Article 43
Privacy And Rights
Tuesday, August 15, 2023
The Dot In An Email Address
It was bad enough learning EMAILS LEFT UNOPENED on a providor’s email server are officially “abandoned” after 180 days, giving the government and ISPs the legal right to open and read them. The last effort to put an end to that - HR 387 - didn’t pass congress.
It was a hundred times worse to realize that email SPAM filters peek and read inside emails, and there may no way to SHUT THEM OFF.
The automated systems scan the content of emails for spam and malware detection, as many other email providers automatically do, but also as part of Google’s “priority inbox” service and tailored advertising.
Google’s ads use information gleaned from a user’s email combined with data from their Google profile as a whole, including search results, map requests and YouTube views, to display what it considers are relevant ads in the hope that the user is more likely to click on them and generate more advertising revenue for Google.
Are you one of those people who has a GMAIL ADDRESS like firstname.lastname[at]gmail.com?
Read THIS:
Dots don’t matter in Gmail addresses
If someone accidentally adds dots to your address, you’ll still get that email. For example, if your email is johnsmith[at]gmail.com, you own all dotted versions of your address:
john.smith[at]gmail.com
jo.hn.sm.ith[at]gmail.com
j.o.h.n.s.m.i.t.h[at]gmail.comYour Gmail address is unique. If anyone tries to create a Gmail account with a dotted version of your username, they’ll get an error saying the username is already taken.
For example, if your address is , no one can sign up for .
Your account is still private and secure. Emails sent to any dotted version of your address will only go to you.
For example, johnsmith[@]gmail.com and j.o.h.n.s.m.i.t.h[@]gmail.com are the same address and go to one inbox.
Section Privacy And Rights • Section Broadband Privacy •
View (0) comment(s) or add a new one •
Printable view • Link to this article •
Home •
Tuesday, July 25, 2023
Police Radio Backdoors
Vendors knew all about it, but most customers were clueless.
- ARS Technica
---
Code Kept Secret for Years Reveals Its Flaw - a Backdoor
A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty
By Kim Zetter
Wired
July 25, 2023
For more than 25 years, a technology used for critical data and voice radio communications around the world has been shrouded in secrecy to prevent anyone from closely scrutinizing its security properties for vulnerabilities. But now it’s finally getting a public airing thanks to a small group of researchers in the Netherlands who got their hands on its viscera and found serious flaws, including a deliberate backdoor.
The backdoor, known for years by vendors that sold the technology but not necessarily by customers, exists in an encryption algorithm baked into radios sold for commercial use in critical infrastructure. It’s used to transmit encrypted data and commands in pipelines, railways, the electric grid, mass transit, and freight trains. It would allow someone to snoop on communications to learn how a system works, then potentially send commands to the radios that could trigger blackouts, halt gas pipeline flows, or reroute trains.
Researchers found a second vulnerability in a different part of the same radio technology that is used in more specialized systems sold exclusively to police forces, prison personnel, military, intelligence agencies, and emergency services, such as the C2000 COMMUNICATION SYSTEM used by Dutch police, fire brigades, ambulance services, and Ministry of Defense for mission-critical voice and data communications. The flaw would let someone decrypt encrypted voice and data communications and send fraudulent messages to spread misinformation or redirect personnel and forces during critical times.
Three Dutch security analysts discovered the vulnerabilities - five in total - in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the 90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now.
The technology is not widely used in the US, where other radio standards are more commonly deployed. But Caleb Mathis, a consultant with AMPERE INDUSTRIAL SECURITY, conducted open source research for WIRED and uncovered contracts, press releases, and other documentation showing TETRA-based radios are used in at least two dozen critical infrastructures in the US. Because TETRA is embedded in radios supplied through resellers and system integrators like PowerTrunk, it’s difficult to identify who might be using them and for what. But Mathis helped WIRED identify several electric utilities, a state border control agency, an oil refinery, chemical plants, a major mass transit system on the East Coast, three international airports that use them for communications among security and ground crew personnel, and a US Army training base.
Carlo Meijer, Wouter Bokslag, and Jos Wetzels of MIDNIGHT BLUE in the Netherlands discovered the TETRA vulnerabilities - which they’re calling TETRA:BURST - in 2021 but agreed not to disclose them publicly until radio manufacturers could create patches and mitigations. Not all of the issues can be fixed with a patch, however, and it’s not clear which manufacturers have prepared them for customers. Motorola - one of the largest radio vendors - didn’t respond to repeated inquiries from WIRED.
The Dutch National Cyber Security Centre assumed the responsibility of notifying radio vendors and computer emergency response teams around the world about the problems, and of coordinating a timeframe for when the researchers should publicly disclose the issues.
In a brief email, NCSC spokesperson Miral Scheffer called TETRA “a crucial foundation for mission-critical communication in the Netherlands and around the world” and emphasized the need for such communications to always be reliable and secure, “especially during crisis situations.” She confirmed the vulnerabilities would let an attacker in the vicinity of impacted radios “intercept, manipulate or disturb” communications and said the NCSC had informed various organizations and governments, including Germany, Denmark, Belgium, and England, advising them how to proceed. A spokesperson for DHSs Cybersecurity and Infrastructure Security Agency said they are aware of the vulnerabilities but wouldnҒt comment further.
The researchers say anyone using radio technologies should check with their manufacturer to determine if their devices are using TETRA and what fixes or mitigations are available.
The researchers plan to present their findings next month at the BlackHat security conference in Las Vegas, when they will release detailed technical analysis as well as the secret TETRA encryption algorithms that have been unavailable to the public until now. They hope others with more expertise will dig into the algorithms to see if they can find other issues.
TETRA was developed in the ‘90s by the European Telecommunications Standards Institute, or ETSI. The standard includes four encryption algorithms- TEA1, TEA2, TEA3, and TEA4 - that can be used by radio manufacturers in different products, depending on their intended use and customer. TEA1 is for commercial uses; for radios used in critical infrastructure in Europe and the rest of the world, though, it is also designed for use by public safety agencies and military, according to an ETSI document, and the researchers found police agencies that use it.
TEA2 is restricted for use in Europe by police, emergency services, military, and intelligence agencies. TEA3 is available for police and emergency services outside Europe - in countries deemed “friendly” to the EU, such as Mexico and India; those not considered friendly- such as Iran - only had the option to use TEA1. TEA4, another commercial algorithm, is hardly used, the researchers say.
The vast majority of police forces around the world, aside from the US, use TETRA-based radio technology, the researchers found, after conducting open source research. TETRA is used by police forces in Belgium and the Scandinavian countries, East European countries like Serbia, Moldova, Bulgaria, and Macedonia, as well as in the Middle East in Iran, Iraq, Lebanon, and Syria.
Additionally, the Ministries of Defense in Bulgaria, Kazakhstan, and Syria use it. The Polish military counterintelligence agency uses it, as does the Finnish defense forces, and Lebanon and Saudi Arabias intelligence service, to name just a few.
Critical infrastructure in the US and other countries use TETRA for machine-to-machine communication in SCADA and other industrial control system settings - especially in widely distributed pipelines, railways, and electric grids, where wired and cellular communications may not be available.
Although the standard itself is publicly available for review, the encryption algorithms are only available with a signed NDA to trusted parties, such as radio manufacturers. The vendors have to include protections in their products to make it difficult for anyone to extract the algorithms and analyze them.
To obtain the algorithms, the researchers purchased an off-the-shelf Motorola MTM5400 radio and spent four months locating and extracting the algorithms from the secure enclave in the radio’s firmware. They had to use a number of zero-day exploits to defeat Motorola protections, which they reported to Motorola to fix. Once they reverse-engineered the algorithms, the first vulnerability they found was the backdoor in TEA1.
All four TETRA encryption algorithms use 80-bit keys, which, even more than two decades after their release, still provides sufficient security to prevent someone from cracking them, the researchers say. But TEA1 has a feature that reduces its key to just 32 bits - less than half the key’s length. The researchers were able to crack it in less than a minute using a standard laptop and just four ciphertexts.
Brian Murgatroyd, chair of the technical body at ETSI responsible for the TETRA standard, objects to calling this a backdoor. He says when they developed the standard, they needed an algorithm for commercial use that could meet export requirements to be used outside Europe, and that in 1995 a 32-bit key still provided security, though he acknowledges that with today’s computing power that’s not the case.
Matthew Green, a Johns Hopkins University cryptographer and professor, calls the weakened key a “disaster.”
“I wouldn’t say its equivalent to using no encryption, but it’s really, really bad,” he says.
Gregor Leander, a professor of computer science and cryptographer with a security research team known as CASA at Ruhr University Bochum in Germany, says it would be “stupid” for critical infrastructure to use TEA1, especially without adding end-to-end encryption on top of it. “Nobody should rely on this,” he says.
Murgatroyd insists the most anyone can do with the backdoor is decrypt and eavesdrop on data and conversations. TETRA has strong authentication, he says, that would prevent anyone from injecting false communication.
“That’s not true,” says Wetzels. TETRA only requires that devices authenticate themselves to the network, but data and voice communications between radios are not digitally signed or otherwise authenticated. The radios and base stations trust that any device that has the proper encryption key is authenticated, so someone who can crack the key as the researchers did can encrypt their own messages with it and send them to base stations and other radios.
While the TEA1 weakness has been withheld from the public, it’s apparently widely known in the industry and governments. In a 2006 US STATE DEPARTMENT CABLE leaked to Wikileaks, the US embassy in Rome describes an Italian radio manufacturer asking about exporting TETRA radio systems to municipal police forces in Iran. The US pushed back on the plan, so the company representative reminded the US that encryption in the TETRA-based radio system they planned to sell to Iran is “less than 40-bits,” implying that the US shouldn’t object to the sale because the system isn’t using a strong key.
The second major vulnerability the researchers found isn’t in one of the secret algorithms, but it affects all of them. The issue lies in the standard itself and how TETRA handles time syncing and keystream generation.
When a TETRA radio contacts a base station, they initiate communication with a time sync. The network broadcasts the time, and the radio establishes that it’s in sync. Then they both generate the same keystream, which is tied to that timestamp, to encrypt the subsequent communication.
“The problem is that the network broadcasts the time in packets that are unauthenticated and unencrypted,” says Wetzels.
As a result, an attacker can use a simple device to intercept and collect encrypted communication passing between a radio and base station, while noting the timestamp that initiated the communication. Then he can use a rogue base station to contact the same radio or a different one in the same network and broadcast the time that matches the time associated with the intercepted communication. The radio is dumb and believes the correct time is whatever a base station says it is. So it will generate the keystream that was used at that time to encrypt the communication the attacker collected. The attacker recovers that keystream and can use it to decrypt the communication collected earlier.
To inject false messages, he would use his base station to tell a radio that the time is tomorrow noon and ask the radio to generate the keystream associated with that future time. Once the attacker has it, he can use the keystream to encrypt his rogue messages, and the next day at noon send them to a target radio using the correct keystream for that time.
Wetzels imagines Mexican drug cartels could use this to intercept police communications to eavesdrop on investigations and operations or deceive police with false messages sent to radios. The attacker needs to be near a target radio, but the proximity is only dependent on the strength of the rogue base stations signal and the terrain.
“You can do this within a distance of tens of meters,” he says. The rogue base station would cost $5,000 or less to build.
ETSI’s Murgatroyd downplays the attack, saying TETRA’s strong authentication requirements would prevent a non-authenticated base station from injecting messages. Wetzel disagrees, saying TETRA only requires devices to authenticate to the network, not to each other.
The researchers didn’t find any weaknesses in the TEA2 algorithm used by police, military, and emergency services in Europe, but they did initially think they found another backdoor in TEA3. Given that TEA3 is the exportable version of TEA2, there was good reason to believe it might also have a backdoor to meet export requirements.
They thought they found something suspicious in a substitution box, or S-box, used in the algorithm, which contains a bad property they say would “never appear in serious cryptography.” The researchers didn’t have sufficient skill to examine it to determine if it was exploitable. But Leander’s team did examine it, and he says it’s not.
“In many ciphers if you used such a box it would break the cipher very badly,” he says. “But the way it’s used in TEA3, we couldn’t see that this is exploitable.” This doesn’t mean someone else might not find something in it, he says, but he’d “be very surprised if it leads to an attack thats practical.”
With regard to fixes for the other problems the researchers found, Murgatroyd says ETSI fixed the keystream/timestamp issue in a revised TETRA standard published last October, and they created three additional algorithms for vendors to use, including one that replaces TEA1. Vendors have created firmware updates that fix the keystream/timestamp issue. But the problem with TEA1 cannot be fixed with an update. The only solution for that is to use another algorithm - not an easy thing to switch - or to add end-to-end encryption on top of TETRA, something Wetzels says is impractical. It’s very expensive since the encryption has to be applied to every device, it requires some downtime to do the upgrade - something not always feasible for critical infrastructure - and can create incompatibility issues with other components.
As for asking their vendor to switch out TEA1 for one of the new algorithms meant to replace it, Wetzels says this is problematic as well, since ETSI plans to keep those algorithms secret, like the others, asking users to trust again that the algorithms have no critical weakness.
“There’s a very high chance that [the replacement algorithm for TEA1] will be weakened” as well, he says.
The researchers don’t know if the vulnerabilities they found are being actively exploited. But they did find evidence in the Edward Snowden leaks that indicate the US National Security Agency (NSA) and UKs GCHQ intelligence agency targeted TETRA for eavesdropping in the past. One documentdiscusses an NSA and Australian Signals Directorate project to collect Malaysian police communications during a climate change conference in Bali in 2007 and mentions that they obtained some TETRA collections on Indonesian security forces’ communications.
Another Snowden leak describes GCHQ, possibly with NSA assistance, collecting TETRA communications in Argentina in 2010 when tensions rose between it and the UK over oil exploration rights in a deep-sea oil field off the coast of the Falkland Islands. It describes an operation to collect high-priority military and leadership communications of Argentina and reveals that the project resulted in successful TETRA collections.
“This doesn’t indicate they exploited these vulnerabilities that we found,” Wetzels says. “But it does show that state-sponsored actors are actively looking at and collecting these TETRA networks, even in the early 2000s.”
Section Privacy And Rights •
View (0) comment(s) or add a new one •
Printable view • Link to this article •
Home •
Thursday, June 01, 2023
NWO Covid Year 3 Part 14 - The Cleveland Clinic Study
There’s a new POST ON REDDIT:
Remember when Biden and the media told you that if you took the MRNA vaccine you wouldn’t catch covid? Well take a look at this new peer-reviewed study from the Cleveland clinic
They’re talking about THIS:
Effectiveness of the Coronavirus Disease 2019 Bivalent Vaccine
By Nabin K Shrestha, Patrick C Burke, Amy S Nowacki, James F Simon, Amanda Hagen, Steven M Gordon
doi.org/10.1093/ofid/ofad209
Background The purpose of this study was to evaluate whether a bivalent COVID-19 vaccine protects against COVID-19.
Methods Employees of Cleveland Clinic in employment on the day the bivalent COVID-19 vaccine first became available to employees, were included. The cumulative incidence of COVID-19 was examined over the following weeks. Protection provided by vaccination (analyzed as a time-dependent covariate) was evaluated using Cox proportional hazards regression. The analysis was adjusted for the pandemic phase when the last prior COVID-19 episode occurred, and the number of prior vaccine doses received.
Results Among 51011 employees, 20689 (41%) had had a previous documented episode of COVID-19, and 42064 (83%) had received at least two doses of a COVID-19 vaccine. COVID-19 occurred in 2452 (5%) during the study. Risk of COVID-19 increased with time since the most recent prior COVID-19 episode and with the number of vaccine doses previously received. In multivariable analysis, the bivalent vaccinated state was independently associated with lower risk of COVID-19 (HR, .70; 95% C.I., .61-.80), leading to an estimated vaccine effectiveness (VE) of 30% (95% CI, 20-39%). Compared to last exposure to SARS-CoV-2 within 90 days, last exposure 6-9 months previously was associated with twice the risk of COVID-19, and last exposure 9-12 months previously with 3.5 times the risk.
Conclusions The bivalent COVID-19 vaccine given to working-aged adults afforded modest protection overall against COVID-19, while the virus strains dominant in the community were those represented in the vaccine.
Summary Among 51011 working-aged Cleveland Clinic employees, the bivalent COVID-19 vaccine booster was 30% effective in preventing infection, during the time when the virus strains dominant in the community were represented in the vaccine.
Competing Interest Statement
The authors have declared no competing interest.
Funding Statement
This study did not receive any funding
Author Declarations
I confirm all relevant ethical guidelines have been followed, and any necessary IRB and/or ethics committee approvals have been obtained.
Yes
The details of the IRB/oversight body that provided approval or exemption for the research described are given below:
The Institutional Review Board of Cleveland Clinic gave ethical approval for this work.
I confirm that all necessary patient/participant consent has been obtained and the appropriate institutional forms have been archived, and that any patient/participant/sample identifiers included were not known to anyone (e.g., hospital staff, patients or participants themselves) outside the research group so cannot be used to identify individuals.
Yes
I understand that all clinical trials and any other prospective interventional studies must be registered with an ICMJE-approved registry, such as ClinicalTrials.gov. I confirm that any such study reported in the manuscripthas been registered and the trial registration ID is provided (note: if posting a prospective study registered retrospectively, please provide a statement in the trial ID field explaining why the study was not registered in advance).
Yes
I have followed all appropriate research reporting guidelines and uploaded the relevant EQUATOR Network research reporting checklist(s) and other pertinent material as supplementary files, if applicable.
Yes
Copyright
The copyright holder for this preprint is the author/funder, who has granted medRxiv a license to display the preprint in perpetuity. It is made available under a CC-BY-NC-ND 4.0 International license.
---
Effectiveness of the Coronavirus Disease 2019 Bivalent Vaccine
By Nabin K Shrestha, Patrick C Burke, Amy S Nowacki, James F Simon, Amanda Hagen, Steven M Gordon
Open Forum Infectious Diseases, Volume 10, Issue 6, June 2023, ofad209
April 19, 2023
Excerpt from the STUDY:
Ours is not the only study to find a possible association with more prior vaccine doses and higher risk of COVID-19.
During an Omicron wave in Iceland, individuals who had previously received ≥2 doses were found to have a higher odds of reinfection than those who had received <2 doses, in an unadjusted analysis [21].
A large study found, in an adjusted analysis, that those who had an Omicron variant infection after previously receiving 3 doses of vaccine had a higher risk of reinfection than those who had an Omicron variant infection after previously receiving 2 doses [22].
Another study found, in multivariable analysis, that receipt of 2 or 3 doses of am mRNA vaccine following prior COVID-19 was associated with a higher risk of reinfection than receipt of a single dose [7].
Immune imprinting from prior exposure to different antigens in a prior vaccine [22, 23] and class switch toward noninflammatory spike-specific immunoglobulin G4 antibodies after repeated SARS-CoV-2 mRNA vaccination [24] have been suggested as possible mechanisms whereby prior vaccine may provide less protection than expected. We still have a lot to learn about protection from COVID-19 vaccination, and in addition to vaccine effectiveness, it is important to examine whether multiple vaccine doses given over time may not be having the beneficial effect that is generally assumed.
[7] Shrestha NK, Shrestha P, Burke PC, Nowacki AS, Terpeluk P, Gordon SM. Coronavirus disease 2019 vaccine boosting in previously infected or vaccinated individuals (COVID-19). Clin Infect Dis 2022; 75:216977. [Google Scholar] [CrossRef] [PubMed] [WorldCat]
[21] EythorssonE, Runolfsdottir HL, Ingvarsson RF , Sigurdsson MI, Palsson R. Rate of SARS-CoV-2 reinfection during an Omicron wave in Iceland. JAMA Netw Open 2022; 5:e2225320. [Google Scholar] [WorldCat]
[22] Chemaitelly H, Ayoub HH, Tang P, et al. . COVID-19 primary series and booster vaccination and immune imprinting. medRxiv [Preprint: not peer reviewed]. 13 November 2022. [Web]
[23] Cao Y, Jian F, Wang J, et al. Imprinted SARS-CoV-2 humoral immunity induces convergent Omicron RBD evolution. Nature2023; 614:5219. [Google Scholar] [PubMed] [WorldCat]
[24] Irrgang P, Gerling J, Kocher K, et al. Class switch toward noninflammatory, spike-specific IgG4 antibodies after repeated SARS-CoV-2 mRNA vaccination. Sci Immunol 2023; 8:eade2798. [Google Scholar] [WorldCat]
---
Cleveland Clinic Study Destroys Argument For Vax Mandates: Expert
Rising’s YouTube Channel
The Hill
June 1, 2023
“Briahna Joy Gray and Robby Soave interview Jacob Rich, a researcher at the CLEVELAND CLINIC LERNER RESEARCH INSTITUTE and a policy analyst at the Reason Foundation, about the Cleveland Clinic peer-reviewed study about the efficacy of Covid-19 vaccines.
A study by The Cleveland Clinic found that both previous infection and vaccination provide substantial protection against COVID-19. Vaccination of previously infected individuals does not provide additional protection against COVID-19 for several months, but after that provides significant protection at least against symptomatic COVID-19.”
Section Revelations • Section NWO • Section Privacy And Rights • Section Dying America •
View (0) comment(s) or add a new one •
Printable view • Link to this article •
Home •
Monday, May 29, 2023
The Worst Computer Nightmares - Hardware Hacks
“The most striking aspect of this report is that this UEFI implant seems to have been used in the wild since the end of 2016 - long before UEFI attacks started being publicly described,” Kaspersky researchers wrote. “This discovery begs a final question: If this is what the attackers were using back then, what are they using today?”
- Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us---
Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw
BlackLotus represents a major milestone in the continuing evolution of UEFI bootkits.
By Dan Goodin
ArsTechnica
March 6, 2023
Researchers on Wednesday announced a major cybersecurity find - the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.
Dubbed BlackLotus, the malware is whats known as a UEFI bootkit. These sophisticated pieces of malware target the UEFI - short for UNIFIED EXTENSIBLE FIRMWARE INTERFACE - the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right. Its located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch. Previously discovered bootkits such as COSMICSTRAND, MOSIACREGRESSOR, and MOONBOUNCE work by targeting the UEFI firmware stored in the flash storage chip. Others, including BlackLotus, target the software stored in the EFI SYSTEM PARTITION.
Because the UEFI is the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. These traits make the UEFI the perfect place to launch malware. When successful, UEFI bootkits disable OS security mechanisms and ensure that a computer remains infected with stealthy malware that runs at the kernel mode or user mode, even after the operating system is reinstalled or a hard drive is replaced.
As appealing as it is to threat actors to install NEARLY INVISIBLE malware that has kernel-level access, there are a few formidable hurdles standing in their way. One is the requirement that they first hack the device and gain administrator system rights, either by exploiting one or more vulnerabilities in the OS or apps or by tricking a user into installing trojanized software. Only after this high bar is cleared can the threat actor attempt an installation of the bootkit.
---
New Hardware Vulnerability Discovered in Intel Processors
Anonymous Hackers
May 28, 2023
In a significant development that has sent shockwaves through the technology industry, a new hardware vulnerability has been discovered in Intel processors. This vulnerability has raised concerns about the security and privacy of millions of computer systems worldwide.
The flaw, dubbed “SpectraStrike,” was first identified by a team of security researchers at a leading cybersecurity firm. SpectraStrike is said to affect a wide range of Intel processors, including both consumer-grade and enterprise-level chips. This vulnerability allows malicious actors to exploit the speculative execution feature of Intel processors, potentially leading to unauthorized access to sensitive information.
Speculative execution is a performance optimization technique used by modern processors, including Intel’s, to predict and execute future instructions. However, SpectraStrike takes advantage of flaws in the implementation of this feature, allowing hackers to bypass security measures and access data that should be protected.
The exact scope and impact of this vulnerability are still being investigated, but initial findings indicate that it could potentially expose sensitive data such as passwords, encryption keys, and personal information. Cybersecurity experts warn that this could have severe implications for individuals, businesses, and even government agencies relying on Intel processors. Intel has acknowledged the existence of the SpectraStrike vulnerability and is actively working to develop and release security patches and firmware updates to mitigate the risk. The company has urged all affected users to keep their systems up to date and apply the necessary updates as soon as they become available.
Meanwhile, organizations across various sectors are closely monitoring the situation and taking necessary precautions to safeguard their systems. The cybersecurity community has mobilized efforts to analyze and understand the vulnerability further, working towards developing additional security measures to protect vulnerable systems.
This latest hardware vulnerability in Intel processors comes on the heels of previous incidents, such as Meltdown and Spectre, which exposed similar flaws in computer hardware. The SpectraStrike vulnerability highlights the ongoing challenge faced by the technology industry to stay ahead of increasingly sophisticated cyber threats.
As the investigation unfolds, it is crucial for individuals and organizations to remain vigilant and follow recommended security practices. This includes regularly updating software, using strong and unique passwords, and implementing multi-factor authentication where possible.
The implications of the SpectraStrike vulnerability are far-reaching, with potential repercussions for global cybersecurity. It serves as a reminder that constant vigilance and proactive measures are essential to protect sensitive information in an ever-evolving digital landscape. Further updates on the SpectraStrike vulnerability and mitigation efforts will be provided as new information becomes available. Stay tuned for the latest developments on this critical issue.
Section Privacy And Rights • Section Microsoft And Windows •
View (0) comment(s) or add a new one •
Printable view • Link to this article •
Home •
Wednesday, May 17, 2023
Still Looking For Reasons To Keep Away From Windows? Part 23
Google has clarified its email scanning practices in a terms of service update, informing users that incoming and outgoing emails are analysed by automated software.
- Gmail Snooping, 2014---
Microsoft is scanning the inside of password-protected zip files for malware
If you think a password prevents scanning in the cloud, think again.
By Dan Goodin
ARS Technica
May 16, 2023
Microsoft cloud services are scanning for malware by peeking inside users’ zip files, even when they’re protected by a password, several users reported on Mastodon on Monday.
Compressing file contents into archived zip files has long been a tactic threat actors use to conceal malware spreading through email or downloads. Eventually, some threat actors adapted by protecting their malicious zip files with a password the end user must type when converting the file back to its original form. Microsoft is one-upping this move by attempting to bypass password protection in zip files and, when successful, scanning them for malicious code.
While analysis of password-protected files in Microsoft cloud environments is well-known to some people, it came as a surprise to Andrew Brandt. The security researcher has long archived malware inside password-protected zip files before exchanging them with other researchers through SharePoint. On Monday, he took to Mastodon to report that the Microsoft collaboration tool had recently flagged a zip file, which had been protected with the password “infected.”
“While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples,” BRANDT WROTE. “The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs.”
Fellow researcher Kevin Beaumont joined the discussion to say that Microsoft has multiple methods for scanning the contents of password-protected zip files and uses them not just on files stored in SharePoint but all its 365 cloud services. One way is to extract any possible passwords from the bodies of an email or the name of the file itself. Another is by testing the file to see if its protected with one of the passwords contained in a list.
“If you mail yourself something and type something like ‘ZIP password is Soph0s’, ZIP up EICAR and ZIP password it with Soph0s, it’ll find (the) password, extract and find (and feed MS detection),” he wrote.
Brandt said that last year Microsoft’s OneDrive started backing up malicious files he had stored in one of his Windows folders after creating an exception (i.e., allow listing) in his endpoint security tools. He later discovered that once the files made their way to OneDrive, they were wiped off of his laptop hard drive and detected as malware in his OneDrive account.
“I lost the whole bunch,” he said.
Brandt then started archiving malicious files in zip files protected with the password “infected.” Up until last week, he said, SharePoint didn’t flag the files. Now it is.
Microsoft representatives acknowledged receipt of an email asking about the practices of bypassing password protection of files stored in its cloud services. The company didn’t follow up with an answer.
A Google representative said the company doesn’t scan password-protected zip files, though Gmail does flag them when users receive such a file. My work account managed by Google Workspace also prevented me from sending a password-protected zip file.
The practice illustrates the fine line online services often walk when attempting to protect end users from common threats while also respecting privacy. As Brandt notes, actively cracking a password-protected zip file feels invasive. At the same time, this practice almost surely has prevented large numbers of users from falling prey to social engineering attacks attempting to infect their computers.
One other thing readers should remember: password-protected zip files provide minimal assurance that content inside the archives can’t be read. As Beaumont noted, ZipCrypto, the default means for encrypting zip files in Windows, is TRIVIAL TO OVERRIDE. A more dependable way is to use an AES-256 encryptor built into many archive programs when creating 7z files.
Section Privacy And Rights • Section Microsoft And Windows •
View (0) comment(s) or add a new one •
Printable view • Link to this article •
Home •
