city-plan/?fbclid=IwAR1thrnMRZ1mKgHxhyS4IK9ncW8-grHxAIKIEALIDkyQVhpRCv8rDuh2mdY

Telescope captures most detailed pictures yet of the sun https://www.theguardian.com/science/2020/jan/29/solar-telescope-captures-most-detailed-pictures-yet-the-sun Russia blocks encrypted email service ProtonMail https://www.reuters.com/article/us-russia-protonmail/russia-blocks-encrypted-email-service-protonmail-idUSKBN1ZS1K8 Millions watch live streaming of hospital construction in Wuhan https://www.shine.cn/news/nation/2001290804/ World First: Genetically Engineered Moth Is Released Into an Open Field https://www.technologynetworks.com/genomics/news/world-first-genetically-engineered-moth-is-released-into-an-open-field-329960

How to delete what Facebook knows about your life outside of Facebook https://www.vox.com/2020/1/28/21112380/facebook-activity-tool-data Facebook to pay $550 million to settle privacy lawsuit over facial recognition tech https://www.theverge.com/2020/1/29/21114358/facebook-550-million-settle-lawsuit-facial-recognition-technology-illinois

You're on the dot @nukecad. tks for the update on max flight timings.and not much speed (32.02 mph), slower than an automobile but still some technology of interest.

A long shot..

Google suspends all paid Chrome browser extensions https://www.techradar.com/in/news/google-suspends-all-paid-chrome-browser-extensions Chrome Web Store saw huge spike in fraudulent transactions Google has been forced to shut down all paid extensions after experiencing a sudden increase in fraudulent transactions on the official Chrome web store. As a precautionary measure, the company has now suspended publishing or updating of all the commercial extensions. The suspension includes all extensions which need an upfront payment, monthly recurring payments or offer in-app purchases. Surge Google’s engineers reported that these fraudulent transactions started earlier this month at a mass scale. The ban, a temporary fix to stop further fraudulent charges from happening, has impacted all the app developers including the premium ones like Dashlane, Comeet, etc. According to Simeon Vincent, Developer Advocate for Chrome Extensions at Google, "This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse." Though there is no update on when the suspension will be removed. While Google has only announced the suspension late last week, app developers suggest that the search engine giant was been silently blocking updates for all the paid extensions. After the suspension, if a developer tries to push an update to an existing paid extension or publish a new paid extension, they are getting an error message that reads “Spam and Placement in the Store." The news comes shortly after Mozilla removed around shady 200 Firefox add-ons which were found to be involved in malicious activities or were stealing user data in a similar clean-up drive.

Microsoft urged: Open-source Windows 7 to 'undo past wrongs' https://www.zdnet.com/article/microsoft-urged-open-source-windows-7-to-undo-past-wrongs/ Group of free software advocates calls on Microsoft to release Windows 7 under a free software license. Windows 7 has reached end of life, meaning no more free feature or security updates. So what should Microsoft do next with the Windows 7 source code? Advocates at the Free Software Foundation (FSF) are demanding Microsoft "undo past wrongs" by releasing Windows 7 as free software. FSF, founded by Richard Stallman in 1985, has long agitated against Microsoft's use of proprietary software licenses. At Windows 7's launch, FSF urged customers to ditch the OS. However, the group's latest campaign asks Microsoft to "do the right thing" by open-sourcing Windows 7 under a free license like GNU Public License (GPL), which Stallman created. The new petition comes as Microsoft increasingly embraces open source and Linux, occasionally open-sourcing chunks of its software empire, and even shipping Windows 10 with a Linux kernel. But Microsoft is unlikely to cave into the Windows 7 demands that FSF outlined in a petition launched last week, asking Microsoft to "give it to the community to study and improve". FSF argues that Microsoft has "nothing to lose by liberating a version of their operating system that they themselves say has reached its end. The petition was aiming to gather at least 7,777 supporters and today has exceeded that by 1,000. The petition outlines three demands: We demand that Windows 7 be released as free software. Its life doesn't have to end. Give it to the community to study, modify, and share. We urge you to respect the freedom and privacy of your users – not simply strong-arm them into the newest Windows version. We want more proof that you really respect users and user freedom, and aren't just using those concepts as marketing when convenient. Windows 7 did reach end of life this month, but one reason Microsoft probably won't open-source Windows 7 is that for the next three years it will still provide security updates for businesses that pay for Windows 7 Extended Security Updates (ESU). Windows 7 ESUs are targeted at customers that haven't completed the migration to Windows 10. The German federal government, for example, reportedly will pay at least €800,000 ($886,000) this year to Microsoft for Windows 7 ESUs. Also, as The Register points out, there are still portions of Windows 7 code in Windows 10, so it's probably not in the company's best interests to release a free version of Windows 7. A free Windows has been a consistent demand of Stallman, who retired from FSF last year. He gave a speech at Microsoft Research last year outlining 10 demands, including thatMicrosoft "publicly take back Microsoft's attacks on copyleft made in the 2000s" and to release the source code of Windows under the GNU GPL.

@Pierre75 A pro license is $26 or so/pa . so not much compared to going in for a new laptop (may be $400-500 or cheaper with china one's). . so, you can decide which suits you, better.

New 'CacheOut' attack leaks data from CPUs, VMs and hardware enclaves https://www.itnews.com.au/news/new-cacheout-attack-leaks-data-from-cpus-vms-and-hardware-enclaves-537102 Intel drops processor microcode fixes again. Researchers at the universities of Adelaide and Michigan have come up with a new Spectre-style speculative execution attack against Intel processors that can be used to intercept data across several hardware security boundaries. Named CacheOut, the flaw is found in a large number of Intel processors released up until the fourth quarter of 2018. Several researchers have been working on the vulnerability [pdf], including Yuval Yarom from the University of Adelaide, discovering that it's possible to leak data from eviction of processor caches. While there's no known CacheOut exploits currently, exploitation of the vulnerability is undetectable. It could be used to intercept information on operating system kernel address space randomisation and secret "stack canaries" values, which in turn can enable full exploitation using other software attacks such as buffer overflows, the researchers said. Furthermore, CacheOut can leak data from hypervisors and co-resident virtual machines, and dump the contents of Intel Software Guard Extensions (SGX) hardware enclaves. CacheOut bypasses existing hardware mitigations by Intel against the earlier Spectre and Meltdown flaws. Microcode updates from Intel are available for vulnerable processors, and can be deployed via operating system and hypervisor updates. AMD processors do not contain similar features to Intel's Transactional Synchronisation Extensions (TSX) and are not vulnerabile to CacheOut. The researchers noted that ARM architecture and IBM processors have a feature similar to Intel TSX, but the reaserchers don't currently know if any of those products are affected by CacheOut.