181·
5 days agoGentoo users in shambles
- 3 Posts
- 112 Comments
Joined 3 years ago
Cake day: December 20th, 2021
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
The binary blobs match which checksums? The ones provided by the ventoy developer?
GLIM is an alternative that’s much simpler (it just uses Grub configs) so it is easy to audit:
Please don’t continue to recommend Ventoy. It has serious and unanswered security questions hanging over it, and the developer seems to be completely AWOL.
111·17 days agoAnyone who falls for the scam of thinking that you can determine IQ from the genome of an embryo is probably below average themselves.
You’re just unabashedly supporting eugenics? Is that because you’re too young, or too uneducated to know any better?
They didn’t break RSA.
4·23 days agoThis could also mean that they have found a (classical) vulnerability in one of the most used Post Quantum Encryption algorithms (such as Kyber) and they want everyone to switch to using it ASAP.
There’s something important missing from this article:
Eventually, that same USB drive is inserted into an air-gapped computer, allowing GoldenDealer to install GoldenHowl (a backdoor) and GoldenRobo (a file stealer) onto these isolated systems.
Why is an airgapped machine running executable code from a USB drive? Is there some OS-level vulnerability being exploited?
The original writeup says the following:
It is probable that this unknown component finds the last modified directory on the USB drive, hides it, and renames itself with the name of this directory, which is done by JackalWorm. We also believe that the component uses a folder icon, to entice the user to run it when the USB drive is inserted in an air-gapped system
So we have airgapped machines that rely on users to click icons in a graphical file manager to move data from USB drives. This is a complete failure of security procedure. If you have systems that need to be airgapped then you also need the corresponding procedures for use of those systems to prevent this kind of compromise.
This vuln is not new, it was published 3.5 years ago: https://nvd.nist.gov/vuln/detail/CVE-2020-26558
53·1 month agoPretty sure this was described exactly in Snow Crash (Neal Stephenson, 1992).
Instead of linking to a jpeg hosted on a non-HTTPS website for a weird investments scam you could just link wikipedia:
Reuters just regurgitating investor-bait because they have no domain expertise. Maybe Reuters journalists should be getting some training from experts too.
I read the source code and this is a hobby-project that you could write in an afternoon with no knowledge of cryptographic protocols.
There are dozens of obvious deficiencies even to me and I am no expert in cryptography. An easy example to point out is that there is no input validation and no error checking or exception handling. Both the client and server just assume that the other side is a well-behaving correct implementation.
The author should not be posting this around as if it’s a serious tool for people to use. If anything it’s a starting point for OP to get advice from experts on how real systems do this properly. I’d recommend that the author spends a LOT of time reading before doing. There are numerous design documents of real systems and protocols, and some good comprehensive books too.
Intel’s assets are worth more than Intel’s market cap. That’s how badly they’re doing in the stockmarket, and also shows you how market cap is a fairly irrelevant indicator of a company’s value.
412·2 months agois there any ARM chipset out there that can deliver performance on par with the Steam Deck’s CPU
Yes, but they’re made by Apple.
The amount of advertising for this tool in recent times is starting to look a lot like astroturfing.
Not my post btw, just sharing the link :)
Sorry for the reddit link, I don’t know of a mirror. This was posted just today, running on an EeePC:
I will get a custom paint job on my car depicting a person driving while on their phone with no seatbelt on.