More Intel Data Leak Flaws Documented This Week Situation Particulary Grave

This week has seen a number of flaws in Intel chips that leak data, but two seem to dwarf others publicized so far (archived). The first, TPM-FAIL allows private keys stored with the "Intel Platform Trust Technology"(TM)(R) "trusted platform module" to be acquired via timing leakage. The ST33 by MTMicroelectronics was also shown to have a similar vulnerability.

The gravest reveal (archived) is a set of "Microarchitectural Data Sampling" attacks allowing any data passed through an Intel CPU to be leaked, in flight, whether the data has been stored in the CPU's cache or not. Many of these attacks abuse Intel's handling of speculative execution. Others take advantage of flaws introduced or made worse by efforts to patch Intel's previously documented speculative execution bugs.

Medium.com Now Fetid Cesspool Of Spam And Malware

Medium.com, like its other free to "all comers" predecessors, has now fallen into use as a favored platform for spreading spam and malware payloads (archived). From Google's blogspot through Automattic's WordPress.com(TM)(R), to all of the various social media watermelon fields, no platform free to all comers has managed to avoid this fate. Some bleed more trying to clumsily stop the flood than others.

UK Police Punish 237 Of Their Own For Internal Breaching

After British Police Sergeant Okechukwu Efobi plead guilty for "abusing" police databases to research cases against himself earlier this year, it turns out 237 cops and staffers at police agencies on Airstrip One were disciplined for a variety of infractions broadly classed as "misusing IT resources" (archived). Freedom of Information requests have been met with responses suggesting there is little access control or monitoring of internal police networks and databases within the Queendom (archived).

Trend Micro Staff Sold Customer Information Outside Of Management Direction

Computer "security" firm Trend Micro has disclosed that a member of its staff has sold 68,000 customer records without approval from the firm's management (archived). Earlier this year a long running similar situation at US telecom AT&T came into the light. In that scheme AT&T staff sold access to AT&T systems in an organized manner and without management direction to do so. Trend Micro claims that in this case only the data of English speaking customers in English speaking countries was targeted.

US Court: Family Not Entitled To Compensation After Police Destroyed Home Pursuing Shoplifter

The US 10th Circuit Court of Appeals has determined that victims of the local police's destruction of their home are entitled to no compensation at all for their home's reckless destruction by police. An alleged shoplifter unrelated to the home's owners attempted to use the structure as shelter to evade police after he allegedly shoplifted two belts and a t-shirt from a Walmart. With their quarry cornered, the local police spent 19 hours assaulting the structure with repeated strikes from an armoured vehicle and expended more than 72 chemical weapons and smoke munitions ultimately leaving the structure a ruin.

The Court's decision is reproduced in full below: Continue reading

Youth In US Increasingly Decide Life Not Worth Living

The US CDC reports that suicide among people in the US aged 10 to 24 has increased 56% in the period from 2007 to 2017. This coincides with an increase in bureaucratically driven in "anti-bullying" and "suicide awareness" efforts. The chance that the bureaucrats wringing hands will identify the suffocating lack of space their activity leaves as a driver of US youth unable to visualize futures for themselves appears to be nil. Expect the kids to keep checking out.

Python Runtime Differences Across Platforms Do Different Math

A group of chemists at the University of Hawaii published a paper in Organic Letters documenting numerous ways that the math performed by Python differs across the operating systems Python code can be run on (archived). The scripts revealing Pythonistic mathematics to be operating system dependent were intended to process nuclear magnetic resonance spectroscopy data. The scripts were originally described in Nature Protocols in 2014 went so far as to offer differing results across Mac OS X releases. This is far from the first indictment of misapplying computing tools in the modeling of reality.

2011 To 2017 iDevices Jailbroken Via "Apple Bootrom" Exploit

Someone calling themself Axi0mX has unveiled an exploit overcoming "Apple Bootrom" and allowing Apple's iDevices using Apple's A5 through A11 chips to be "jailbroken" or otherwise be put in service of a new master (archived). This exploit reportedly requires physical access to a target device, and patching against the exploit supposedly would require new hardware.