Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Microsoft Defender 'RoguePlanet' Zero-Day Grants SYSTEM Privileges
    by BeauHD on 10/06/2026 at 11:00 pm

    A researcher using the name Nightmare Eclipse has released a new Microsoft Defender zero-day exploit called "RoguePlanet," which reportedly works on fully patched Windows 10 and 11 systems and can spawn a command prompt with SYSTEM privileges through a Defender race condition. The release came just hours after Microsoft fixed two previously disclosed flaws during its latest monthly Patch Tuesday drop -- its largest Patch Tuesday release ever. BleepingComputer reports: The researcher shared a proof-of-concept exploit on Tuesday afternoon in a self-hosted Git repository after saying that GitHub and GitLab repositories hosting their exploits had previously been removed by Microsoft. "The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others," Nightmare Eclipse wrote in the repository. [...] Cybersecurity firm ThreatLocker told BleepingComputer that they successfully reproduced the flaw in their testing and confirmed the exploit worked against fully patched Windows 11 systems with KB5094126 installed, and shared a video demonstrating it. "Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described. Organizations using application allowlisting can prevent the exploit from executing, providing an effective layer of protection against this attack," Danny Jenkins, CEO of ThreatLocker, told BleepingComputer. According to Nightmare Eclipse, RoguePlanet was originally developed as a remote code execution vulnerability that exploited Microsoft Defender's handling of files hosted on remote SMB shares. "In initial development, it was confirmed that this vulnerability was a remote code execution," the researcher explained in a blog post. "It required an attacker to coerce a victim to open a .vhd(x) in a remote SMB server, succesful exploitation resulted in defender overwriting its own files and obviously the end outcome was an RCE." The researcher says another attack scenario could lead to remote code execution simply by coercing a victim into opening an SMB share if symlink evaluation settings were enabled. However, the researcher claims Microsoft silently hardened Defender in mid-May by patching "mpengine!SysIO*" API, which blocked junction attacks. "Rewriting RoguePlanet to make it functional again drained my soul and I couldn't complete the other scenarios and for now it remains unclear if RoguePlanet is limited to LPE or there is some sort of way to turn it into an RCE," the researcher wrote. Read more of this story at Slashdot.

  • Visa Plugs Its Payment Network Into ChatGPT
    by BeauHD on 10/06/2026 at 10:00 pm

    Visa is integrating its payment network with ChatGPT so AI agents can shop and complete purchases on users' behalf. "It means AI agents can not only recommend products but complete the purchase on the user's behalf, at potentially any merchant that accepts Visa," reports the Associated Press. "The payment network's previous attempts at this technological leap were confined to a single retailer or a small set of enrolled merchants." From the report: OpenAI will provide the technology to allow agents to interact, make decisions and initiate purchases through ChatGPT. Visa, the world's largest payment network outside of China, will provide the payment authorization and fraud monitoring needed to do this at scale. "As AI agents become active participants in the economy, Visa's focus is to ensure transactions are trusted, secure and seamless," said Jack Forestell, chief product and strategy officer at Visa. Speaking at a company event Wednesday in San Francisco Wednesday, Forestell gave an example of a customer telling ChatGPT they're looking for a pair of wireless headphones under $150. The chatbot would find a pair for sale under those parameters and buy it on behalf of the customer. Visa and OpenAI did not disclose the financial terms of the collaboration and did not give details on the fees merchants or customers would have to pay. [...] Visa says the feature will have guardrails like spending limits, required approval steps and approved merchants for shopping in order to protect consumers and minimize fraud. Read more of this story at Slashdot.

  • Valve Discontinues Physical Steam Gift Cards Due To Scammers
    by BeauHD on 10/06/2026 at 9:00 pm

    Valve is discontinuing physical Steam Gift Cards and says it will stop restocking them as retailers sell through remaining inventory. In a blog post, the company blamed persistent gift card scams as the reason, though Steam Digital Gift Cards will remain available and existing physical cards can still be redeemed. PC Guide reports: Valve says it has "responded to gift card scams over the years" -- but this doesn't stop scammers from adapting. The Steam creator has actively worked with retailers and law enforcement, among other precautions, to counteract scams, but says the issue can never be fully resolved. Steam Digital Gift Cards will continue to operate as normal. Read more of this story at Slashdot.

  • Threats Against Politicians Tripled After Meta Changed Its Speech Rules
    by BeauHD on 10/06/2026 at 8:00 pm

    An anonymous reader quotes a report from Wired: Last year, Meta radically overhauled the rules around what content it would allow on its platforms. The company claimed that its own efforts policing speech had gone too far and that it would relax the rules around what speech was allowed. "We have been over-enforcing our rules, limiting legitimate political debate and censoring too much trivial content and subjecting too many people to frustrating enforcement actions," Joel Kaplan, Meta's chief global affairs officer, wrote in a blog post at the time. Over a year later, new research from the Center for Countering Digital Hate (CCDH) shows the immediate impact of these changes. The researchers analyzed about 8 million Facebook comments and found that abusive and racist comments targeting both Republican and Democrat lawmakers tripled in the six months after the new rules were put in place. Some categories of abusive comments documented by the researchers saw even sharper rises, with violent threats and hate speech quadrupling during the same period. The report cites specific examples of gendered and racist abuse directed at lawmakers like US representatives Jasmine Crockette of Texas and Byron Daniels of Florida. These comments were not taken down by Meta. The CCDH researchers also found that threats against President Trump more than doubled in the six months after Meta overhauled its rules. Many of the comments, which included direct threats to his life, could have been classified as felony offenses, the researchers say. [...] Comments that violated Meta's policies around violent threats quadrupled, from 1,800 in the six months before the changes to 7,600 in the six months after. Hate speech comments also quadrupled, from 6,900 to 30,000. Comments that broke Meta's rules on bullying and harassment doubled, from 15,700 to 39,900. Read more of this story at Slashdot.

  • BYD To Install Thousands of 5-Minute EV Chargers Across Europe
    by BeauHD on 10/06/2026 at 7:00 pm

    BYD plans to install 3,000 ultra-fast "Flash Chargers" across Europe by the end of 2027, with the first stations already appearing in Germany and the UK. The Verge reports: At an estimated cost of 580,000 euros (about $670,000) per charger according to the Financial Times, that would mean a total spend of roughly $2 billion to install the network. The 1,500kW charging stations are significantly more powerful than Tesla's 500kW V4 Superchargers, though Tesla already has 20,000 chargers installed in Europe. BYD, which has been steadily overtaking Tesla in global sales, says its chargers shouldn't add undue strain to the energy grid, as they'll charge cars from batteries which can be topped up overnight. Any car with a standard CCS charge port can use the Flash Chargers, though only BYD cars equipped with the company's new Blade Battery can hit the top speeds. Right now there's only one of those in Europe, the 115,000 euros ($133,000) Denza Z9 GT -- it charges to 70 percent in five minutes on the new chargers. Read more of this story at Slashdot.

  • macOS 27 Beta Boots Asahi Linux Off Apple Silicon
    by BeauHD on 10/06/2026 at 6:00 pm

    The Asahi Linux team is warning Apple Silicon users not to upgrade to the macOS 27 beta because Apple's changes to the boot picker and Startup Disk app make Asahi partitions invisible, preventing Linux from booting. The Register reports: The team added: "If you insist on trying out macOS 27 as soon as possible, please ensure you install a secondary copy of macOS 26 first, or install macOS 27 itself on a secondary volume." They've also updated the installer to prevent installs from running on macOS 27 for now. For anyone who ignored all of the above, "we will not support users who have installed the macOS 27 beta without ensuring at least one stable version of macOS is installed." Considering macOS 27 is in beta, the issue may be accidental rather than an attempt by Apple to block Linux on its hardware. The Asahi team said it has filed bug report. The good news for anyone who pulled the trigger on installing the macOS 27 beta is that although the partition might not be visible, it hasn't gone anywhere. The Asahi team wrote: "If you have already upgraded to the beta and noticed that your Asahi partition has disappeared, do not stress. Your Asahi partition is still there, and you have not lost any data." Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress