• úvod
  • témata
  • události
  • tržiště
  • diskuze
  • nástěnka
  • přihlásit
    registrace
    ztracené heslo?
    LITTLEBOYAnonymita na internetu :: TOR - FREENET - FREEPROXY - ...



    Temata


  • novinky ze sveta #security #privacy obecne, nejen #tor #pgp ale taky app pro telefony, sifrovani disku [#truecrypt, #luks/#dm], bezpecne #backupy
  • ocenovany jsou navody a howto pro ruzne novacky, pokud mate, dejte vedet, dame i na home
  • aktualni admin: Overdrive, takze pokud neco, klidne piste do posty
  • PROSBA: pokud linkujete, vzdy napiste co to vlastne linkujete, ne, ze by jeden neveril neznamemu linku, ale je to tak prehlednejsi

  • Spratelene kluby: [ PGP, SSL & Co. ] -- [ Technoparanoia (Facebook, Google latitude a další) + NSA + účinné postupy při obraně soukromí ] -- [ Cyber.Punk: cyberpunk is not dead! cyberpunk is NOW! : SubHuman, PostHuman, TransHuman, InHuman ]
    Know & Howto: [ Pretty Good Privacy - Wikipedia ]
    rozbalit záhlaví
    OVERDRIVE
    OVERDRIVE --- ---
    QWWERTY: to je fake schvalne ;]


    MMchodem, kdyz se me nekdo bude ptat, co chci letos k vanocum tak chci tohle:

    Yubico | Trust the Net with YubiKey Strong Two-Factor Authentication
    https://www.yubico.com/
    QWWERTY
    QWWERTY --- ---
    OVERDRIVE: fuj ... az po marnym googleni jmena a o ktery zakon melo jit mi doslo, ze je to fake
    OVERDRIVE
    OVERDRIVE --- ---
    Ach jaj, tohle nechces

    Rozhovor s předkladatelem zákona o regulaci šifrování
    https://www.abclinuxu.cz/blog/jenda/2012/4/rozhovor-s-predkladatelem-zakona-o-regulaci-sifrovani
    OVERDRIVE
    OVERDRIVE --- ---
    nove metody browser fingerprintingu, presentace

    https://zyan.scripts.mit.edu/presentations/toorcon2015.pdf
    OVERDRIVE
    OVERDRIVE --- ---
    Intel x86 considered harmful
    Joanna Rutkowska
    October 2015



    Contents
    1 Introduction
    5
    Trusted, Trustworthy, Secure?
    . . . . . . . . . . . . . . . . . . . . . .
    6
    2 The BIOS and boot security
    8
    BIOS as the root of trust. For everything.
    . . . . . . . . . . . . . . .
    8
    Bad SMM vs. Tails
    . . . . . . . . . . . . . . . . . . . . . . . . . . .
    9
    How can the BIOS become malicious?
    . . . . . . . . . . . . . . . . .
    9
    Write-Protecting the flash chip
    . . . . . . . . . . . . . . . . . . . . .
    10
    Measuring the firmware: TPM and Static Root of Trust
    . . . . . . . .
    11
    A forgotten element: an immutable CRTM
    . . . . . . . . . . . . . . .
    12
    Intel Boot Guard
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    13
    Problems maintaining long chains of trust
    . . . . . . . . . . . . . . .
    14
    UEFI Secure Boot?
    . . . . . . . . . . . . . . . . . . . . . . . . . . .
    15
    Intel TXT to the rescue!
    . . . . . . . . . . . . . . . . . . . . . . . . .
    15
    The broken promise of Intel TXT
    . . . . . . . . . . . . . . . . . . . .
    16
    Rescuing TXT: SMM sandboxing with STM
    . . . . . . . . . . . . . .
    18
    The broken promise of an STM?
    . . . . . . . . . . . . . . . . . . . .
    19
    Intel SGX: a next generation TXT?
    . . . . . . . . . . . . . . . . . . .
    20
    Summary of x86 boot (in)security
    . . . . . . . . . . . . . . . . . . . .
    21
    2
    Intel x86 considered harmful Contents
    3 The peripherals
    23
    Networking devices & subsystem as attack vectors
    . . . . . . . . . . .
    23
    Networking devices as leaking apparatus
    . . . . . . . . . . . . . . . .
    24
    Sandboxing the networking devices
    . . . . . . . . . . . . . . . . . . .
    24
    Keeping networking devices outside of the TCB
    . . . . . . . . . . . .
    25
    Preventing networking from leaking out data
    . . . . . . . . . . . . . .
    25
    The USB as an attack vector
    . . . . . . . . . . . . . . . . . . . . . .
    26
    The graphics subsystem
    . . . . . . . . . . . . . . . . . . . . . . . . .
    29
    The disk controller and storage subsystem
    . . . . . . . . . . . . . . .
    30
    The audio card
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    31
    Microphones, speakers, and cameras
    . . . . . . . . . . . . . . . . . .
    31
    The Embedded Controller
    . . . . . . . . . . . . . . . . . . . . . . . .
    32
    The Intel Management Engine (ME)
    . . . . . . . . . . . . . . . . . .
    33
    Bottom line
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    33
    4 The Intel Management Engine
    34
    ME vs. AMT vs. vPro
    . . . . . . . . . . . . . . . . . . . . . . . . . .
    35
    Two problems with Intel ME
    . . . . . . . . . . . . . . . . . . . . . . .
    35
    Problem #1: zombification of general-purpose OSes?
    . . . . . . . . .
    36
    Problem #2: an ideal rootkiting infrastructure
    . . . . . . . . . . . . .
    37
    Disabling Intel ME?
    . . . . . . . . . . . . . . . . . . . . . . . . . . .
    37
    Auditing Intel ME?
    . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    38
    Summary of Intel ME
    . . . . . . . . . . . . . . . . . . . . . . . . . .
    39
    5 Other aspects
    40
    CPU backdoors
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    40
    Isolation technologies on Intel x86
    . . . . . . . . . . . . . . . . . . . .
    41
    Covert and side channel digression
    . . . . . . . . . . . . . . . . . . .
    42
    Summary
    44
    And what about AMD?
    . . . . . . . . . . . . . . . . . . . . . . . . .
    4

    http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
    OVERDRIVE
    OVERDRIVE --- ---
    nejhorsi je, ze tyhle device normalne existuji, a ty co uz byly prodany, asi nikdy nebudou patchnuty, nebo spis malo pravdepodobne...
    OVERDRIVE
    OVERDRIVE --- ---
    taky bych zkusil nezapomenout na to, ze pripojit si ke spatne zabezpecene wiifi spatne zabezpecenou televizi neni dobry napad ;]]]

    Hacking my smart TV - an old new thing - Hewlett Packard Enterprise Community
    http://h30499.www3.hp.com/...earch-Blog/Hacking-my-smart-TV-an-old-new-thing/ba-p/6645844#.VKHH9AIqA
    KOJA
    KOJA --- ---
    QWWERTY: Jj, taky uz se tesim jak budu za pet let po bazarech shanet mikrovlnku bez wifi nebo kuchat antenu z novy pracky.
    OVERDRIVE
    OVERDRIVE --- ---
    hmm, zeby konecne neco Keepas* co chodi i na jabku bez utrpeni typu sebekrizovani se monem a wine?

    KeepassC by raymontag aka lykaner aka GrayFox
    https://raymontag.github.io/keepassc/
    OVERDRIVE
    OVERDRIVE --- ---
    QWWERTY: tak ono, kdyz treba to ma v sobe kameru, a posila to data rovnou na pevne nastavenou IP.... nejaka dalsi security uz neni ani moc potreba... od samsungu si muzes koupit rovnou klice a API k cipu v jejich televizim, ktery to normalne delaji... a je to cip treti strany, takze jej v sobe nema jen Samsung.. mmchodem ma to v sobe inbuilt face recognition a tak... tolik k IoT s konektivitou

    ale videl jsem pekne zarizeni, co vidi kamary ;] [ne, ze by nestacilo laserove ukazovatko, zejo...]

    CypherConf 2015: Priestorové odpočúvanie
    https://www.youtube.com/watch?v=mCbszhOdGnI


    QWWERTY
    QWWERTY --- ---
    NYX: jeden z tech crosslinku me pobavil vic
    IoT security is RUBBISH says IoT vendor collective • The Register
    http://www.theregister.co.uk/2015/08/12/iot_security_is_rubbish_says_iot_vendor_collective/
    ...hlavne kdyz vidim, jaky otresny hype se okolo IoT rozjel a vsechny televize, lednicky a rychlovarny konvice musi mit konektivitu
    NYX
    NYX --- ---
    Ouch! :)
    Hacking Fitbit - Schneier on Security
    https://www.schneier.com/blog/archives/2015/10/hacking_fitbit.html
    OVERDRIVE
    OVERDRIVE --- ---
    VYHULENY_UFO
    VYHULENY_UFO --- ---
    How NSA successfully Broke Trillions of Encrypted Connections - The Hacker News
    https://thehackernews.com/2015/10/nsa-crack-encryption.html
    OVERDRIVE
    OVERDRIVE --- ---
    Jeden takovy zajimavy stary hippik, co jsem jej vzdycky chtel videt na videu a poslechnout si od nej nejaky historky.. tak tady jsou nejaky z NSA

    Information Security—Before & After Public-Key Cryptography
    http://www.youtube.com/watch?v=1BJuuUxCaaY
    OVERDRIVE
    OVERDRIVE --- ---
    Theory and Practice of Cryptography
    http://www.youtube.com/watch?v=ZDnShu5V99s
    OVERDRIVE
    OVERDRIVE --- ---
    Backdoor infecting Cisco VPNs steals customers’ network passwords | Ars Technica
    http://arstechnica.com/.../2015/10/backdoor-infecting-cisco-vpns-steals-customers-network-passwords/
    LUDO
    LUDO --- ---
    OVERDRIVE: teraz som instaloval cez debian balik a v poho funguje, dokonca lepsie ako povodne XMPP
    OVERDRIVE
    OVERDRIVE --- ---
    Launching in 2015: A Certificate Authority to Encrypt the Entire Web | Electronic Frontier Foundation
    https://www.eff.org/en-gb/deeplinks/2014/11/certificate-authority-encrypt-entire-web
    OVERDRIVE
    OVERDRIVE --- ---
    Tohle znate, jakoze sorry za wellcome on internetz

    Shadowsocks - ArchWiki
    https://wiki.archlinux.org/index.php/Shadowsocks
    MATT
    MATT --- ---
    Europe’s highest court strikes down Safe Harbour data sharing between EU and US | Ars Technica UK
    http://arstechnica.co.uk/...-highest-court-strikes-down-safe-harbour-data-sharing-between-eu-and-us/
    Kliknutím sem můžete změnit nastavení reklam