Categories
security

Debugging and reverse engineering: Samsung deliberately disabling Windows Update

Ok this is not as bad as Superfish, but it’s bad enough. Samsung is disabling Windows Update so that it doesn’t have to deal with driver update issues.

When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.

via Debugging and reverse engineering: Samsung deliberately disabling Windows Update.

Categories
privacy security

“EPIC” fail—how OPM hackers tapped the mother lode of espionage data | Ars Technica

The leakage of OPM data has been well-reported but this article provides more details about how it happened. In the worse case, “personal details from nearly everyone who works for the government in some capacity may now be in the hands of a foreign government”.

“EPIC” fail—how OPM hackers tapped the mother lode of espionage data | Ars Technica.

Categories
security

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X • The Register

iOS and OS X attacks are likely to get more frequent as the platform becomes a valuable attack target, just like Windows in the past.

via Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X • The Register.

Categories
Uncategorized

Xerox scanners/photocopiers randomly alter numbers in scanned documents · D. Kriesel

Oh dear. You can’t even trust your photocopiers these days. Spot the difference.

The implications are huge. Imagine what happens if the following happens as a result of your copy getting messed up (excerpt from article):

  1. Incorrect invoices
  2. Construction plans with incorrect numbers (as will be shown later in the article) even though they look right
  3. Other incorrect construction plans, for example for bridges (danger of life may be the result!)
  4. Incorrect metering of medicine, even worse, I think.

Xerox scanners/photocopiers randomly alter numbers in scanned documents · D. Kriesel.

Categories
security

What the Ridiculous Fuck, D-Link?! – /dev/ttyS0

How not to release a security patch. Or, don’t take the security community for a fool.

What the Ridiculous Fuck, D-Link?! – /dev/ttyS0.

Categories
security

Errata Security: Pin-pointing China’s attack against GitHub

Excellent analysis of the attack against github reported earlier. Great firewall demystified just a little.

Errata Security: Pin-pointing China's attack against GitHub.

Categories
security

Owning a Building: Exploiting Access Control and Facility Management Systems by Billy Rios – YouTube

Scary how easy it is to gain control over physical building systems.

Owning a Building: Exploiting Access Control and Facility Management Systems by Billy Rios – YouTube.

Categories
security sysadmin

China’s Man-on-the-Side Attack on GitHub – NETRESEC Blog

Very good analysis of the current DDoS attack that GitHub is facing, apparently over the hosting of github.com/greatfire and github.com/cn-nytimes, which is used to bypass censorship in China.

China's Man-on-the-Side Attack on GitHub – NETRESEC Blog.

Categories
sysadmin

How and Why Swiftype Moved from EC2 to Real Hardware – High Scalability –

The hard truths – cloud is not always the answer.

Great comment from HN:

The reason why it is extremely hard to engineer robust large scale AWS cloud apps can be summarized under the umbrella of performance variance:

– machine latency varies more, you can’t control it
– network latency varies more
– storage latency varies more (S3, Redshift, etc.)
– machine outages are more frequent

How and Why Swiftype Moved from EC2 to Real Hardware – High Scalability –.

Categories
privacy security

Lenovo Caught Installing Adware On New Computers

Good grief! Has no one learned from Sony’s rootkit incident yet? If you are a Lenovo owner, you may want to check if there’s a Superfish certificate in your certificate chain by running certmgr.msc. Other than injecting unwanted ads in your browser, in theory the adware could sniff on your banking transactions ‘cos it’s performing a MiTM on your HTTPS.

Lenovo Caught Installing Adware On New Computers.