(…) Vielleicht könnte man das ja mal als Anreizs sehen, eine konkurrenzfähige offene Architektur ohne Geheimnisse zu bauen. In Europa am besten. Bzw. eigentlich mit dem Geld von Europa aber nicht in Europa, sonst kommen wieder die Schweine, äh, die Innenminister.
2027 dürfe es keine 5G-Technik von Huawei mehr in den britischen Netzen geben. Zum Jahresende trete ein Einkaufsverbot in Kraft.
Damit folgt Großbritannien den Forderungen der USA.
Banning the use of the Chinese tech giant’s equipment in high-speed wireless infrastructure is a major reversal by Prime Minister Boris Johnson — and a big victory for the Trump administration.
The implant has access to all the database files (on the victim’s phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage. We can see here screenshots of the apps on the left, and on the right the contents of the database files stolen by the implant which contain the unencrypted, plain-text of the messages sent and received using the apps:
There’s something thus far which is conspicuous only by its absence: is any of this encrypted? The short answer is no: they really do POST everything via HTTP (not HTTPS) and there is no asymmetric (or even symmetric) encryption applied to the data which is uploaded. Everything is in the clear. If you’re connected to an unencrypted WiFi network this information is being broadcast to everyone around you, to your network operator and any intermediate network hops to the command and control server.
This means that not only is the end-point of the end-to-end encryption offered by messaging apps compromised; the attackers then send all the contents of the end-to-end encrypted messages in plain text over the network to their server.
I recommend that these posts are read in the following order:
“To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group,” he said. “All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”
Außerdem war die IP-Adresse des Servers, zu dem die Daten versandt wurden, fest in der Malware kodiert. Das erleichtert es, den Angreifer ausfindig zu machen – Google hat aber hierzu keine weiteren Informationen öffentlich gemacht.
After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them.
While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.
The attack does not only work on personal computers but can also be exploited in the cloud.
Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.
Representatives from the UK, US, Canada, Australia and New Zealand will meet at the National Cyber Security Centre (NCSC) annual two-day conference, CYBERUK, in Glasgow on Wednesday.
It comes as the Daily Telegraph reported that Huawei will have limited access to build “non-core” infrastructure like antennas despite warnings of potential national security threats.
The US has urged other Five Eyes members – the UK, Canada, New Zealand and Australia – to exclude Huawei from the construction of new telecommunications networks, claiming the company could provide covert access for Chinese intelligence collection, making secure data vulnerable.
However, if the reports from the UK prove accurate, Australia would stand alone as the only member of the Five Eyes alliance – aside from the US – with an all-out ban on Chinese telecoms equipment. Australia, for its part, on Thursday reaffirmed the ban.
The meeting was first reported by The Australian Financial Review after intelligence officials had publicly voiced concerns about Huawei and China’s „cyber espionage capabilities”.
Huawei has denied the accusations, and Western intelligence agencies have not released any evidence to back up the claims.
Computer experts have claimed that the chips which power most of the computers in the world are hiding mysterious and ‘undocumented’ technology.
Analysts from Positive Technologies alleged that Intel chips and processors contain an enigmatic ‘logic signal analyser’ capable of reading ‘almost all data on a computer’.
The claims are likely to alarm conspiracy theorists …
The letter, which was first reported by the Wall Street Journal, echoes a steady drumbeat of warnings by top US officials, including Vice President Mike Pence, who flagged Huawei’s alleged connections to Chinese intelligence and its ability to compromise national security by selling equipment with „backdoors“ that could allow for unauthorized surveillance.
Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email firstname.lastname@example.org to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.
“Some say that because these countries are using Huawei equipment, it makes it harder for US agencies to obtain these countries’ data,” he added.
Mr Xu also revealed that Huawei would spend more than $2bn to restructure the code used in its telecoms services worldwide after a series of “confrontational” meetings with Britain’s cyber security agency over the issue.
(7.1.2019) William Xu, director of the board and chief strategy marketing officer of Huawei, noted that Huawei had worked extensively with Intel. But he said a diversity of applications and data is driving varied computing requirements. “Huawei has long partnered with Intel to make great achievements,” said Xu in a statement. “Together we have contributed to the development of the ICT industry. Huawei and Intel will continue our long-term strategic partnerships and continue to innovate together.”
During his testimony, FBI Director Chris Wray said the government was “deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks.” He added that this would provide “the capacity to maliciously modify or steal information. And it provides the capacity to conduct undetected espionage.”
(April 2015) Q1: What information is leaked by the electromagnetic emanations from computers?
This depends on the specific computer hardware. We have tested numerous laptop computers, and found the following:
In almost all machines, it is possible to tell, with sub-millisecond precision, whether the computer is idle or performing operations.
On many machines, it is moreover possible to distinguish different patterns of CPU operations and different programs.
Using GnuPG as our study case, we can, on some machines:
distinguish between the spectral signatures of different RSA secret keys (signing or decryption), and fully extract decryption keys, by measuring the laptop’s electromagnetic emanations during decryption of a chosen ciphertext.
The high logical complexity of the out-of-order technique is the reason that it did not reach mainstream machines until the mid-1990s. Many low-end processors meant for cost-sensitive markets still do not use this paradigm due to the large silicon area required for its implementation. Low power usage is another design goal that is harder to achieve with an out-of-order execution (OoOE) design.
A vulnerability in some microprocessor manufacturers‘ implementations of the out-of-order execution mechanism was reported to the manufacturers on June 1, 2017, but which was not publicized until January 2018, …
(2.3.2018) The so-called SgxPectre side-channel attack affects programs with sensitive components protected by Intel’s SGX or Software Guard Extensions enclaves.
SGX is available in newer Intel Core chips and allows developers to selectively isolate sensitive application code and data to run in their own execution environment.
(8.2.2019) Modern CPU architectures offer strong isolation guarantees towards user applications in the form of enclaves. For instance, Intel’s threat model for SGX assumes fully trusted enclaves, yet there is an ongoing debate on whether this threat model is realistic. In particular, it is unclear to what extent enclave malware could harm a system. In this work, we practically demonstrate the first enclave malware which fully and stealthily impersonates its host application. Together with poorly-deployed application isolation on personal computers, such malware can not only steal or encrypt documents for extortion, but also act on the user’s behalf, e.g., sending phishing emails or mounting denial-of-service attacks.
16GB of RAM GeForce GTX 1050ti 4GB Intel i7-7700HQ CPU @ 2.80GHz Any Ideas? #PCProblems
But the takeaway is this: CPU utilization, as reported by Windows, is often incorrect. All too often, what looks like CPU usage is actually a stalled CPU waiting to do something useful.
Insgesamt zeigen die Spectre-NG-Lücken, dass Spectre und Meltdown keine einmaligen Ausrutscher waren. Es handelt sich eben nicht um ein simples Loch, das man mit ein paar Flicken nachhaltig stopfen könnte. Es verdichtet sich vielmehr das Bild einer Art Schweizer Käse: Für jedes abgedichtete Loch, tauchen zwei andere auf. Das ist die Folge davon, dass bei der Prozessorentwicklung der letzten zwanzig Jahre Sicherheitserwägungen immer nur die zweite Geige gespielt haben.