USG Ownership Of "Crypto AG" And Use Of The Firm's Products To Spy On "Allies" And Customers Released To The Public

The fact that nominally Swiss firm "Crypto AG" has been owned by the USG.CIA in partnership with the Germans is being blasted throughout the media today. The timing of the release is curious as the Iranians discovered Crypto Ag's subversion no later than 1992 and the obvious indicators were long available and obvious. Continue reading

OpenWRT Package Checksums Not Checked Opening MITM Opportunities And Further Downstream Havok

Alternative router firmware distribution OpenWRT is seeing a vulnerability allowing its package manager to be MITM'd publicized (archived). OpenWRT's fork of opkg, used as a package manager and running as root, fails to check checksums when parsing package lists. Successful use of the MITM to place a payload opens the rest of the doors to ownership. Routing remains a live battleground.

OpenBSD Mail Server OpenSMTPD Allows Remote Exectution Of Arbitrary Shell Commands As Root

A remotely-exploitable vulnerability for OpenSMTPD, OpenBSD's mail server, present since May 2018, has been made public (archived). It enables an attacker to execute arbitrary shell commands with root privileges.

Notably, the proof-of-concept exploit makes use of routines which first made an appearance in the Morris worm of 1988.

Novel Coronavirus Panic Hit Fiat Markets As China Extends New Year Holiday

Fiat markets around the world fell today as panic spreads over the spread of a novel coronavirus (archived). The novel coronavirus has inflicted a few casualties and appears rather easily transmissible, but reaction to the virus has been incredibly disruptive as well. China has quarantined Wuhan where the first cases appeared, suspended the sale of packaged tours, and extended the Lunar New Year holiday through February 2nd keeping local Chinese markets closed for the holiday. Continue reading

Power Rangers Pushing "Taproot" Into Their Bitcoin Network Client Fork

In his continuing mission to wreck Bitcoin, Pieter Wuille (WoT:sipa) has submitted a final proposal for 3 new "BIPs" and a pull request to the "Bitcoin Core" Shithub that will introduce Schnorr signatures and a new mEthereum-like addition called taproot via a "soft fork" to the protocol. Schnorr signature schemes were discussed in #trilema as far back as 2017, and determined to be attractive to PRB users because they are a match made in heaven for individuals using Segwit, multisig, or other "anyone can spend" schemes. Taproot was proposed in January of last year by Greg Maxwell (WoT:gmaxwell) and is an attempt to add "smart contract" functionality to Bitcoin, supporters having quickly forgotten about the SFYL that occurs when one consciously chooses to huff "smart contract" Jenkem. As always, users of actual Bitcoin will not be affected.

Grave Authentication Vulnerability In Cisco Firewall Management Tool

USG spyware vendor Cisco has announced a vulnerability affecting their "Firepower Management Center" allowing unauthenticated control via specially crafted http requests (archived). No workaround to mitigate the vulnerability is being offered, only mandatory patches. Cisco claims no knowledge of the flaw being exploited in the wild despite it having the appearance of a bespoke USG NOBUS hole.

"Royal Yachting Association" Discovers Their Database Was Leaked… In 2015!

The "Royal Yachting Association" announced their recent discovery that someone managed to grab their member database back in 2015 (archived). The database includes names, email addresses, and a mix of salted and unsalted password hashes. Boating Brits have had their accounts frozen until they reset their passwords.