Comments
vas pup • March 4, 2022 4:44 PM
Ukraine’s little-known space feats
https://www.dw.com/en/ukraines-little-known-space-feats/a-61005697
“The European Space Agency’s (ESA) successful rocket family Vega, which recently celebrated its 10th anniversary, has a Ukrainian made rocket engine in its upper stage — the part that detaches from the rocket and then places the payload into the desired orbit.
The Vega launch vehicle is used to launch small payloads, and a newer version, the Vega-C, is currently under development and expected to launch later this year.
Another important rocket family designed by Yuzhnoye is the Zenit, which aimed to replace the outdated, Soviet-era Tsyklon and Soyuz rocket families.
The ISS constantly needs new deliveries of supplies. For that, they use different spacecraft like SpaceX’s Dragon, the Russian Progress or the Cygnus, which is carried by an Antares launch vehicle ==>jointly developed by the US company Northrop Grumman and Ukraine’s Yuzhnoye.
Additionally, parts of the rocket engine technology currently being developed by Rocket Factory Ausburg, a German start-up trying to build the cheapest rocket in the world, come from Ukraine’s Yuzhmash, according to Golem.”
Read the whole article for more details.
Ted • March 4, 2022 5:43 PM
Does Gary Larson post older cartoons on his site? The link gives a date of 2022/02/15/3. Unfortunately, I can only see cartoons for the last few days.
Here is a Far Side cartoon from a Facebook group that was posted on Feb 15. I don’t know if it’s from that date though. It’s still a good one. And it has a squid 🙂
https://www.facebook.com/groups/1745254632988727/permalink/2395279194652931/
https://www.technologyreview.com/2022/03/03/1046676/police-surveillance-minnesota-george-floyd/
“Law enforcement agencies in Minnesota have been carrying out a secretive, long-running surveillance program targeting civil rights activists and journalists in the aftermath of the murder of George Floyd in May 2020.
Run under a consortium known as Operation Safety Net, the program was set up a year ago, ostensibly to maintain public order as Minneapolis police officer Derek Chauvin went on trial for Floyd’s murder. But an investigation by MIT Technology Review reveals that the initiative expanded far beyond its publicly announced scope to include expansive use of tools to scour social media, track cell phones, and amass detailed images of people’s faces.”
“Public records requests show that the operation persisted long after Chauvin’s trial concluded. What’s more, they show that police used the extensive investigative powers they’d been afforded under the operation to monitor individuals who weren’t suspected of any crime.”
Clive Robinson • March 4, 2022 7:36 PM
@ vas pup, Winter, ALL,
With regards,
…has a Ukrainian made rocket engine in its upper stage…
The Ukraine has some of the worlds top designers of small engines for the aero-space industry.
As I mentioned what feels like an age ago but was just a handfull of days, Turkey has a design of drone that uses Ukrainian motors and they have gone into business together.
It is these drones that have not only spied upon Russian build-up, Deployment and other intelligence, but have also been more recently used to attack the Russian ground forces.
The fact that these drones do not need runways and other infrastructure Russia can target easily, gives the Ukranians an advantage.
Putin has a strange relationship with Turkey at the best of times… No doubt these drones will have pushed from strange through trained and out the otherside into surreal.
Oh and those motors go into rather wider spread systems than just the EU as no doubt certain “advisors” have informed the current US President…
For a whole heap of reasons, the Ukraine is in many ways more technologicaly advanced than Russia even though it is a fraction of it’s size.
I’m sure there are many around who are very well versed in what happened to European experts at the end of WWII, only a tiny handfull made it out to the US via “Paperclip” many were “disapeared” into Russia, where they were forced into working for Stalin often by the use of torture on their family members…
Hopefully the politicians in the EU and US are actively thinking on this issue as Putin is known to be a great follower of Stalin’s unsavoury behaviours.
SpaceLifeForm • March 4, 2022 9:04 PM
@ Ted
The site is aptly named.
You have to interact with it.
I would check it monthly.
Note that the link Bruce used fails.
JonKnowsNothing • March 4, 2022 10:29 PM
@All
re: Geotags are not Game Tags
A Big Game Hunter with a legal USA tag for a trophy sheep got his bag and posted a selfie with the standard pose of Hunter With Dead Animal on social media. The Big Game Hunter claimed the kill was done in Alaska.
Word got ’round to the Game Wardens in the area and using the GeoTags from the photo posted to social media, and going to the exact spot the picture was taken, and matched up to all the geographical and terrain features shown in the photo.
The Game Warden took his own selfie holding an enlarged image of the Social Media Image of Dead Trophy Animal and all the background features, which proved the animal was killed in Canada, not the USA.
Bullets travel a long way. Particularly when your Trophy is 200 yards away across an international border.
Perhaps the Big Game Hunter thought he would get the same treatment as the US Border Patrol Shooter did when he shot across the US Border and killed a Mexican National on the Mexican side of the border. The US Supreme Court ruled that it was AOK.
The Big Game Hunter plead guilty after shown the images and Canadians fined him C$8,500 (US$6,700) fine and barred him from hunting in Canada for five years.
He already ate the sheep, but has to give back the stuffed head…
The geotag+terrain references are also part of a program by G$$+LEAs to terrain map every item at every location, on every image they can scrape from the web. Patios with trees, Grand staircases, Pools with Koi Ponds.
Ted • March 4, 2022 10:48 PM
@SpaceLifeForm
Did it fail? I see a message “Egad! That cartoon is no longer available. Try one of these instead.” Then there are like four or five comics each day for the last three days. All of them cute, of course.
I used to read the comics every day at breakfast. And then try to do the crossword puzzles after school. This was when we got an actual paper. And years and years before smartphones. I hope you can find a good link. Maybe you’re using better privacy settings.
ResearcherZero • March 4, 2022 11:34 PM
An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant’s internal systems.
At least two binaries not developed by Nvidia, but signed this week with its stolen cert, making them appear to be Nvidia programs, have appeared in malware sample database VirusTotal.
This leak means sysadmins should take steps, or review their security policies and defenses, to ensure code recently signed by the rogue cert is detected and blocked as it is most likely going to be malicious.
https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/
lurker • March 4, 2022 11:55 PM
You may lose access to some of your third-party apps
On May 30, you may lose access to apps that are using less secure sign-in technology
To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0.
Riight, so G has had a vision, and decided security must be bigger than convenience. But only this morning a random web page that turned up during research, invited me “better” access to a document if I “Sign in with Google” That path demanded far more personal info than I was prepared to enter on a random web page…
Who was it said “thete’s no place left to hide”?
ResearcherZero • March 5, 2022 1:31 AM
Sci-Hub Founder’s Google Account Data Handed To FBI
“Google received and responded to legal process issued by the Federal Bureau of Investigation compelling the release of information related to your Google account,”
“A court order previously prohibited Google from notifying you of the legal process. We are now permitted to disclose the receipt of the legal process to you.”
Elsevier:
“I know there are some reasons to suspect me: after all, I have education in computer security and was a hobby hacker in teenage years. But hacking is not my occupation, and I do not have any job within any intelligence, either Russian or some another,”
“I think that whether I can be a Russian spy is being investigated by U.S. government since they learned about Sci-Hub, because that is very logical: a Russian project, that uses university accounts to access some information, of course that is suspicious. But in fact Sci-Hub has always been my personal enterprise.”
https://twitter.com/ringo_ring/status/1499393139500412931
“The only reason students from egregiously underfunded institutions in India manage to do quality research is because of platforms like Sci-Hub and Libgen. If you block them, you block research. Period,”
https://twitter.com/PostitAcademic/status/1340983296163889152
“all Sci-Hub addresses are under threat of being blocked in India after Elsevier, Wiley and American Chemical Society lawsuit.”
https://archive.ph/QZYln
the cow says moo • March 5, 2022 2:07 AM
= BBC points Russians to the Tor version of itself
https://www.theregister.com/2022/03/04/russia_splinternet_tor_rumours/
https://www.bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion/
(second link above requires Tor Browser)
===================================
= Leaked stolen Nvidia cert can sign Windows malware
https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/
Clive Robinson • March 5, 2022 2:47 AM
@ ResearcherZero, ALL,
In your comment you forgot to mention two important points,
1, The Nvidia Signing cert is expired.
2, Microsoft willfully accept code signed by some expired certificates.
From the The Register article,
“Although they have expired, Windows still allows them to be used for driver signing purposes. See the talk I gave at BH/DC for more context on leaked certificates: https://t.co/UWu3AzHc66 pic.twitter.com/gCrol0BxHd
— Bill Demirkapi (@BillDemirkapi) March 3, 2022
In later tweets he added that Windows will accept drivers signed with certificates issued prior to July 29, 2015 without a timestamp. Microsoft’s Windows driver signing policy corroborates this, stating the operating system will run drivers “signed with an end-entity certificate issued prior to July 29th 2015 that chains to a supported cross-signed CA”.”
Which brings us to an important point…
@ ALL,
One of the few tgings openly discussed on the and other security blogs is the rather thorny issue of “Key Material”(KeyMat) and the ultra important but deadly dull subject of “KeyMat Managment”(KeyMan).
Two of it’s many parts are,
1, KeyMat Audit.
2, KeyMat Destruction.
The important thing to note is that KeyMat has to be tracked (audited) from “Key Generation”(KeyGen) through it’s entire life cycle to ensure it is properly destroyed at the end of it’s life.
That is DO NOT assume because KeyMat such as CodeSigning Keys are expired they are “safe” they are not for oh so many reasons, not just Microsoft digging it’s sorry ass out of a hole it dug for it’s self…
Which brings up the question why did Microsoft create the hole in the first place?
Well it was kind of forced to because “Code Signing” is a compleate and utter disaster zone, and should never have been designed or implemented the way it has…
If you look back on this blog you will discover conversations on code signing’s many many failings between @Nick P, @Wael, others and myself.
But as a “hardware owner” you have a problem with “code signed” drivers. What do you do when you have to “re-instal” drivers after the signing certificate has expired?
Code Signing is a highly undesirable way of getting “Consumer lock-in” because a manufacture can sign with a key that only has a life of say one year (which is actually an industry recomendation for PKCerts, so gives a “plausable excuse”).
You won’t be able to install the drivers so your hardware which works fine has just been effectively obsoleated… (unless you know the tricks of how to mitigate in advance).
ResearcherZero • March 5, 2022 3:25 AM
@Clive Robinson
“That is DO NOT assume because KeyMat such as CodeSigning Keys are expired they are “safe” they are not for oh so many reasons, not just Microsoft digging it’s sorry ass out of a hole it dug for it’s self…”
That is a very important point, and personally I don’t think it is having a dig at Microsoft, but instead providing a very real example of an ongoing security problem. Microsoft has made some improvements to the issue, but the fundamentals of the flaw remain the same.
–
The more things change the more they stay the same.
Russia’s so-called oligarchs, who once exercised significant influence over President Boris Yeltsin in the 1990s, are facing economic chaos after the West imposed severe sanctions on Russia over Putin’s invasion of Ukraine.
“As a British citizen I ask you to save Europe from war. As a Russian patriot I plead that you prevent any more young Russian soldiers from dying needlessly. As a citizen of the world I ask you to save the world from annihilation.”
“Today’s negotiations at the Ukraine-Belarus border provide a moment of hope. You can stop this conflict. Please seize the moment and end this war today.”
This news comes as Mikhail Fridman, who was born in western Ukraine, and Oleg Deripaska also condemned Putin’s invasion by calling for peace talks ‘as fast as possible’ between the two countries in an unusual intervention from Russia’s leading business elite.
Mr Deripaska – who is the founder of Russian aluminium giant Rusal in which he still owns a stake via his shares in its parent company En+ Group – used a post on Telegram to called for peace talks to begin ‘as fast as possible’.
The 54-year-old simply said: ‘Peace is very important.’
Foreign Secretary Liz Truss said there would be ‘nowhere left to hide’ for the super-rich allies of Vladimir Putin’s Kremlin.
https://www.dailymail.co.uk/news/article-10561935/Now-three-oligarchs-including-Evening-Standard-owner-Evgeny-Lebedev-call-end-Ukraine-invasion.html
September 12, 1997
the Russian defense establishment suggest that the Kremlin’s plans for military reform may be accompanied by structural changes in the other “power ministries” too. The removal of Yury Baturin as secretary of the Defense Council, which is personally headed by the Russian president and which supervises the “power ministries,” and the appointment to Baturin’s post of a civilian, State Military Inspector Andrei Kokoshin, can be seen as the beginning of a shakeup in the upper echelons of the Russian security services as a whole. A number of the services may lose their present right to maintain their own troops. That, at least, is the prediction of a number of influential Russian newspapers.
The GRU is Russia’s largest security service. It deploys six times more officers in foreign countries than the Foreign Intelligence Service (SVR), which is the successor of the First Main Directorate of the KGB. Moreover, 25,000 spetsnaz troops are directly subordinated to the GRU, whereas the KGB’s various successor-organizations have been deprived of their own military formations since 1991. Traditionally, the GRU has proved far more effective at collecting intelligence than the SVR, which tends to be occupied with its own political games. This perhaps explains why the GRU has not been subjected to any reform over the last seven years.
https://web.archive.org/web/20061125045521/http://www.jamestown.org/publications_details.php?volume_id=4&issue_id=217&article_id=2507
The authorities in Belgiam have located three caches of Soviet KGB radio equipment hidden in woods outside Brussels after a tip-off by British secret services.
The tip-off was based on KGB archives smuggled out by the Soviet defector, Vassili Mitrokhin.
It’s unclear when the radio transmitters were hidden; they were found in November but their discovery has only been revealed now.
According to Vassili Mitrokhin, a former KGB archivist, Soviet spies buried explosives and other equipment across Europe and the United States at the height of the Cold War for sabotage purposes.
http://news.bbc.co.uk/2/hi/europe/447991.stm
The former KGB intelligence service, when it was led by Yevgeny Primakov, penetrated key financial institutions in London, a former MI6 officer tells the Sunday Times. MI6 “uncovered at least one full-time agent of the SVR, the KGB’s successor, working in the London commodities market,” and an undercover agent told MI6 in 1995 “that the SVR had a full-time spy reporting on the activities of the Moscow office of Barclays,” according to the report. “MI6 officers fear the spy may have influenced the bank’s disastrous loss on Russian bonds, said to amount to 250 [million pounds sterling], during the economic crisis last year.”
“MI6 first learned of the extent of Soviet economic espionage operations in the early 1990s,” according to the Sunday Times, when it received intelligence that “senior staff” at the Bank of England, the European Bank for Reconstruction and Development (EBRD) and other London-based institutions were targeted for penetration by the KGB and its re-named foreign intelligence spinoff, the SVR. The officer who set up the new operations is reported to be Col. Andrei Arsenyev.
“One British businessman allegedly targeted by Moscow is David Reuben, a multimillionaire with extensive business ties to Russia,” the Sunday Times reports. “He trades on the London commodities market which the agent says has been influenced by a full-time SVR agent. Reuben said last week: ‘I’m certain the Russians are spying on me.’ He added that repeated attempts had been made to discredit his business.”
https://web.archive.org/web/20070607020522/http://www.afpc.org/rrm/rrm597.htm
The group, dubbed the “Illegals,” was accused of being tasked by the Russian intelligence agency SVR to enter the United States, assume false identities and become “deep-cover” Americans, according to the U.S. Justice Department.
Their goal was to “become sufficiently ‘Americanized’ such that they could gather information about the United States for Russia and can successfully recruit sources who are in, or are able to infiltrate, United States policy-making circles,” according to criminal complaints filed in U.S. federal court.
https://www.reuters.com/article/idUSTRE65R5OU20100628
The indictment says the alleged spies used a number of methods to communicate with the SVR including unique wireless networks to transfer encrypted data. One of the wireless networks was run from a van in New York that on one occasion parked outside a coffee shop where one of the accused , named as Anna Chapman, was sitting. The FBI said it observed as she established a connection with the wireless link in the van and transmitted data. A few weeks later she did the same from a bookshop.
The FBI said it also observed a car with diplomatic plates registered to the Russian government park outside a Washington DC restaurant where another alleged spy who went by the name Mikhail Semenko, who is still being sought by the authorities, used a computer to establish a connection with a wireless signal from the car.
Other information was passed by posting pictures on the internet that had text buried in them as well as long established techniques such as drops and “brush pasts” in local parks.
https://www.theguardian.com/world/2010/jun/29/fbi-breaks-up-alleged-russian-spy-ring-deep-cover
The Double Bluff
Kryuchkov and other high-ranking KGB officials organized a hardline coup in August 1991.
Putin studied law at Leningrad State University, where his tutor was Anatoly Sobchak, later one of the leading reform politicians of the perestroika period.
Yeltsin was warned by the KGB in Moscow he was about to be captured and he escaped.
Boris Yeltsin made Putin director of the Federal Security Service, and shortly thereafter he became secretary of the influential Security Council.
ResearcherZero • March 5, 2022 3:43 AM
Putin began, around 2015, to change the scheme. He got rid of old friends who were proponents and beneficiaries of the enlarged role of the secret services. In August 2015, Putin ousted his former ally Vladimir Yakunin, an ex-KGB officer, from his position as head of Russia’s state-owned-railroad monopoly. Then in 2016, he dealt with the two Ivanovs, dismissing Viktor and dissolving his agency, the FSKN, in May, and downgrading Sergei, his chief of staff, in August. Around this time, Putin also ceased using the FSB as a recruitment base for important positions in the government and economy.
The goal of these changes was not to make the intelligence services less important; it was to reduce their autonomy. Putin was abandoning the search for a stable post-Soviet system of governance, in which the new nobility was supposed to play a crucial part. Instead, he was making it clear that what he needed was an instrument, pure and simple, for protecting his regime.
The new model is familiar from the late Soviet Union, when the Politburo called the shots and kept the intelligence services on a short leash, with minimal room for independent action. The KGB, in turn, kept elites off balance (and intimidated the population) through selective repression—a strategy that Putin’s most cherished Soviet leader, Yuri Andropov, had called “improving labor discipline.” And improving discipline is exactly what Putin has started doing. Governors and officials found themselves in prison for corruption; film directors, scientists, and ordinary people were thrown in jail, accused of helping Ukraine. The FSB played a major role in these crackdowns, but never on its own initiative. Now Putin, ruling through the Presidential Administration, calls the shots, filling the Politburo’s shoes.
https://eng.majalla.com/2018/06/article55256794/putins-secret-services
“Panicked employees at the nearby French TV5Monde offices were trying to get in touch with their boss Bigot. At that time, suddenly, the chain of channels belonging to the largest French-speaking network in the world began to stop one by one, and hundreds of broadcast screens were closed in the channel headquarters, and in the basement of the building the data of all the servers of the television network were wiped with a methodical speed to the dismay of all the workers in the network , as much as it attracted the attention of millions of followers around the world.”
https://www.tellerreport.com/news/2021-06-20-the-country-of-a-million-pirates—-is-russia-seeking-to-control-the-world-through-the-internet-.rk45eVaiO.html
“What do you do when you have to “re-instal” drivers after the signing certificate has expired?”
ResearcherZero • March 5, 2022 3:52 AM
…the update also implies that additional wiper attacks have been observed that are not being disclosed for now.
In particular, Microsoft indicates that as of now, “there continues to be a risk” from the threat actor behind the HermeticWiper attacks.
The MSRC update also follows a blog post from Microsoft president Brad Smith on Monday, in which he stated that some recent cyberattacks against civilian targets in Ukraine “raise serious concerns under the Geneva Convention.”
https://venturebeat.com/2022/03/02/microsoft-data-wiper-cyberattacks-continuing-in-ukraine/
SpaceLifeForm • March 5, 2022 4:08 AM
@ ResearcherZero, Clive, ALL
Re: expired certificates
The following questions should be considered philosophical.
What is a date?
What is a clock?
Isn’t the entire point of a calendar and a clock to exist so that a sane society is able to coordinate via communication and schedule events?
If a certificate is near a black hole named Windows, will it ever expire?
What should one do when they think they have they wrong date or time?
snur-pele • March 5, 2022 4:11 AM
@Clive
Re: (unless you know the tricks of how to mitigate in advance).
Dammit, Clive!
-Is this on Wikipedia?
(havent checked, but seriously doubt it…)
Pretty-please, spill it?
ResearcherZero • March 5, 2022 4:25 AM
@SpaceLifeForm
You have to be careful that you don’t spend too much time thinking about this kind of stuff, due to a small chance of going ‘Coco Loco’.
“Howard creates Milky Joe — a coconut on a stick — whilst stranded on a desert island, to avoid boredom. As time progresses he becomes more real to Howard and Vince, until eventually he takes on a life of his own.”
https://www.youtube.com/watch?v=qYlWjxs3BSQ
A couple of old directors of ASIO were raging alcoholics, they went the full ‘Coco Loco’ nearing the end of the Cold War.
Clive Robinson • March 5, 2022 5:22 AM
@ SpaceLifeForm, ResearcherZero, snur-pele, ALL,
The following questions should be considered philosophical.
Computers do “practical” not “philosophical” which is where the problem arises (Micro$haft want to force their philosophy on you and they are not going to alow you to say “NO” easily, likewise Google, etc).
So ask the important question,
“How does the computer know the certificate is expired?”
There are a couple of ways but they both have the following in common,
“From an external refrence”
That is the computer gets told the time/date or gets a certificat expiry/revoked list.
So one way to fool the computer is,
1, Set the internal clock back.
2, Stop it having external access.
3, Use install media that predates the certificate expiry date.
That way the computer will not know the certificate has expired.
Unfortunately since Win10 Microsoft has forced the “external access” onto people, and it would appear with Win11 they are heading rapidly to making it mandatory. Which must make Win 7 quite attractive to many people even though it is fairly soon going to be EOL’d.
So another way may be to first install Win 7 and add the drivers if they are from then or earlier. Then upgrade to Win10 which may keep the drivers, then upgrade to Win11.
But my prefered option has always been “Split Backups”.
When you install plan ahead. Importantly partition hard drives in a certain way to enable as fuller independence between,
1, OS and lower.
2, Applications, and App config.
3, User data and User configs.
So that you can “independently” pull in stuff from backups.
People who do regular testing of “applications” used to do this on an almost weekly basis, and still do, but “containers” make things a lot less painfull.
So the second step after setting up the hard drives correctly is to install a basic system. That is get the basic OS and drivers etc in and functioning with the earliest date you can. Then take a couple of backups. Then advance the system clock and do any upgrades / patches for OS and drivers then backup again. Likewise as you add apps take backups after you install each app.
Yes it appears “painfull” and it is, but remember the important point… You can roll back the hardware clock and then you can “re-install” from backup without needing the system to “go online”…
Obviously there is more to it than my brief 20,000ft view, but… remember Microsoft “has a madness gripping it”. That is they are hell bent on forcing you to go online in their sociopathic version of reality, in every which way they can… Which forces you into their plan to not just take over ownership of your data, but hardware as well. Thus force you into thrir highly profitable “rent seeking” model, with that extra added “data rape” model as one of their “cherries on top”.
So if you do not “plan ahead” for this properly then you will be “doomed”…
Don’t say you were not warned.
SpaceLifeForm • March 5, 2022 5:23 AM
@ ResearcherZero
LOL. Never seen. Will not be seen again. Not bookmarked.
Besides, when it tried to change to the 2nd scene, it locked up FF so bad, and X11, I had to go to console.
Sad. I don’t even have a Nvidia card on this box.
Though, Ruby does look hot.
SpaceLifeForm • March 5, 2022 5:42 AM
@ snur-pele, ALL
I hope Clive gave you enough clues.
You may want to research clonezilla.
SpaceLifeForm • March 5, 2022 5:52 AM
Rasputitsa
This reminds me that I need to rotate my tyres. My battery is not old.
hxtps://nitter.net/TrentTelenko/status/1499164245250002944#m
hxtps://nitter.net/TrentTelenko/status/1499894935209795594#m
Pau Amma • March 5, 2022 5:58 AM
Can anyone suggest tools that would let a website archival service check websites for malware before it starts archiving them? More specifically, check the whole site before archiving any page, since detectable malware on some page may hint that others have undetected malware, so the prudent approach is to skip (or at least quarantine) the whole site in that case.
SpaceLifeForm • March 5, 2022 7:10 AM
It’s a good sign when Conti hackers do not know how to exit Vim
There is actually an interesting graphic in a reply. I have never seen this graphic, probably because I learned vi (pre Vim) on a dumb terminal, and graphics on a computer did not exist, nor a printer that could render it. It points to some functionality I never learned using special characters. Or I just forgot them. Most people can be productive in Vim without knowing all commands, once they understand what is happening with the regards to the difference of command mode and insert mode.
hxtps://nitter.net/ZeroLogon/status/1499501978854039555#m
Petre Peter • March 5, 2022 10:06 AM
Just watched ‘Deep Web’ 2015 documentary which can be found on youtube.
Communism was a rabbit hole I managed to get out of but it seems like I have fallen into another one.
In this cat and mouse game, the mouse will win in the end but the cat will be well fed.
Petre Peter • March 5, 2022 10:59 AM
My mind likes to go places but it’s gotta’ be on it’s own free will; otherwise, it’s good for nothing.
&ers🇺🇦 • March 5, 2022 11:46 AM
@Clive @SpaceLifeForm @MarkH @ALL
Nice gallery.
hxxps://photos.google.com/share/AF1QipMMh5HAx38U3GtsQTnP1AAl6LWe-XTxhVJApSro1opHQjag-Rt1Ebvr-D3_TSTEqA?key=Si1HbnpfRGx1T20zbXd3RWlkUEZlTlJEU29DT0xn
Winter • March 5, 2022 12:04 PM
Why are people dying in a war in Ukraine? Maybe for Putin to live in even bigger palaces?
Putin’s Imperial Palaces Are a Manchild’s Dream
The Russian leader isn’t the macho genius of Western fantasy.
ht-tps://foreignpolicy.com/2021/06/01/putin-imperial-palaces-wealth-navalny-corruption/
The architecture and decorations produce a textbook example of what writer Peter York terms “dictator chic,” a style characterized by “ludicrously overscaled” dimensions; extremely excessive use of gold, glass, and marble; ubiquitous rococo furniture; and frequent depictions of “macho creatures,” whether lions, eagles, or wolves. Golden two-headed eagles of dubious craftsmanship festoon much of the interior, and an inferior knockoff of the gold eagle atop the iconic and elaborate Winter Palace gate adorns the far less elaborate (but similarly massive) front gate of the structure. Gold, glass, and marble adorn nearly every room, as does furniture from Italian firms whose products are both flamboyant and outrageously expensive. A single couch and its dressing table together cost more than $54,000.
lurker • March 5, 2022 12:13 PM
@Clive: [MS] are hell bent on forcing you to go online in their sociopathic version of reality,
Funny thing is they didn’t even know the internet existed until Al Gore invented it around 1990-something.
Ted • March 5, 2022 12:55 PM
@Petre Peter
I don’t believe Russia has a communist government. China and Cuba do. But I think, at least on the books, Russia is federal democratic state. It has, however, been commandeered to behave more like an autocracy. Some have even said a dictatorship.
To your point about privacy, I wouldn’t want to live in an autocracy with all its apparatuses of control. There are spectrums of abuse and invasiveness and these states are not lacking here.
Petre Peter • March 5, 2022 1:15 PM
@winter
What’s the point of the computer if we still need administrative palaces. My mind is my palace.
@ted
Russia is starting to look a lot like an intelligence dictatorship reminiscent of communist Romania’s nomenclature
Ted • March 5, 2022 2:16 PM
@Peter Peter
Yes, or even East Germany’s, where Putin was stationed in Dresden as a KGB officer. He worked alongside the Stasi. Talk about an intelligence police state.
Winter • March 5, 2022 2:46 PM
@Ted, Peter
“I don’t believe Russia has a communist government.”
North Americans, in my experience, call everyone they don’t like “communist”.
When asked, they have no idea what communism actually means to the people who call themselves Communist or Socialist. The idea that every Communist admires Stalin or Mao is a sure sign of an American education.
Russia is not a Communist state, even though it’s authoritarian leader admires Stalin. Russia is a classic Kleptocracy, more like Indonesia under Suharto or the South American dictatorships.
vas pup • March 5, 2022 2:56 PM
Are there animals that survived from the age of the dinosaurs?
https://www.dw.com/en/are-there-animals-that-survived-from-the-age-of-the-dinosaurs/av-61009818
Are we going survive in case of ‘hot but empty heads’ put all the world into brink of Apocalypse: WWIII just to pursue their imaginable goals and (bleeping) ego in zero sum game?
The best way is to chill down, evaluate all options and outcomes and decide logically not emotionally
do we need victory when nobody could see it thereafter?
SpaceLifeForm • March 5, 2022 3:42 PM
Looks like nitter having issues.
Overloaded? DDoS? Twitter block?
Can anyone else confirm?
&ers🇺🇦 • March 5, 2022 4:43 PM
@Clive @SpaceLifeForm @MarkH @ALL
A very nice image 🙂
hxxps://pbs.twimg.com/media/FNGUwuUXIAEZ_sT?format=jpg
SpaceLifeForm • March 5, 2022 4:53 PM
Fast moving teapot
hxtps://nitter.net/a7_FIN_SWE/status/1500179680862908424#m
It also looks like time on watch does not compute.
SpaceLifeForm • March 5, 2022 5:22 PM
Secure YOUR perimeter
hxtps://www.zdnet.com/article/nsa-report-this-is-how-you-should-be-securing-your-network/
The report covers network design, device passwords and password management, remote logging and administration, security updates, key exchange algorithms, and important protocols such as Network Time Protocol, SSH, HTTP, and Simple Network Management Protocol (SNMP).
vas pup • March 5, 2022 6:00 PM
Wow! Even birds do not like being tracked.
I guess they assume tracking may always have sinister angle:
How Birds Outwit Scientists
Australian magpies altruistically help each other remove tracking devices
https://www.psychologytoday.com/us/blog/animal-minds/202203/how-birds-outwit-scientists
Clive Robinson • March 5, 2022 6:39 PM
@ SpaceLifeForm, ALL,
It’s a good sign when Conti hackers do not know how to exit Vim
The “poor little Dears” were probably confused… And forgot what mode[1] they were in…
The thing about “vi”/”vim” is not only is it bi-modal[1] it’s also “a bit like skining a cat”… that is, there is almost always more than one way to do something[3]… Including just giving it a couple of Z’s 😉
[1] For those that are not used to the ancient art of the “command line”[2] or editing on it, or know nothing about “vi”/”vim” the thing is you have to understand the notion of bi-modal operation… That is you can be in one of two states, “command mode” or “input mode”. In an editor like “vi”/”vim” you use “command mode” to move the cursor around the text buffer, or do other things like save or open files or do things with text buffers. Or you are in “Input mode” to enter text into a text buffer. Just to be confusing “Input mode” can it’s self be in one of two basic “Input modes” “insert mode” or “overwrite mode” where you type in text into the “text buffer”. As “vi” was based around the earlier line editor “ed” from back in the paper based teleprinters like KSR/ASR “ttys”[2] days of the 1960’s there is no direct visual indication of which mode you are in. So hitting the ‘esc’ key –what ever it is– either gets you from “input mode” back to “command mode” or your terminal gets sent the “bell” character if you were already in “command mode”.
[2] For those that were born after Windows became “the way”… We old folks had football player shoulders and bad hearing, from bashing away at electro-mechanical serial terminals. From back in the 70’s and earlier. These electro-mechanical teletypes, known as Teletypes or TTYs, actually predated even the notion of computers and printed on big rolls of paper that alowed for “66 character lines” and to “store” output to punch paper tape… So there was no concept of anything other than “the line”. Not even “a screen”, that started to change in the 1970’s with “Glass TTYs” that had 80×24 character displays called “screens” some of which alowed “screen addressing”. The notion of “Windows” came with the “raster graphics” “graphical terminals” that followed on from the “vector graphic” graphics terminals based on “storage oscilloscope” technology. It was a follow on of 8-bit “home computing” that started back in the late 1970’s.
[3] There are multiple ways in “command mode” to get out of “vi”/”vim” back to the “command line” proper or behave as though you’ve exited and gone back in, such as 😡 :w :q :vi and multiple variations there on. These can be prefaced by ‘esc’ if you are in “input mode”[1].
&ers🇺🇦 • March 5, 2022 6:52 PM
@SpaceLifeForm
However, Nitter cert has expired.
“nitter.net uses an invalid security certificate. The certificate expired on 6. march 2022. a. 1:57. The current time is 6. march 2022. a. 2:49.”
JonKnowsNothing • March 5, 2022 8:27 PM
@ Winter, @Ted, @Peter
re: “I don’t believe Russia has a communist government.”
North Americans, in my experience, call everyone they don’t like “communist”.
Americans also use the word “Socialist” interchangeably with “Communist”. Few people know the difference.
A dated but funny movie about “quitting smoking” used many caricatures of the period (1970s) including the “John Birch Society” looking for “Pinkos”. Some 50 years later, not much has changed other than everything is now electronic.
Before streaming, records were The Thing and great performances were recorded in “reader’s theater” format. That’s audio only without visual props.
An equally funny and barely dated record-theater performance:
Stan Freberg Presents the United States of America Volume One: The Early Years
Worth a listen and you probably won’t think of Ben Franklin or George Washington quite the same way afterward.
It remains hazardous in the USA to have those labels used against you.
===
Search Terms
John Birch Society
Cold Turkey (1971 film)
Def: Pinko is a pejorative coined in 1925 in the United States to describe a person regarded as being sympathetic to communism, though not necessarily a Communist Party member. It has since come to be used to describe anyone perceived to have radical leftist or socialist sympathies.
Stan Freberg Presents the United States of America Volume One: The Early Years (1961)
ResearcherZero • March 5, 2022 9:00 PM
@Clive Robinson
It’s disappointing how little responsibility many of these kids playing with malware demonstrate. They have little idea of what they are playing with, nor do they consider the ramifications for themselves.
–
After Lapsus$ leaked NVIDIA’s code-signing certificates, security researchers quickly found that the certificates were being used to sign malware and other tools used by threat actors.
According to samples uploaded to the VirusTotal malware scanning service, the stolen certificates were used to sign various malware and hacking tools, such as Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans.
For example, one threat actor used the certificate to sign a Quasar remote access trojan, while someone else used the certificate to sign a Windows driver.
While both stolen NVIDIA certificates are expired, Windows will still allow a driver signed with the certificates to be loaded in the operating system.
Due to the potential for abuse, it is hoped that the stolen certificates will be added to Microsoft’s certificate revocation list in the future to prevent malicious drivers from loading in Windows.
However, doing so will cause legitimate NVIDIA drivers to be blocked as well, so we will likely not see this happening soon.
https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/
To prevent known vulnerable drivers from being loaded in Windows, David Weston, director of enterprise and OS security at Microsoft, tweeted that admins can configure Windows Defender Application Control policies to control what NVIDIA drivers can be loaded.
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create
–
Lapsus$ Samsung Leak
Lapsus$ published a description of the upcoming leak, saying that it contains “confidential Samsung source code” originating from a breach.
Lapsus$ split the leaked data in three compressed files that add to almost 190GB and made them available in a torrent that appears to be highly popular, with more than 400 peers sharing the content. The extortion group also said that it would deploy more servers to increase the download speed.
source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control)
algorithms for all biometric unlock operations
bootloader source code for all recent Samsung devices
confidential source code from Qualcomm
source code for Samsung’s activation servers
full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services
https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/
–
ShrakBot distributed via the Google Play Store as a fake Antivirus.
We found that they have to include the usage of infected devices in order to spread the malicious app. SharkBot achieves this by abusing the ‘Direct Reply‘ Android feature. This feature is used to automatically send reply notification with a message to download the fake Antivirus app
The four primary functions in SharkBot’s latest version are:
Injections (overlay attack): SharkBot can steal credentials by showing web content (WebView) with a fake login website (phishing) as soon as it detects the official banking app opened
Keylogging: Sharkbot can steal credentials by logging accessibility events (related to text fields changes and buttons clicked) and sending these logs to the command and control server (C2)
SMS intercept: Sharkbot can intercept/hide SMS messages.
Remote control/ATS: Sharkbot has the ability to obtain full remote control of an Android device (via Accessibility Services).
https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
–
“We have seen several situations where malware has been specifically targeted at charities, NGOs, and other aid organizations in order to spread confusion and cause disruption.”
“In these particularly egregious cases, malware has been targeted at disrupting medical supplies, food, and clothing relief.”
https://www.aboutamazon.com/news/community/amazons-assistance-in-ukraine
Freezing_in_Brazil • March 5, 2022 9:36 PM
@ Clive, SLF
Much obliged for your thoughtful replies here and here [last week squid – re urandom, etc]. Much appreciated.
Regards.
lurker • March 5, 2022 10:01 PM
@ResearcherZero: 190G Samsung source on torrent
Well, if Samsung’s OS and apps are secure they’ve nothing to worry about. That’s how Open Source works, isn’t it?
JonKnowsNothing • March 5, 2022 10:09 PM
@ ResearcherZero , @Clive
re: It’s disappointing how little responsibility many of these kids … demonstrate.
In the USA, it has never been about “responsibility”, it’s about Not Getting Caught.
It’s also common in other countries. The USA doesn’t have a monopoly on the concept. Few historical references are about “responsibility” but a great many are about “Getting Away With It” and “Not Getting Caught” for a long time.
Some folks are still getting away with it, even though they were caught.
ResearcherZero • March 5, 2022 10:25 PM
@JonKnowsNothing
That may very well be the problem, and not just in the U.S.
6th Directive on AML/CFT (AMLD 6) – (operational in 2024)
The legislative package will be discussed by the European Parliament and Council. The Commission is hopeful for a speedy legislative process. The AML authority should be operational in 2024 and will start the work of direct supervision slightly later, once the directive has been transposed and the new rules start to apply.
https://ec.europa.eu/info/publications/210720-anti-money-laundering-countering-financing-terrorism_en
The 6AMLD offers greater clarity to the definition of the types of crimes that might be considered money laundering or terrorist financing. Unlike previous AMLD regulations, which only prosecuted those who directly profited, the new directive poses similar penalties for those who may be guilty of aiding and abetting this type of criminal activity.
https://assets.kpmg/content/dam/kpmg/mt/pdf/2019/01/aml6-directive.pdf
ResearcherZero • March 5, 2022 10:40 PM
8 years to react to something that many experts were banging on about for the previous 30 years, seems a little slow to me, but… Lookout it’s a flipping icebreg!
“In countries with populist or autocratic leaders, we often see democracies in decline and a disturbing pattern of attempts to crack down on civil society, limit press freedom, and weaken the independence of the judiciary. Instead of tackling crony capitalism, those leaders usually install even worse forms of corrupt systems,”
“Only where there is freedom of expression, transparency in all political processes and strong democratic institutions, can civil society and the media hold those in power to account and corruption be fought successfully.”
2016 showed that around the world systemic corruption and social inequality reinforce each other, leading to popular disenchantment with political establishments and providing a fertile ground for the rise of populist politicians.
This year more countries declined in the index than improved, showing the need for urgent action.
https://www.transparency.org/en/press/corruption-perceptions-index-2016-vicious-circle-of-corruption-and-inequali
More than eight-in-ten Americans (84%) believe it is possible to improve the level of confidence people have in the government.
Their written responses about how to make headway on trust problems urge a variety of political reforms, starting with more disclosure of what the government is doing, as well as term limits and restrictions on the role of money in politics.
Some 15% of those who answered this question point to a need for better political leadership, including greater honesty and cooperation among those in the political class.
https://www.pewresearch.org/fact-tank/2019/07/22/key-findings-about-americans-declining-trust-in-government-and-each-other/
lurker • March 5, 2022 10:53 PM
Responsibility or not getting caught?
When when it comes down to being caught between a rock and a hard place you just need to go back to first principles in the terms of what’s right morally, or within you.
faith and fidelity for the wirecard whistleblower
SpaceLifeForm • March 6, 2022 12:17 AM
@ Anders
New certificate for nitter now, from Let’s Encrypt.
Expires 2022-06-04. Seems to be working again.
Clive Robinson • March 6, 2022 1:31 AM
@ Freezing_in_Brazil, SpaceLifeForm, ALL,
Much obliged for your thoughtful replies…
That’s what we try to be here for.
But in what may become a replacment for that “supposed” acient Chinese curse of “May you live in interesting times”, I offer you,
“May a small part of your life be truly random”.
With the additional hope of “May it be confined to where you want it” 😉
John • March 6, 2022 4:17 AM
Hmm…
Samsung phones now open source.
This would be great if the code weren’t so big and obscure.
Gotta keep things simple and easy to understand.
John
Freezing_in_Brazil • March 6, 2022 5:58 AM
@ Clive
<
blockquote>“May a small part of your life be truly random”.
<
blockquote>
I raise a toast to that. Cheers! 🙂
Clive Robinson • March 6, 2022 7:11 AM
@ SpaceLifeForm, ALL,
Do not believe anything russia says.
The UK Defence analysts certainly think it was at best a cynical attempt by Putin/Russia to regroup, re-arm and go back on a renewed offensive, whilst blaiming the Ukranians every which way Putin can,
The thing Putin / Russia has forgotton is that with mobile phones and the like, there is recordings made not just by Ukrainian forces and Ukrainian civil authorities, but many journalists and citizens as well. Which importantlt can be “stitched together” to show Russian forces did not in anyway observer the ceasefire, or let civilians out of besieged areas…
In short all Putin’s “noise” is lies for his “home audiance” so that Russian’s do not realise that Putin’s only strong suits are lying realy badly and failing appalingly, and they realy should get rid of him, before he brings down more death and destruction on them individually and as a nation.
JonKnowsNothing • March 6, 2022 8:44 AM
@Clive Robinson , @ResearcherZero, @All
re: greed and the power it gives a few at the expense of all others
RL anecdote tl;dr
A few days past, I was putting fuel in the car. I have a limited budget and my allocation of $20 USD for @4 USGallons of fuel has to last a L O N G time.
Another driver pulled into the other side of the pump and started fueling their car.
I noticed a crumbled wad of money on the ground. The top note being $5 USD. I asked the other driver if they had lost the money. They said no, it wasn’t theirs.
I picked up the money with 2 fingers and took it to the service kiosk and told the clerk that someone had dropped the money and gave the wad to the clerk. I told the clerk someone might need that money and come back for it.
I wasn’t too sure the clerk wasn’t going to just stuff it in their pocket, but it was the best I could do to return it to the “not in view” owner.
When I went back to my car, the other drive said.
“That was the most honest thing I’ve seen.”
I was a bit surprised.
We had a good 5 minute chat about such actions. I said it wasn’t that hard, the money wasn’t mine and someone might need that $5.
Greed is often about taking advantage of someone unable to negotiate on an equal basis. The AU-East Timor Oil Spy Scandal was about Australia getting the “upper hand” in the negotiations at the expense and detriment of East Timor. Win-Lose.
Greed is not necessarily a factor in all exchanges. Win-Win exchanges leave both parties with acceptable exchanges. Fair Play.
In the US and other neo-libertarian economies sanctify the Greed part, play pious Sunday homage to the Fair Play part, and on Monday return to stripping everything from anyone and everyone around them.
The USA worships such people. These people pass off their Greed by creating “faux reputation cleaning programs foundation” programs. Funded by many $USD and sometimes able to achieve “something useful”, their roots are in Greed and Greed is still the basis on how they function. A very high level concept of Greed to be sure.
In MMORPG video games, when grouped players “win” at a difficult task, a “loot chest” of desirable game goods appears. In the chest are 1 or 2 very rare items and the competition for those items is fierce. Everyone wants them and Everyone needs them. The possibility of getting the items is what drives the group interaction in the first place.
There are several methods of allocation:
- Pass (skip I already have it or cannot use it)
- Roll (a computer generated dice roll)
- Need (I can use it right away)
- Greed (I can sell it to other players)
- Master (the leader of the group gives it to who they want)
The amount of fighting over the allocation of these “digital bits” is one of the hallmarks behind the poor reputation grouping activities have. It’s rather horrendous human behavior over Pixels On A Screen.
It’s also an indicator of how people really think, even if they go to a Sunday soul cleansing.
===
Search Terms
Australia–East Timor spying scandal (2004-current on going)
Witness J
* Witness J, also known by the pseudonyms Alan Johns and Prisoner 123458, is a former Australian intelligence officer who was subject to a secret trial (under section 22 of the National Security Information (NSI) Act), and secret imprisonment in 2018, for supposedly breaching Australian national security laws.
Witness K
Bernard Collaery
JonKnowsNothing • March 6, 2022 9:02 AM
@All
re: they really should get rid of [fill in the blank], before [fill in the blank] brings down more death and destruction on them individually and as a nation.
Consider carefully what this sentence means. Fill-In-The-Blank can be directed at ANYONE at ANYTIME or ANYWHERE.
An article in the Intercept this weekend, is all about how the USA “fills in the blank” anyone they want to put in the LEA database: teachers, journalists, ordinary persons and religious leaders of many denominations.
To make such an assertion, the “people in question” have to have a “meaningful and legal” method of changing leadership.
The USA, is struggling with this. The next elections may not be “meaningful”. In coarser parlance: they will be legally rigged – emphasis on legal, as part of gerrymander voter mapping.
===
Search Items
ht tps://th einter cept.com/2022/03/06/cbp-border-surveillance-migrant-caravan/
- About the U.S. Customs and Border Protection hit list database of “persons of interest” and actions coordinating with LEA counter parts in other countries. Operation Faithful Patriot aka Operation Secure Line
Gerrymandering in the United States
Winter • March 6, 2022 10:17 AM
@Clive
“In the process China gained for free a massive input of “Intellectual Property” or “trade secrets” that it paid not one penny to on R&D costs. ”
I heartily applaud this behavior of China. China has transformed itself from a poverty and hunger ridden third world country into an industrialized country. This has lifted a billion people out of abject poverty. For that it needed know-how it obtained, like every other country in history, from other countries.
Every industrialized country started their industrialization by copying others that came before them. They only recognized patents after they had collected enough know-how to protect their own industry against foreign newcomers. Even today e.g., the USA still does not recognize foreign patents and copyrights, but has a whole arsenal of legal tools to monopolize foreign inventions and know-how to the benefit of US industry.
“Intellectual property” is a ploy to keep people ignorant and poor. Those who “possess” the IP have just obtained a toll-boot at the end of a long road of inventions and innovations to which they did not contribute anything. Industrial patents are a disease that stifle innovation and kill progress. Especially USA patents are simply a tax on global businesses and trade. Countless are the stories of companies and people that were forced to pay license fees to a US company for their own inventions and innovations.
There have been numerous studies into the benefits of IP, they tend to show the costs to be high and the benefits negative, or too small to measure.
References [sorry, old links, they might not all work]:
Bessen, J.E. and M.J. Meurer, (2008), Patent Failure: How Judges, Bureaucrats, and
Lawyers Put Innovators at Risk, Princeton and Oxford: Princeton University Press.
ht-tp://books.google.nl/books?hl=nl&lr=&id=DLGWiySQRP4C&oi=fnd&pg=PA1&dq=costs+and+benefits+of+%22patent+system%22+bessen+meurer&ots=uSiNLYdxx4&sig=hmfmS5bJteCBU4mCFz6sB3M4Q2c#v=onepage&q=costs%20and%20benefits%20of%20%22patent%20system%22%20bessen%20meurer&f=false
Others:
What are the Costs and Benefits of Patent Systems?
ht-tp://papers.ssrn.com/sol3/papers.cfm?abstract_id=1409503
The benefits and costs of strong patent protection: a contribution to the current debate
ht-tp://www.sciencedirect.com/science/article/pii/S0048733398000481
When means become ends: considering the impact of patent strategy on innovation
ht-tp://www.stuartmacdonald.org.uk/pdfs/Macdonald.pdf
Patent systems for encouraging innovation: Lessons from economic analysis
ht-tp://www.sciencedirect.com/science/article/pii/S0048733306001326
Not sure about the scientific “status” of the following, the reader beware:
Patents Are An Economic Absurdity
ht-tp://fare.tunes.org/articles/patents.html
PATENTS AND COPYRIGHTS: DO THE BENEFITS EXCEED THE COSTS?
ht-tp://www.indytruth.org/library/journals/libertarianstudies/15/15_4_3.pdf
SIC • March 6, 2022 11:02 AM
“In conflict, where information is everything, what is striking about the war in Ukraine is not what is known but the very large areas of unknowns.
And even as commentators have picked over and analysed everything that is known about the Russian military’s operations and performance in Ukraine in an effort to predict the trajectory of the conflict, it’s what is poorly understood that may yet be more significant still.”
lurker • March 6, 2022 11:49 AM
@SpsceLifeForm, Clive, re ploy
Apply Hanlon’s razor: a ceasefire was agreed by leaders in a distant city;
Russian troops on the ground were not given orders;[1]
troops hear of the ceasefire through unofficial channels and the first day shooting stops;
after some confusion Russian commanders on the ground re-establish hostilities;
the second day shooting continues in the absence of ceasfire orders.
[1] Historians and military lawyers will build careers on arguing whether this was accidental or deliberate.
lurker • March 6, 2022 12:18 PM
@Ismar, All
The “first great wave” of globalisation occurred in the 19th century.
Yet another example of the failure to teach history in schools. The “first great wave” of globalisation occured in the 8th century. After Islam carried the Word from the Atlantic to the Ganges, Arab traders extended its reach from Senegal to Japan. Of course order and delivery times were measured in years rather than days and microseconds. But there was a fully synchronous system of pre-ordering and payments. Excluding the Americas it was a global market for goods and capital, with stable, low interest rates due to the Islamic sanction against usury.
.
JonKnowsNothing • March 6, 2022 12:28 PM
@SIC
re: large areas of unknowns
From the AI/ML tossed images on the MSM pages I look at, there is a great deal of ?Wha? in some of them.
Generally, things are horrible and whatever is going on isn’t going very well.
There are still some ?Wha? in the stream of images. Nearly all, maybe all, purport to be from UKR. They could be from any country with a current or recent war because a bombed out building looks pretty much the same no matter where the bombing happened.
Some of the images are clearly by Pro-Tographers: cleanly cropped, best lens, composition and good photo editing.
- ex: A very moving image of someone out side a train(?) interacting with someone inside with the outside person’s hands on the window. As the image rotated around news editions, the earliest images of the person inside was Not Visible. All you saw was the outside person’s hands on the window. Later editions the person inside became “clear” and it was the image of a child. Other editions the child was more obscured. There are at least 3 editions of this image. Of course there is no date, time or location indicated.
Perhaps War-by-Twit has arrived along with Government-by-Twit?
Like the comedy “Are you being served?”, if you miss the twit, you miss the war.
“It’s all over Mr. Grainger … The Customer wanted the loo…”.
===
Disclosure: I do not click on the UKR-RU war stories or links. I am watching images selected by AI/ML that are thrown up on the page. While I am not actively clicking I am sure to be tracked. Mouse trails, Hover Points, Page Shifts, Article Tag Monitor and others.
JonKnowsNothing • March 6, 2022 12:52 PM
@ lurker, @Ismar, @All
re: Islamic sanction against usury
The USA used to have sanctions against usury, which was defined at ~3%.
You can guess what happened after the neo-liberal, libertarian, trickle-downers picked up the banking controls or rather dismantled them.
Interest is now “Whatever the Market will bear”.
Some folks have basic ~30% interest charges.
As the economies tank, the value of work declines, rate of inflation rises and the take home pay of Oligarchs Everywhere rise, people end up borrowing more to pay for food, shelter, necessities.
They use pre-paycheck factoring (a cash out with percentage advance rate charge before the paycheck is issued) or loan sharks to make ends sort-of meet. The interest rate charges on such loans far exceed 3% and often far more than 30%.
===
Search Terms
Depository Institutions Deregulation and Monetary Control Act 1980
First food banks, now bedding banks by Gordon Brown. Former Prime Minister of the UK from 2007 to 2010
USA Payday loans under Uniform Small Loan Laws (USLL) rates are 360%–400% APR
In USA over a third of states in 2011 allowed late borrowers to be jailed. In Texas, some payday loan companies file criminal complaints against late borrowers. Texas courts and prosecutors become de facto collections agencies that warn borrowers that they could face arrest, criminal charges, jail time, and fines. On top of the debts owed, district attorneys charge additional fees. Borrowers have been jailed for owing as little as $200
Clive Robinson • March 6, 2022 2:52 PM
@ lurker, SpaceLifeForm, ALL,
Apply Hanlon’s razor
It would make an interesting possability if it were not for the burst of re-arming, re-grouping, resupplying and other behaviours that show the local commanders were well aware of what had been said in “in a distant city”
Because those re-xxx activities need not just orders, at either end, they need orders all the way along for the logistics to work. Every commander that received them knew exactly what they ment. Especially the commanders at the “sharp end” who found they were nolonger being attacked.
One definition for perfidy from the Century Dictionary of 1895,
“The treacherous man either betrays the confidence that is reposed in him, or lures another on to harm by deceitful appearances; as, the treacherous signals of the wrecker. The perfidious man carries treachery to the basest extreme: he betrays acknowledged and accepted obligations, and even the most sacred relationships and claims: as, Benedict Arnold and Judas are types of perfidy.”
Or as you might well classify those who carry out such behaviour not ad “lawful combatants” but as “terrorists” that have no respect for the norms and expected behaviours of combatants under flag.
https://en.m.wikipedia.org/wiki/Perfidy
Such behaviours are very much against the international laws, covenants, and rules of combat,that have existed for well over a century.
The reasons for the outlawing of perfidity is that it has a very predictable result.
That is the result is highly likely that the Ukranians will now lawfully issue “no mercy” and “take no prisoner” orders, on the sure and proven grounds that they are fighting a “perfidious combatant” committing war-crimes and that no matter what the Russian’s or their accomplices say, they are still actively engaged all be it unlawfully in active combat.
There is well known legal president for this from WWII and later. Perhaps the most well known were Japanese wounded who secreted handgrenades etc about their person as “suicide bombers” to kill not just themselves but as many allied troups including unarmed and legally protected medics as possible. The result was from then on allied Troops often shot wounded, fallen and surrendering japanese from a safe distance, if they had even the smallest suspicion of perfidious behaviour.
By his perfidious behaviour Putin has condemed many Russian citizens to a needless death… But… It’s not just Russian’s, it’s any of Putin’s allies, such as those in the “breakaway regions” and Belarus citizens.
SpaceLifeForm • March 6, 2022 5:25 PM
@ Clive, ALL
Short thread on assessing ones threat model
hxtps://nitter.net/SarahJamieLewis/status/1500529950213873665#m
MarkH • March 6, 2022 6:07 PM
RealFakeNews has a wonderfully apt handle.
A treaty is a legally binding contract between two or more states.
There has never been a treaty — nor, in fact, any written commitment — that NATO would deny membership to states wishing to join east of any specified point in Europe. Never.
During negotiations concerning Germany, U.S. negotiator James Baker repeatedly offered — by spoken word — the formula “not one inch east” in reference to the stationing of Western military forces in the territory of East Germany. There was no discussion at that time of NATO expansion.
Baker’s phrase did not become part of the written agreement.
Why does this commenter repeat Kremlin lies?
lucia • March 6, 2022 6:15 PM
Clive Robinson wrote:
But as a “hardware owner” you have a problem with “code signed” drivers. What do you do when you have to “re-instal” drivers after the signing certificate has expired?
It shouldn’t matter whether the certificate had expired before installation, as long as it was valid when the signature was made. In terms of expiry date, that’s easy enough to check. There have been various public timestamping servers around since, what, the 1990s? TLS certificate transparency made that mainstream and standardized from 2012–2016, and it remains so. There are ways to do this with no network access required on the client side (the cert can include all relevant proofs), though a semi-online revocation check (e.g. via downloaded CRL) would increase security.
Or to answer SpaceLifeForm’s philosophical question “What is a clock?”, for this purpose it’s anything that allows us to determine the relative order of certificate issuance, usage (signing), and expiry. Adding “certificate revocation” to that list would let us revoke a cert but keep old signatures valid. Using “real time”—civil time as determined by something like UTC—makes it easier to coördinate where multiple timestamping entities are involved. Any kind of revocation list forms its own clock (i.e., whatever appears in the list, assuming it was based on unpredictable data, happened-before the list was created).
Between Lamport and Merkle, I think all relevant knowledge was available by (the ISO 8601 year of) 1980. It’s not clear why it took the PKI people so long to work it out.
JonKnowsNothing • March 6, 2022 6:44 PM
@C U Anon, @All
re: propaganda & espionage
Neither of these items is unique to any State, Business or Civic Entity. The scale and scope of the actions may vary.
Civic and Business Propaganda is accepted as Advertising. It’s OK for Ads to have “puffery” or imply the product does more than it really can. Tech goods are excellent examples with their “get the latest edition and you will be happy” ad campaigns.
State and Corporate espionage is normal and an accepted universal practice. If you are “caught” by the other side or exposed, then the consequences can be severe or terminal. The cold war is littered with the bodies of “exposed” spies that were promised “safe passage” out from behind the wall and then the CIA just left them there. Tech news is full of High Level VIPs moving from Company A to a new job at Company B getting slammed with accusations of “Theft of Trade Secrets”.
Within most propaganda pieces are kernels of information or truth. It’s easy to take whatever is shoveled under your nose to be roses, when it’s really a pile of “last week’s vegetable peelings”.
One of the primary goals of “propaganda” is to elicit an “emotion response” of “outrage”. It’s nearly impossible to avoid but if you notice the response, it’s a good clue that something is being pushed in your direction.
This aspect is extremely well used in the USA. In our justice system the Prosecution is done by a District Attorney. Many local DAs are elected. During the election cycle any “juicy news” will get ramped up by the Current DA as proof of “tough on crime” stance, as such Election Frenzy Cases goes down well with the voting public, regardless of the true merits of the case.
SpaceLifeForm • March 6, 2022 7:39 PM
Technology changes over 80 years in Odessa, Ukraine 1942 – 2022
This is a graphic composed of two different pics. See if you can spot the differences.
hxtps://nitter.net/pic/media%2FFM6atStVgAUY4ir.jpg%3Fname%3Dorig
SpaceLifeForm • March 6, 2022 7:57 PM
My bad. Above graphic came from
hxtps://nitter.net/esesci/status/1499305831132643329#m
Credit where credit is due.
SpaceLifeForm • March 6, 2022 9:17 PM
@ lucia, Clive, Freezing_in_Brazil
It’s not clear why it took the PKI people so long to work it out.
Because it is security theatre and it takes time to convince people that something is trustable when it is not.
It all about Root of Trust, Clocks, and the circular dependency of fetching CRL or OCSP from SOMEWHERE.
CRL does not scale. Oh, we created a problem, so we will manage the solution! Enter OCSP, stage right.
Remember, just because it happens to use port 443, does not mean it really is secure.
Also, OCSP Stapling is even worse.
In that case, the web server is telling your browser: “Hey, this certificate is valid, we checked. Trust us!”
It is really grand security theatre. The tickets to the show are free!
hxtps://www.keyfactor.com/blog/what-is-a-certificate-revocation-list-crl-vs-ocsp/
SpaceLifeForm • March 6, 2022 9:35 PM
The Great Firewall of Russia
It is starting.
It appears that all Russian government systems have to use .ru DNS by Friday.
SpaceLifeForm • March 6, 2022 10:16 PM
The internet will route around damage
hxtps://nitter.net/i/status/1500613013510008836
or
hxtps://nitter.net/YourAnonNews/status/1500613013510008836#m
<
blockquote>
The hacking collective #Anonymous hacked into the Russian streaming services Wink and Ivi (like Netflix) and live TV channels Russia 24, Channel One, Moscow 24 to broadcast war footage from Ukraine
<
blockquote>
There is a video of a monitor.
lucia • March 6, 2022 10:29 PM
SpaceLifeForm:
Because it is security theatre and it takes time to convince people that something is trustable when it is not.
What do you mean by “trustable”? In computer security, “trusted” only means something is relied upon to enforce a security policy. Are you saying we should not rely on the current multitude of CAs to tell us who a certificate belongs to? Or that operating systems shouldn’t use that information to determine whether code should be executed (particularly in ring 0)?
The idea that someone signed code, therefore the OS should run it with privilege, does seem like a theatrical security model to me. But this discussion is more about whether Microsoft implemented its intended security model properly than whether such a model is a good idea. (The competing idea of unpriviliged drivers, even unprivileged PCI devices, has been around for quite some time, with little uptake. At least on phones we have some semblance of sandboxed apps.)
CRL does not scale.
It likely scales well enough for software certificates. The number of such certificates is much smaller than the number of HTTPS certificates, and people don’t seem to mind downloading multi-gigabyte OS updates. (They may complain, but they put up with it.)
Also, OCSP Stapling is even worse. In that case, the web server is telling your browser: “Hey, this certificate is valid, we checked. Trust us!”
I think you misunderstand how it works. It’s not the web server saying the certificate is valid; it’s the web server relaying a signed message from the CA saying it was valid as of very recently. (This does require the client and CA to agree on the time, and I don’t think many OSes implement time synchronization securely.)
With either OCSP stapling or certificate transparency, malware couldn’t be effectively deployed without revealing the signature to some authority. If said authority revealed the data publically, people might have noticed some “Nvidia drivers” not listed on Nvidia’s site. Then any unauthorized signatures could be revoked without affecting legitimate drivers. As it is, it might be necessary to push a software update whitelisting the legitimate driver binaries while otherwise entirely revoking the Nvidia keys.
ResearcherZero • March 7, 2022 12:04 AM
Some sort of progress on directed energy attacks and microwave eavesdropping, but will it lead to reports that do not remain classified for 40 years? Will lawmakers be briefed? And why even take covert surveillance seriously in the first place?
The NDAA directs the president to designate a senior official as “anomalous health incidents interagency coordinator,” overseeing relevant efforts across the government…
https://www.aip.org/fyi/2021/congress-passes-national-defense-authorization-act-fiscal-year-2022
“they plan to investigate the pattern of events and work with the CIA to identify who may be behind them.”
https://www.vox.com/2021/5/1/22414235/senate-intelligence-committee-havana-syndrome-warner-rubio
Lawmakers were not briefed on the department’s medical tests for directed-energy exposure until early 2021, POLITICO previously reported, even though State was administering those exams to diplomats as early as 2018.
A State Department spokesperson declined to discuss the details of Lenzi’s specific case, citing privacy concerns.
“The safety of our personnel is our highest priority,” the spokesperson added. “We take every report we receive extremely seriously, and we are doing everything we can to ensure affected individuals get the best care and treatment.”
The State Department’s apparent understanding in 2018 that Lenzi’s symptoms could have been caused by directed energy came two years before a National Academy of Sciences report declassified and published in 2020 concluded that “directed, pulsed radio frequency energy” was the likely source of the ailments. The number of suspected attacks on diplomats and CIA officers has risen substantially in the past year and have been reported on every continent except Antarctica.
Medical experts and intelligence officials have said publicly and told Congress in the past year that the symptoms likely stem from a directed-energy attack on the individual or an effort by a hostile foreign government seeking to steal data from the target’s devices.
https://www.politico.com/news/2021/10/25/state-department-2018-directed-energy-exposure-517055
“I will not try to confirm whether they are the victims of ‘an acoustic attack,’ paranoia, or Russophobia. That’s a question for the doctors.” – Maria Zakharova
The federal agency that handles whistleblower claims previously found “a substantial likelihood of wrongdoing” in the case of Lenzi and his claims of retaliation, according to an April 2020 Office of Special Counsel memo. That retaliation probe is ongoing. A separate document shows that just last month, Lenzi’s administrative leave — which he relies on to attend therapy sessions and participate in medical studies — was revoked without explanation.
https://www.politico.com/f/?id=0000017c-b7cd-d8e1-a57c-fffd2c6d0000
May 30, 1979
The Soviet Union has stopped bombarding the American Embassy with microwaves, an embassy spokesman said today.
For the last three and a half years, strong beams have been aimed at the embassy’s upper floors from transmitters east and south of the 10‐story structure.
Other microwave sources in the area have been detected for years but were not considered comparable to the searchlight‐like beams aimed at the embassy building.
American officials theorized that the microwaves could have been intended to jam American electronic‐intelligence equipment or to trigger electronic monitor devices concealed in the embassy.
https://www.nytimes.com/1979/05/30/archives/soviet-halts-microwaves-aimed-at-us-embassy.html
The Soviet Union bombarded the American Embassy in Moscow with microwaves in the 1970s and ’80s.
https://www.nytimes.com/2020/12/05/business/economy/havana-syndrome-microwave-attack.html
“I wish I was shot. I wish it had been an open wound, because then you have something that is visible and treatable and instead this is an invisible wound,” he said. “It takes you off the battlefield, it incapacitates you, it doesn’t kill you … ultimately it’s a pretty brilliant terror weapon.”
Briefers pointed to Russia as a likely culprit, the people told POLITICO, but didn’t have a smoking gun, citing difficulties in attributing the attacks.
The official notice, which was obtained by POLITICO, described the briefing as urgent and said it was centered on an “emerging threat.”
The facilities in these regions are not secure or “hardened in any real way,” one of the people said. “That makes them very, very vulnerable.”
Rep. Jim Banks, an Indiana Republican on the Armed Services Committee, did not comment on any briefings but said the U.S. government isn’t doing enough to protect personnel from directed-energy attacks.
“It came up a lot on our task force last year as a major issue that we have done very little to address,” he told POLITICO. “We have failed to take it seriously as a threat.”
https://www.politico.com/news/2021/04/22/troops-directed-energy-attacks-484246
Hung • March 7, 2022 12:15 AM
@C U Anon
That’s a candidate for your “going on” list:
“Major General Cunha focused his career on the Special Forces, and was also a Professor at the Institute for Advanced Military Studies. In 1991/93, he served in the “European Community Monitoring Mission in Yugoslavia” (ECMM-YU), where he was Chief of Operations at the Regional Center in Zagreb. In 1995 he served abroad in the area of European Forces, at Eurocorps HQ in Strasbourg and then in EUROFOR in Florence. In Portugal he was Chief of the Reequipment Department of the Army Staff. In 2000, he went to KFOR HQ as Head of the Training Division. Then he commanded the 15 Infantry Regiment, being then placed in the “NATO Joint Analysis and Lessons Learned Center” in Monsanto – Lisbon, as Chief of Staff. Already as Major General he was, from 2005 until 2009, the Chief of Military Liaison Officers of UNMIK and Military Advisor to the Special Representative of the Secretary-General of the United Nations in Kosovo.”
ResearcherZero • March 7, 2022 12:29 AM
Organizations making statements condemning Russian aggression and/or supporting Ukraine and organizations taking actions to restrict Russian participation in international commerce, competitions, and events face elevated risk of future reprisal.
We assess that Sandworm and UNC2589 are two of the most likely actors to conduct cyber attacks in retaliation, although we judge that all high-profile Russian threat actors will continue or increase cyber espionage to enhance decision advantage against Ukrainian and NATO government targets.
https://www.mandiant.com/resources/russia-invasion-ukraine-retaliation
Winter • March 7, 2022 12:30 AM
@FakeNews
“Many of the countries of the EU joined because they were bribed with free money if they did so. Economic coercion.”
Bribed by free money? That sounds awful. So good Putin never resorted to that and only used brute force and violence to convince people to stay allied to Russia.
[/sarcasm]
@FakeNews
“Ask Italy and Greece what they think, or Poland.”
Please do, and add Hungary. But then, ask the people, not the state.
@FakeNews
“Spain cracked-down on independence for Catalonia. Not a word was said in condemnation by anyone.”
Sorry, but there was a lot said about that. And the Catalans did most definitely NOT want to leave the EU. Neither do the Scots. They want to leave the UK, but not the EU.
Hung • March 7, 2022 12:47 AM
“ask the people on independence of Catalonia”
https://en.m.wikipedia.org/wiki/2017_Catalan_independence_referendum
(Yes 92%; No 8%)
ResearcherZero • March 7, 2022 1:11 AM
People are just being fed a pure stream of propaganda in Russia now by the Putin’s government.
Putin signed a law to collect money from the bank accounts of officials in the event that the amount of receipts exceeds income for three years.
The bank accounts of civil servants, as well as members of their families, including minor children, will be checked by the prosecutor’s office.
–
“RFE/RL refuses to censor our content at this critical moment for our Russian audiences. They deserve the truth and we will continue to provide them with factual information about their government’s actions and the consequences that they must now endure.”
https://www.rferl.org/a/russia-rferl-bbc-facebook-google-twitter-blocked/31735597.html
block bypass
https://d3olbu2cl74039.cloudfront.net/block
–
“In recent years, there’s been a tendency to outsource a lot of this work due to the fact that private companies have specialized knowledge and they are often better able to develop and deploy certain types of space of technology,” says Ortega, adding that many space objects are now called “dual-use.” “That means that one satellite can be used at the same time for military purposes, but also for civilian everyday things,”
https://www.wired.com/story/ukraine-russia-satellites/
Security intelligence analysts are charged with the task to look into different data streams in order to quickly identify risks related to people.
https://pentestmag.com/overview-of-osint-use-for-kyc-aml-and-crime-investigations/
Crawling and extracting open and valuable intelligence from public records.
https://osint.tools/
Winter • March 7, 2022 1:50 AM
@ResearcherZero
“People are just being fed a pure stream of propaganda in Russia now by the Putin’s government.”
That is a pretty old Russian/USSR policy.
The Russian “Firehose of Falsehood” Propaganda Model
ht-tps://www.rand.org/pubs/perspectives/PE198.html
@ResearcherZero
“Putin signed a law to collect money from the bank accounts of officials in the event that the amount of receipts exceeds income for three years.”
Seems apt for a Kleptocracy. So much for “the operation goes according to plan”.
ResearcherZero • March 7, 2022 4:20 AM
@Winter
He’s not too happy about it either.
“We don’t believe he has a realistic understanding of what’s going on.”
Putin is confused, frustrated, and directing bursts of anger at people in his inner circle.
https://www.nbcnews.com/investigations/frustrated-putin-may-order-escalation-violence-ukraine-us-officials-sa-rcna18026
“What we fear the most: The higher ups operate on the rule of covering old problems with new problems. For many of these reasons Donbass was started in 2014, we needed a way to distract the West from the topic of the Russian Spring in Crimea. Because of this, Donbass was meant to draw all attention and become the main topic of the incursion.”
“I don’t know who invented the “Ukrainian blitzkrieg”. If we were given real information then we at the very least would indicate that the plan initially is questionable, that much of it needs to be rechecked. A lot of it. Now we’ve crawled neck deep into shit, and no one knows what to do.”
https://noteplan.co/n/3D073DDB-CB0F-4ABC-BC93-01A94141445B
“These are hoaxes,” said Dmitry Peskov, the Kremlin spokesperson, in the first official reaction to suggestions that Russia could institute martial law. “These are nothing but hoaxes published on social networks, which citizens send to one another. One should be very careful about information and not to fall victim to rumours and fakes.”
https://www.theguardian.com/world/2022/mar/03/kremlin-denies-planning-to-institute-martial-law-in-russia
Putin fired the ‘Ukrainian blitzkrieg’ planner only three days after the invasion begun.
Winter • March 7, 2022 4:46 AM
@ResercherZero, All
“Putin fired the ‘Ukrainian blitzkrieg’ planner only three days after the invasion begun.”
The safe-corridors are supposed to transport Ukrainian refugees into Belarus and Russia. That would make the Ukrainian refugees hostages for the Russians.
ht-tps://www.themoscowtimes.com/2022/03/07/kyiv-rejects-moscow-proposed-corridors-to-belarus-russia-a76807
ht-tps://www.nbcnews.com/news/world/ukraine-rejects-russia-cease-fire-humanitarian-corridors-putin-belarus-rcna18936
Can they stoop even lower? Yes, they always can, and will. Remember, Stalin is their hero and role model.
&ers🇺🇦 • March 7, 2022 5:17 AM
@SpaceLifeForm @ALL
Doesn’t this make you glad?
hxxps://nitter.net/YourAnonTV/status/1500558889678516224
ResearcherZero • March 7, 2022 6:08 AM
@Winter
Yeah, I don’t think I’d trust anything Putin says, and there are way more reasons than I can think of.
Aleksandr Perepilichny was a Russian oligarch and Kremlin critic who sought refuge in Britain in 2009 and had been helping a Swiss investigation into a Russian money-laundering scheme by providing evidence against allegedly corrupt officials in Moscow.
The Surrey coroner’s court was told the toxicology report raised “serious concerns” that Perepilichny may have been assassinated for helping expose a powerful Russian fraud syndicate.
The most toxic source of Gelsemium poison is Gelsemium elegans, or “heartbreak grass,” a rare variety of a plant that only grows in Asia.
https://www.rferl.org/a/exotic-toxins-fell-kremlin-foes/27025621.html
US spies said they have passed MI6 high-grade intelligence indicating that Perepilichnyy was likely “assassinated on direct orders from Putin or people close to him”
Former MI6, counterterror, and police officials expressed disbelief at the refusal by the British authorities to countenance a full murder investigation into Perepilichnyy’s death. “It’s so obvious that it’s an assassination,” said Chris Phillips, the former head of Britain’s National Counter Terrorism Security Office. “There’s no way it wasn’t a hit. It’s ridiculous.” A former Scotland Yard commander said the police position was “very worrying”.
https://www.buzzfeednews.com/article/heidiblake/poison-in-the-system
“Putin rules over a nest of competing factions jockeying to protect their own interests while currying favor with Putin by looking out for his. Self-starters, in other words, who do the work and then try to seek some reward.”
https://www.gq.com/story/killers-of-kiev-putin-assassins
then of course they also offed Magnitsky as well…
“Magnitsky eventually discovered that money had been funneled from the Russian treasury to the companies that had been stolen from Browder. Magnitsky reported the people he’d found to be behind the theft, including the lieutenant colonel from the interior ministry, and testified against them. But instead of the culprits, Magnitsky himself was arrested.”
https://www.theatlantic.com/magazine/archive/2017/01/the-poison-flower/508736/
Alexander Smirnov, deputy director of the prison service, said: “There were clear violations from our side.” It was a “serious stain” on the service’s reputation.
Browder said nearly all the circumstances surrounding the death had been kept secret from Magnitsky’s family and the public. The only document given to his family was a death certificate stating he had died from heart failure. Five days previously a cardiogram showed that Magnitsky’s heart was normal, Browder said.
The authorities’ refusal of medical help after he complained of chest pains meant they were guilty of torture, the economists Sergei Guriev and Aleh Tsyvinsky wrote, adding that today’s Russia “evokes disturbing memories of 1937” – the year of Stalin’s purges.
https://www.theguardian.com/business/2009/nov/27/russia-browder-magnitsky-prison-death
ResearcherZero • March 7, 2022 6:44 AM
@Winter
We’ll all starve together, and that’s probably not a very good game plan from Putin. MRE’s aren’t that flash, and neither is most tinned food.
14 killings on British soil may, in fact, have been Russian FSB assassinations
“So even when intelligence strongly pointed to an assassination, police and intelligence sources said, there was often too little evidence to make a case stand up in court. In such instances, they said it could be easier to pronounce a death unsuspicious than to stoke diplomatic tensions and public alarm over an accusation of political assassination that probably wouldn’t stick.”
Reading this highly detailed expose that deals with everything from a 2006 Russian law giving FSB agents “a licence to kill enemies of the state abroad” to turf wars that seem to be taking place between American and British intelligence and even within both Scotland Yard and MI6
https://www.buzzfeednews.com/article/heidiblake/from-russia-with-blood-14-suspected-hits-on-british-soil
Theresa May, then Home Secretary, personally intervened to delay the public inquiry into Litvinenko’s death, citing the need to protect “international relations” with Russia.
https://www.documentcloud.org/documents/3859440-Theresa-May-Letter-on-Litvenenko-Inquiry.html#document/p4/a356507
And in the Perepilichnyy case, her government has withheld sensitive evidence from the inquest on “national security” grounds.
https://www.documentcloud.org/documents/3859448-Perepilichny-PII-Judgement.html#document/p8/a356508
The same withholding of evidence from coroners has also happened “quite a lot” in Australia, because it’s “diplomatically easier” and they are “scared of angering Russia, who are known to be quite ruthless”.
weak excuse if you ask me… 😡
Clive Robinson • March 7, 2022 7:56 AM
@ ResearcherZero,
14 killings on British soil may, in fact, have been Russian FSB assassinations
Err, it’s higher than that, an estimate on strange deaths of Russians alone is nearer thirty. Then there are other nationals who by dying unexpectedly have done various people in Putin’s circles a favour.
What you don’t say with,
Theresa May, then Home Secretary, personally intervened to delay the public inquiry into Litvinenko’s death, citing the need to protect “international relations” with Russia.
Is that she also put in place Ms C Dick as head of the Metropolitan Police, who control most of the anti-terrorism and similar investigations.
Ms Dick was,singularly usless at all but one thing and that was “playing politics” her first real appearence in public was as Gold Commander of the team that assasinated a Brazilian Elecrician by shooting him in the head rirulistically on the London Underground where he sat listening to his Apple Media player..
The fallout was used not to get rid of her but the then head of the Met Police, who although a “Coppers Copper” was about as honest and straight up as they come and loathed politics and secrecy.
Those who “stiched him up” all got rewarded in some way at the behest of the Home Office under Mrs May.
As I’ve mentioned before, I used to know a Russian who was a thorn in the side of some of Mr Putin’s friends. On the morning of a court case in the UK that not only would he probably have won, but also dragged a lot of Russian secrets into the public record, he was found “suicided” in his home near Kingston-upon-Thames that has a Surrey Post Code, but comes under the Met Police jurisdiction. They were very keen that it should be called a “suicide” so they did not have to get their hands dirty…
As such I do not trust in any way the Met Police, especially those in Kingston now they have been infiltrated by the Twickenham lot who have a very bad reputation for looking the other way and not doing the jobs they are ment to do. In fact one local journalist made a comment to the effect that the easiest way to get improved crime figures would be to sack the lot of them…
MarkH • March 7, 2022 9:16 AM
Moody’s Investor Service downgraded Russian debt over the weekend to Ca, one level from the bottom of its creditworthiness scale.
Ca means highly speculative, near or in default, with some likelihood of recovering the principal and interest.
In the last few minutes, currency markets have been trading more than 140 rubles per dollar.
JonKnowsNothing • March 7, 2022 10:39 AM
@All
re: Post War UKR-RU outcomes-changes
All wars come to an end (sort of). Some last 6 days, some 6 months and some 100 years and a few are dynastic in duration. There are wars that are on a continuous cycle of stop-go-stop-go too.
So from a hopeful perspective that the UKR-RU will end soon, there are things that will need doing. Venture-Vulture Capital and Disaster Capital will be there for sure but the needs will be great.
Also, to be considered are the preexisting needs elsewhere. There are @500k persons displaced in Australia from flooding (climate change) and a good many of those will have no housing for a long time. The UK has been discovered to be again deporting more “rough sleepers” as part of their on-going GetEmOut policies; the social support systems are highly gated within UK boundaries. In USA our homeless or houseless population continues to explode as the post-COVID eviction moratoriums end. In California we have 100,000 houseless persons and a good number of those are working persons who do not earn enough for an apartment. The USA also has a large number of RV-Trailers used as permanent shelter (vs their use for 2 weeks of camping). There are similar effects globally.
There are war refugees still attempting to find safety anywhere they can. The US Border is crammed. The Mediterranean Sea is a graveyard of the drowned. Australia uses island prisons with indefinite detention. So, there’s not much bandwidth anywhere. Even so, not everyone who leaves UKR will return or be able to return.
On the 10,000 ft view, there are some hopeful indicators. In historical wars, the cities get rebuilt and people return and lives go on. Sometimes they rebuild “replicas” of what was destroyed. The US bombing runs of WW2 didn’t leave much of Europe standing, so it was rebuilt as a replica. Cities are normally located near important resources and if those change then the city dies and people move elsewhere. I don’t expect that will happen in UKR. They will rebuild everything.
Except how?
If somehow RU is tasked with paying for it, it’s already been well noted that RU had nothing to pay with. A Treaty of Versailles type deal won’t help at all.
If somehow EU is tasked with paying for it, I don’t see too many contributions that will be made unless there’s some Not Good Deals like happened in Greece.
So, on the hopeful side: How will UKR rebuild? Rebuild Better? Change what’s there?
More solar? Less oil? More No-Car Highways? More dispersed population? More de-localized and de-centralized business, government?
Will UKR become to GOTO place for all refugees regardless of War Origin?
Winter • March 7, 2022 11:57 AM
@JonKnowsNothing
“All wars come to an end (sort of). Some last 6 days, some 6 months and some 100 years and a few are dynastic in duration.”
Will there still be Ukrainians in Ukraine after the War?
Russia plans to “save” all the women and children that flee the cities in Russia. That means the refugees from Ukraine end up in concentration camps somewhere in Russia (Siberia?). Just like Stalin did, and in line with China’s Uyghur policies.
This reminds me how the UK (Churchill) won the Boer war: By rounding up all the women and children in concentration camps and starve them out until the Boers surrendered.
Putin’s accusations about a genocide on Russians might simply be a projection of what he has been planning to do to solve the Ukrainian problem: Extermination.
Mr. Peed Off • March 7, 2022 12:17 PM
@ Winter
Thank you for the links on ip. If you want to know the value of ip ask the owners how much property tax they are willing to pay!
pup vas • March 7, 2022 1:17 PM
How to send messages in Ukraine if the internet shuts down
https://www.dw.com/en/how-to-send-messages-in-ukraine-if-the-internet-shuts-down/a-61041676
JonKnowsNothing • March 7, 2022 2:01 PM
@ Winter
re Will there still be Ukrainians in Ukraine after the War?
Of course there will be Ukrainians in Ukraine.
Individuals may not remain in a particular location but a “group” or “identity” can. There are some groups that seem to have “disappeared” but then they are found right in the same place as they always have been. (1)
Sometimes the group names change on geographic changes or after a border changes but the groups are still there.
Cultures are much harder to destroy although plenty of attempts are made to do so.
Surrender is not The End. People and ideas remain. Some may be destroyed or lost but rarely all.
The history of Europe is replete of such examples. The lines change, the people remain. Even under the worst conditions. That Europe continues to impose conditions on any groups, and those groups continue to persist in spite of imposed rules, shows how resilient humans are. (2)
===
1) RL anecdote tl;dr
During early school years, we had a children’s version of world history. About 1 week per historical period. Not too much detail. First we studied Phoenicians, Egyptians and Romans.
I was confused because I didn’t think those groups just magically disapparated. And I asked the teacher:
What happened to the Phoenicians? Where did they go?
Of course, I got dead air as a response.
* The Phoenicians are still there. Their name has changed over time.
* The Egyptians are still there, although there was a big influx of Greeks.
* The Romans are still there, we call them Italian now.
2) Romani, Travelers, Reindeer Herders and other migratory groups are just a few of many groups that do not “fit in”.
&ers🇺🇦 • March 7, 2022 3:19 PM
@ALL
Interesting reading. Cyber stuff is also included. And my country.
hxxps://www.nytimes.com/2022/03/06/us/politics/us-ukraine-weapons.html
&ers🇺🇦 • March 7, 2022 5:29 PM
@Clive @SpaceLifeForm @ALL
hxxps://www.reversemode.com/2022/03/satcom-terminals-under-attack-in-europe.html
Clive Robinson • March 7, 2022 6:44 PM
@ &ers, SpaceLifeForm, ALL,
Re : killing satcom terminals.
Honest answer, is it’s probably all to easu, and may not require very much effort, as it’s probably not secured (engineers being engineers not security specialists).
Modern systems from your home toaster, through most kitchen goods, and other domestic products, through vehicles and much more are made “efficient”.
Most components used in mass production goods have too wide a tolerance to be “efficient”. So don’t have any chance of meeting “efficiency ratings”.
Therefor the trick is to make all the “bias points” programable from software. That way every unit made is uniquely tuned for optimal opperation and the values stored away in an EEPROM or similar.
If you can get to the EEPROM then you can make the bias points move to the point electronics rapidly fail.
One such is to change the gate bias on RF Power MOSFETS so they draw to much biad current and over heat not just the Power MOSFETS but the power supply as well.
Sometimes to get efficiency things are designed to use Class D Bridge drivers, such as motor drives and much else.
Back inthe 1980’s there was the infamous “Poke To Expload” where a single memory location was in fact a driver for an “H Bridge” motor driver. Put out the wrong values and lots of things would over heat or burn out including PCB Tracks “acting as fuses” and burning out the motherboard.
All of this still happens with “Power Electronics” for Transmitters and motor controls.
The thing is engineers especially design engineers tend to be “simple creatures at heart”, and thus love to keep things easy to “de-bug”… So use human understandable commands with little or quite often no security in terms of either encryption or authentication protocols. Because simplicity often is the best way to get reliability, thus availability etc.
So there is a reasonable chance changing configuration data in the EEPROM is not at all protected…
Winter • March 8, 2022 1:47 AM
@JonKnowsNothing
“Of course there will be Ukrainians in Ukraine.”
Given the professed admiration of Stalin by Putin, I would not be so sure. He wants Ukrainian refugees (women and children) to be relocated to Russia. There they will be hostages (cf. this is how Churchill won the Boer war). There is no reason to believe they will ever be allowed to return.
Stalin has forcefully deported and moved complete ethnic populations:
ht-tps://en.wikipedia.org/wiki/Population_transfer_in_the_Soviet_Union
China is trying to “reduce” the Uyghur population
ht-tps://en.wikipedia.org/wiki/Uyghur_genocide
Assad et al. have driven out 5M people out of Syria, mostly Sunni’s, with the help of Putin.
ht-tps://www.haaretz.com/middle-east-news/after-decade-of-war-assad-is-reshaping-syria-to-entrench-his-rule-1.10625951
Before WWI, Central Europe was an amalgam of people. After WWI, massive ethnic cleanings changed that.
ht-tps://pesd.princeton.edu/node/206
Winter • March 8, 2022 2:39 AM
Every successful campaign will be trumped eventually. The St Petersburgh Troll Factory is no exception:
How Volodymyr Zelensky trumped the Russian cyber troll factory
Ukraine’s president has seen his side gain the upper hand on a very modern battlefield, but how long will it last?
ht-tps://www.telegraph.co.uk/news/2022/03/01/volodymyr-zelensky-trumped-russian-cyber-troll-factory/
Compare that to the self-important media projections of his Russian counterpart Vladimir Putin, whose own photo-ops – all ice-bath plunging, bare-chested riding strongman – offer a purely unintentional form of comedy[1]. Even Putin has had to admit that some of his stunts have been staged for propaganda purposes; little wonder, then, that when he was pictured landing a huge pike, for example, many Russians chortled and assumed it was a set-up.
[1] See:
ht-tps://www.telegraph.co.uk/men/the-filter/men-stripping-naked-homage-vladimir-putin/
ht-tps://www.thesun.co.uk/news/2000837/russian-leaders-funniest-pics-show-him-riding-a-horse-topless-hosting-public-judo-sessions-and-using-machine-guns-to-hunt/
To me, this looks like a variation on Kim Jong Un Looking at Things
ht-tps://kimjongunlookingatthings.com/
Clive Robinson • March 8, 2022 3:54 AM
@ Winter, ALL,
And so it comes to pass…
“Russia-Ukraine latest news: Moscow threatens to cut off West’s gas supplies through Nord Stream 1”
Not at all surprising for those who have seen this Russian tactic before, and warned about it.
For quite some time now various people have claimed that Putin’s hand “on the gas tap” is in reality “His hand around their windpipe”.
For various reasons that are difficult to fathom those in certain parts of the North of Europe, have not only become enamoured of mythical stories of the glories of the historic Rus (mostly historic propaganda and more recently warmed over by Putin along with his brand of “Brokeback homo-erotic” style self promotion to gain popularity with his home audiance). They have also like drug addicts become hooked on what was a cheap easy fix, of Russian gas (and in the case of the North America Russian oil).
So much so it is to the point their economies are now not just at risk, it’s significantly endangered by the hand of the mad man, who’s only care is what he sees is his destiny…
Hopefully for those in places like Germany and North America the weather will start to get warmer, and hopefully they have enough candles under the kitchen sink and books on the book shelf for when energy has to be reserved for more essential things.
One thing people have to remember is that “trade sanctions” cut both ways, and if you are not prepared for what will happen on your side then you could be taking target practice at your feet.
SpaceLifeForm • March 8, 2022 4:12 AM
Yes, I am a Dreamer, and I definitely am not the only one. Always have been, and nothing will change my mind. I have always been trying to make the world a better place, and will do so until the day I die. It’s just the way it is.
This is a great performance of “Imagine”
hxtps://piped.kavin.rocks/watch?v=N-mITkdVxxE
Sting: “I’ve only rarely sung this song in the many years since it was written, because I never thought it would be relevant again. But, in the light of one man’s bloody and woefully misguided decision to invade a peaceful, unthreatening neighbor, the song is, once again, a plea for our common humanity”
“We share the same biology, regardless ideology”
hxtps://piped.kavin.rocks/watch?v=IW0Wq-t4kSQ
ack ack ack • March 8, 2022 4:41 AM
== Linux distros patch ‘Dirty Pipe’ make-me-root kernel bug ==
- Plus: Adafruit customer data leak fallout, infosec burnout, and more
“A Linux local privilege escalation flaw dubbed Dirty Pipe has been discovered and disclosed along with proof-of-concept exploit code.
The flaw, CVE-2022-0847, was introduced in kernel version 5.8 and fixed in versions 5.16.11, 5.15.25, and 5.10.102.
It can be exploited by a normal logged-in user or a rogue running program to gain root-level privileges; it can also be used by malicious apps to take over vulnerable Android devices. If your phone is running an affected Linux kernel version – which you can find under About Phone and software information in the Settings app, typically – be aware that a rogue application could exploit Dirty Pipe to hijack your handset, tablet, or gadget.
Max Kellermann said he found the programming blunder and reported it to the kernel security team in February, which issued patches within a few days. By now these should be filtering through to affected Linux distributions. Android will take longer: we’re not aware of any official updates yet.”
“The bug can be abused to add or overwrite data in sensitive read-only files, such as removing the root password from /etc/passwd allowing anyone on the system to get superuser access, or temporarily altering a setuid binary to grant root privileges.
The bug is pretty fascinating: a screw-up during a refactoring of the kernel’s pipe handling code opens the door for allowing a user program to overwrite the contents of the page cache, which eventually makes its way into the file system. It’s similar to Dirty COW, and easier to exploit.
If you’re running Linux, check for security updates from your distro and install.
If you’re using Android, wait for Google (and potentially your manufacturer and/or carrier) to push an update to you. The latest version of Android for the Google Pixel 6 and the Samsung Galaxy S22 is right now at risk, for instance, as it uses a kernel later than 5.8.”
And the rest::: https://www.theregister.com/2022/03/08/in_brief_security/
SpaceLifeForm • March 8, 2022 4:46 AM
@ Clive, Winter, ALL
Re: Nord Stream 1 cutoff
It’s not going to happen. That is the only income Russia has.
That is also why the US has not blocked Oil imports from Russia.
It is the only lifeline Russia has now, as they keep exporting metal to Ukraine, but get no money in return.
The West needs to support this meager lifeline, so that the Russian people have a chance.
Rough guestimate currently, it that Russia is making about 20K Rubles per barrel of oil.
It will get worse. The squeeze is happening, and it is just a matter of time. It’s a shame they have lost two generals now.
I guess there is still 2G cell phone service in Ukraine.
Or, it was just another Rock and Roll band.
Winter • March 8, 2022 5:03 AM
@Clive
““Russia-Ukraine latest news: Moscow threatens to cut off West’s gas supplies through Nord Stream 1””
If the tap closes, it will never open again. But they will be closed anyway.
@Clive
“Hopefully for those in places like Germany and North America the weather will start to get warmer, and hopefully they have enough candles under the kitchen sink and books on the book shelf for when energy has to be reserved for more essential things.”
For Putin, it is now or never. He is clearly panicking. Next year, everyone will have been switched to LNG. Due to the high prices, people are already turning down the thermostat. And there are also plans to close down the very large industrial users. The pandemic has shown how you can close down part of industry without too much problems.
A 10-Point Plan to Reduce the European Union’s Reliance on Russian Natural Gas
ht-tps://www.iea.org/reports/a-10-point-plan-to-reduce-the-european-unions-reliance-on-russian-natural-gas
We also consider possibilities for Europe to go even further and faster to limit near-term reliance on Russian gas, although these would mean a slower near-term pace of EU emissions reductions. If Europe were to take these additional steps, then near-term Russian gas imports could be reduced by more than 80 bcm, or well over half.
ht-tps://slate.com/news-and-politics/2022/03/putin-russia-ukraine-oil-gas-energy-sanctions.html
Winter • March 8, 2022 7:07 AM
Ukraine: Number of refugees reaches 2 million, UN says
ht-tps://www.msn.com/en-xl/news/other/ukraine-number-of-refugees-reaches-2-million-un-says/ar-AAUM9nt
UN fears 5 million refugees could flee Ukraine if supplies aren’t brought in
ht-tps://news.yahoo.com/5-million-people-could-flee-083204373.html
JonKnowsNothing • March 8, 2022 9:38 AM
@ Winter
re: “Of course there will be Ukrainians in Ukraine.”
Last reply to your questions hit Road Rash..
Winter • March 8, 2022 9:48 AM
@JonKnowsNothing
“Last reply to your questions hit Road Rash..”
It is a sensitive subject. Had the same problem before.
Winter • March 8, 2022 10:06 AM
@SpaceLifeForm
“Re: Nord Stream 1 cutoff
It’s not going to happen. That is the only income Russia has.”
It is going to happen, but without Russia doing the cutoff. Germany is already preparing to do so. A supplier who threatens to delivering is a huge liability.
German language sites (Google Translate does a good job):
https://www.heise.de/news/EU-Kommission-weist-schnelle-Wege-weg-vom-russischen-Erdgas-6542843.html
https://www.heise.de/downloads/18/3/3/5/9/5/7/3/2022_Stellungnahme_Energiesicherheit.pdf
The National Academy of the Sciences Leopoldina concludes in a statement (PDF) that a short-term delivery stop from Russian gas could be handled by the German economy. That would be possible in weeks and months through liquefied gas imports, savings in natural gas and filling gas storage as buffer for the winter. In order to reduce natural gas demand, more electricity could be produced from coal. While doing so, the financial burdens for citizens with low and medium-income incomes should be reduced and energy taxes of companies reduced.
(Google Translate and me)
JonKnowsNothing • March 8, 2022 10:12 AM
@Winter, @Clive, @SpaceLifeForm, @All
re: Not so rosy Dec 37 group
The convoluted events of Dec 37 and prior are still unfolding the mille-feuille.
Marcy Wheeler has an interesting post about those events and the subtext about T-UKR-RU connection(s). It’s not been too clear exactly how that got initiated but the post was informative about the way some of it unfolded.
In prior posts, EW had been expanding on the issues of Julian Assange in relation to T-UKR-RU and it’s all part of the pastry dish.
It should be noted, that whenever JA is discussed you can expect a good deal of frothing at the mouth, but the position of the US Gov is clear.
My current interpretation goes something like this:
- JA working for UKR-RU (as is ES). This is USA Legal issue over “funding” and who paid for what, when and how. ES ended up in Hong Kong but then Wikileaks (a publisher) picked up some of the bill to get him to Germany but he was stopped in RU. Wikileaks(a publisher) arranged funding of RU legal team etc. The cross over of funding per the USA makes both JA and ES paid sources and the resulting publications elevate the charge to espionage. While the information was embarrassing, it’s the funding part that seems to be the connecting pin. Once “tainted” all subsequent actions are also “tainted” by the same charge.
- JA connects with CM and in course of obtaining the Afghan War logs, Iraq War logs, Diplomatic cables and other files, makes a critical USA legal error which is the basis of his USA prosecution:
** He asks if she needs help with passwords (no)
** He asks if there is more data (no) - JA-T(via friends) seeks data on Others using UKR-RU
- T(via friends) pushes for more on Others using UKR-RU connections (thru JA)
- T promotes the idea that Others are source for the UKR-RU connections (inverts the source and target)
- T(via friends) pushes for more actions against Others
- Big Friends provided cover for T+Friends+Big Friends
The pastry is still unfolding …
===
Search Terms
note: This post is not about JA. It’s about T-UKR-RU + Big Friends.
It Is Not News that Bill Barr Lied to Protect Kleptocracy
Emptywheel
vas pup • March 8, 2022 3:30 PM
TODAY is International Women’s Day see article related
Opinion: Want to empower women? Call out hate speech online
https://www.dw.com/en/opinion-want-to-empower-women-call-out-hate-speech-online/a-61041795
This part got my attention
“Hate speech vs. freedom of speech
Germany has some of the world’s toughest data privacy laws — and, oftentimes, this allows trolls to go unchecked. Online aggressors remain anonymous to escape accountability and to feel protected from legal ramifications for their attacks.
This was reinforced when Germany’s top court overturned an anti-hate speech law that, if it was evident that an alleged crime was committed, allowed user data of major social media platforms to be passed on to the police for an investigation.
Now we need to prevent such a setback from spiraling. Online platforms need to use their technology to develop tools that better prevent hate speech. Lawmakers and law enforcement need to treat cases with sensitivity, as well as impose — and enforce — criminal punishments that deter such behavior.”
Yes, I agree. To apply criminal punishment BEFORE it should clearly specified in the Law itself what EXACTLY and OBJECTIVELY is hate speech.
By the way, same applied to online platforms. Whatever is banned by Law, should be definitely immediately removed, but if platform should remove questionable ideas (e.g. conspiracy theories) or based on the moral/religious/political biases of the CEOs/owners of the platform, that is first step to kill freedom of speech altogether and to move to society of uniformly thinking conformists, aka bio-robots. Bad prospective on my view.
SpaceLifeForm • March 9, 2022 12:02 AM
No paper leaflets required
https://www.dailydot.com/debug/anonymous-hackers-text-russia-ukraine-war/
ResearcherZero • March 9, 2022 12:21 AM
The automatic VAT control system has been operational for three years now. It enables us to see creation of VAT in the whole Russian economy,” says Russian Tax Commissioner Mikhail Mishustin, the current chair of the Organisation for Economic Co-operation and Development (OECD) Forum on Tax Administration’s E-services and Digital Delivery Programme.
“We are able to track any transaction of any taxpayer anywhere in Russia and match it with what is reported by their customers and suppliers,” he explains. “All this is done with minimum human involvement, which makes the system objective and reduces risks.”
https://www.ey.com/en_gl/tax/how-russia-s-vat-analytics-platform-is-affecting-businesses
January 16, 2020
Russia’s lawmakers approved Mikhail Mishustin as prime minister on Thursday in a lower house vote, less than 24 hours after President Vladimir Putin nominated him for the role.
https://www.reuters.com/article/us-russia-politics-mishustin-vote/russian-lawmakers-approve-mishustin-as-pm-idUSKBN1ZF1J2
Putin may well have realised that his current “managed democracy” is unlikely to survive continuing interactions with the Western countries – especially if Ukraine turns West.
He needs a software reset and that software is now available. And that is crypto. But not Bitcoin and similar. He will be using a “fiat crypto” – a central-bank digital currency which is used to replace cash across the Russian economy. China is already basically there with the digital yuan.
A crypto dictator’s dream
Imagine a world where the state could monitor everything that you spend, and also switch your access to currency on and off at will.
Every single shop till in Russia is now connected in real-time to the tax system. It is illegal for a shop to sell goods or services via a till which is not connected. Every receipt that you get has a cryptographic code evidencing that the transaction has been recorded for tax purposes in the central system.
In the years since 2014, Russia has built its own internal clearing system called “Mir”. This has enabled Russian banks and commercial infrastructure to operate independently of the visa, mastercard and SWIFT as an internal matter.
Putin’s focus here is the manipulation of his own population.
A software reset based around a new digital currency requires mass adoption and acceptance – and a population that is ready to accept a much higher level of centralised control.
In order to do this, he needs to isolate his country and ensure that his population is submissive and accepting of a significant change in how things work. This necessarily includes undermining confidence in the rouble as a cash-based currency and cutting Russia’s payment systems off from international markets.
This is the dictator’s dream – controlling the people via their wallets, absolutely and totally. As we have been saying ourselves: “banks not tanks”. How much he must be laughing when he hears this phrase. And we are willingly helping Putin here, we are his accomplices in this grand plan – not that there is much we can do about it.
And once the new system is in place and working, borders can come down, concessions of a kind can be made and maybe interactions with liberal western democracies resume – but now with control systems in place that can conserve his regime for the long term.
He has now achieved what may have been his objective all along – which is the financial and media isolation of Russia.
https://the-blindspot.com/is-putins-end-game-the-roll-out-of-a-domestic-cbdc/
ResearcherZero • March 9, 2022 1:45 AM
at least three cases of encephalitis — dangerous swelling of the brain — recorded in Melbourne are suspected to be JEV, meaning it has been transmitted from pigs to humans in that state, indicating the virus has travelled the length of the east coast undetected.
JEV is spread through an opportunistic mosquito called Culex annulirostris, which feeds on a range of animals, including birds, pigs and humans.
“There is precedent — in the past a similar virus, Murray Valley encephalitis, saw widespread outbreaks in 1974 and 2011,”
“Obviously there were big floods in those years, but it’s not the floods themselves, the floods and the virus are both symptoms of the fact that those years saw months of very wet conditions, which is conducive to mosquitoes spreading the virus.”
“Measures to prevent mosquito bites include regularly applying insect repellent containing diethyltoluamide (DEET), picaridin, or oil of lemon eucalyptus; wearing loose, light-coloured clothing to cover up arms, legs and feet; and using other insecticide-based mosquito control devices where possible when outside.”
“Vaccinate the people most at risk — those people who work in and around piggeries, that would certainly help,”
“In Asia there are very good vaccines for animals [against JEV] as well, but they’re not licensed in Australia at the moment.
“But clearly vaccinating the pig herd would remove that vector for transmission.”
https://www.smh.com.au/national/queensland/qld-floods-raise-japanese-encephalitis-risk-with-cases-suspected-in-victoria-20220303-p5a1aw.html
health authorities are trying to contain recent outbreaks in Queensland, New South Wales, Victoria and South Australia, with cases confirmed in animals in at least 21 piggeries in all of those states.
The highest number of confirmed cases in humans is in Victoria, with seven infections picked up locally.
In South Australia, authorities have confirmed four cases, with another six suspected infections, including one that led to the death of a man.
“All 10 people under investigation required hospitalisation, with seven people currently still in hospital, and one person sadly passing away,”
University of Queensland virologist Jody Peters said weather conditions associated with La Niña had created “excellent environmental conditions” for the virus to thrive.
“It breeds up very, very rapidly during flooding events,” she said.
She said flooding in Australia’s north had triggered the migration of birds further south which were part of the “cycle of Japanese encephalitis”.
“Waterbirds in particular, they will become infected, they develop a lot of virus in their bloodstream and then they subsequently infect another mosquito and that drives this transmission cycle,” Dr Peters said.
https://www.abc.net.au/news/2022-03-09/health-authorities-on-alert-over-japanese-encephalitis-virus/100894208
The dangers of climate change are mounting so rapidly that they could soon overwhelm the ability of both nature and humanity to adapt.
https://www.nytimes.com/2022/02/28/climate/climate-change-ipcc-report.html
In Brisbane, the city’s mayor, Adrian Schrinner, said the floods had generated a year’s worth of landfill.
Councils hit by floods were worried piles of rubbish could become breeding grounds for mosquitoes and attract rats and mice.
https://www.theguardian.com/australia-news/2022/mar/09/qld-and-nsw-floods-create-mountains-of-waste-and-spark-environmental-and-vermin-fears
Prime Minister Scott Morrison’s office has banned media filming him visiting flood-affected homes in Lismore as he tours devastated areas of northern New South Wales.
Mr Morrison is touring the region on Wednesday when he announced his intention to declare a national emergency amid the clean-up after the natural disaster.
https://7news.com.au/news/nsw/prime-minister-bans-media-filming-him-visiting-flood-hit-homes-in-lismore-during-tour-c-5987447
Asked about the effect of climate change, Mr Morrison said it was “an obvious fact” that “Australia is getting hard to live in”.
https://www.news.com.au/national/politics/prime-minister-scott-morrison-bans-media-from-visit-to-floodaffected-nsw/news-story/b66fc7cf80a0b68eee029c94eea20e05
The Australia Institute’s climate and energy program director Richie Merzian said the situation had been exacerbated in Australia because no comprehensive national risk assessment or adaptation plan had been undertaken.
https://fotogink.com/nsw-floods-renew-climate-change-debate-over-where-we-should-live/
“no comprehensive national risk assessment” – it’s been done, but remains classified. Encephalitis is one the waterborne disease risks that was identified. Flooding should ease by the end of the week.
Twitter launches its Tor Project onion address
https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion/
= News source: https://www.ghacks.net/2022/03/09/twitter-launches-its-tor-project-onion-address/
It’s a shame they demand JavaScript be enabled in order to use the site. When I use Tor Browser, not only do I surf on “Safest” Security Level, I manually disable JavaScript via about:config “javascript.enabled” toggled to false.
They have the right idea, but requiring JavaScript to be enabled for an .onion is beyond retarded.
ResearcherZero • March 9, 2022 2:47 AM
Published in Proceedings of the National Academies of Sciences, the study suggests that unaware buyers and inadequate disclosure laws drive up financial risks that could destabilize the real estate market. The threat is likely to grow as climate change drives more frequent extreme weather.
Since 2000, overall flood damages have quadrupled in the U.S.
More frequent extreme weather could magnify the trend. In the next 30 years, flood damages to U.S. homes are projected to rise more than 60 percent, from $20 billion to nearly $32.2 billion a year, according to nonprofit research group First Street Foundation.
“Improving how we communicate about flooding is an important step in the right direction.”
“We like to think that markets work efficiently and incorporate all known information about risk,” said Burke. “But here we find clear evidence, in an incredibly valuable market, that the market is underpricing flood risk.”
Perhaps unsurprisingly, the results suggest that a buyer’s flood risk awareness shapes the value they perceive in a property. This awareness is likely informed by a combination of disclosure laws and the extent of flood risk within the community measured by the percentage of homes located in floodplains.
https://news.stanford.edu/2021/04/26/flood-risks-impact-home-values/
…The difficulty and cost associated with delayed action towards meeting a temperature target are likely to increase over time, and that rate of increase has the potential to be strongly nonlinear. In the framework considered here, the 1.5 degree temperature target is already in this regime and total costs of meeting the target are considerably greater (and less certain) than they would have been if stronger past mitigation action had occurred.
https://www.nature.com/articles/s41598-020-66275-4
Climate change impacts can exacerbate existing vulnerabilities associated with affordable housing, household wealth and savings, economic mobility, education attainment, public health, transportation accessibility, and social capital and community institutions.
https://advisory.kpmg.us/articles/2021/climate-equity-impacts-in-finance.html
…the treasury office of the United Kingdom estimated that unless we adapt, global warming could eventually subtract as much as 20 percent of the gross domestic product from the world economy.
…a major investment sector of the near future will be climate-change adaptation.
https://www.theatlantic.com/magazine/archive/2007/04/global-warming-who-loses-and-who-wins/305698/
Herrington’s study concluded that society has about another decade to change courses and avoid collapse by investing in sustainable technologies and equitable human development.
https://thehill.com/changing-america/sustainability/climate-change/563497-mit-predicted-society-would-collapse-by-2040
The authors say that it will require a total transformation of the world economy to avert damages that will cost $54 trillion, and greenhouse emissions must be reduced by 45 percent by 2030. Most importantly, they argued, the world must transition fully away from burning coal: “There is no way to mitigate climate change without getting rid of coal,”
https://www.vogue.com/article/un-climate-change-report-crisis-by-2040
Models that ignore non-financial factors and include only financial costs can produce results that don’t align with real-world decision-making, leading to ill-informed policy decisions.
https://theconversation.com/climate-policy-creates-winners-and-losers-and-governments-need-to-choose-the-best-models-to-weigh-the-outcomes-170244
The TCFD suggests that an organization should disclose its transition plan if it has identified material transition risk, including if it: i) operates in a jurisdiction with an emissions reduction commitment, ii) has made an emissions reduction commitment, or iii) has to meet emissions reduction expectations from stakeholders, especially investors and lenders.
https://advisory.kpmg.us/articles/2021/climate-related-metrics.html
Winter • March 9, 2022 2:55 AM
@ResearcherZero
“Imagine a world where the state could monitor everything that you spend, and also switch your access to currency on and off at will.”
A Kleptocracy wet dream. This will obviously result in a parallel currency and a black market. In a country where a sizeable fraction of gas and oil income disappears into foreign private bank accounts, nothing will stop corruption.
ResearcherZero • March 9, 2022 2:58 AM
@Winter
After reading all of that stuff, it appears you were right all along regarding Putin’s game plan.
I also read these:
https://www.reversemode.com/2022/03/satcom-terminals-under-attack-in-europe.html
Armis has discovered a set of three critical zero-day vulnerabilities in APC Smart-UPS devices that can allow remote attackers to take over Smart-UPS devices and carry out extreme attacks targeting both physical devices and IT assets. Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical assets and can be found in data centers, industrial facilities, hospitals and more.
https://www.armis.com/research/tlstorm/
“In addition, the actors reportedly scheduled disconnects for server Uninterruptable Power Supplies (UPS) via the UPS remote management interface. The team assesses that these actions were done in an attempt to interfere with expected restoration efforts.”
https://www.cisa.gov/uscert/ics/alerts/IR-ALERT-H-16-056-01
The number of vulnerabilities reported in 2021 increased 52% to nearly 1,440, compared with the previous year, and nearly two-thirds of the discovered security issues could be exploited remotely.
https://security.claroty.com/biannual-ics-risk-vulnerability-report-2h-2021
“Just one of these statistics is concerning enough – but the combination points to a sincere need for the industry to better practice what it preaches,”
35 multinational cybersecurity companies and their more than 350 subsidiaries hosted over 200,000 exposed assets. These assets included databases, remote access sites, and cloud services.
Reposify’s analysis showed that 86% of these companies have at least one exposed remote access service, 80% expose network assets, and 63% expose back office internal networks. Just over half of the cybersecurity firms have at least one exposed database.
https://go.reposify.com/hubfs/Reposify_Cybersecurity_Report_2022.pdf
SpaceLifeForm • March 9, 2022 3:31 AM
Ukrainian state arms manufacturer Ukroboronprom said on Tuesday it would pay $1 million to anyone who captured a combat-ready Russian military aircraft — an offer it said was open to Russian pilots wanting to switch sides. ($500K for a helo)
No foreign currency available in Russia for at least 6 months
Venezuela has freed two American detainees, including oil executive jailed since 2017
ResearcherZero • March 9, 2022 4:10 AM
Australia declares flooding a National Disaster
The Treasurer and other federal leaders have estimated the recovery cost in the billions. In Lismore, the entire town was wiped out forcing 2,000 homes and businesses to be deemed unlivable.
1800 homes destroyed. 700 trucks a day could take up to a month to clear damaged possessions. (3 ton a truck)
“The last flood that came in was about 50 centimetres high, so I was expecting that maybe it would be like 1.5 metres at worst but it was at least 2.8 metres in at 7am this morning,” she told The Australian Financial Review.
“There were cars submerged and floating past my house.”
https://www.afr.com/politics/federal/death-toll-rises-as-floods-near-peak-20220228-p5a06n
The declaration means flood victims won’t have to provide identification documents to receive support payment and in some circumstances the federal government can act independently in areas where the state governments haven’t requested help.
Floodwaters peaked in Brisbane, the Queensland capital and Australia’s third-most populous city, on Feb. 28 after it was inundated by 80% of its usual annual rainfall in the previous three days.
More than 20,000 homes and businesses had been flooded in southeast Queensland and 13 people died.
https://abcnews.go.com/International/wireStory/australia-declare-east-coast-floods-national-emergency-83335399
The Wilsons River reached levels of 14.37m on Monday afternoon, more than two metres higher than its previous record set more than 50 years ago when the river hit a depth of 12.27m in 1954.
https://www.dailymail.co.uk/news/article-10559243/amp/Lismore-floods-Pictures-K-Mart-Caltex-petrol-station-completely-water-northern-NSW.html
Winter • March 9, 2022 4:22 AM
EU has enough gas for winter, eyes gas market reform – energy chief
ht-tps://financialpost.com/pmn/business-pmn/eu-has-enough-gas-for-winter-eyes-gas-market-reform-energy-chief
All the talking points. Putin learns
Action <= Reaction
Winter • March 9, 2022 5:14 AM
@ResearcherZero
“Australia declares flooding a National Disaster”
Australian PM denies climate link as smoke chokes Sydney
ht-tps://news.abs-cbn.com/overseas/11/21/19/australian-pm-denies-climate-link-as-smoke-chokes-sydney
Australia’s Prime Minister on Thursday denied his climate policies had caused unprecedented bushfires ravaging the country and insisted his government was doing enough to tackle global warming.
…
His comments came after weeks spent refusing to speak about the link between climate change and deadly fires described by the emergency services as unprecedented in number and scale for the early bushfire season.
See also
The Quantum Theory of Climate Denial
ht-tps://skepticalscience.com/quantum-theory-of-climate-denial.html
ResearcherZero • March 9, 2022 5:33 AM
@Winter
Scott is looking at a windfall from Saudi Aramco (which is valued at $US1.5 trillion), care of Andrew Liveris who pulls in a yearly salary of $700,000, as long as Scott can maintain those gas subsidies and access to required gas fields.
Unfortunately climate change may reduce farming windfalls and already causes problems for us at our nursery due to changes in phenology.
It’s a real PITA for growing fruit trees due to changes in soil temperature, (trouble with stock producing roots), earlier seasons, flowering, pollination, pests, fungi… and a bunch of other annoying s**t.
“Phenology is the timing of recurring life cycle stages, driven by environmental forces, and how species interacting within an ecosystem, respond to changing conditions. Plants and animals in terrestrial, aquatic and marine ecosystems use temperature, day length or rainfall as cues for when to bear fruit, migrate or transform in other ways.”
…in crops, phenological shifts in seasonal variations challenge food production.
The report flags the crucial importance of conservation goals, such as maintaining suitable habitats and ecological connectivity, strengthening the integrity of biological diversity and coordinating international efforts along migratory routes.
https://news.un.org/en/story/2022/02/1112162
The timing of seasonal events has changed across Europe. A general trend towards earlier spring phenological stages (spring advancement) has been shown in many plant and animal species, mainly due to changes in climate conditions.
As a consequence of climate-induced changes in plant phenology, the pollen season starts on average 10 days earlier than it did and is longer than it was in the 1960s.
The life cycles of many animal groups have advanced in recent decades, with events occurring earlier in the year, including frogs spawning, birds nesting and the arrival of migrant birds and butterflies. This advancement is attributed primarily to a warming climate.
The breeding season of many thermophilic insects (such as butterflies, dragonflies and bark beetles) has been lengthening, allowing, in principle, more generations to be produced per year.
The observed trends are expected to continue into the future. However, simple extrapolations of current phenological trends may be misleading because the observed relationship between temperature and phenological events may change in the future.
https://www.eea.europa.eu/data-and-maps/indicators/plant-phenology-2/assessment
Winter • March 9, 2022 5:58 AM
War in Ukraine
Attack On Europe: Documenting Equipment Losses During The 2022 Russian Invasion Of Ukraine
ht-tps://www.oryxspioenkop.com/2022/02/attack-on-europe-documenting-equipment.html
Freezing_in_Brazil • March 9, 2022 8:44 AM
@ All
Snowden hasn’t posted on his Substack blog this year. I haven’t heard of him in other channels either. Does anybody think this could mean anything beyond a voluntary pause? Any chance that he could be somehow used as a pawn by any of the sides in the conflict?
Tatütata • March 9, 2022 11:18 AM
Bruce Schneier: Why Vaccine Cards Are So Easily Forged — Sometimes a little security theater isn’t the worst thing., The Atlantic, 8 March 2022
https://www.theatlantic.com/ideas/archive/2022/03/why-covid-vaccine-cards-easily-forged/626971/
Our goal should be to impose the best policies that we can, given the trade-offs. The small number of cheaters isn’t going to be a public-health problem. I don’t even care if they feel smug about cheating the system. The system is resilient; it can withstand some cheating.
[How do we know this article isn’t a forgery? 🙂 ]
lurker • March 9, 2022 11:19 AM
@ResearcherZero
JE is bad news, its fatality rates and longterm brain damage make covid look like a common cold. When I tried to get a vaccine in NZ (for travel) it was horribly expensive.
pup vas • March 9, 2022 2:17 PM
Is internet on verge of break-up?
https://www.bbc.com/news/technology-60661987
=For many, the calls for the cut-off were a dangerous slippery slope towards what is known as the Splinternet – where different countries have different versions of the internet.
The Great Firewall of China, as it is known, is perhaps the most obvious example of how a country can create its own web.
But in Iran too, net content is policed, and external information is limited by the state-owned Telecommunication Company of Iran.
Russia itself has been experimenting with a sovereign internet – dubbed Runet – for several years, albeit one that has been retro-fitted to the existing internet rather than China’s built-from-the-ground-up version.
In 2019, the Russian government said it had successfully tested the system. At the time few understood the need for it, but now, in the context of the Ukraine invasion, it all “makes a whole lot more sense”, said Prof Alan Woodward, a computer scientist from the University of Surrey.
In that test, Russian ISPs were asked to effectively configure the internet within their borders as if it were a giant intranet – a private network of websites that don’t speak to the outside world.
The initiative involved restricting the points at which Russia’s version of the net connected to its global counterpart.
Now it appears Russia is re-testing those systems – in a memo from the Russian government, ISPs were asked to beef up their security and connect to domain name system (DNS) servers in Russia.
Some thought the memo, and the date for completion of the test on 11 March, meant Russia intended to cut itself off imminently.
Prof Woodward sees it more as another test of preparedness: “This was more about Russia calling on ISPs to get ready, to make local copies of the DNS – the phone book of the internet – and to have local versions of third-party software that comes from servers outside Russia, such as Javascript.”
“Because of geopolitics, a different design for the internet is emerging, where nations are either cut off or are developing their own alternative. The global bridges, like social media platforms, that have connected populations for decades, are being brought down.”
And, according to James Griffiths, the new axis of net power will be divided between the West and China/Russia.
“Fang Binxing, known as the founding father of China’s Great Firewall, visited Russia in 2016 to assist them in what they’re doing and make the Russian firewall much more similar to the Chinese one,” he said=
SpaceLifeForm • March 9, 2022 3:38 PM
@ Clive, ALL
Silicon Turtles
Apparently some ARM too. Not surprisingly, KASLR is defeated.
This is an LPE, but once the attacker has root somewhere on your network…
hxtps://www.bleepingcomputer.com/news/security/intel-amd-arm-warn-of-new-speculative-execution-cpu-bugs/
A malicious actor with low privileges on the target system can poison this history to force the OS kernel to mispredict targets that can leak data.
To prove their point, the researchers also released a proof of concept (PoC), demonstrating arbitrary kernel memory leak, successfully disclosing the root hash password of a vulnerable system.
…
Arm has also published a security bulletin on the issue, as the novel history poisoning attack affects several of its Cortex-A and Neoverse products.
Old kit will prevent this I am sure, but of course it may be slower. Slower is more secure. What is your threat model?
Clive Robinson • March 9, 2022 5:25 PM
@ ResearcherZero, lurker,
With regards “Japanese Encephalitis Virus”(JE) and “JE Vaccine”(JEV). It’s been a while since I had reason to look that little nasty up.
It’s endemic in Asia from the Stan’s all the way through India and around Eastwards to the Pacific including the northern tip of Australia. Thus it covers the regions where well over 90% of modern consumer electronics and similar manufacturing takes place (FMCE design was an area I used to work in).
JE infects over 70,000 each year, about 1/5 of those who get it die, and around half the survivors have life long neurological disfunction. The last time I looked there was no anti-virals that had been tested with it (though the “I” med has been mentioned).
There are a couple of inactivated / antenuated vaccines for humans that are on the UN list of most important medicines. They have been around since the 1930’s one memorably named “ImoJEV”. From memory they are considered safe and give significant immunity (greater than 90%) in humans. Getting the vaccine however is not easy and requires two shots, as I found out… The advice given to travelers is similar to Malaria, Dengue and other mosquito transmitted pathogens,
1, Stay in cities where mosquitoes are low in number.
2, Avoid urban, suburban and rural/farmland areas etc where standing water is expected.
3, Use DEET or similar liberaly.
4, Wear loose fitting light coloured clothing that fastens tightly “closed” at wrists, ankles, neck.
5, Sleep under mosquito nets even in air-con city hotels.
6, Avoid going out side from late afternoon through early morning.
7, Avoid rain and other seasons when mosquitoes breed.
To name but a few…
But,
“But clearly vaccinating the pig herd would remove that vector for transmission.”
Would not actually achieve very much in practice.
The disease reservoirs are,
1, Birds
2, Swine
3, Some other mammals (humans, rodents, etc).
Whilst Swine bring a limited number of people into contact with the virus, swine are mostly “captive” thus do not geographically spread the virus widely unlike wild birds and rodents.
Also the number of swine far exceeds the human population by a very very significant factor, as do captive poultry, both being the only animal protien food in most of Asia. Whilst mass vaccinating humans is possible, you are not going to get the main disease reservoirs. So for an area with more than 1/3rd of the world population, and less than 0.1million cases a year mass vaccination is in no way cost effective (so will not happen).
It therefore makes more sense to remove the transmission vector of certain mosquitoes as this works for many pathogens simultaniously and is in many respects easier to achive (work is currently underway to this effect in some parts of the world).
SpaceLifeForm • March 9, 2022 6:03 PM
First they came for …
… those fighting against propaganda and disinformation.
Then they came for…
… those deemed not to be a ‘media outlet’.
hxtps://nitter.net/tjmcintyre/status/1501594050478153739#m
hxtps://www.lumendatabase.org/notices/26927483
People just need to grow a spine, and realize it is propaganda, and deal with it, and, most importantly, not amplify it.
Ignore the trolls.
Everyone of you is a ‘media outlet’.
Clive Robinson • March 9, 2022 9:34 PM
@ SpaceLifeForm, ALL,
Not surprisingly, KASLR is defeated.
It’s always been the case that “Kernel Address Space Layout Randomization”(KASLR) was always going to fail.
In effect all it is is “a simple substitution cipher” that “suffers from too little entropy”[1].
From an attackers perspective all they need to do is “Pin the butterfly to the cork”. That is ensure they get the same layout each time they run a probe, and keep running probes untill they have built the substitution “map” sufficiently that for the defender it’s “game over”.
The way many processes are spawned from the likes of software servers / daemons in effect “pins the butterfly”… Then there are all sorts of other “side channel” tricks that can speed things up a lot…
Which brings us to,
This is an LPE, but once the attacker has root somewhere on your network…
I’m of the view that getting a “Local Privilege Escalation”(LPE) “Zero-Day” attack is a “given” these days (hence my issolationist view point for very many years). So I see the “one ring to bind them all” SysAdmin models being at best a bit silly security wise. Especially when compared to the older “Bastion Host” model where each host “is an island unto it’s self” so getting “root” on one host does not lead to a cascade failure that the “one ring model” positively encorages.
But there is more fun to be had at Intel’s expense and anyone thinking of building themselves a new PC needs to be aware of this.
As you may remember back about half a decade ago we had “Meltdown and Spectre” raising their little heads and I pointed out that all those “go faster stripe” tricks had problems and predicted atleast a decade more of such revelations and named them “The Christmas Gift that will keep on giving” and low it has sofar been the case…
But years ago I mentioned that “Offline-Security” on the likes of CD/DVD etc were doomed to failure as you would always be able to get at the secrets on way or another (which later got proved with DeCSS[2]). The solution the CPU makers came up with was “secure enclaves” that I’ve always been highly suspicious of because of “bubbling up attacks”. Well as you know Intel’s “Software Gard eXtension”(SGX) has been insufficiently secure… Suffering repeated successfull attacks going back to 2017 (if not earlier).
So Intel has called it quits on SGX and has removed support in their 12th Generation Intel Core 11000 and 12000 CPUs. Which means payback time has happened, as the entertainment industry DRM is based on “secure enclaves”… So by removing it Intel has rendered quite a few modern PCs unable to playback Blu-ray disks in high resolution. I’m guessing that the likes of some games will also go belly up.
But… What about security applications? If memory serves correctly, is there not a “secure messaging app” –Signal– very reliant on SGX at the central server.
[1] The amount of entropy is related to the degrees of freedom that the randomisation process has, which is basically a lot lot less than is going to stop a carefull attacker.
Look at it this way if you have six objects there is only a very limited number of ways you can permutate them that is “n factorial”(n!), so for six objects it’s 6! = 720. However in software it’s generally worse than that as it’s actually a subset of n that is of interest. That is “k items from n objects”. It is called a partial permutation or a k-permutation or “n permute k”(nPk) calculated as n!/(n-k)!. So 10 objects have 10! = 3628800 permutations but if you need only 3 to fix things then 10!/7! = 720.
It’s a fairly dull read but it goes into more depth,
https://en.m.wikipedia.org/wiki/Address_space_layout_randomization
[2] DeCSS has an interesting history from “alleged” reverse enginering of a hardware device with poor security engineering through multiple failed law suits and criminal prosecutions,
https://en.m.wikipedia.org/wiki/DeCSS
Both the code and description of the appaling CSS algorithm are still out there if you know where to look, but some hold the view that linking to it is a criminal offense…
JonKnowsNothing • March 10, 2022 1:21 AM
@ pup vas
re: Is internet on verge of break-up?
I thought this was a “given” some years ago. Only the illusion of “a global network” remains.
afaik, Every country can shut the spigot off any time they want (splinter net). The countries that get “noticed” are the ones that actually tell the world (and sometimes their population) that they can do it or have already done it.
When “business and LEA” see an advantage in presenting the “illusion”, the system appears open, however as more and more news stories and people reporting techno-kidnapping incidents, the illusion gets harder to maintain.
Businesses attempt to enforce the illusion with proprietary apps that are Mandatory or you cannot engage or do business with that entity.
A recent MSM report on the Mandatory Connection provides the common theme.
===
h ttps://w ww.the guardian.com/money/2022/mar/09/i-cant-manage-my-virgin-credit-card-account-without-a-smartphone
- Summary: A person has a bank account and banks by PC and does not have a smartphone. They paid their bank credit card from a web based bank program online. The bank removed the payment option from the web based banking program and moved it to exclusive use in their new smartphone app.
The person could no longer pay the bill by web page and since they didn’t have a smartphone+app, they couldn’t pay that way either.
Consider: How many people could afford to “payoff in full” their bank cards and transfer their business to a more flexible establishment?
Balance estimates for the USA are $5,000-$8,000.
I put that much on a card just paying for dental work pre-COVID.
In the USA, banks have been closing up sub-branches and retreating into high density civic areas. Rural banking branches may no longer exist. The old western movies of the Cowboy Shoot-Em-Ups at the Bank, cannot happen anymore as the banks have long since moved out.
In one small town, the old bank became a *$, in others restaurants. Dining in a Bank VP’s office makes people feel rich.
wet • March 10, 2022 3:03 AM
Dell opts out of Microsoft’s Pluton security for Windows
- This doesn’t align with our approach, PC giant tells us
“Yet another top-tier PC maker seemingly isn’t interested right now in Microsoft’s vision of hardware-level security for Windows 11 systems.
Dell won’t include Microsoft’s Pluton technology in most of its commercial PCs, telling The Register: “Pluton does not align with Dell’s approach to hardware security and our most secure commercial PC requirements.”
Microsoft launched to much fanfare its Pluton security layer for PCs in 2020 after developing it with Intel, AMD, and Qualcomm. Pluton effectively bakes a co-processor in silicon that securely stores encryption keys, credentials, and other sensitive information. The idea being that this data is kept close to the CPU cores, within the same processor package, thwarting attempts extract the secret info by, say, snooping an external bus.
It also allows Microsoft to define a base level of security features in the chips that Windows runs on. For instance, Pluton provides a Trusted Platform Module (TPM), a technology required by Windows 11.”
“Over to Lenovo
Lenovo told The Register its Intel-powered ThinkPads “will not support Microsoft Pluton at launch.”
But ThinkPads introduced in January with AMD Ryzen 6000 processors will include Pluton as it’s present in those AMD chips, though the feature will be disabled by default. AMD has provided an option for users to turn the feature on and off. Lenovo’s ThinkPad X13s, which has Qualcomm’s Arm-compatible Snapdragon 8cx Gen3 chip, includes Pluton.
HP declined to answer questions on its stand on Pluton, saying it doesn’t comment on future or unannounced products.”
https://www.theregister.com/2022/03/09/dell_pluton_microsoft/
Clive Robinson • March 10, 2022 6:47 AM
@ JonKnowsNothing, vas pup, ALL,
afaik, Every country can shut the spigot off any time they want (splinter net). The countries that get “noticed” are the ones that actually tell the world (and sometimes their population) that they can do it or have already done it.
The countries that “get noticed” are the ones that lack finess, or if you prefer are “more honest” about what they are doing.
Take for instance the UK, many Internet users use “mobile broadband” most such suppliers have their own “think of the children” firewalls, that stop one heck of a lot more than “Child Exploitation”.
Take UK Vodafone for instance, they block many many sites used for research and if you try to access them they demand “credit card” and other details to prove you are over 18… But Information Security Web Sites are high on their lists of “you can not go there no matter what” even sites that are only covering the NIST Post Quantum Crypto event, and EU and similar…
To be honest I’m surprised they have not “walled-off” this blog, or some others.
Some Vodafone “admit to” because they shove up a page telling you it’s banned and there is nothing you can do about it as they won’t listen. Others are more stealthy, but can be spotted by how fast the connection attempt gets reset.
If you try to get to the bottom of it, it appears they try the old “Sky Customer Service” trick of sending you to voice mails or email addresses that go to “non existant” people[1]. Probably to get dealt with by a computer or some such (Dell, and Alphabet are known to have done similar as Whistleblowers have indicated).
Basically Vodafone is “censoring” the Internet, on behalf of the Government and “other interests”. Oh and of course the fact that Vodafone have cheated the UK Tax system by atleast 10billion has nothing what so ever to do with it, of course.
[1] This first came to light when a group of people decided to track down these Sky Customer Support individuals who basically did not deal with issues just sent auto-replys, and were always “unavailable”… So firstly those investigating found no “digital footprints” in social or professional networks. Then when they broadened their search, and apparently a cat crawled secretly out of a bag and “whistle blew” to a UK MSM publication and revealed that not only were these Customer Service people not on any internal office plan, there was no place they could have desks unless the were in a stationary cupboard or wiring closet. Then someone else indicated that nor were such people on the payroll… Now you or I might describe that as “fraud” but apparently it’s just a “cost of business” issue and nothing for the authorities to get involved with…
&ers🇺🇦 • March 10, 2022 7:16 AM
@Clive @SpaceLifeForm @MarkH @ALL
You all know Soviet Fialka, right?
This is what Russians use now on thew field to encrypt communication.
M-427
hxxps://israil-95reg.livejournal.com/3486828.html
hxxps://nitter.net/ua_industrial/status/1501670813950484489
(use Google Translate)
JonKnowsNothing • March 10, 2022 11:52 AM
@Clive, @vas pup, @ALL
re: Targeted Non-Targets
A MSM article contained an interesting by-product on how a geographic, political sub-group of people were selected for Ad-Bombing.
- [Over a] five week period, [BigDogCo] and affiliated groups launched dozens of ads which were shown 1.7m times across Canada.
- half of these ads were targeted at British Columbia
- [Ads targeted] small “estimated audience size”, indicating that ads used Meta’s interest-based micro-targeting tools
- [The] ads directed at specific demographics and coinciding with protests appear to be classic examples of financially motivated, politically oriented, micro-targeted public affairs campaigns
- [For] three months at the start of 2020… the ads were placed during nationwide backlash to a [legal] injunction
- ads initially targeted British Columbia but shifted to other parts of the country [when interest indicators shifted]
- When LEAs indicated their intention to use Lethal Force, the corresponding social media adverts were nudges implying benevolent behavior.
The takeaway is that using data harvested, even micro-sized groups can be routinely targeted for Ad-Bombing. One aspect of this is that we all “assume” that we get the “same information” from a variety of sources. We are led to think that everyone sees the same news, the same images, and that everyone is In The Know.
The people in BC Canada may have thought that folks in Peoria, Illinois knew what was happening to them in Canada.
Similar to the recent images of the “school house wall with a hole in it”. The ones that got shoveled up by the AI/ML photobot on my screen were not at all like some of the images (links) others posted.
An interesting play on Māyā: a “magic show, an illusion where things appear to be present but are not what they seem”.
===
Search Terms:
Oil and gas companies are ‘Indigenous-washing’ their ads
Clive Robinson • March 10, 2022 2:58 PM
@ &ers, MarkH, SpaceLifeForm, ALL,
This is what Russians use now in the field to encrypt communication. M-427
It’s secure enough for a “field cipher” system.
One of the things we “civilians” tend to forget is that “field ciphers” don’t have to be very secure. We tend to think of crypto being good for several decades if not centuries (none of them are).
We forget that any cipher that remains secure for three days or more is probably sufficiently secure as a field cipher for a battlefield.
There are three main reasons for this,
1, Firstly no “names” are used, they are replaced with code words, likewise grid locations and similar.
2, After three days, the chances are most things sent are “ancient history” in an active battle.
3, Anything that needs higher security will get first enciphered with a stronger cipher (often a One Time Pad) before getting enciphered as ordinary traffic.
As a system it works and works with the minimum of “deviation” from normal, thus training and practice takes care of the majority of “OpSec” issues that arise from using multiple ciphers independently.
SpaceLifeForm • March 10, 2022 4:44 PM
@ &ers, MarkH, Winter, Clive, ALL
re: supply chain, RU and CN
A ton of excellent points.
Worth the time to read, especially considering that CISCO is bailing.
hx tvps://nitter [.] net/kamilkazani/status/1501676859741904898#m
Clive Robinson • March 10, 2022 5:29 PM
@ SpaceLifeForm, ALL,
re: supply chain, RU and CN
Economically Russia is not a superpower or even a first world economy.
When you remove the export of raw materials and grain from Russia’s GDP they in effect become a lowely second world nation. Very much dependent on imports for their industry.
I won’t go into details, but Russia, exports certain raw matetials that get processed abroard and then sold back to Russia at eye wateringly high profit so that a major part of Russian industry can function…
Then there is a bit of a geo-political problem…
1, China
2, India
3, Russia
If Russia moves towards China it will be against Indian wishes, which would cause Russia no end of problems not just in the short term but the longterm.
It’s very much not in India’s interests to have Russia and China get a “closer relationship”.
But for years now I’ve been warning on this blog what China has been doing to “resource rich” countries in places like Africa.
If China decide to do the same with Russia, the results will not be good. What Russia has tried to do to Europe and North America with Gas and Oil, China will do with key industrial components, and the Russian economy will be come like a fish on a hook at the very least.
Sally • March 10, 2022 5:52 PM
Nice squid post, for another week.
https://www.theguardian.com/science/2022/mar/09/joe-biden-fossil-name-vampire-squid
Scientists name ‘incredibly rare’ fossil in recognition of Biden’s ‘plans to address climate change and to fund scientific research’
SpaceLifeForm • March 10, 2022 6:02 PM
@ &ers, MarkH, Winter, Clive, ALL
Sun Tzu has popcorn and is watching
SpaceLifeForm • March 10, 2022 7:07 PM
@ &ers, MarkH, Winter, Clive, ALL
Rasputitsa
Apparently the driver realized it was muddy further downhill.
Looks like the turn-around spot was not so great.
hx ps://nitter [.] net/IAPonomarenko/status/1501967750855634944#m
Ukrainian SOF requests immediate tractor support to recover yet another seized Russian Pantsir S1
I think this will require multiple tractors.
Clive Robinson • March 10, 2022 11:41 PM
@ SpaceLifeForm, ALL,
And this realy should have the Jaws thrme tune playing in the background,
https://nitter.net/pic/media%2FFNgRa7ZVUBoPOWD.jpg%3Fname%3Dorig
Mind you I’m not sure that “Z” is realy a Z, it looks like a “N for numbnuts” laid out…
Apparently those Pantsirs cost the Russians over $10,000,000 each to make and the rockets are not cheap either.
So unless the Ukranian’s can capture more rockets, it’s one of the worlds most expensive paperweights not an offensive weapon at the moment.
Mind you the Ukranian’s are no slouches when it comes to reverse engineering, so it could be back up and running as a mobile radar unit or even a fire control unit in the not to distant future…
Though I suspect there are more than a few nations who would willingly swap more than a couple of containers of Javlins for one…
Freezing_in_Brazil • March 11, 2022 8:58 AM
I conclude Snowden is taboo here.
As they say, there is no such thing as a stupid question [maybe there is]. Appologies for bringing up the subjetc [out of real concern + ignorance on my part]. I will be avoiding such sensitive issues in the future.
I’m a little ashaned right now.
Regards
&ers🇺🇦 • March 11, 2022 9:20 AM
@Clive @SpaceLifeForm @MarkH @ALL
M-427 follow UP!
hxxps://www.cryptomuseum.com/crypto/ru/m427/
JonKnowsNothing • March 11, 2022 10:19 AM
@ Freezing_in_Brazil
re: Snowden + conflict
If this is the question you are referencing and not something else that got road rash, I dunno the answer but there are several possible ones (if not more).
1) His name is often used by LEAs as a “boogeyman” and tossed around the same way as Assange, particularly if they want to present something “awful”. Sort of like the word “Bork/Borked” derived from a contentious US Supreme Court Hearing.
2) The suggestion has been made many times, that there would be a “prisoner swap” and ES would be part of the deal.
I haven’t heard anything recently but then I live in a rural area, where “cows don’t read and they don’t use cell phones”. (1)
===
Search Terms
Robert Bork
- 1987, President Ronald Reagan nominated Bork to the U.S. Supreme Court, but the U.S. Senate rejected his nomination after a highly publicized confirmation hearing.
1) Cows and other distant grazers, are increasingly using hitech, similar to FindMeTags telemetry. Ranchers can follow the herd location and grazing pattern and send up a drone to check on them.
jdgalt1 • March 11, 2022 2:31 PM
I’m astounded that no one has mentioned the elephant in the room today:
DuckDuckGo has announced that it now lowers the ranking of sites they consider to be “Russian disinformation.”
Years of neutrality, objectivity, and integrity — gone. Apparently without thinking twice.
ReclaimTheNet.org recommends two alternatives: search.brave.com, and presearch.com. Those appear to still be neutral for now (although Brave says that 5% of its searches still “fall back” to Bing, which is not neutral).
Clive Robinson • March 11, 2022 3:14 PM
@ Freezing_in_Brazil,
I conclude Snowden is taboo here.
Probably not in the way you are thinking.
Let’s just say where he supposedly is located is a contentious subject.
You earlier asked why we had not heard from him this year. Well we’ve heard steadily less and less from him over the past half decade or so.
The problems with where Ed is residing have been visably building up for well over a year and if I could see trouble was brewing over a year ago, I suspect Ed could see it months if not more before that.
My best guess is that he is just keeping his head down as much as possible, to avoid being noticed and thus acting as a lightening rod for some one with a loose hinge or two to get caught up on.
I suspect it’s dawned on Ed that neither side of the political division are going to let him come home without major recrimination. Plus what happened to Chelsea Manning when there was a change of political flag has probably made him realise that even if he came back whilst one flag was flying, when the flag swaps as they invariably do he would like as not just be grabbed and slung in SAM awaiting a conviction that would never let him see the light of day again.
So if he want’s any kind of life, he effectively needs to not just disapear but be entirely forgoton, thus never be seen in or heard from in public.
I suspect that quite a few people are waking up to the fact that America is not the land of the free any longer. And that the petty vindictiveness seen in small town cops and DA’s who will never give up on trying to lock up someone they have decided for politics is bad. Even though the person has done nothing wrong, is a significant problem all the way up the hierarchical pyramid.
I for one will never ever return voluntarily to the US now, even though I have friends and fond memories of Washington State and other places there such as Boston and even Chicago. I won’t go into why, but lets just say I deem the personal risk as being to high.
I suspect I am not the only person with this point of view and I know of a couple of people who have decided not just to move out of the US but revoke their US citizenship.
There are others including Journalists one or two of whom get mentioned on this blog from time to time, who have taken the view that being citizens in other countries is more conducive to long life, health and well being.
Clive Robinson • March 11, 2022 3:45 PM
@ jdgalt1, ALL,
Years of neutrality, objectivity, and integrity — gone. Apparently without thinking twice.
Err if you look back on this blog over the past,six months or so you will see that a number of people have spotted a change in behaviour of DuckDuckGo. Primarily in that it’s searches were failing and it was apparently dumbing down.
What was not determined at the time was if,
1, It was DuckDuck that was to blaim
2, It was the search engines DuckDuck proxied that was feeding duff results back.
From what you imply the answer could be 1 above, however there is no way I would rule out 2 above, ad we know various large Silicon Valley Corps do do this quite frequently.
Whilst Google for instance is more than happy to be a parasite on other setvices in many ways, Google are known to have taken strong action against sites they see as being parasitical on Google.
So one rule for Silicon Valley Mega Corps and another rule for everyone else…
Unless of course you are the “Dirty Digger” Rupert “the bear faced lier” Murdoch who sufficiently “owns” the Australian Prime Minister, such that Scotty from Marketing (ScoMo) passes legislation especially for you…
JonKnowsNothing • March 11, 2022 11:12 PM
@Clive
re: … never ever return voluntarily…
It is a sad commentary on our times.
I also have fond memories of living in EU but the probably of bother-boots in traveling puts a full-stop to any potential idea of going anywhere that requires A) a passport B) a visa or C) travel by any means controlled by other-entities.
That long passage of No Person’s Land where you are No One, No Where with No Recourse, is not an attractive prospect.
It’s a bit like waiting for COVID, which is more likely than waiting for Godot; Being disappeared for even 1 minute would Not Make My Day Any Nicer.
Ignorance is bliss. -Cypher The Matrix
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
SpaceLifeForm • March 4, 2022 4:31 PM
F12 Right Click
Governor Parson just cannot admit that he is wrong.
https://missouriindependent.com/2022/03/03/parson-digs-in-against-evidence-absolving-reporter-he-accused-of-being-a-hacker/
He is right you know.
Most people can see right through him.