Search the Community
Showing results for tags 'backdoor'.
-
Hey all, I've recently come across a worrisome bit of info. Apparently, Intel has built a backdoor into the X86 CPUs allowing access to a great deal of info. I have no idea if it is a legitimate threat or not but am somewhat concerned. Any info and input is appreciated! http://news.softpedia.com/news/intel-x86-cpus-come-with-a-secret-backdoor-that-nobody-can-touch-or-disable-505347.shtml I'll be polling on the amount of concern about this topic as well, maybe this is old news but I'd like to see
-
I came across the article. Anyone who mines with Bitmain Antminers should see this article. Hope this helps " Antbleed is a backdoor introduced by Bitmain into the firmware of their bitcoin mining hardware Antminer. The firmware checks-in with a central service randomly every 1 to 11 minutes. Each check-in transmits the Antminer serial number, MAC address and IP address. Bitmain can use this check-in data to cross check against customer sales and delivery records making it personally identifiable. The remote service can then return "false" which will stop the miner from mining. The patch was introduced here (pastebin) and can be seen in the source: here (github) At worst, this firmware backdoor allows Bitmain to shut off a large section of the global hashrate (estimated to be at up to 70% of all mining equipment). It can also be used to directly target specific machines or customers. Standard inbound firewall rules will not protect against this because the Antminer makes outbound connections. Even without Bitmain being malicious, the API is unauthenticated and would allow any MITM, DNS or domain hijack to shutdown Antminers globally. Additionally the domain in question DNS is hosted by Cloudflare making it trivially subjected to government orders and state control." "Around 70% of Bitcoin hashrate affected Bitcoin Core developer Peter Todd says "any MITM attacker or DNS attacker can activate it [Antbleed backdoor]" as there is no authentication mechanism included in the firmware." https://www.bleepingcomputer.com/news/security/backdoor-code-discovered-in-popular-bitcoin-mining-equipment/ http://www.antbleed.com/
-
Manufacturers hard-on for providing backdoors into their products that they think will stay completely secret while putting them on the internet continues, this time with one of the largest vendors of thermal security cameras. https://www.bleepingcomputer.com/news/software/researcher-finds-unremovable-backdoor-accounts-in-flir-thermal-security-cameras/#.Wd-eZ2COCbY.twitter So hurray Internet of Things, you serve us so well!
-
Budget phones are seeing popularity given the amount of features and performance most of them are starting to bring though compromise is necessary One compromise would be software with most phones containing bloatware; a report by Kryptowire, Homeland Security contractor, shows that it also carries a backdoor There are currently hundreds of millions of affected phones, and most of them seem to be coming from, well, China I don't personally own a "budget" phone, but I do see why many people buy it, in fact I sometimes want to jump on getting one I honestly think that most manufacturers do the practice though I am not quite sure how large of a scope it is compared to the aforementioned issue with budget phones Source: The Verge, New York Times
-
On a game cummunity, someone said 'encryption with ability to recover your data in case you forget your password!' I was like 'no that's insane! Having backdoor(s) on encryption is one of the most dummest thing in the world!' And we fought back for quite some time. I really think backdoors shouldn't exist at all. Thats the main goal of security, isn't it? (Also that's what the whole security industry is trying to achive) Well, sure it would be nice to normal users to give an option to recover the data in case you forget your password. But the point is recovery process is not done with not something like bitlocker recovery key. There's an software which unlocks the password automatically for you! That's insane! I wouldn't call it a 'security feature'. Rather, I'd call it 'the illusion of being secure feature'. Long story short, do you guys prefer an external drive which has an backdoor to recover your data? (Remember no recovery keys. Software does it for you without authentication.) Plz share your thoughts. I am really pissed off for being despised by random guy on internet.
- 26 replies
-
- encryption
- security
-
(and 2 more)
Tagged with:
-
So I ended up getting an old compaq presario desktop with windows 7. Been trying to access for a few days now. Did the back door sethc process to reset the login password but it won’t log into windows. I get a warning message that it can’t find a server. So I’m guessing this computer wasn’t never disconnected from its local domain. My question.. How can I delete it from the server if I can’t fully access windows? Another back door approach?
-
So I just discovered there is a Spectre and Meltdown malware in the Intel chips and the older AMD chips i believe, and was just about ready to buy the parts for my i7 8700 and GTX 1080 build. I'm now hesitant to purchase due to this new information, and was wondering if some people could give me more insight on this topic, and how bad the issue actually is. Should i possibly start to opt for a Ryzen 1700x or 1800x build instead? Or is it still okay to go for the intel chip?
-
Western Digital My Cloud external drive contains a backdoor. The backdoor is actually hardware coded so formatting the drives isn't going to help. The hardware coded user name and password is I personally never bother with external HDDs, not because of this backdoor but the crappy enclosures out there, bought 5 of them throughout the years and they either don't work properly or died a early death. The HDDs are find and I'm still using them. Now I just use a SATA to USB adapter and they work much better than some external enclosure. http://gulftech.org/advisories/WDMyCloud Multiple Vulnerabilities/125 https://www.techpowerup.com/240306/western-digital-ships-someones-backdoor-with-my-cloud-drives
-
Linux Mint's website was compromised yesterday (February 20th) and the hackers uploaded an injected ISO, possibly containing the Tsunami malware, which creates a backdoor and grants remote access to the infected machines. The information was posted on the Linux Mint blog and advises to get rid of Mint Cinnamon ISOs downloaded yesterday and to check their MD5 signature. Currently the main website of Linux Mint is down. Source: http://blog.linuxmint.com/?p=2994
-
I guess having access to all your nudes and dirty jokes is very important to the NSA et al, who seem hellbent on having AS MANY ways of accessing your information as humanely possible. One would think they already have enough ways to get what they need, but according to this article they clearly want more and have resorted to straight up theft to get access to what they need. https://firstlook.org/theintercept/2015/02/19/great-sim-heist/ http://gizmodo.com/the-nsa-has-the-master-key-to-unlock-your-phones-secure-1686825874
-
In light of recent news surrounding security expert Steve Blank stating that he would not be surprised if the NSA had built backdoors into both Intel & AMD processrs, AMD however has shot down these claims in a statement, claiming their processors are as secure as can be & denying the existence of any NSA backdoors to overcome encryption AMD Told Fudzilla. .
-
Source: http://www.phoronix.com/scan.php?page=news_item&px=MTYyODE Nice job, NSA.
-
A developer at /DEV/TTYS0 downloaded firmware 1.13 for his DIR-100 revA and decided to reverse engineer it a bit. What he found appears to be a backdoor. If you change your browser's useragent to "xmlset_roodkcableoj28840ybtide" without the quotes, you can access the web GUI of the router without having to type in a password or username. Basically, if you use a D-Link router's firmware which has this function, anyone can access your network and basically do anything to you (change password on the network and kick you out, redirect you to scam sites, monitor your traffic etc). If you read the user agent backwards it says "JoelBackDoor" so it's obvious that this was put in the firmware on purpose. It seems like these models are affected: DIR-100 DI-524 DI-524UP DI-604S DI-604UP DI-604+ TM-G5240 BRL-04UR BRL-04CW But there is no telling if other routers has this as well. It's worth noting that this is an old firmware, but what makes me wonder is, why would they add this and if they used to add it in their old firmwares, are they adding it in their new ones as well? So, what purpose do you people think this backdoor has and do you think other manufacturers and/or newer versions of the firmware also has backdoors like this? This is what worried me as soon as I started hearing about the NSA implementing backdoors into closed source software. If the backdoors are exposed, then even your average Joe could potentially wreak havoc on other peoples' equipment. Source: /DEV/TTYS0 Some TP-Link routers also has a bug (not sure if this one is actually intended to be a backdoor like the D-Link one) which lets you remotely access the router with root privileges by sending a simple HTTP request which then starts a TFTP transfer from the host computer to the router, and then executes the file as root. More info about that here: Sekurak
-
http://www.wnd.com/2013/06/nsa-has-total-access-via-microsoft-windows/ I'm on vacation and only have access to a Mac right now so I can't test this rumor/theory/news This seem likely because Microsoft was one of the first companies to "bow down" to the NSA. Also considering all the recent news about the NSA reinforces this theory. http://www.heise.de/tp/artikel/5/5263/1.html Article dating back to 4/9/1999 provided by: Cronus And to those of you who don't care: "Those Who Sacrifice Liberty For Security Deserve Neither."
- 117 replies
-
- news
- livestream
-
(and 7 more)
Tagged with:
-
A home science experiment that probed billions of internet devices reveals that thousands of industrial and business systems offer remote access to anyone. You probably haven’t heard of HD Moore, but up to a few weeks ago every Internet device in the world, perhaps including some in your own home, was contacted roughly three times a day by a stack of computers that sit overheating his spare room. “I have a lot of cooling equipment to make sure my house doesn’t catch on fire,” says Moore, who leads research at computer security company Rapid7. In February last year he decided to carry out a personal census of every device on the Internet as a hobby. “This is not my day job; it’s what I do for fun,” he says. Moore has now put that fun on hold. “[it] drew quite a lot of complaints, hate mail, and calls from law enforcement,” he says. But the data collected has revealed some serious security problems, and exposed some vulnerable business and industrial systems of a kind used to control everything from traffic lights to power infrastructure. Moore’s census involved regularly sending simple, automated messages to each one of the 3.7 billion IP addresses assigned to devices connected to the Internet around the world (Google, in contrast, collects information offered publicly by websites). Many of the two terabytes (2,000 gigabytes) worth of replies Moore received from 310 million IPs indicated that they came from devices vulnerable to well-known flaws, or configured in a way that could to let anyone take control of them. On Tuesday, Moore published results on a particularly troubling segment of those vulnerable devices: ones that appear to be used for business and industrial systems. Over 114,000 of those control connections were logged as being on the Internet with known security flaws. Many could be accessed using default passwords and 13,000 offered direct access through a command prompt without a password at all. Those vulnerable accounts offer attackers significant opportunities, says Moore, including rebooting company servers and IT systems, accessing medical device logs and customer data, and even gaining access to industrial control systems at factories or power infrastructure. Moore’s latest findings were aided by a similar dataset published by an anonymous hacker last month, gathered by compromising 420,000 pieces of network hardware. The connections Moore was looking for are known as serial servers, used to connect devices to the Internet that don’t have that functionality built in. “Serial servers act as glue between archaic systems and the networked world,” says Moore. “[They] are exposing many organizations to attack.” Moore doesn’t know whether the flaws he has discovered are being exploited yet, but has released details on how companies can scan their systems for the problems he uncovered. Joel Young, chief technology officer of Digi International, manufacturer of many of the unsecured serial servers that Moore found, welcomed the research, saying it had helped his company understand how people were using its products. “Some customers that buy and deploy our products didn’t follow good security policy or practices,” says Young. “We have to do more proactive education for customers about security.” Young says his company sells a cloud service that can give its products a private, secured connection away from the public Internet. However, he also said that Digi would continue to ship products with default passwords, because it made initial setup smoother, and that makes customers more likely to set their own passwords. “I haven’t found a better way,” he says. Billy Rios, a security researcher who works on industrial control systems at security startup company Cylance, says Moore’s project provides valuable numbers to quantify the scale of a problem that is well-known to experts like himself but underappreciated by companies at risk. Rios says that in his experience, systems used by more “critical” facilities such as energy infrastructure are just as likely to be vulnerable to attack as those used for jobs such as controlling doors in a small office. “They are using the same systems,” he says. Removing serial servers from the public Internet so that they are accessed through a private connection could prevent many of the easiest attacks, says Rios, but attackers could still use various techniques to steal the necessary credentials. The new work adds to other significant findings from Moore’s unusual hobby. Results he published in January showed that around 50 million printers, games consoles, routers, and networked storage drives are connected to the Internet and easily compromised due to known flaws in a protocol called Universal Plug and Play (UPnP). This protocol allows computers to automatically find printers, but is also built into some security devices, broadband routers, and data storage systems, and could be putting valuable data at risk. Data collected by Moore’s survey has also helped Rapid7 colleagues identify how a piece of software called FinFisher was used by law enforcement and intelligence agencies to spy on political activists. It also helped unmask the control structure for a long-running campaign called Red October that infiltrated many government systems in Europe. Moore believes the security industry is overlooking some rather serious, and basic, security problems by focusing mostly on the computers used by company employees. “It became obvious to me that we’ve got some much bigger issues,” says Moore. “There [are] some fundamental problems with how we use the Internet today.” He wants to get more people working to patch up the backdoors that are putting companies at risk. However, Moore has no plans to probe the entire Internet again. Large power and Internet bills, and incidents such the Chinese government’s Computer Emergency Response Team asking U.S. authorities to stop Moore “hacking all their things” have convinced him it’s time to find a new hobby. However, with plenty of data left to analyze, there will likely be more to reveal about the true state of online security, says Moore: “We’re sitting on mountains of new vulnerabilities.” Source: http://www.technologyreview.com/news/514066/what-happened-when-one-man-pinged-the-whole-internet/?ref=rss