Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • 'TotalRecall Reloaded' Tool Finds a Side Entrance To Windows 11 Recall Database
    by BeauHD on 16/04/2026 at 11:00 pm

    An anonymous reader quotes a report from Ars Technica: Two years ago, Microsoft launched its first wave of "Copilot+" Windows PCs with a handful of exclusive features that could take advantage of the neural processing unit (NPU) hardware being built into newer laptop processors. These NPUs could enable AI and machine learning features that could run locally rather than in someone's cloud, theoretically enhancing security and privacy. One of the first Copilot+ features was Recall, a feature that promised to track all your PC usage via screenshot to help you remember your past activity. But as originally implemented, Recall was neither private nor secure; the feature stored its screenshots plus a giant database of all user activity in totally unencrypted files on the user's disk, making it trivial for anyone with remote or local access to grab days, weeks, or even months of sensitive data, depending on the age of the user's Recall database. After journalists and security researchers discovered and detailed these flaws, Microsoft delayed the Recall rollout by almost a year and substantially overhauled its security. All locally stored data would now be encrypted and viewable only with Windows Hello authentication; the feature now did a better job detecting and excluding sensitive information, including financial information, from its database; and Recall would be turned off by default, rather than enabled on every PC that supported it. The reconstituted Recall was a big improvement, but having a feature that records the vast majority of your PC usage is still a security and privacy risk. Security researcher Alexander Hagenah was the author of the original "TotalRecall" tool that made it trivially simple to grab the Recall information on any Windows PC, and an updated "TotalRecall Reloaded" version exposes what Hagenah believes are additional vulnerabilities. The problem, as detailed by Hagenah on the TotalRecall GitHub page, isn't with the security around the Recall database, which he calls "rock solid." The problem is that, once the user has authenticated, the system passes Recall data to another system process called AIXHost.exe, and that process doesn't benefit from the same security protections as the rest of Recall. "The vault is solid," Hagenah writes. "The delivery truck is not." The TotalRecall Reloaded tool uses an executable file to inject a DLL file into AIXHost.exe, something that can be done without administrator privileges. It then waits in the background for the user to open Recall and authenticate using Windows Hello. Once this is done, the tool can intercept screenshots, OCR'd text, and other metadata that Recall sends to the AIXHost.exe process, which can continue even after the user closes their Recall session. "The VBS enclave won't decrypt anything without Windows Hello," Hagenah writes. "The tool doesn't bypass that. It makes the user do it, silently rides along when the user does it, or waits for the user to do it." A handful of tasks, including grabbing the most recent Recall screenshot, capturing select metadata about the Recall database, and deleting the user's entire Recall database, can be done with no Windows Hello authentication. Once authenticated, Hagenah says the TotalRecall Reloaded tool can access both new information recorded to the Recall database as well as data Recall has previously recorded. "We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data," a Microsoft spokesperson told Ars. "The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries." Read more of this story at Slashdot.

  • OpenAI's Big Codex Update Is a Direct Shot At Claude Code
    by BeauHD on 16/04/2026 at 10:00 pm

    OpenAI is updating Codex with more agent-like capabilities, positioning it as a more direct rival to Anthropic's Claude Code. Some of the new features include the ability to operate macOS desktop apps, browse the web inside the app, generate images, use new workplace plug-ins, and remember useful context from past tasks. The Verge reports: Codex will now be able to operate desktop apps on your computer, OpenAI says in a blog post announcing the update. It can work in the background, meaning it won't interfere with your own work in other apps, and multiple agents can work in parallel. For developers, OpenAI says "this is helpful for testing and iterating on frontend changes, testing apps, or working in apps that don't expose an API." The feature will start rolling out to Codex desktop app users signed in with ChatGPT today and will initially be limited to macOS. OpenAI did not indicate a timeline for when use will expand to other operating systems. EU users will also have to wait, it said, adding that the update will roll out to users there "soon." Codex is also getting the ability to generate and iterate on images with gpt-image-1.5, new plug-ins for tools like GitLab, Atlassian Rovo, and Microsoft Suite, and native web browsing through an in-app browser, "where you can comment directly on pages to provide precise instructions to the agent." OpenAI also said it will also be easier to automate tasks, with users able to re-use existing conversation threads and Codex now able to schedule future work for itself and wake up automatically to continue on a long-term task. Codex will also be getting a memory feature allowing it to remember useful context from past experience, such as personal preferences, corrections, and information that took time to gather. OpenAI said it hopes the opt-in feature, which will be released as a preview, will help future tasks complete faster and to a quality that previously required detailed custom instructions. The personalization features will roll out to Enterprise, Edu, and EU users "soon." Read more of this story at Slashdot.

  • Is Linux Mint In Trouble?
    by BeauHD on 16/04/2026 at 9:00 pm

    BrianFagioli writes: The developers behind Linux Mint say the project is rethinking its release strategy and moving toward a longer development cycle, with the next version now expected around Christmas 2026. In a monthly update, project lead Clement Lefebvre said the team reached a "crossroads" and needs more flexibility to fix bugs, improve the desktop, and adapt to rapid changes across the Linux ecosystem. The upcoming development build, temporarily called Mint 23 "Alfa," is currently based on Ubuntu 26.04 LTS and includes Linux kernel 7.0, an unstable build of Cinnamon 6.7, and early Wayland related work. Mint is also replacing the long used Ubiquity installer with "live-installer," the same tool used by Linux Mint Debian Edition, allowing the project to unify installation infrastructure across its Ubuntu based and Debian based variants. While the team frames the changes as an opportunity to improve quality and reduce maintenance overhead, the shift has raised questions about the project's long term direction and whether Linux Mint may eventually lean more heavily on its Debian roots rather than its traditional Ubuntu base. Read more of this story at Slashdot.

  • Europe Has 'Maybe 6 Weeks of Jet Fuel Left'
    by BeauHD on 16/04/2026 at 8:00 pm

    The head of the International Energy Agency warned that Europe may have only "six weeks or so" of jet fuel left if oil supplies remain blocked by the Iran war and the Strait of Hormuz stays disrupted. The Associated Press reports: IEA Executive Director Fatih Birol painted a sobering picture of the global repercussions of what he called "the largest energy crisis we have ever faced," stemming from the pinch-off of oil, gas and other vital supplies through the Strait of Hormuz. "In the past there was a group called 'Dire Straits.' It's a dire strait now, and it is going to have major implications for the global economy. And the longer it goes, the worse it will be for the economic growth and inflation around the world," he told The Associated Press. The impact will be "higher petrol (gasoline) prices, higher gas prices, high electricity prices," said Birol, speaking in his Paris office looking out over the Eiffel Tower. Economic pain will be felt unevenly and "the countries who will suffer the most will not be those whose voice are heard a lot. It will be mainly the developing countries. Poorer countries in Asia, in Africa and in Latin America," said the Turkish economist and energy expert who has led the IEA since 2015. But without a settlement of the Iran war that permanently reopens the Strait of Hormuz, "Everybody is going to suffer," he added. "Some countries may be richer than the others. Some countries may have more energy than the others, but no country, no country is immune to this crisis," he said. Read more of this story at Slashdot.

  • Google, Pentagon Discuss Classified AI Deal
    by BeauHD on 16/04/2026 at 7:00 pm

    An anonymous reader quotes a report from Reuters: Alphabet's Google is negotiating an agreement with the Department of Defense that would allow the Pentagon to deploy its Gemini AI models in classified settings, the Information reported on Thursday, citing two people with direct knowledge of the discussions. The two parties are discussing an agreement that would allow the Pentagon to use Google's AI for all lawful uses, according to the report. During the negotiations, Google has proposed additional language in its contract with the department to prevent its AI from being used for domestic mass surveillance or autonomous weapons without appropriate human control, the Information reported. The Pentagon will continue to deploy frontier AI capabilities through strong industry partnerships across all classification levels, a Pentagon official said, without confirming any talks with Google. Read more of this story at Slashdot.

  • IPv6 Usage Reaches Historic 50% Across Google Services
    by BeauHD on 16/04/2026 at 6:00 pm

    IPv6 usage briefly reached 50% across Google services for the first time, marking a major milestone for a protocol created in 1998 to solve IPv4's address shortage. Tom's Hardware reports: [...] IPv6 was dismissed early on as a headache-inducing, hard-to-implement complication that would hardly ever gain any traction -- despite offering 2^128 possible numbers, solving all network number assignments in one fell swoop. That changed over time by force of necessity, and Google's tracking graph shows that for a brief moment in time on March 28, 50% of worldwide users accessed the service over an IPv6 connection, marking a historic first. APNIC's stats show that the protocol is in use by 43% of the world, with Asia and the Americas inching ever close to those 50%. Cloudflare, meanwhile, shows that 40% of traffic is done in IPv6, an actually impressive figure if you consider it's measuring actual transferred packets rather than just counting addresses. The tried-and-true IPv4 and its well-known 123.456.789.123 format from 1980 offers ~4.3 billion addresses in theory, and around 3.7 billion in practice. That always sounded like a lot, but nobody could have predicted just how rapid the explosion of the Internet would be. IANA, the entity controlling the North-American IPv4 space, ran out of IPv4 addresses around 2011, while its European equivalent RIPE NCC could spare no more four-octet addresses nearly seven years ago in 2019. Asian, African, and Latin-American IP registries equally ran out during that timeframe. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress