In a curious twist, all the icecream machines started working again
8 Likes
Dammit, I was trying to come up with something about the ice machines, and failed.
4 Likes
5 Likes
4 Likes
I hate how many devices like this and other control systems are developed with a complete lack of concern for security. The developers assume the environment will be safe because so few people know about/have access to the system, but youâd think by now more developers would realize there is no such thing as an adversary-free environment in the age of cheap wireless, be it WiFi, Bluetooth, Zigbee, etc or even just a software defined radio. Hacking this stuff is way too easy!
6 Likes
Not true! The âSâ in âIoTâ is for âSecurityâ!
7 Likes
1 Like
So far, it looks like someone was playing a long game by taking over maintenance of a utility, then gradually slipping in malicious code.
Back in 2022 a host of characters appeared and basically bullied the creator of the XZ project to hand it over to somebody else - at the time the guy cited mental health issues around not updating the project quickly.
At the time he was already talking about maybe handing over to the account who years later introduced the backdoor.
In mid 2023 said account introduced a change to Googleâs OSS Fuzzer to weaken detection for XZ.
Somebody played a years long game of Jenga and lost.
If someone is playing a long, slow game, then they have time to play multiple games in parallel, and they only need to win one. (The thread goes on, apparently this isnât the only game they were playing.)
This one was found because a developer wondered âWhy is this code so slow?â
(No evidence that the person was in China.)
6 Likes
3 Likes
I got a new phone (Samsung). Anyone know of a good guide for scraping out as much junkware and spytech and such as I can from it?
(If anyone knows of a better thread for such a question, do please let me know!)
6 Likes
If there isnât one already, a thread for making your devices yours is a great idea for here.
6 Likes
AND ⊠the latest âupdateâ is a downgrade
Preparing to unpack .../liblzma_5.6.1+really5.4.5_aarch64.deb ... Unpacking liblzma (5.6.1+really5.4.5) over (5.6.1) ... Setting up liblzma (5.6.1+really5.4.5) ...
Preparing to unpack .../xz-utils_5.6.1+really5.4.5_aarch64.deb ... Unpacking xz-utils (5.6.1+really5.4.5) over (5.6.1) ... Setting up xz-utils (5.6.1+really5.4.5) ...
$ xz --version xz (XZ Utils) 5.4.5 liblzma 5.4.5
2 Likes
Via the IP List
The new Outlook App is a data scraping nightmare. Run away.
When you sync third-party email accounts from services like Yahoo or Gmail(new window) with the new Outlook, you risk granting Microsoft access(new window) to the IMAP(new window) and SMTP(new window) credentials, emails, contacts, and events associated with those accounts, according to the German IT blog Heise Online(new window).
âŠ
Although this transfer is secured with Transport Layer Security (TLS), according to Heise Online, your IMAP and SMTP username and password are transmitted to Microsoft in plain text.
âŠ
A deeper dive into Microsoftâs privacy policy shows what personal data it may extract:
- Name and contact data
- Passwords
- Demographic data
- Payment data
- Subscription and licensing data
- Search queries
- Device and usage data
- Error reports and performance data
- Voice data
- Text, inking, and typing data
- Images
- Location data
- Content
- Feedback and ratings
- Traffic data
6 Likes
Nice description of the attack.
1 Like
I wonder how to disable all of that fuckery.
2 Likes
Diligence, code inspection, knowing your s**t and caring enough to dig in when something doesnât look right.
Well, that and hope that your CPU microcode isnât backdoored (probably is)⊠or your network cardâs little CPU isnât leaking secrets (probably is)⊠or that odd little chip you canât identify on your motherboard isnât malign⊠There are so many layers you just have to trust, even when you have the source code and your computer isnât programmed to actively work against you.
Speaking of not looking right, libarchive had a dodgy commit under the same user name. It looks like it was easily cleaned out, but watch for updates.
3 Likes
Oh how I wish I had even an inkling of awareness of what youâre talking about. 
5 Likes
⊠has this been discussed before
Iâm not an expert by any means but I think Samsung is no worse than any other manufacturer as regards bloatware, etc. these days.
I find these guides quite helpful generally:
https://www.privacyguides.org/en/
Apart from general advice about using Androidâs own settings, they also recommend apps, etc. Once better apps have been installed, one can try to uninstall the stock apps theyâre replacing. When the phone wonât let you do that, you should at least be able to revoke the appâs permissions.
Hope that helps.
If anyone has anything better to suggest, Iâd love to see it too.
3 Likes
