Archive for 2018

Trump Beaten by Facts (Again)

Fri, Jun 22, 2018

Trump tweeted that crime in Germany is “way up” and that this is due to all the refugees taken in by my country. While I would quickly run out of hard drive space if I were to comment on every single time that dimwit claims something despite the evidence pointing in the completely other direction, this one - of course - is a bit personal.

Luckily, we Germans love our statistics and cold hard facts. For anyone interested you can check out the official crime statistics of the Federal Statistical Office of Germany. As these only go up to 2016, here are the latest numbers for 2017, you can find these on page 10 in the PDF file, section 3.1. The total number of criminal offenses registered in 2017 is 5,761,984. This is the lowest number since 1992 and a good 10% less than in 2016.

This was way too easy… But then again, if you are Trump you already are your worst enemy anyway. The rest of the world can just sit back, relax, and enjoy some popcorn while the US fade from the world stage.

So the United States decided to quit the United Nations human rights body. They cited bias vs Israel and the presence of countries in the council that are not exactly well known for their adherence to human rights, like Iran.

Now, dear friends from the U.S., who again separates children from their families in order to scare immigrants to stay away? Not to mention you are still running Guantanamo Bay and appointed Gina Haspel as the new director of the CIA. A person who ran a blacksite in Thailand which was used to torture prisoners. She then ordered the destruction of 92 video tapes documenting interrogation sessions. Of course even your own president likes the use of waterboarding. Easier to point the finger at someone else, right?

More Intel CPU Flaws Surface

Thu, Jun 14, 2018

While the latest CPU iteration of Intel still is affected by Meltdown, another vulnerability was discovered in their CPUs. It is also based on speculative execution and apparently allows floating point registers to be leaked from another process. Dubbed Lazy FP state restore this bug of course affects all systems based on Intel processors which are vulnerable. Linux and the latest flavours of BSD are already fixed or immune anyway. Windows Server 2008 however is still vulnerable.

The snake oil vendor who has fallen from grace in western main stream politics Kaspersky has temporarily halted its cooperation with Europol. This came after a vote in the plenary session of the European Parliament which put forward a motion which advises EU states to exclude and ban programs and equipment that have been confirmed as malicious. (Apparently for most politicians this does not fall under common sense)

The problem is that this motion explicitly mentions Kaspersky, so they have been rather peeved in the process.

The big question is: Will the EU now ban Windows 10, Alexa, Cortana, Siri, and several other malicious pieces of tech? ^^

F-Secure Not So Secure

Wed, Jun 6, 2018

Another snake oil vulnerability was unveiled recently. F-Secure allows for arbitrary code execution by means of a specially crafted RAR archive. Since it scans files without asking, there is not much an affected user can do about that if such a file ends up in the claws of his F-Secure Installation.

In a seriously unpopular move, smartphone maker Huawei disclosed that they will stop offering unlock codes for their devices’ bootloaders. They say they want to

[…] deliver the best user experience and prevent users from experiencing possible issues that could arise from ROM flashing […]

As in: digital self-determination, full control over the devices that you paid for, removal of bloatware, or just the general freedom to mess around with stuff that you own. This is definately a reason to no longer buy Huawei devices. Manufacturers that want to dictate how you use your device should not be supported at all. Reddit and Twitter are apparently already loaded with Huawei customers that are announcing to return their most recent Huawei merchandise in order to move to more open brands.

In the end I think that we urgently need laws prohibiting hardware manufacturers from locking down their systems. If you pay for it, the silicone should be yours to do with as you please. Of course, if you brick the device in the process, it is your own damn fault. So no suing of hardware manufacturers because you decided it was a good idea to yank out the data cable while flashing a new rom! But you should have the right to do whatever you want to your devices.

This is actually the same reason why I would never ever buy an iPhone. I am the one telling my phone what to install, what to load, and what to execute, not the other way around.

The German right-wing political party AfD apparently has been offering 50 Euro (German link) to people willing to attend a rally, scheduled for the 27th of May, to protest “for Germany” in Berlin. Overall they apparently wanted to use 1500 EUR to pay for the first 30 protesters to join up.

After a member of the AfD at first denied these allegations, the party’s speaker Robin Classen confirmed the plan to pay off protesters. The sweet sweet irony in this is that numerous members of the AfD claim that the left-wing parties regularly pay people to attend political demonstrations. For a while now I have been getting the feeling that the AfD is trying to immitate Trump to the best of their abilities. Especially his proclivity for fucking up in the most embarrassing of ways ^^

Remember the urgent public safety issue from not too long ago? Turns out the FBI has repeatedly overstated figures in connection to the so-called encryption threat to the Congress and public. Among others the FBI claimed they were locked out of nearly 7,800 devices connected to crimes when, in reality, the actual number was more between 1,000 and 2,000. Apparently a “programming error” is to blame which lead to miscounting of the devices. Yeah … right …

Another Day Another Backdoor

Wed, May 23, 2018

Kaspersky Lab researchers have discovered a backdoor in D-Link DIR-620 routers. There is also no way for the owners of these routers to disable this account. There are also three other vulnerabilities the researchers found in the firmware of these devices. Recovery of Telnet credentials, URL injection leading to the execution of OS commands, and XSS in the “Quick Search” admin panel are the other three.