Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • NASA Announces Astronauts For Its Artemis III Mission
    by BeauHD on 10/06/2026 at 7:00 am

    NASA has named Randy Bresnik, Luca Parmitano, Frank Rubio, and Andre Douglas as the crew for Artemis III, which has been reworked from a moon-landing mission into a roughly two-week Earth-orbit test of lunar landers being built by SpaceX and Blue Origin. NBC News reports: Randy Bresnik, Luca Parmitano, Frank Rubio and Andre Douglas are expected to launch into Earth orbit next year, with the goal of testing two commercially developed lunar landers that are slated to carry astronauts to the surface of the moon during the Artemis IV mission in 2028. Bresnik will be the mission's commander, with Parmitano, an Italian astronaut with the European Space Agency, serving as the pilot. Douglas and Rubio will be mission specialists, and Bob Hines will train with the crew as a backup member. "This test flight will enable us to prove we can carry out highly choreographed operations with our partners across hardware interfaces, software propulsion systems and life support elements with crew in the high-stakes space environment," Jeremy Parsons, NASA's Artemis program manager, said during NASA's announcement on Tuesday. Bresnik has been to the International Space Station twice, most recently as commander of an expedition in 2017. A retired U.S. Marine colonel, he was selected as a NASA astronaut in 2004. Bresnik has helped oversee development and testing of spacecraft for the Artemis program as an assistant to the chief of the Astronaut Office, which manages astronaut training and operations. Parmitano has also done two stints on the ISS and served as commander of an expedition in 2019. He has completed a total of six spacewalks and also performed the first live DJ set in orbit. Before becoming an astronaut, Parmitano was a test pilot for the Italian air force. For Rubio, a physician with 28 years of service in the Army, Artemis III will be his second trip to space. From 2022 to 2023, he spent 371 days on the space station, breaking the record for longest-duration spaceflight by an American, according to NASA. Douglas is the only crew member making his spaceflight debut. An engineer who previously worked on space exploration and robotics at Johns Hopkins University Applied Physics Lab, he became a NASA astronaut in 2022. Douglas was the backup crew member for the Artemis II mission around the moon earlier this year. He told NBC News in an interview after Tuesday's announcement that the role had at times been a challenge. "It was hard to figure out how do you balance getting ready to go, not go, all that stuff," he said. "But to go now is just fantastic." Read more of this story at Slashdot.

  • FCC Wants To Kill Burner Phones By Forcing Telecoms To Get All Customers' IDs
    by BeauHD on 10/06/2026 at 3:30 am

    An anonymous reader quotes a report from 404 Media: The Federal Communications Commission (FCC) wants to make it effectively impossible for people to buy what many call burner phones -- a phone not explicitly linked to your identity at the point of purchase -- which would impact privacy-conscious people, to domestic abuse survivors, to journalists, and many more. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identification number and their physical address, alarming privacy advocates and civil rights activists who compare the measures to those from authoritarian countries where it can be difficult to buy a mobile phone plan without giving up your identity. The proposed change would drastically shake up how people obtain phone plans in the U.S., and have all sorts of privacy and cybersecurity knock-on effects. The FCC is proposing the data collection partly as a way to combat scammers, with telecoms being required to collect other information on business and foreign customers like the intended use case of their bulk phone plan purchase and their IP address. But the changes would mean telecoms collect data on all new and renewing customers, and the FCC provides a long list of other things that the collected data could help authorities with. In a synopsis of the proposed changes, the FCC writes, "Specifically, we seek comment on requiring originating providers to, at a minimum, obtain and retain the name, physical address, government issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services." The goal of collecting this data, the FCC writes, is to deter some scammers from getting onto a telecom network in the first place, and so "enforcers will be better able to identify the scammers when they do." The FCC compares the changes to the sort of data collected by banks to prevent money laundering. One section stresses that the newly collected data would help "law enforcement to more easily identify callers that use the network to perpetuate crimes by ensuring that voice providers have accurate and complete customer information." It goes on to ask if the data would help identify people buying and selling illicit goods; the investigation of "fraud, espionage, or influence operations that undermine national security", and "address abuse in text messaging networks." "Criminals continue to leverage the anonymity provided by phone calls and texts to defraud Americans and exploit communications networks to further other crimes," one section reads. "For decades, civil libertarians have looked overseas at authoritarian countries where the government requires people to register to get a mobile phone to ensure they can be tracked. We never thought that would happen here," Jay Stanley, senior policy analyst at the American Civil Liberties Union's (ACLU) Speech, Privacy, and Technology Project told 404 Media in an email. "But make no mistake: with this rulemaking, the government is contemplating taking away people's ability to get a burner phone, which will hurt low-income people, domestic violence victims, and anyone else who cares about their privacy." Read more of this story at Slashdot.

  • US Labels BYD, Baidu, Alibaba and Other Tech Giants As Aiding China's Military
    by BeauHD on 09/06/2026 at 11:00 pm

    The Pentagon has added Alibaba, BYD, Baidu, Unitree, and other Chinese companies to its list of firms it says support China's military, barring them from U.S. defense contracts. The companies and China's embassy deny the allegations. The Associated Press reports: Created in 2021 by a congressional mandate, the list (PDF) seeks to identify Chinese companies that the Pentagon considers to have links to the Chinese military -- not only those directly controlled by the Chinese military and security forces but also those contributing to the country's defense industrial base. When updating the list last year, the Pentagon said the Chinese military sought to acquire advanced technologies and expertise developed by Chinese companies, universities and research programs that "appear to be civilian entities." The Chinese Embassy on Monday accused the U.S. of "overstretching the concept of national security and making discriminatory lists to go after Chinese companies." It said Chinese companies observe the laws and regulations of the countries where they do business. "The U.S. should stop its wrong practice and create a fair, just and non-discriminatory environment for Chinese companies," the embassy said in a statement. [...] The Chinese Embassy on Monday accused the U.S. of "overstretching the concept of national security and making discriminatory lists to go after Chinese companies." It said Chinese companies observe the laws and regulations of the countries where they do business. "The U.S. should stop its wrong practice and create a fair, just and non-discriminatory environment for Chinese companies," the embassy said in a statement. Read more of this story at Slashdot.

  • EU Orders Meta To Open WhatsApp To Rival AI Chatbots
    by BeauHD on 09/06/2026 at 10:00 pm

    The European Commission has ordered Meta to temporarily restore free WhatsApp Business API access for rival AI chatbots while it investigates whether Meta's ban on third-party assistants abuses its dominant position. Meta says it will appeal, calling the move "regulatory overreach" that would let major AI companies use a paid WhatsApp product for free. The BBC reports: The EU said it began its investigation, in December 2025, after Meta banned third-party general-purpose AI assistants from the WhatsApp for Business API. It said that appeared to be an abuse of Meta's dominant position in European markets. So, as an interim measure as its investigation continues, it has given Meta five working days to re-instate access for third-party general-purpose AI assistants to the WhatsApp for Business API under the same terms and conditions that were in place previously. "In rapidly evolving markets, competition can be lost long before a final decision is adopted," said Teresa Ribera, the Commission's executive vice-president for clean, just and competitive transition. "This is why these interim measures will remain in place for the duration of the investigation." She added the decision "preserved choice for citizens across Europe on the AI assistants they want to use with WhatsApp, without that decision being made for them." The Commission said if Meta failed to comply with its interim decision it could be fined up to 10% up of its total turnover. "The European Commission has decided that OpenAI and some of the largest companies in the world can use the paid-for WhatsApp Business product for free," it said in a statement. "This is regulatory overreach subsidized by the many European companies that pay. We will appeal." Read more of this story at Slashdot.

  • Anthropic Releases Claude Fable, a 'Safe' Version of Mythos
    by BeauHD on 09/06/2026 at 9:00 pm

    Anthropic is releasing Claude Fable 5, a Mythos-class AI model for enterprise customers and paid subscribers. The company says broader access is possible thanks to new safeguards that block high-risk requests in areas like cybersecurity and biology. "For us, it's really around what we call 'race to the top,' being able to provide this technology in a valuable fashion, and at the same time providing the right safety guardrails so that it can do asymmetrically more benefits than harm," Dianne Penn, Anthropic's head of product management for research, told CNBC in an interview. CNBC reports: [W]ith the launch of Claude Fable 5, Anthropic is honoring its stated "eventual goal" to deploy Mythos-class models at scale. It's also capitalizing on growing momentum and investor interest in its technology ahead of a potentially massive IPO, which is expected to take place as soon as this year. Anthropic said Claude Fable 5 shows "exceptional performance" across software engineering and knowledge work tasks. On some benchmarks, it scored more than 10% higher than Claude Opus 4.8, another model the company announced late last month, according to a blog post. Claude Fable 5 represents a "significant jump" in capability, which is why Anthropic had to implement additional guardrails to prevent misuse, Penn said. If a user asks a high-risk question, like how to make ricin, a toxin, for instance, the model will block its response and fall back to Claude Opus 4.8 to deliver a safe answer. "What we wanted to do was to be very intentional about building new types of classifiers and new types of safety guardrails in place for this launch," Penn said. Anthropic also released an updated Mythos model called Claude Mythos 5. "It's the same underlying model as Claude Fable 5, but with the safeguards lifted in some areas," reports CNBC. Read more of this story at Slashdot.

  • High-Severity Vulnerability In Linux Caused By a Single Errant Character
    by BeauHD on 09/06/2026 at 8:00 pm

    An anonymous reader quotes a report from Ars Technica: Researchers have analyzed a high-severity vulnerability in Linux that's able to escalate untrusted users to root by exploiting a bug you don't often see: a single errant character inside the kernel. The vulnerability, tracked as CVE-2026-23111, is located in nf_tables, a subsystem of the Linux kernel that provides packet filtering capabilities. It's used to manage firewall rules and replaces older subsystems such as iptables, ip6tables, arptables, and ebtables. The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven't been properly freed of their previous contents. CVE-2026-23111 can be exploited by an unprivileged user or process to elevate system rights to root. The exploit works by disrupting the deletion of verdicts -- a determination within the nf_tables framework that determines if a packet matches a rule calling for a certain action to be performed. This process can use what are known as catchall elements, which act as a wildcard in the event a lookup doesn't match any other element in the set. When a verdict map is deleted from memory, catchall elements are deactivated and a chain's reference counter is decremented. When errors occur the deletion can be reversed and the counter incremented. CVE-2026-53111 allows for that process to be altered. As a result, the exploit can decrement the variable an arbitrary number of times and then delete and free the chain when some objects still point to it. Although the kernel vulnerability was fixed in February, multiple proof-of-concept exploits have since emerged, including one from FuzzingLabs in April and another from Exodus Intelligence that works on Debian and Ubuntu. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress