Internet service is down for about 900 customers in Tumbler Ridge, B.C., after a beaver chewed through a crucial fibre cable
Beavers have been doing a little bit of home improvement with tech, satellite TV being the most common. I suspect that this poor beast just wanted ADSL and didn’t realize it wasn’t a regular phone line.
Paper: “I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches”
It’s nice work, but… ugh… this pretty much belongs under the “Fuck Today” or “God damn you 2020” threads as well.
Right? I remember the shit show that was the original Meltdown/Spectre and how everybody was rushing out half-baked patches that only seemed to kill performance.
At least for this one it seems like turning off hyper threading is a potential mitigation, which, fine - because HT kinda sucks anyway.
Another nail in the coffin of Intel?
US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day
One of the USA’s largest oil pipelines has been shut by ransomware, leading the nation’s Federal Motor Carrier Safety Administration to issue a regional emergency declaration permitting the transport of fuel by road.
The Colonial Pipeline says it carries 100 million gallons a day of refined fuels between Houston, Texas, and New York Harbor, or 45 percent of all fuel needed on the USA’s East Coast. The pipeline carries fuel for cars and trucks, jet fuel, and heating oil.
It’s been offline since May 7th, according to a company statement, due to what the outfit described as “… a cybersecurity attack [that] involves ransomware.”
[…]
ETA:
It’s been offline since May 7th, according to a company statement, due to what the outfit described as “… a cybersecurity attack [that] involves ransomware.”
Anyone want to bet against the words “SolarWinds” or “Exchange” appearing in a press release in the near future?
There have been ongoing ransomware attacks for the last month or two. Two colleges had their student information systems encrypted on them (TUDublin Tallaght and NCI) at the end of March. Our work has been non stop spearphishing, brute force password attacks, and ddos ever since.
I can’t imagine that this isn’t endemic across multiple sectors in Ireland now given what we know about the health and education sectors.
Some good news is that we don’t make vaccines here. Apart from the obvious non-critical drugs there are a fair amount of biologics and biosimilars that shutting down manufacture of would cause problems internationally. Also some chip manufacturing as there’s a huge shortage anyway.
But yeah, fuck you very much scumbags going for health services in a global pandemic.
FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser.
That means, for example, if you browse the web using Safari, Firefox, or Chrome for some websites, and use the Tor browser to anonymously view others, there is a possibility someone could link your browser histories across all those sessions using a unique identifier, potentially deanonymize you, and track you around the web.
Doing this is non-trivial, it can be very inaccurate or unreliable, and so this is more of a heads up than anything else.
[…]
Just an update, it’s patient management system and radiology that was taken out.
I know it was student records systems that were done and as it’s Conti ransomware exfiltrating the personal data is also the point. I have heard sums mentioned for the ransom which are not huge.
Contract killer: Certified PDFs can be secretly tampered with during the signing process, boffins find
A pair of techniques to surreptitiously alter the content of certified PDFs have been detailed by researchers in Germany.
The upshot is that someone could digitally add their signature to a PDF of, say, a contract, pass the file to a partner to digitally sign, and that second person could sneakily alter the contract’s text as well as sign it, creating confusion down the line. While the addition of the second signature would be permitted, the tampering of the text should be detected and flagged up by application software – unless the second person uses the aforementioned techniques.
The exploits, dubbed Evil Annotation and Sneaky Signature, are detailed in a paper [PDF] and website by Ruhr University Bochum’s Simon Rohlmann, Dr Vladislav Mladenov, Dr Christian Mainka, and Professor Jörg Schwenk. The team were due to present their work at the 42nd IEEE Symposium on Security and Privacy, taking place online this week.
[…]
So… about those other thousands of organizations who were not really “state/spy targets” but were compromised in the SolarWinds attack, I’ll bet this is one of them…
UK Special Forces soldiers’ personal data was floating around WhatsApp in a leaked Army spreadsheet
An astonishing data security blunder saw the personal data of Special Forces soldiers circulating around WhatsApp in a leaked British Army spreadsheet.
The document, seen by The Register , contained details of all 1,182 British soldiers recently promoted from corporal to sergeant – including those in sensitive units such as the Special Air Service, Special Boat Service and the Special Reconnaissance Regiment.
Special Forces soldiers’ identities are supposed to be protected from public disclosure in case terrorists target them or their families. Yet yesterday an Excel file was freely being passed around on WhatsApp groups after being leaked from inside the Ministry of Defence.
[…]