Sandsifter throws random machine code instructions at microprocessors, just to see what happens.
The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical hardware bugs in x86 chips.
With the multitude of x86 processors in existence, the goal of the tool is to enable users to check their own systems for hidden instructions and bugs.
I demand to see this scene in technothrillers pronto. Read the rest
The Organization for the Prohibition of Chemical Weapons (OPCW) has been elbows-deep in the investigation of the Novichok nerve agent attack on Sergei and Yulia Skirpal. As part of their investigation into where the nerve agent may have originated, the OPCW sent samples of the chemical weapon to a number of independent labs.
Using multiple labs provides a fail safe against false positive results and bias – two things you'd want to avoid considering the fact that the results of the tests could trigger a significant international incident. One of the labs that the OPCW may have used (I mean, they're not going to come right out and say that this is where they're sending dangerous shit) was Switzerland's Spiez Laboratory. Since Russia has denied that it had any role in the poisoning of the Skirpals and the other collateral victims of the Novichok attack, it's really really surprising to be surprised by the surprise expulsion of two Russian intelligence agents (surprise!) from The Hague, where OPCW is based. Apparently, they were trying to tinker with Spiez Laboratory's computers.
From NPR:
Swiss and Dutch authorities did not immediately respond to NPR's request for comment. Andreas Bucher, a spokesperson for Spiez Laboratory, also declined to comment on the deportations. However, he confirms the laboratory's computer systems have been probed by unknown hackers in recent months.
"We've had indications that we were in the crosshairs," Bucher says. No data has been stolen from the lab, he adds.
Although Spiez Laboratory has not officially acknowledged receiving a sample, it is widely believed to have done so, according to Jean Pascal Zanders, an independent chemical weapons expert based in France.
Read the rest
Former Air Force language specialist and intelligence contractor Reality Winner has been sentenced to 63 months in prison. Read the rest
The Democratic National Committee called the FBI Tuesday, after discovering what the DNC says was the early phase of a sophisticated phishing attempt to hack its voter database. Read the rest
Facebook announced today they are taking down 652 pages, groups and fake accounts for "coordinated inauthentic behavior." Read the rest
A former nude model and “Bond girl” exchanged sexual messages via Twitter with the online persona now believed to be an unknown number of Russian spies who are accused of attacking the 2016 US elections, the UK tabloid Sun Online posted today.
They're really awful and I don't want to link to them, but this is too rich, you guys. Motherboard has a more credible piece up, you should read that one, too.
In today's garbage interview, Robbin Young told The Sun she "fell madly in love" with Twitter user Guccifer 2.0, and sent him photographs of her breasts and exchanged sexually explicit messages with him or them.
Excerpt:
She was left stunned last week after the US government announced it had indicted 12 Russian spies who they believe ran the Guccifer 2.0 account, hacked into Democratic party computers and leaked stolen documents in a bid to interfere with the 2016 election result.
In an exclusive interview, Robbin, 63, told Sun Online: "I thought he was one Romanian man and I fell in love with him - now to be told it could have been 12 Russian spies running that account - I'm shocked.
"If this is all true it's like I've had Twitter sex with 12 Russian hackers."
Robbin Young once starred with 007 Roger Moore in 'For Your Eyes Only.'
Guccifer is no Roger Moore.
Get a load of this shit.
In one message he wrote: "Wow u r making me breath harder .. ur soul's so pure and unspoiled ..
Read the rest
The “warning lights are blinking red again,” said the American government's top intelligence official on Friday.
Director of National Intelligence Dan Coats warned of newly resurgent threats by Russia, Iran, North Korea, and China on critical U.S. infrastructure while speaking at the Hudson Institute think tank.
Coats happened to be speaking at the event just after the Department of Justice revealed an indictment against 12 Russian military agents for hacking the 2016 U.S. presidential elections. Read the rest
NEW REPORTING CONFIRMS what previous stories speculated: chief of staff John Kelly's phone was hacked, and now they know where. They still don't know by whom, or how, or why, or what the damage was. Read the rest
Have you tried turning it off and on again?
The FBI sent out an urgent bulletin advising anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to help stop the spread of a malware outbreak with origins in Russia. Read the rest
Finnish security researchers Tomi Tuominen and Timo Hirvonen can clone many master hotel keys very quickly using their clever cryptography, an expired keycard from the hotel trash, and a $300 Proxmark RFID card reading and writing device. It takes them about one minute to create a master hotel key. Video demo below. From
Wired:
The two researchers say that their attack works only on Vingcard's previous-generation Vision locks, not the company's newer Visionline product. But they estimate that it nonetheless affects 140,000 hotels in more than 160 countries around the world; the researchers say that Vingcard's Swedish parent company, Assa Abloy, admitted to them that the problem affects millions of locks in total. When WIRED reached out to Assa Abloy, however, the company put the total number of vulnerable locks somewhat lower, between 500,000 and a million. They note, though, that the total number is tough to measure, since they can't closely track how many of the older locks have been replaced. Tuominen and Hirvonen say that they've collected more than a thousand hotel keycards from their friends over the last 10 years, and found that roughly 30 percent were Vingcard Vision locks that would have been vulnerable to their attack.
Tuominen and Hirvonen quietly alerted Assa Abloy to their findings a year ago, and the company responded in February with a software security update that has since been available on its website. But since Vingcard's locks don't have internet connections, that software has to be installed manually by a technician, lock by lock.
Read the rest
How the once mighty have fallen. Read the rest
The United States and Britain today accused Russia of launching a new wave of internet-based attacks targeting routers, firewalls and other computer networking equipment used by government agencies, businesses and critical infrastructure operators around the globe. Read the rest
As advanced atom smashers like the Large Hadron Collider come online, older ones are sometimes abandoned or, better, used for unexpected science experiments. Examples range from recording high-speed X-rays of the biological "motor" that flaps a fly's wings to finding an easter egg in a Degas painting. In the video above, Science Hack Day "global instigator" Ariel Waldman reveals how researchers hack particle accelerators for new uses.
Read the rest
Earlier this month, I was lucky enough to get my hands on a Pocket Sprite – a $55 piece of game emulation hardware that fits in the palm of your hand. Measuring just an inch wide and two inches tall, the Pocket Sprite looks like the smallest Game Boy you've ever seen. It plays like it too, with A, B, start and selection buttons and a wee display with dimension sized to make playing games from the 1980s and 1990s in their original format feel "right."
Out of the box, the Pocket Sprite can play homebrew games designed to work with Game Boy, Game Boy Color and Sega console emulators. Before you ask, yes, this also means that any Game Boy or Sega ROMs you happen to find online will work with the hardware.
Before laying hands on it, I was apprehensive about how playable the Pocket Sprite might be. I still carry around a Game Boy Micro console with me, everywhere I go. I find that it's juuuuust small enough to pocket and still large enough that playing Super Mario World for 30 minutes can actually be enjoyable. The Pocket Sprite's way smaller than my GB Micro is. I was surprised by how easy its chunky controls were to use. But I was disappointed by how hard it was to keep track of a game's action on its display. For my eyes, it's just too small. But maybe your experience will be different.
Whether or not the Game Sprite is worth $55 really depends on why you're buying it. Read the rest
Two influential members of the U.S. Senate today demanded answers from Equifax on the recent massive data breach that affected 143 million Americans. Read the rest
Scotty from Strange Parts famously built a fully-functioning iPhone from replacement parts sourced in Chinese electronic wholesale markets. Now he's gone a step further, and upgraded one to have a headphone jack: "Is it possible? I'm headed to Shenzhen to find out!"
I’m pretty proud of the final implementation. I took apart an Apple lightning to headphone adapter, put that inside the phone, and hooked it up by man in the middling the lightning jack with a flexible PCB. The PCB has a switching chip that switches between connecting the headphone adapter to the phone by default, and then disconnecting it and connecting the lightning jack when something is plugged into it. I have a couple other timer chips that briefly disconnect everything from the phone when something is connected/disconnected to improve the reliability of the phone detecting when something is plugged/unplugged (otherwise it sometimes gets confused).
You won't be doing this work with the soldering iron grandpa left ya.
Read the rest
Joe Menn at Reuters reports that Facebook is pitching in an initial $500,000 in seed funding to launch a nonprofit that will work to protect American political parties, voting systems and information providers from malicious attacks by hackers and foreign nation-states. Read the rest
