asciilifeform: from same rag, a gem for BingoBoingo, 'While lurking on a prepper discussion thread on Tea Party Community, a social network marketed as a conservative alternative to Facebook, I once saw a rousing discussion about navigating the tricky business of armed combat while confined to a mobility scooter. In that particular hypothetical scenario, individuals were discussing the best ways to kill NATO peacekeeping forces. These are real peop
asciilifeform: and for all i know, already done somewhere
asciilifeform: jurov: it's an undergrad-level project
asciilifeform: and, also incidentally, a 64GB+ sdcard weighs ~1g. so there is no reason whatsoever for the cipher not to be otp.
asciilifeform: incidentally, a Useful Product Idea, plug-in replacement guidance module for popular flying toys, to pick arbitrary quiet frequency spread in a reasonably broad swatch of spectrum, when remote is paired with toy, rather than the current 'legal' jammable idiocy.☟︎
asciilifeform: 'The patch included in SA-16:25 is incomplete, and may still permit heap corruption. The patch included in the document dump is more complete. Why only a partial fix?' <<< ahahahahaha
asciilifeform: and the same one which threw out gcc in favour of crappleade, etc.
asciilifeform: this, notice, is the same freebsd as was distributed with DEAD rng, for ~year
asciilifeform: 'Why was there no mention of the fact that running freebsd-update to install the fix for the bspatch advisory [SA-16:25] may actually expose users to the vulnerability?'
asciilifeform: the only permissible operation on an unsigverified input is - constant-time sig verification.
asciilifeform: (quite arguably, (2) is redundant and subsumed in (1). but it defines what is a 'rando')
asciilifeform: the most galling thing is the VERY NOTION of a tcp that isn't porous. because tcp breaks BOTH of the two, as i found, iron rules of network sanity: 1) NOTHING TO RANDOS FOR FREE 2) NO OPERATIONS ON UNSIGNED INPUT
asciilifeform: 'implemented in Linux kernel version 3.6 (from 2012) and beyond' << emphasis.
asciilifeform remembers thread, but unable to turn it up in the l0gz
asciilifeform: iirc it was the db descriptors thing in trb.
asciilifeform: ments, we show that the attack is fast and reliable. On average, it takes about 40 to 60 seconds to finish and the success rate is 88% to 97%. Finally, we propose changes to both the TCP specification and implementation to eliminate the root cause of the problem.'
asciilifeform: rther, if the connection is present, such an off-path attacker can also infer the TCP sequence numbers in use, from both sides of the connection; this in turn allows the attacker to cause connection termination and perform data injection attacks. We illustrate how the attack can be leveraged to disrupt or degrade the privacy guarantees of an anonymity network such as Tor, and perform web connection hijacking. Through extensive experi
asciilifeform: 'In this paper, we report a subtle yet serious side channel vulnerability (CVE-2016-5696) introduced in a recent TCP specification. The specification is faithfully implemented in Linux kernel version 3.6 (from 2012) and beyond, and affects a wide range of devices and hosts. In a nutshell, the vulnerability allows a blind off-path attacker to infer if any two arbitrary hosts on the Internet are communicating using a TCP connection. Fu
asciilifeform: and perhaps it is 'not inconvenient' because other folks do this for him ?
asciilifeform: well apparently it did keep mircea_popescu from searchengining for the error msg.
asciilifeform: 'The website may try to fallback to TLS 1.0 in a way that is no longer allowed in current releases or may be using a deprecated cipher suite.'
asciilifeform: them bitz were shuffled 'round, to get them dirty terrorists UPDATING LIKE GOD SAID TO etc
asciilifeform: or rather, where it first pops up in the logz.
asciilifeform: '...The attackers used multiple interesting and unusual techniques, including: Data exfiltration and real-time status reporting using DNS requests. Implant deployment using legitimate software update scripts....'
asciilifeform: mircea_popescu: this came out of what, curl ?
