Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack
    by BeauHD on 04/06/2026 at 10:00 pm

    A new npm supply-chain attack has infected 36 packages with Rust-based infostealer malware called IronWorm. According to BleepingComputer, the malware "targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files." From the report: According to researchers at supply-chain and devops company JFrog, IronWorm is written in Rust, hides behind an eBPF kernel rootkit, and communicates with the operator over the Tor network. The Rust-based malware self-propagates by using stolen credentials for publishing on npm; this includes secrets associated with npm's Trusted Publishing workflow. Once it compromises a developer or CI environment, it can publish trojanized versions of packages owned by the victim, which then infect additional developers and CI systems. This behavior is conceptually similar to Shai Hulud, which had its code published on GitHub recently. Although JFrog researchers did not find a clear connection between IronWorm and Shai Hulud, they observed the same commit names in both supply-chain attacks. This opens the possibility that the new malware is an evolution of TeamPCP's payload, since IronWorm appears to be "a custom, carefully built implant from an operation with its own infrastructure." [...] The company provides a list of all impacted package names and their versions in the report and recommends that developers upgrade to fixed releases, rotate their keys, and enable two-factor authentication (2FA) for all accounts. At the same time, Endor Labs and StepSecurity have spotted a very similar but distinct attack involving a JavaScript-based malware named binding.gyp, performing registry poisoning and GitHub Actions infection, unfolding during the same time-frame. Read more of this story at Slashdot.

  • Companies Are Using Reddit To Manipulate ChatGPT and Google AI Search
    by BeauHD on 04/06/2026 at 9:00 pm

    An anonymous reader quotes a report from 404 Media: The moderators of the biohacking subreddit say that peptide and hormone replacement therapy companies have been surreptitiously spamming Reddit in an attempt to get their posts scraped by AI chatbots. The strategy is an effort to systematically manipulate the answers provided by chatbots by manipulating the underlying source material that those chatbots will scrape -- in this case, a popular Reddit community. In a post last week, the moderators of r/biohackers said they would be banning new posts about peptides and hormone replacement therapy (HRT) because of attempted manipulation by the companies that make, market, and sell them. [...] "As AI search engines increasingly pull answers from Reddit, companies are using us for AEO. On top of that, there's been an explosion of peptide interest and AI usage flooding the sub. Together, this has put serious pressure on content quality," a post by the moderators read. [...] It has become incredibly difficult to stop Reddit manipulation, because the firms doing it are getting more sophisticated. The moderator said that there are really standard and long-running strategies where brands will hop in the comments and suggest their products: "That type of marketing has always existed and if people want to try something new because the brand resonated with them, cool. That's the way marketing should flow in my mind," they said. "But what I'm seeing that is way scarier to me is that there are companies that will reverse-engineer the actual prompt patterns that are prioritized by LLMs, and so you'll see someone post a super clickbait, high-traction, vague question like 'Is all the hype around Vitamin D actually worth it?" they added. "And that thread will do really well because everyone on biohackers actually has an opinion, so it gets engagement and prioritized by LLMs, and then brands will sneak in and they'll embed their brand mentions in those threads in the exact right places in a seemingly organic way. But none of it is organic, the entire thing is a strategy by an agency to prioritize brand mentions or a narrative within an LLM." The Reddit accounts that are doing this are "warmed up" or are made to seem human, meaning they have a posting history that is not just promotional. This makes them much harder to detect and moderate against. Some of the agencies doing this are paying real people to post promotional content, or have built communities where people are incentivized to post promotional content. The moderator said that Reddit's automated moderation tools have been helpful, but that the type of promotion happening has become so sophisticated that it has become more of a you-know-it-if-you-see it kind of thing. "A lot of it has become pattern recognition," they said. "You literally just sort of know what to look for. But the problem is you don't want to become punitive to the people who aren't doing this maliciously, and so I think the over-moderation risk is very real." Read more of this story at Slashdot.

  • Meta Keeps Delaying the Release of Its New AI Model to Developers
    by BeauHD on 04/06/2026 at 8:00 pm

    Meta has reportedly delayed the developer release of its Muse Spark AI model API multiple times, and as of Tuesday, had no scheduled launch date, according to the Wall Street Journal (paywalled). Reuters reports: A Meta spokesperson told Reuters on Wednesday that the company is already testing the Application Programming Interface (API) with some early partners and is looking forward to releasing it this month. "The muse spark API will be coming soon," Meta AI Chief Alexandr Wang announced in a post on X in April. Meta unveiled Muse Spark in April as the first model built to close the gap with rivals. Muse Spark is the first in a new series of models created by the company's Superintelligence Labs. Earlier on Wednesday, Meta unveiled an AI agent aimed at helping businesses carry out day-to-day operations, hinting at the company's ambitions to compete with rivals such as OpenAI, Anthropic and Alphabet's Google. Read more of this story at Slashdot.

  • LinkedIn China Spying Threat Prompts Warning From US, Allies
    by BeauHD on 04/06/2026 at 7:00 pm

    The U.S. and its Five Eyes intelligence partners issued a joint warning (PDF) that Chinese military intelligence services are using LinkedIn and other professional networking sites to recruit people with access to government, military, foreign policy, or sensitive economic information. "These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks or human resources firms, and place online job advertisements for foreign policy and defense analysts," the agencies said Wednesday. "China's military intelligence services ultimately seek to acquire privileged military, political and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes." Bloomberg reports: China was targeting Five Eyes nationals with security clearance, particularly those working in foreign affairs, security and intelligence, and military personnel including people stationed in the Asia-Pacific region, it said. People with more peripheral access to government information, such as academics, journalists and think tank employees, were also being approached. The Chinese embassy in the UK strongly condemned the accusations, calling the allegation of Chinese espionage threats "entirely fabricated" and "malicious slander." The "Five Eyes" members have "engaged in unscrupulous espionage and intelligence-gathering activities around the globe. Their activities are the real threat to peace-loving countries," the embassy said in a statement Thursday. [...] According to the agencies, Chinese spies have commissioned reports to be written by those they've approached, paying them anywhere from a few hundred to several thousand dollars, with payments sometimes made in cryptocurrency. "Military members may be asked about their roles and unit activities, home base or naval vessel," the notice said. "Five Eyes agencies have identified individuals who have undertaken these activities, leading to criminal prosecutions, job losses, and security-clearance revocation," it warned. Read more of this story at Slashdot.

  • Supreme Court Sides With Trump Administration On Federal Regulation of Telecom Companies
    by BeauHD on 04/06/2026 at 6:00 pm

    An anonymous reader quotes a report from the Associated Press: The Supreme Court sided with the Trump administration Thursday in upholding the power of federal regulators to enforce data privacy laws on telecommunications companies. The 8-1 decision (PDF) preserved one of the Federal Communications Commission's key tools, though the companies also won a concession from the Republican administration that could shift the regulatory landscape. The appeal from telecommunications giants Verizon and AT&T challenged a combined $100 million in penalties imposed after the agency determined that the companies had failed to safeguard customer location data. The companies argued that the FCC's process was unconstitutional because it gave them little opportunity to tell their side of the story in front of a jury. The administration defended the fines are an essential regulatory tool. But the government also said companies did not have to pay the penalties right away, a regulatory shift in the companies' favor. The Supreme Court agreed, affirming the FCC's power to order fines when challenges are still available. "The orders at issue did not settle the carriers' legal obligations because, stated simply, they did not create an obligation to pay," Chief Justice John Roberts wrote for the majority. [...] Other agencies use similar enforcement methods, so a sweeping victory for AT&T and Verizon could have had widespread effects, advocates said. Read more of this story at Slashdot.

  • Samsung Ditches New Jersey For Texas, Costing Garden State 1,000 Jobs
    by BeauHD on 04/06/2026 at 5:00 pm

    schwit1 shares a report from NJ.com: Samsung is pulling up stakes in New Jersey and heading to Texas, a move that could leave roughly 1,000 Garden State workers facing a stark choice: relocate or risk losing their jobs. The South Korean tech giant confirmed this week that it will move its US headquarters from Englewood Cliffs, NJ, to its existing campus in Plano, Texas, marking a stunning reversal less than a year after it celebrated the opening of a new headquarters in Bergen County. The relocation is expected to be completed by the end of the year, according to company statements. "Samsung Electronics America Inc. is undergoing a business transformation designed to better position our organization for long-term growth and future success. As part of this effort, we are relocating our U.S. headquarters from New Jersey to our existing campus in Plano, Texas, building on our 30-year presence in the state," said Samsung in a statement emailed to NJ.com on Tuesday. "As part of this strategy, we will be optimizing parts of the organization to ensure our roles and functions align to key business priorities. We recognize such adjustments will have an impact on our people and we will be providing support to those affected," it continued. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress