Firefox SECRETLY storing your login credentials?

On 12/12/2018 21:51, Panthera Tigris Altaica wrote:
On 2018-12-12 15:09, nospam wrote:
In article , David B.
wrote:

So what about possible hidden malware which may *NOT* have (yet) been
found?

what about it?

I know nothing about it.

yep, you sure don't.

Nor do you!

false.

assuming you obtain hardware and software from reputable sources, it's
a non-issue.

Hopefully so.

it is so.

on the other hand, if you get a phone from someone at defcon, all bets
are off.

I 'm no longer in the armed services, so that's unlikely.

further confirming that you know *nothing* about security.

He knows so little about security that he doesn't know what defcon, in
this context, is. That says all that needs be said.

If anyone reading here REALLY needs to know, they may look right he-

https://en.wikipedia.org/wiki/DEF_CON

I'll wager my next months pension that THIS virus writer has never attended!

https://vxer.home.blog/2018/12/08/vxer-a-profile/

--
David B.

On Wed, 12 Dec 2018 20:23:09 -0500, Paul
wrote:

Stephen Wolstenholme wrote:
On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David
wrote:

On 12/12/2018 16:04, nospam wrote:
In article , Panthera Tigris Altaica
wrote:

It can be on and still act as if it is off. You have no way of
telling without some pretty sophisticated test equipment, and even
then, if I thought it may be monitored I'd find a way for it to hide
all activity until the threat passed.
I find this difficult to believe. For one thing, if this is true, then
why has no-one ever seen this magical spy equipment when they take a
phone apart?
exactly.

No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of
a 'chip'.

Yes they can. It's not easy but anyone who has been into chip design
and component failure diagnosis will know how to make a start!

Steve

There is a company in town who do this professionally.

They dip integrated circuits in sulphuric acid and
remove the epoxy, then examine the chip with an
electron microscope. They are typically hired to
check for patent violations. You tell them what
patents you think might be violated, and they would
look for matching structures.

The company was bought out by some big defense industry company.
But the employees are still working there.

You can also visualize running silicon chips. The technique
involves applying a coating of cholesteric crystals to the
top of the chip. And using a polarizer. As the chip state
changes, little patches of black and white show up (contrast).
You would have to slowly single-step the clock on a chip,
and this was *only* possible on ancient 3u technology. At
some point, the feature size of chips would be too small
(10nm) to make this a worthwhile endeavor. Some processors
use dynamic storage inside, and must be refreshed regularly
or the contents would be corrupted. That's why it would be
impractical to clock a modern CPU at 1Hz. With some of the
older, pure CMOS processors, with static storage inside,
you could run those at 1Hz if you wanted, and they would
work just fine.

There's lots of spooky capabilities out there. But some of
it is no longer relevant.

Paul
You can look inside, last place I worked had an electron microscope,
and once in awhile you could even spot where static electricity fried
a cmos gate. But the firmware is more important (in a privacy
context) than the hardware, and I don't know any way to "see"that.

On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David
wrote:

On 12/12/2018 16:04, nospam wrote:
In article , Panthera Tigris Altaica
wrote:


It can be on and still act as if it is off. You have no way of
telling without some pretty sophisticated test equipment, and even
then, if I thought it may be monitored I'd find a way for it to hide
all activity until the threat passed.

I find this difficult to believe. For one thing, if this is true, then
why has no-one ever seen this magical spy equipment when they take a
phone apart?

exactly.


No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of
a 'chip'.

Yes they can. It's not easy but anyone who has been into chip design
and component failure diagnosis will know how to make a start!

Steve

--
http://www.npsnn.com

Stephen Wolstenholme wrote:
On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David
wrote:

On 12/12/2018 16:04, nospam wrote:
In article , Panthera Tigris Altaica
wrote:

It can be on and still act as if it is off. You have no way of
telling without some pretty sophisticated test equipment, and even
then, if I thought it may be monitored I'd find a way for it to hide
all activity until the threat passed.
I find this difficult to believe. For one thing, if this is true, then
why has no-one ever seen this magical spy equipment when they take a
phone apart?
exactly.

No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of
a 'chip'.

Yes they can. It's not easy but anyone who has been into chip design
and component failure diagnosis will know how to make a start!

Steve

There is a company in town who do this professionally.

They dip integrated circuits in sulphuric acid and
remove the epoxy, then examine the chip with an
electron microscope. They are typically hired to
check for patent violations. You tell them what
patents you think might be violated, and they would
look for matching structures.

The company was bought out by some big defense industry company.
But the employees are still working there.

You can also visualize running silicon chips. The technique
involves applying a coating of cholesteric crystals to the
top of the chip. And using a polarizer. As the chip state
changes, little patches of black and white show up (contrast).
You would have to slowly single-step the clock on a chip,
and this was *only* possible on ancient 3u technology. At
some point, the feature size of chips would be too small
(10nm) to make this a worthwhile endeavor. Some processors
use dynamic storage inside, and must be refreshed regularly
or the contents would be corrupted. That's why it would be
impractical to clock a modern CPU at 1Hz. With some of the
older, pure CMOS processors, with static storage inside,
you could run those at 1Hz if you wanted, and they would
work just fine.

There's lots of spooky capabilities out there. But some of
it is no longer relevant.

Paul

In article , Stephen
Wolstenholme wrote:

No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of
a 'chip'.

Yes they can. It's not easy but anyone who has been into chip design
and component failure diagnosis will know how to make a start!

it's very easy with an x-ray, which is enough to show something 'extra'.

default wrote:

You can look inside, last place I worked had an electron microscope,
and once in awhile you could even spot where static electricity fried
a cmos gate. But the firmware is more important (in a privacy
context) than the hardware, and I don't know any way to "see"that.

I had a think about it, and I don't think you could
read a NAND flash with an electron microscope. That
would probably erase the NAND cell floating gate.

I used to use expensive titanium-tungsten fuse ROMs
in the lab, and those you could read with an electron
microscope.

If the NAND was on a JTAG chain, you might be able
to read it. Apple actually disconnected the JTAG
chain on one of their designs, so the Feds couldn't
clock out the memory contents.

JTAG chains haven't always been that popular in the
computer industry, and it was the Telecom industry
that tried to scan out everything. The typical desktop
computer doesn't have a lot of JTAG spigots to access.

The FPGA board I bought a number of years ago,
you program that via JTAG, and presumably you can
also read it out. But that's more of a special case,
and the circuit still needs power.

Paul

On 13/12/2018 00:18, Stephen Wolstenholme wrote:
On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David
wrote:

On 12/12/2018 16:04, nospam wrote:
In article , Panthera Tigris Altaica
wrote:


It can be on and still act as if it is off. You have no way of
telling without some pretty sophisticated test equipment, and even
then, if I thought it may be monitored I'd find a way for it to hide
all activity until the threat passed.

I find this difficult to believe. For one thing, if this is true, then
why has no-one ever seen this magical spy equipment when they take a
phone apart?

exactly.


No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of
a 'chip'.

Yes they can. It's not easy but anyone who has been into chip design
and component failure diagnosis will know how to make a start!

Wow! Thanks for explaining, Steve!

From what Paul and 'default' have said too, it's clear that nothing
would be obvious to a layman who opened up a smart 'phone and simply
looked inside!

--
Regards,
David B.

On Thu, 13 Dec 2018 08:07:07 +0000, "David B." "David
wrote:

On 13/12/2018 00:18, Stephen Wolstenholme wrote:
On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David
wrote:

On 12/12/2018 16:04, nospam wrote:
In article , Panthera Tigris Altaica
wrote:


It can be on and still act as if it is off. You have no way of
telling without some pretty sophisticated test equipment, and even
then, if I thought it may be monitored I'd find a way for it to hide
all activity until the threat passed.

I find this difficult to believe. For one thing, if this is true, then
why has no-one ever seen this magical spy equipment when they take a
phone apart?

exactly.


No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of
a 'chip'.

Yes they can. It's not easy but anyone who has been into chip design
and component failure diagnosis will know how to make a start!

Wow! Thanks for explaining, Steve!

From what Paul and 'default' have said too, it's clear that nothing
would be obvious to a layman who opened up a smart 'phone and simply
looked inside!

Bloomberg news had this article about some Chinese manufacturer adding
a chip that wasn't in the boards they were supposed to be making.
October 4, 2018...

Here it is:
https://www.bloomberg.com/news/featu...-top-companies

or:
https://tinyurl.com/ycywjdmo

If you read some of the denials by Apple and the rest. They don't say
it didn't happen, the legalese jibber-jabber sounds more like "we are
not to blame and had no idea this was happening."

On Thu, 13 Dec 2018 13:46:25 +0000, Andy Burns
wrote:

default wrote:

Bloomberg news had this ...

... load of complete horse****

It may be; I'm skeptical that something like that would be done. I
haven't been able to verify it though, and I do think
Bloomberg makes an effort to get their stories right.

I certainly could be done, but should be easy enough to spot.

On Thu, 13 Dec 2018 14:34:16 +0000, Andy Burns
wrote:

Mayayana wrote:

The Register did an analysis:

https://www.theregister.co.uk/2018/1...cro_bloomberg/

Sorry I thought I'd included this link, but I failed

https://www.theregister.co.uk/2018/10/22/super_micro_chinese_spy_chip_sec/

It would seem easy enough to verify, so why all the denials without
proof?

The stock price of Super Micro lost close to half it's value on the
news and recovered some with the strong denials. That right there,may
indicate the news was false and the real agenda was an effort to
manipulate the stock price for fun and profit. It isn't like that
hasn't been done a time or two in the past.

This rebuttal sounds similar to a DTrump tweet:

Super Micro stresses that no one has come to the support of
Bloomberg's article, and that numerous officials, including FBI
director Christopher Wray, NSA Senior Cybersecurity Advisor Rob Joyce,
Director of National Intelligence Dan Coats, the US Department of
Homeland Security, and the UK’s GCHQ have all questioned the story.

Personally I don't know who is telling the truth. If the news is
false it is blatant stock manipulation and the SEC should be
investigating that. (but that is the same SEC that Madoff ran rings
around, so no hope from that quarter)

The Register is not taking a position and consensus is not the same
thing as corroboration. So there is no conclusive proof. There is a
lot of spin and no substance.

On Thu, 13 Dec 2018 09:25:22 -0500, "Mayayana"
wrote:

"Andy Burns" wrote

| ... load of complete horse****
|

Not exactly a rational, thorough rebuttal. If you want
to say he's talking nonsense you should at least have
more than swearing to back you up.

The Register did an analysis:

https://www.theregister.co.uk/2018/1...cro_bloomberg/

The result is inconclusive. Was it a very complex
misunderstanding? Was there a pervasive problem
that the gov't and several tech companies
conspired to cover up in order not to cause anxiety
among American customers? Or did Tim Cook tell the
truth in forcefully denying the claims as bad reporting?
We don't know, but the second possibility sounds the
most convincing to me. I've never seen footage of
Tim Cook where he didn't seem to me to be speaking
half-truths meant to mislead people.

[Hiding tens of billions offshore to
avoid paying corporate taxes? Tim Cook's response
was that Apple pays all the taxes they owe. Then he
went on with one of his feel-good squealing rants about
how the iPhone unites the world by using parts from
numerous countries. By the time he got through one
could almost see a circle of children, holding hands,
singing "I'd Like to Teach the World to Sing".
That's Always been Apple's racket: "We're amazing
and more enlightened than you, and our products
are made of faeries and shamrocks... but you can
have one for a couple thousand bucks."
Meanwhile the reality is avoiding taxes, using
virtual slave labor, gouging their customers, and
frivolous lawsuits.

You could say Cook didn't technically lie about the
taxes, but according to "the spirit of the moral" it was
a vicious, baldfaced lie because he twisted the facts
to make them appear the opposite of what they are.]

So why do you seethe that the report is "horse****"? Do you
know something we don't? Supermicro apparently did have
uncontested trouble with malware. And isn't the recent
Huawei controversy all about China shipping backdoored
hardware?
So isn't the essence of default's position valid, even if
that particular story turns out not to be true? And as noted
above, we don't seem to have any reason to dismiss that
story outright. Bloomberg vs Tim Cook and Amazon? I
wouldn't hesitate for a moment in choosing the former if
I had to trust one of them. One group is journalists. The
other is arrogant, billionaire geeks whose business model
is generally based on exploitation.
Lying tech companies has almost become a tradition.
Not so for journalists. (Unless you happen to be Donald
Trump still trying to deny he's ever heard of Stormy
Daniels.)


Nicely written

Yeah boy, I'm still waiting on Lockheed Martin's fusion reactor..
Lying tech company that it is. No doubt the "news" gave their stock
price a bump. (probably the only fusion they care about)

Then we have Elon Musk, another market manipulator.

On Thu, 13 Dec 2018 16:05:28 +0000, "David B." "David
wrote:

On 11/12/2018 17:08, default wrote:
On Tue, 11 Dec 2018 16:44:08 +0000, "David B." "David
wrote:

Is your computer/device CLOCK wrong?

Yes, thanks for noticing. It is about noon and showing 4xx am... and
according to my desktop it is synchronized with nist.gov, I switched
to time.windows.com and it is more believable now.

Are you willing to disclose your credentials - do you have a LinkedIn
persona, for example, to give more credibility to your words? (in case
of doubt, I believe YOU - I do NOT believe 'nospam', who I know to be
untrustworthy).

Nope, I'm not on facebook either... LinkedIn is a joke, my sister was
using it and they were sending me spam so they managed to hack into
her Yahoo email account and then sent encouragements to everyone it
found there.

I was tinkering with electronics since I was seven, and it has been my
life's work (or at least the well-paying jobs, I was a motorcycle bum
and was a cook, railroad section crew member, handyman at a lodge in
NC, did some power line construction etc. to pay for the freedom being
a bum is all about.) I'm married retired "settled" but still design
electronic devices because it's satisfying. My wife is a scientist-
it is in her job title.

I think it was you who mentioned your wife's computer not being able to
update Windows 10 (but sadly, I cannot find the post!)

If that was ideed the case you may like to read the thread I started
elsewhere - I was posting as GA11. Here's the first part of that thread
of mine, it was back in October!


=

Installing Linux Mint on an old Apple iMac
Post by GA11 » Mon Oct 08, 2018 3:47 pm

Hello - this my first post in these forums! :mrgreen:

I'm just an amateur computer user who last week was presented with a
small Dell computer by my daughter - "dad, can you fix this"? It was
running Windows 10 but only has 32GB RAM. There was less than 3GB of
disk space free - the new Update from Microsoft said it needed 8GB to
install it. Long story short, the laptop now has Linux Mint 19 Cinnamon
installed and it's running like a dream. That was my learning curve!

My principal computer is now a new 27in Apple iMac. My 'old' 24in 2008
(model) iMac died and because it is now 'vintage' neither Apple nor
appointed Apple authorised agents would touch it. A local computer shop
diagnosed that the hard drive had failed but wanted much money to repair
it. I decided to do the job myself! I've installed a brand new 1TB drive
obtained from Western Digital through Amazon UK. However, I'm having
great difficulty installing another operating system so checked my RAM
with MemTest. Crucial are going to replace the RAM free of charge under
their lifetime guarantee and I'm currently awaiting delivery of same.

In the meantime, I've had a 'play' with trying to put Mint on the
machine (using the RAM which came with the iMac back in 2009). This I
have done and have been able to 'surf' on the Internet!

The whole thread is he-

https://forums.linuxmint.com/viewtop...A11#p 1537501
--
Regards,
David B.

https://vxer.home.blog/2018/12/08/vxer-a-profile/

Thanks. My wife uses it for email, playing solitaire, and watching
Netflix. I'm not sure she'd appreciate having Linux on it. It is one
of those ~$200 laptops whose only saving grace is the superb screen
resolution. She's got a real laptop and desktop for the things that
require a real computer.

Sometime when her computer is not in use I may try booting Linux with
a flash drive and play around with it.

I use Ubuntu on my laptop after one of M$'s Win 7 updates trashed the
OS.

Wife and I don't interfere in each other's choices as a rule, works
better that way... She has her house, I have my house.

default wrote:

Bloomberg news had this ...

.... load of complete horse****

default wrote:

Andy Burns wrote:

default wrote:

Bloomberg news had this ...

... load of complete horse****

It may be; I'm skeptical that something like that would be done.

Oh I agree something similar could be done, but bloomberg said it *had*
been done, yet produced no evidence

In article , default
wrote:

You can look inside, last place I worked had an electron microscope,
and once in awhile you could even spot where static electricity fried
a cmos gate. But the firmware is more important (in a privacy
context) than the hardware, and I don't know any way to "see"that.

it's even easier to read the firmware. no expensive microscope required.