Re: Phys.org: IBM announces that its System Q One quantum computer has reached its 'highest quantum volume to date'
On 2019-03-07 06:59, Punk wrote: On Wed, 6 Mar 2019 17:02:41 + (UTC) jim bell wrote: I consider it virtually axiomatic that there is no invention that can be used purely for helping freedom, or used purely for harming freedom.� True, objects are morally neutral. They can be used for good or to harm people. Scientific knowledge is usually neutral as well. .But I think there tends to be a bias in the system that allows individuals to use inventions FOR freedom.� Which system are you referring to? The system of nature? Western political systems? Or? Capitalist economy, as it has existed for thousands of years. Each technological advance gives the state more means of control, and the individual more means of resisting control. Individuals, however, are naturally more numerous and more technologically advanced that governments, and there are a lot of private businesses. Soviet Union used to have armed guards on photocopiers. When I went to Cuba, if a Cuban wanted to make a phone call, he had to go to a police station with a policeman visibly listening in on the line so that he would not even think of saying something he should not say. Obviously point to point and one to many communication is liberating, as we can tell by the efforts of terror states to control them. The primary threat to privacy today is giant corporations in the pocket of the government sweet talking private individuals into *voluntarily* handing over their data. For example viber by default backs up all your viber messages in the clear to google drive, where the greatest AI in the world does a pattern match for topics of interest. But, on the other hand, encryption and point to point communication is inherently resistant to the state. I just did a bunch of transactions by bitcoin that were either politically incorrect, circumvented government regulation, or both. Bitcoin plus encrypted messaging gives me liberty that no one used to have. Twitter censors, but gab does not. Viber theoretically encrypts, but then cheerfully backs up all your messages in the clear to the worst possible location, but Whatsapp really is encrypted. Giant corporations tend to be in the pocket of the state, but this creates room for smaller businesses and corporations to compete with them. Google is losing its grip after purging all its smartest engineers for mansplaining. All its new products are crap, its self driving car runs into people, and its AI is getting dumber.
Documentary: Borderless and Farmlands (Lauren Southern)
Documentary: Borderless https://www.youtube.com/watch?v=PxfUW6tqrhc https://www.youtube.com/watch?v=AFgD8os8VhU https://www.youtube.com/watch?v=K4XhLiiu0is http://borderless.movie/ Documentary: Farmlands https://www.youtube.com/watch?v=a_bDc7FfItk https://www.youtube.com/watch?v=mwH-sw_Z_i8 https://www.youtube.com/watch?v=5NUYeED-ZAQ https://www.youtube.com/results?search_query=lauren+southern https://www.youtube.com/channel/UCla6APLHX6W3FeNLc8PYuvg/videos https://laurensouthern.net/
Weakly virtualized memory management scheme
This is a simple suggestion for a weakly virtualized memory management scheme. Heap allocation for arrays that change in size use a variable width block to choose the position of the memory page that the object is allocated to. Vtables could be nested to reduce risk of ASLR defeat. This is vulnerable to fragmentation for obvious reasons, so it should be limited to objects that are either multiple pages in size or are being modified in size by untrusted code. This would add some factorial complexity over that of ASLR.
Delete Never: The Digital Hoarders Who Collect Tumblrs, Medieval Manuscripts, and Terabytes of Text Files
https://gizmodo.com/delete-never-the-digital-hoarders-who-collect-tumblrs-1832900423 Online, you'll find people who use hashtags like "#digitalhoarder" and hang out in the 120,000-subscriber Reddit forum called /r/datahoarder, where they trade tips on building home data servers, share collections of rare files from video game manuals to ambient audio records, and discuss the best cloud services for backing up files. The often stereotyped hoarders letting heaps of physical items of questionable utility dominate their homes and lives often suffer social stigma and anxiety as a result. By contrast, many self-proclaimed digital hoarders say they enjoy their collections, can keep them contained in a relatively small amount of physical space, and often take pleasure in sharing them with other hobbyists or anyone who wants access to the same public data. [...] Many people active in the data hoarding community take pride in tracking down esoteric files of the kind that often quietly disappear from the internet -- manuals for older technologies that get taken down when manufacturers redesign their websites, obscure punk show flyers whose only physical copies have long since been pulled from telephone poles and thrown in the trash, or episodes of old TV shows too obscure for streaming services to bid on -- and making them available to those who want them.
BSD and Linux so easy to exploit that Zerodium pays just $50k for uid0
https://zerodium.com/program.html "the research becomes the exclusive property of ZERODIUM and you are not allowed to re-sell, share, or report the research to any other person or entity." Opensource Unix Foundations should strongly consider forming open collaborative crowdfunding and paying similar to openly acquire and fix exploits thus keeping them from going into secret blackholes which are often used directly against their very own users requiring, and in, security sensitive environments (be they corp, gov, personal, edu, ngo, biz, research, journalism, etc...), reducing continued exploitation of the work, users, and infrastructures of Opensource Unix OS projects through using bounties to identify improving production, review, security, audit, coding, feedback models in same. "Many ... have bug bounty programs for those who want the exploit used for defensive purposes, ie fixed... but they pay orders of magnitude less. *This is a problem.*" -- Bruce Reassert and 0wn the problem.
Adventures in Zoochosis
https://www.youtube.com/watch?v=xmX2_AodFDk I hold out for consensus Give the masses the benefit of the doubt Insist the democratic process will bear this population out I think my only fear of death is that it may not be the end That we may be eternal beings and must do all of this again Oh, please lord, let no such thing be true Though I suspect if I slink back to my enclosure Safe and warm and adequately lit Sufficiently plumbed and ventilated Well, let's just say I would not shake a stick And if pressed, I'll admit I'm ecstatic about the enrichment programs Implemented to extend our captive lifespans I'm excited to see what our keepers have planned Perhaps a bigger cage? Longer chains? Some compelling, novel reasons to remain? "Dad, are we gonna die?" Yes son, both you and I But maybe not today Boys, I've bowed to the keeper's whip for so damn long I think the sad truth is this enclosure is where your old man belongs But you, your hearts are pure When the operant conditioners come to break you in I'll sink my squandered teeth You grab your little brother's hand, run like the wind And if I'm not there, don't look back Just go I don't give a fuck about the enrichment programs Implemented to extend our captive lifespans Motherfucker gonna get a load of what I got planned -- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7 signature.asc Description: PGP signature
Zerodium Paying $500K for Cloud Exploits, Crowd Prediction Market Coming
https://www.zdnet.com/article/hide-yo-kids-hide-yo-clouds-zerodium-offering-big-bucks-for-cloud-zero-days/ NSA's / CIA's / In-Q-Tel's / FBI's / FVEY's partners... Zerodium, Vupen, Azimuth, and Crowdfense ... Predict and shift from this closed market to one openly in your favor instead. https://zerodium.com/program.html Exploit vendor Zerodium announced today plans to pay a whopping $500,000 for zero-days in popular cloud technologies like Microsoft's Hyper-V and (Dell) VMware's vSphere. More security news All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix Japanese police charge 13-year-old for sharing 'unclosable popup' prank online Phishing alert: One in 61 emails in your inbox now contains a malicious link Hide yo' kids, hide yo' clouds: Zerodium offering big bucks for cloud zero-days Both Hyper-V and vSphere are what experts call virtualization software, also called hypervisors --software that lets a single "host" server create and run one or more virtual "guest" operating systems. Virtualization software is often found in cloud-powered data centers. Hyper-V is the technology at the core of Microsoft's Azure cloud computing platform, while VMware's vSphere is used by Amazon Web Services and SAP. With cloud services growing in adoption, especially for hosting websites and crucial IT infrastructure, the importance of both technologies has been slowly increasing in recent years. This paradigm shift hasn't gone unnoticed in the exploit market, where Zerodium --a Washington, DC-based exploit vendor-- is by far the leading company. In a tweet earlier today, Zerodium has announced plans to pay up to $500,000 for fully-working zero-days in Hyper-V and vSphere that would allow an attacker to escape from the virtualized guest operating system to the host server's OS. "The exploits must work with default configs, be reliable, and lead to full access to the host," the company said on Twitter. This kind of tweet and offer isn't anything new from Zerodium. The company usually pays fixed prices for exploits and then hikes up payouts during so-called "exploit acquisition raids," when it's purposely looking to enhance its offering for certain types of exploit classes. Zerodium previously held acquisition raids for zero-days in iOS, instant messaging apps, the Tor Browser, Linux, Adobe Flash Player, routers, and USB thumb drives. These acquisition raids are normally limited to a few weeks, and after that payouts return to their normal pricing range. "Our new payout for hypervisors will last for a couple of months, and we'll then decide if we reduce it or keep it high, depending on the number of acquisitions we will make," Zerodium CEO Chaouki Bekrar told ZDNet via email. Previously to today's acquisition raid, Zerodium used to pay up to $200,000 for exploits in vSphere and Hyper-V, according to its price charts. The company's move to hike up hypervisor exploit payouts comes after Microsoft anted up payments for Hyper-V bugs last summer when it began paying up to $250,000 for similar exploits, outbidding Zerodium and all other exploit buyers. "Microsoft's bounty for Hyper-V exploits is very attractive for researchers, however, VMWare is not paying anything to zero-day hunters," Bekrar told ZDNet. "We have decided to fill this gap, and we've been paying $200,000 for such exploits, and we've acquired many of them so far," Bekrar said. "However, we've recently observed an increase in demand from customers, [and] we have decided to increase the bounty to $500,000 to outbid vendors and all existing buyers." The customers the company is referring are government and law enforcement agencies. Their increasing interest in cloud zero-days is only normal, seeing that AWS and Azure have been slowly cannibalizing the web hosting market, with fewer and fewer web hosting providers hosting their own data centers, and more of them choosing to rent cloud servers instead. With cyber-crime, malware, and APT operations being often hosted on cloud servers, it is only normal that these agencies would be more interested in taking over cloud servers hosting malicious infrastructure. According to previous statements, Zerodium describes itself as a vendor who buys zero-days from security researchers and sells the vulnerabilities to government and law enforcement agencies. While other exploit vendors have caught selling hacking tools to oppressive regimes, there have been no such reports, at the time of writing, about Zerodium.
FBI Slings Anti-Privacy FUD Against Encryption at RSA Conf
https://www.cnet.com/news/fbi-director-christopher-wray-tells-cybersecurity-experts-to-partner-with-feds/ Encryption should have limits. That's the message FBI Director Christopher Wray had for cybersecurity experts Tuesday. The technology that scrambles up information so only intended recipients can read it is useful, he said, but it shouldn't provide a playground for criminals where law enforcement can't reach them. "It can't be a sustainable end state for there to be an entirely unfettered space that's utterly beyond law enforcement for criminals to hide," Wray said during a live interview at the RSA Conference, a major cybersecurity gathering in San Francisco. His comments are part of a back-and-forth between government agencies and security experts over the role of encryption technology in public safety. Agencies like the FBI have repeatedly voiced concerns like Wray's, saying encryption technology locks them out of communications between criminals. Cybersecurity experts say the technology is crucial for keeping data and critical computer systems safe from hackers. Letting law enforcement access encrypted information just creates a backdoor hackers will ultimately exploit for evil deeds, they say. Wray, a former assistant attorney general in the U.S. Department of Justice who counts among his biggest cases prosecutions against Enron officials, acknowledged Tuesday that encryption is "a provocative subject." As the leader of the nation's top law enforcement agency, though, he's focused on making sure the government can carry out criminal investigations. Hackers in other countries should expect more investigations and indictments, Wray said. "We're going to follow the facts wherever they lead, to whomever they lead, no matter who doesn't like it," he said. To applause, he added, "I don't really care what some foreign government has to say about it."
NSA GHIDRA Disassembler Vault7
https://www.zdnet.com/article/nsa-release-ghidra-a-free-software-reverse-engineering-toolkit/ https://ghidra-sre.org/ At the RSA security conference this week, the National Security Agency released Ghidra, a free software reverse engineering tool that the agency had been using internally for well over a decade. The tool is ideal for software engineers, but will be especially useful for malware analysts first and foremost, being similar to other reverse engineering tools like IDA Pro, Hopper, HexRays, and others. The NSA's general plan was to release Ghidra so security researchers can get used to working with it before applying for positions at the NSA or other government intelligence agencies with which the NSA has previously shared Ghidra in private. Ghidra is currently available for download only through its official website, but the NSA also plans to release its source code under an open source license in the coming future.