I’m sure it’s fine… the I mean it’s only the scary "DEEP STATE" when liburals, AKA, antifa are in charge… /s
Internet service is down for about 900 customers in Tumbler Ridge, B.C., after a beaver chewed through a crucial fibre cable
Beavers have been doing a little bit of home improvement with tech, satellite TV being the most common. I suspect that this poor beast just wanted ADSL and didn’t realize it wasn’t a regular phone line.
Paper: “I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches”
It’s nice work, but… ugh… this pretty much belongs under the “Fuck Today” or “God damn you 2020” threads as well.
Right? I remember the shit show that was the original Meltdown/Spectre and how everybody was rushing out half-baked patches that only seemed to kill performance.
At least for this one it seems like turning off hyper threading is a potential mitigation, which, fine - because HT kinda sucks anyway.
Another nail in the coffin of Intel?
US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day
One of the USA’s largest oil pipelines has been shut by ransomware, leading the nation’s Federal Motor Carrier Safety Administration to issue a regional emergency declaration permitting the transport of fuel by road.
The Colonial Pipeline says it carries 100 million gallons a day of refined fuels between Houston, Texas, and New York Harbor, or 45 percent of all fuel needed on the USA’s East Coast. The pipeline carries fuel for cars and trucks, jet fuel, and heating oil.
It’s been offline since May 7th, according to a company statement, due to what the outfit described as “… a cybersecurity attack [that] involves ransomware.”
[…]
ETA:
It’s been offline since May 7th, according to a company statement, due to what the outfit described as “… a cybersecurity attack [that] involves ransomware.”
Anyone want to bet against the words “SolarWinds” or “Exchange” appearing in a press release in the near future?
There have been ongoing ransomware attacks for the last month or two. Two colleges had their student information systems encrypted on them (TUDublin Tallaght and NCI) at the end of March. Our work has been non stop spearphishing, brute force password attacks, and ddos ever since.
I can’t imagine that this isn’t endemic across multiple sectors in Ireland now given what we know about the health and education sectors.
Some good news is that we don’t make vaccines here. Apart from the obvious non-critical drugs there are a fair amount of biologics and biosimilars that shutting down manufacture of would cause problems internationally. Also some chip manufacturing as there’s a huge shortage anyway.
But yeah, fuck you very much scumbags going for health services in a global pandemic.
FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser.
That means, for example, if you browse the web using Safari, Firefox, or Chrome for some websites, and use the Tor browser to anonymously view others, there is a possibility someone could link your browser histories across all those sessions using a unique identifier, potentially deanonymize you, and track you around the web.
Doing this is non-trivial, it can be very inaccurate or unreliable, and so this is more of a heads up than anything else.
[…]
Just an update, it’s patient management system and radiology that was taken out.
I know it was student records systems that were done and as it’s Conti ransomware exfiltrating the personal data is also the point. I have heard sums mentioned for the ransom which are not huge.
Contract killer: Certified PDFs can be secretly tampered with during the signing process, boffins find
A pair of techniques to surreptitiously alter the content of certified PDFs have been detailed by researchers in Germany.
The upshot is that someone could digitally add their signature to a PDF of, say, a contract, pass the file to a partner to digitally sign, and that second person could sneakily alter the contract’s text as well as sign it, creating confusion down the line. While the addition of the second signature would be permitted, the tampering of the text should be detected and flagged up by application software – unless the second person uses the aforementioned techniques.
The exploits, dubbed Evil Annotation and Sneaky Signature, are detailed in a paper [PDF] and website by Ruhr University Bochum’s Simon Rohlmann, Dr Vladislav Mladenov, Dr Christian Mainka, and Professor Jörg Schwenk. The team were due to present their work at the 42nd IEEE Symposium on Security and Privacy, taking place online this week.
[…]
So… about those other thousands of organizations who were not really “state/spy targets” but were compromised in the SolarWinds attack, I’ll bet this is one of them…