Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

Excellent and Accessible Write-Up on Spectre & Meltdown Vulnerabilities

By itss | 08/01/2018
0 Comment

https://ds9a.nl/articles/posts/spectre-meltdown/

Category: Technology
Post navigation
← Intel CPU Vulnerability MacOS High Sierra’s App Store System Preferences Can Be Unlocked With Any Password →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Football and Other Premium TV Being Pirated At 'Industrial Scale'
    by BeauHD on 31/05/2025 at 3:30 am

    An anonymous reader quotes a report from the BBC: A lack of action by big tech firms is enabling the "industrial scale theft" of premium video services, especially live sport, a new report says. The research by Enders Analysis accuses Amazon, Google, Meta and Microsoft of "ambivalence and inertia" over a problem it says costs broadcasters revenue and puts users at an increased risk of cyber-crime. Gareth Sutcliffe and Ollie Meir, who authored the research, described the Amazon Fire Stick -- which they argue is the device many people use to access illegal streams -- as "a piracy enabler." [...] The device plugs into TVs and gives the viewer thousands of options to watch programs from legitimate services including the BBC iPlayer and Netflix. They are also being used to access illegal streams, particularly of live sport. In November last year, a Liverpool man who sold Fire Stick devices he reconfigured to allow people to illegally stream Premier League football matches was jailed. After uploading the unauthorized services on the Amazon product, he advertised them on Facebook. Another man from Liverpool was given a two-year suspended sentence last year after modifying fire sticks and selling them on Facebook and WhatsApp. According to data for the first quarter of this year, provided to Enders by Sky, 59% of people in UK who said they had watched pirated material in the last year while using a physical device said they had used a Amazon fire product. The Enders report says the fire stick enables "billions of dollars in piracy" overall. [...] The researchers also pointed to the role played by the "continued depreciation" of Digital Rights Management (DRM) systems, particularly those from Google and Microsoft. This technology enables high quality streaming of premium content to devices. Two of the big players are Microsoft's PlayReady and Google's Widevine. The authors argue the architecture of the DRM is largely unchanged, and due to a lack of maintenance by the big tech companies, PlayReady and Widevine "are now compromised across various security levels." Mr Sutcliffe and Mr Meir said this has had "a seismic impact across the industry, and ultimately given piracy the upper hand by enabling theft of the highest quality content." They added: "Over twenty years since launch, the DRM solutions provided by Google and Microsoft are in steep decline. A complete overhaul of the technology architecture, licensing, and support model is needed. Lack of engagement with content owners indicates this a low priority." Read more of this story at Slashdot.

  • Billions of Cookies Up For Grabs As Experts Warn Over Session Security
    by BeauHD on 31/05/2025 at 12:52 am

    Billions of stolen cookies are being sold on the dark web and Telegram, with over 1.2 billion containing session data that can grant cybercriminals access to accounts and systems without login credentials, bypassing MFA. The Register reports: More than 93.7 billion of them are currently available for criminals to buy online and of those, between 7-9 percent are active, on average, according to NordVPN's breakdown of stolen cookies by country. Adrianus Warmenhoven, cybersecurity advisor at NordVPN, said: "Cookies may seem harmless, but in the wrong hands, they're digital keys to our most private information. What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide. Most people don't realize that a stolen cookie can be just as dangerous as a password, despite being so willing to accept cookies when visiting websites, just to get rid of the prompt at the bottom of the screen. However, once these are intercepted, a cookie can give hackers direct access to all sorts of accounts containing sensitive data, without any login required." The vast majority of stolen cookies (90.25 percent) contain ID data, used to uniquely identify users and deliver targeted ads. They can also contain data such as names, home and email addresses, locations, passwords, phone numbers, and genders, although these data points are only present in around 0.5 percent of all stolen cookies. The risk of ruinous personal data exposure as a result of cookie theft is therefore pretty slim. Aside from ID cookies, the other statistically significant type of data that these can contain are details of users' sessions. Over 1.2 billion of these are still up for grabs (roughly 6 percent of the total), and these are generally seen as more of a concern. Read more of this story at Slashdot.

  • Meta and Anduril Work On Mixed Reality Headsets For the Military
    by BeauHD on 31/05/2025 at 12:16 am

    In a full-circle moment for Palmer Luckey, Meta and his defense tech company Anduril are teaming up to develop mixed reality headsets for the U.S. military under the Army's revamped SBMC Next program. The collaboration will merge Meta's Reality Labs hardware and Llama AI with Anduril's battlefield software, marking Meta's entry into military XR through the very company founded by Luckey after his controversial departure from Facebook. "I am glad to be working with Meta once again," Luckey said in a blog post. "My mission has long been to turn warfighters into technomancers, and the products we are building with Meta do just that." TechCrunch reports: This partnership stems from the Soldier Borne Mission Command (SBMC) Next program, formerly called the Integrated Visual Augmentation System (IVAS) Next. IVAS was a massive military contract, with a total $22 billion budget, originally awarded to Microsoft in 2018 intended to develop HoloLens-like AR glasses for soldiers. But after endless problems, in February the Army stripped management of the program from Microsoft and awarded it to Anduril, with Microsoft staying on as a cloud provider. The intent is to eventually have multiple suppliers of mixed reality glasses for soldiers. All of this meant that if Luckey's former employer, Meta, wanted to tap into the potentially lucrative world of military VR/AR/XR headsets, it would need to go through Anduril. The devices will be based on tech out of Meta's AR/VR research center Reality Labs, the post says. They'll use Meta's Llama AI model, and they will tap into Anduril's command and control software known as Lattice. The idea is to provide soldiers with a heads-up display of battlefield intelligence in real time. [...] An Anduril spokesperson tells TechCrunch that the product family Meta and Anduril are building is even called EagleEye, which will be an ecosystem of devices. EagleEye is what Luckey named Anduril's first imagined headset in Anduril's pitch deck draft, before his investors convinced him to focus on building software first. After the announcement, Luckey said on X: "It is pretty cool to have everything at our fingertips for this joint effort -- everything I made before Meta acquired Oculus, everything we made together, and everything we did on our own after I was fired." Read more of this story at Slashdot.

  • US Sanctions Cloud Provider 'Funnull' As Top Source of 'Pig Butchering' Scams
    by BeauHD on 30/05/2025 at 11:30 pm

    An anonymous reader quotes a report from KrebsOnSecurity: The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as "pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers. "Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024," reads a statement from the U.S. Department of the Treasury, which sanctioned Funnull and its 40-year-old Chinese administrator Liu Lizhi. "Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses." The Treasury Department said Funnull's operations are linked to the majority of virtual currency investment scam websites reported to the FBI. The agency said Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses by Americans. Pig butchering is a rampant form of fraud wherein people are lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms. Victims are coached to invest more and more money into what appears to be an extremely profitable trading platform, only to find their money is gone when they wish to cash out. The scammers often insist that investors pay additional "taxes" on their crypto "earnings" before they can see their invested funds again (spoiler: they never do), and a shocking number of people have lost six figures or more through these pig butchering scams. KrebsOnSecurity's January story on Funnull was based on research from the security firm Silent Push, which discovered in October 2024 that a vast number of domains hosted via Funnull were promoting gambling sites that bore the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean state-sponsored hacking group Lazarus. Silent Push found Funnull was a criminal content delivery network (CDN) that carried a great deal of traffic tied to scam websites, funneling the traffic through a dizzying chain of auto-generated domain names and U.S.-based cloud providers before redirecting to malicious or phishous websites. The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025. Read more of this story at Slashdot.

  • Instagram Isn't Just For Square Photos Anymore
    by BeauHD on 30/05/2025 at 10:50 pm

    Instagram now supports 3:4 aspect ratio photos, allowing users to upload images that "appear just exactly as you shot it." Instagram head Adam Mosseri announced the update in a Threads post, noting that "almost every phone camera defaults to" that format. The Verge reports: An image from Instagram's broadcast channel shows how the change makes a difference. You can already post images with a rectangular aspect ratio of 4:5, but with 3:4, your photo won't be cropped at the ends. 3:4 photos are supported with single-photo uploads and with carousels, according to the channel. If you want, you can still post photos with a square or 4:5 aspect ratio. Read more of this story at Slashdot.

  • Microsoft Tests Notepad Text Formatting In Windows 11
    by BeauHD on 30/05/2025 at 10:10 pm

    BrianFagioli shares a report from BetaNews: Microsoft just can't leave well enough alone. The company is now injecting formatting features into Notepad, a program that has long been appreciated for one thing -- its simplicity. You see, starting with version 11.2504.50.0, this update is rolling out to Windows Insiders in the Canary and Dev Channels, and it adds bold text, italics, hyperlinks, lists, and even headers. Sadly, this isn't a joke. Notepad is actually being turned into a watered-down word processor, complete with a formatting toolbar and Markdown support. Users can even toggle between styled content and raw Markdown syntax. And while Microsoft is giving you the option to disable formatting or strip it all out, it's clear the direction of the app is changing. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress