Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • The US Government Is Letting a Key Data Center Regulation Expire
    by BeauHD on 15/06/2026 at 11:00 pm

    The Federal Data Center Enhancement Act (FDCEA) is set to expire in September without an apparent replacement, potentially ending requirements for federal agencies to report on data-center efficiency, resilience, energy and water use, and contractor sustainability. Wired reports: Despite the public backlash, the Office of Management and Budget (OMB), the government agency that sets guidance for how agencies implement policies in line with the president's agenda, is not providing any plans for how federal agencies should manage the sunset or continue to implement reporting beyond the timeline of the law. This, current and former workers at OMB and the General Services Administration (GSA) say, signals that the Trump administration is set to take an even more hands-off approach to data center oversight and regulation. A replacement for the requirements laid out in FDCEA would, in other administrations, have been in the works for months ahead of its expiration. An employee with the GSA, the agency that oversees the government's IT services and helps to implement the FDCEA, says that the lack of any sort of plan is highly uncommon. The employee spoke to WIRED on the condition of anonymity for fear of retaliation. "Never in the history of data center policies has a policy expired without another one having been painstakingly worked on for three years behind the scenes," says the GSA employee. "The technology has changed so much it's not about getting everything right, it's about doing the best they can and updating to a new policy. They claim they're going to make sure private companies pay their fare share, but they haven't explained how they'll do that." [...] There has been a burst of data-center-related legislation introduced in Congress this year, from bills that mandate environmental reviews of data centers to bills designed to protect local moratoriums. However, it appears that none of these bills are designed to address the requirements in FDCEA, nor do they specifically address federally run or leased data centers. [...] A search of reginfo.gov, the OMB website that contains reports on the president's Unified Agenda, also turns up nothing for the FDCEA. "By letting this expire, OMB is going to enter into this new age of prioritizing rapid AI development over any sort of centralized control or rigorous standards," says the anonymous GSA employee who spoke to Wired. "In the absence of a new policy from OMB, [GSA] has no directive or measurable standards with which to point agencies towards managing data centers efficiently." Read more of this story at Slashdot.

  • FBI Issues Urgent Kali365 Security Warning For Teams, Outlook, OneDrive Users
    by BeauHD on 15/06/2026 at 10:00 pm

    alternative_right shares a report from The Hill: The FBI released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency warned that the hacking platform Kali365 seeks out OAuth device codes, allowing scammers to sneak past multi-factor authentication codes, and without the need for a password, to access Microsoft accounts. Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI. "Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an "emerging Phishing-as-a-Service platform." Hackers with limited skills can access advanced phishing tools through the platform, according to NordPass. Read more of this story at Slashdot.

  • Google Chrome's Next Update Will Mark the End of Popular Ad Blockers
    by BeauHD on 15/06/2026 at 9:00 pm

    Google is removing Chrome's last remaining workarounds for Manifest V2 extensions, effectively ending support for legacy ad blockers such as the original uBlock Origin. 9to5Google reports: CyberNews points out a Chromium commit that removes support for the "kExtensionManifestV2Disabled" flag, which is referred to as "dead code" seeing as Chrome no longer supports Manifest V2 extensions. This removal acts as the final stop for many Manifest V2-based ad blocker extensions that were still in use today -- the flag was effectively a loophole to continue using these extensions. A Googler on the commit explains: "MV2 extensions are no longer allowed in any supported version of Chrome, and we are removing support for them and the associated functionality. We won't be able to provide / maintain this functionality indefinitely due to the complexity and tech debt, as well as the security risks it entails (we've actually found a number of bugs that are specific to MV2 lately). Of course, other browsers can continue supporting these if they so desire." This will also impact other Chromium-based browsers, though the comment notes that "other browsers can continue supporting these if they so desire." Neowin points out that Microsoft Edge and Opera are likely to follow suit. Chrome 150, set to be released later this month, will remove this flag, while other leftover bits of Manifest V2 will be removed in the v151 release. Read more of this story at Slashdot.

  • Users Cry Foul After AMD Stripped Memory Crypto From Its Consumer CPUs
    by BeauHD on 15/06/2026 at 8:02 pm

    An anonymous reader quotes a report from Ars Technica: A decade ago, AMD added a protection to its high-end CPUs to protect them against cold boot attacks and other types of physical exploits that siphon sensitive data out of the connected memory chips. Short for Transparent Secure Memory Encryption, TSME encrypts the entire contents stored in memory, making the data useless to physical attackers. Over time, AMD added TSME to lower-end processors, including the consumer version of its Ryzen chips, a CPU that costs less than the Pro version. Over the years, users of these lower-end chips have gotten used to the added security. Recently and without warning or notice, this lower-end line of AMD chips suddenly dropped the protection, and did so in a way that was impossible to detect on Windows machines and required a fair amount of technical work when using Linux. AMD has yet to say why TSME worked on these CPUs, or even to confirm the change. AMD declined to answer questions sent by email other than to say TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies." The statement is the first known time the chipmaker has explicitly made this restriction public. [...] There's no indication that AMD ever advertised or marketed TSME as being available in consumer CPUs. AMD has long said that a related memory protection, Secure Memory Encryption (SME), is available only in the Pro and Epyc CPU tiers. SME is OS-managed. It uses a single key and allows the OS to selectively encrypt individual memory pages. TSME is firmware-managed. It encrypts all RAM with no OS involvement. When active, it provides protection against physical attacks, including cold boot exploits, DRAM interface snooping, and memory module removal. It activates silently when enabled in the BIOS, making it the more practically useful of the two protections. Ben Kilpatrick, a self-described "privacy-conscious Linux hobbyist," discovered that TSME had stopped working on his consumer Ryzen processor despite remaining enabled in the BIOS. He spent months investigating, persuaded MSI engineers to test multiple CPUs, motherboards, and firmware versions, and filed a public AMD bug report that traced the change to newer AGESA firmware apparently disabling TSME on consumer chips while retaining it on Pro and EPYC models. "AMD engineers' comments, such as those mentioned above, and the years of TSME working just fine in the lower-cost tier processors, have understandably conditioned Kilpatrick and other users to reasonably regard it as an expected part of the chip package," reports Ars Technica. "AMD quietly removing it and providing no acknowledgment or explanation strikes these users as something of a betrayal." Joe Fitzgerald, an expert in silicon-level security, said in an interview: "They could have not realized they did it leading to their cagey responses, or they could have done it intentionally and tried to get away with it, leading to the same cagey responses. But I really feel like an explanation should be in order, even if it was 'TSME was never supposed to be supported. We did ship some firmwares that erroneously enabled it, but you shouldn't use them since we can't guarantee it'll work properly.'" Read more of this story at Slashdot.

  • Trump's 'Made In the USA' Phone Is Just a Reskinned HTC U24 Pro
    by BeauHD on 15/06/2026 at 7:00 pm

    Longtime Slashdot reader necro81 writes: The heavily promoted, $499 T1 "Trump Phone" was originally said to be "Made in the USA" and ship in September 2025. Later, that was downgraded to "Assembled in the USA." Given the Trump Organization's lack of engineering or supply chain expertise, many assumed the "T1" would just be a private-label phone made by someone else. After a number of delays, the first phones are finally shipping. iFixit has performed a teardown and concluded that the T1 is a just gold-painted 2024 HTC U24 Pro -- a device from a Taiwanese company, probably using mainland China design and supply chains. In collaboration with NBC News, the iFixit team examined both phones using CT scans, side-by-side teardowns, and even reassembled a working T1 using a U24 Pro main board. As for "assembled in the USA," that may be true, in the same sense that your phone's repairman can "assemble" a phone from a handful of subassemblies sourced from someone else. Or it may have been assembled in Guangdong, China like the other U24 Pros. iFixit sums it up: "What you have is not an 'American-Proud Design,' but a phone designed in China, made in China, with the vast majority of parts sourced from China. I'm failing to find any stirring of American pride within me. I've certainly felt it before, so I can confirm that it is absent at this time." Quinn Nelson of Snazzy Labs on YouTube also published a comprehensive video of his experience ordering, unboxing, and tearing down the phone. "From pre-order emails landing in Gmail spam thanks to botched DMARC records, to paying for the $47.45 Trump Mobile 47 Plan over the phone, the entire buying experience was a disaster worthy of its own review," writes Nelson. Read more of this story at Slashdot.

  • Britain Unveils Sweeping Ban On Social Media For Under-16s
    by BeauHD on 15/06/2026 at 6:00 pm

    Longtime Slashdot reader schwit1 shares a report from NBC News: British Prime Minister Keir Starmer has announced a sweeping ban on social media use for those under 16, joining other countries around the world seeking to protect children online. "It's a big step for our country," Starmer said in a recorded video message released Monday. "Social media is making our children unhappy and unsafe, and as a parent, as much as a Prime Minister, I just can't let that go on anymore," he added. The ban will include social platforms like Snapchat, TikTok, YouTube, Instagram, Facebook and X, while there is no intention for messaging services like WhatsApp and Signal to be included, the government said in a release. [...] Starmer's government called Monday's announcement a "landmark" move, saying the new measures would be brought to Parliament before Christmas, with protections expected to come into force next spring. Beyond the blanket social media ban, the restrictions will also include blocks on functions such as livestreaming and stranger communication with children for under-16s, it added. "It's not an easy thing to do. I'll be honest about that," Starmer said. "We haven't rushed into it. We've looked carefully at the evidence, and we'll have to adapt our approach as technology changes, learn from other countries which are taking similar steps." He went on to say that it will face resistance from some of the most powerful companies in the world. "But we will take them on, and we will win, because the need for action could not be any clearer." Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress