Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • A Possible US Government iPhone-Hacking Toolkit Is Now In the Hands of Foreign Spies, Criminals
    by BeauHD on 04/03/2026 at 3:00 am

    Security researchers say a highly sophisticated iPhone exploitation toolkit dubbed "Coruna," which possibly originated from a U.S. government contractor, has spread from suspected Russian espionage operations to crypto-stealing criminal campaigns. Apple has patched the exploited vulnerabilities in newer iOS versions, but tens of thousands of devices may have already been compromised. An anonymous reader quotes an excerpt from Wired's report: Security researchers at Google on Tuesday released a report describing what they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code. In total, Coruna takes advantage of 23 distinct vulnerabilities in iOS, a rare collection of hacking components that suggests it was created by a well-resourced, likely state-sponsored group of hackers. In fact, Google traces components of Coruna to hacking techniques it spotted in use in February of last year and attributed to what it describes only as a "customer of a surveillance company." Then, five months later, Google says a more complete version of Coruna reappeared in what appears to have been an espionage campaign carried out by a suspected Russian spy group, which hid the hacking code in a common visitor-counting component of Ukrainian websites. Finally, Google spotted Coruna in use yet again in what seems to have been a purely profit-focused hacking campaign, infecting Chinese-language crypto and gambling sites to deliver malware that steals victims cryptocurrency. Conspicuously absent from Google's report is any mention of who the original surveillance company "customer" that deployed Coruna may have been. But the mobile security company iVerify, which also analyzed a version of Coruna it obtained from one of the infected Chinese sites, suggests the code may well have started life as a hacking kit built for or purchased by the US government. Google and iVerify both note that Coruna contains multiple components previously used in a hacking operation known as "Triangulation" that was discovered targeting Russian cybersecurity firm Kaspersky in 2023, which the Russian government claimed was the work of the NSA. (The US government didn't respond to Russia's claim.) Coruna's code also appears to have been originally written by English-speaking coders, notes iVerify's cofounder Rocky Cole. "It's highly sophisticated, took millions of dollars to develop, and it bears the hallmarks of other modules that have been publicly attributed to the US government," Cole tells WIRED. "This is the first example we've seen of very likely US government tools -- based on what the code is telling us -- spinning out of control and being used by both our adversaries and cybercriminal groups." Regardless of Coruna's origin, Google warns that a highly valuable and rare hacking toolkit appears to have traveled through a series of unlikely hands, and now exists in the wild where it could still be adopted -- or adapted -- by any hacker group seeking to target iPhone users. "How this proliferation occurred is unclear, but suggests an active market for 'second hand' zero-day exploits," Google's report reads. "Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities." Read more of this story at Slashdot.

  • OpenAI Is Developing an Alternative To GitHub
    by BeauHD on 04/03/2026 at 1:00 am

    OpenAI is reportedly developing a code-hosting platform that could compete with GitHub, The Information reported on Tuesday. "If OpenAI does sell the product, it would mark a bold move by the creator of ChatGPT to compete directly against Microsoft, which holds a significant stake in the firm," notes Reuters. From the report: Engineers from OpenAI encountered a rise in service disruptions that rendered GitHub unavailable in recent months, which ultimately prompted the decision to develop the new product, the report said. The OpenAI project is in its early stages and likely will not be completed for months, according to The Information. Employees working on it have considered making the code repository available for purchase to OpenAI's customer base. Read more of this story at Slashdot.

  • Google Chrome Is Switching To a Two-Week Release Cycle
    by BeauHD on 03/03/2026 at 11:00 pm

    Google is accelerating Chrome's major release cadence from four weeks to two starting with version 153 on September 8th. "...our goal is to ensure developers and users have immediate access to the latest performance improvements, fixes and new capabilities," says Google. "Building on our history of adapting our release process to match the demands of a modern web, Chrome is moving to a two-week release cycle." The company says the "smaller scope" of these releases "minimizes disruption and simplifies post-release debugging." They also cite "recent process enhancements" that will "maintain [Chrome's] high standards for stability." 9to5Google reports: There will still be weekly security updates between milestones. This applies to desktop, Android, and iOS, while there are "no changes to the Dev and the Canary channels": "A Chrome Beta for each version will ship three weeks before the stable release. We recommend developers test with the beta to keep up to date with any upcoming changes that might impact your sites and applications." The eight-week Extended Stable release schedule for enterprise customers and Chromium embedders will not change. Chromebooks will also have "extended release options": "Our priority is a seamless experience, so the latest Chrome releases will roll out to Chromebooks after dedicated platform testing. We are adapting these channels for the new two-week browser cycle and we will share more details soon regarding milestone updates for managed devices." Read more of this story at Slashdot.

  • LibreOffice Says Its UI Is Way Better Than Microsoft Office's
    by BeauHD on 03/03/2026 at 10:00 pm

    darwinmac writes: While many users choose Microsoft Office over LibreOffice because of its support for the proprietary formats (.docx, .xlsx, and .pptx), others prefer Office for its "better" ribbon interface. These users often criticize LibreOffice for having a "clunky" UI instead of the "standard" ribbon interface you would find in Word, Excel, and other Office apps. Now, Neowin reports that LibreOffice is fighting back, arguing that its UI is actually superior because it is customizable, with several modes such as the classic toolbar interface, an Office-inspired ribbon layout, a sidebar-focused design, and more. Furthermore, it argues that there is no evidence that the ribbon offers "superior usability" over other interface modes. LibreOffice says in a blog post: Incidentally, the characterization of ribbon-style interfaces as "modern" or "standard," used by several users, is not based on any objective usability parameter or design principle, but is the result of Microsoft's dominance in the market and the huge investments made when the ribbon was introduced in Office 2007 as a new paradigm for productivity software. The idea that "modern" equals "similar to a ribbon" is a normalization effect: the Microsoft interface has become a benchmark because of its ubiquity, not because of its proven advantages in terms of usability. Added to this is the fact that many users evaluate office software through the lens of familiarity with Microsoft Office and consider deviation from it as a problem rather than a design choice. Before this, LibreOffice had also criticized its competitor OnlyOffice, accusing it of being "fake open source" because it believes OnlyOffice is working with Microsoft to lock users into the Office ecosystem by prioritizing the formats mentioned earlier instead of LibreOffice's own OpenDocument Format (ODF). Read more of this story at Slashdot.

  • Meta's AI Display Glasses Reportedly Share Intimate Videos With Human Moderators
    by BeauHD on 03/03/2026 at 9:00 pm

    An anonymous reader quotes a report from Engadget: Users of Meta's AI smart glasses in Europe may be unknowingly sharing intimate video and sensitive financial information with moderators outside of the bloc, according to a report from Sweden's Svenska Dagbladet released last week. Employees in Kenya doing AI "annotation" told the journalists that they've seen people nude, using the toilet and engaging in sexual activity, along with credit card numbers and other sensitive information. With Meta's Ray-Ban Display and other glasses with AI capabilities, users can record what they're looking at or get answers to questions via a Meta AI assistant. If a wearer wants to make use of that AI, though, they must agree to Meta's terms of service that allow any data captured to be reviewed by humans. That's because Meta's large language models (LLMs) often require people to annotate visual data so that the AI can understand it and build its training models. This data can end up in places like Nairobi, Kenya, often moderated by underpaid workers. Such actions are subject to Europe's GDPR rules that require transparency about how personal data is processed, according to a data protection lawyer cited in the report. However, Svenska Dagbladet's reporters said they needed to jump through some hoops to see Meta's privacy policy for its wearable products. That policy states that either humans or automated systems may review sensitive data, and puts the onus on the user to not share sensitive information. Read more of this story at Slashdot.

  • OpenAI Amends Pentagon Deal As Sam Altman Admits It Looks 'Sloppy'
    by BeauHD on 03/03/2026 at 8:00 pm

    OpenAI is amending its Pentagon contract after CEO Sam Altman acknowledged it appeared "opportunistic and sloppy." On Monday night, Altman said the company would explicitly restrict its technology from being used by intelligence agencies and for mass domestic surveillance. The Guardian reports: OpenAI, which has more than 900 million users of ChatGPT, made the deal almost immediately after the Pentagon's existing AI contractor, Anthropic, was dropped. [...] The deal prompted an online backlash against OpenAI, with users of X and Reddit encouraging a "delete ChatGPT" campaign. One post read: "You're now training a war machine. Let's see proof of cancellation." In a message to employees reposted on X, the OpenAI CEO said the original deal announced on Friday had been struck too quickly after Anthropic was dropped. "We shouldn't have rushed to get this out on Friday," Altman wrote. "The issues are super complex, and demand clear communication. We were genuinely trying to de-escalate things and avoid a much worse outcome, but I think it just looked opportunistic and sloppy." Upon announcing the deal, OpenAI had said the contract had "more guardrails than any previous agreement for classified AI deployments, including Anthropic's." [...] However, observers including OpenAI's former head of policy research, Miles Brundage, have queried how OpenAI has managed to secure a deal that assuages ethical concerns Anthropic believed were insurmountable. Posting on X, he wrote: "OpenAI employees' default assumption here should unfortunately be that OpenAI caved + framed it as not caving, and screwed Anthropic while framing it as helping them." Brundage added: "To be clear, OAI is a complex org, and I think many people involved in this worked hard for what they consider a fair outcome. Some others I do not trust at all, particularly as it relates to dealings with government and politics." In his X post, he also wrote that he would "rather go to jail" than follow an unconstitutional order from the government. "We want to work through democratic processes," Brundage wrote. "It should be the government making the key decisions about society. We want to have a voice, and a seat at the table where we can share our expertise, and to fight for principles of liberty." Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress