If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#106
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On 12/12/2018 21:51, Panthera Tigris Altaica wrote:
On 2018-12-12 15:09, nospam wrote: In article , David B. wrote: So what about possible hidden malware which may *NOT* have (yet) been found? what about it? I know nothing about it. yep, you sure don't. Nor do you! false. assuming you obtain hardware and software from reputable sources, it's a non-issue. Hopefully so. it is so. on the other hand, if you get a phone from someone at defcon, all bets are off. I 'm no longer in the armed services, so that's unlikely. further confirming that you know *nothing* about security. He knows so little about security that he doesn't know what defcon, in this context, is. That says all that needs be said. If anyone reading here REALLY needs to know, they may look right he- https://en.wikipedia.org/wiki/DEF_CON I'll wager my next months pension that THIS virus writer has never attended! https://vxer.home.blog/2018/12/08/vxer-a-profile/ -- David B. |
Ads |
#107
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Wed, 12 Dec 2018 20:23:09 -0500, Paul
wrote: Stephen Wolstenholme wrote: On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David wrote: On 12/12/2018 16:04, nospam wrote: In article , Panthera Tigris Altaica wrote: It can be on and still act as if it is off. You have no way of telling without some pretty sophisticated test equipment, and even then, if I thought it may be monitored I'd find a way for it to hide all activity until the threat passed. I find this difficult to believe. For one thing, if this is true, then why has no-one ever seen this magical spy equipment when they take a phone apart? exactly. No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of a 'chip'. Yes they can. It's not easy but anyone who has been into chip design and component failure diagnosis will know how to make a start! Steve There is a company in town who do this professionally. They dip integrated circuits in sulphuric acid and remove the epoxy, then examine the chip with an electron microscope. They are typically hired to check for patent violations. You tell them what patents you think might be violated, and they would look for matching structures. The company was bought out by some big defense industry company. But the employees are still working there. You can also visualize running silicon chips. The technique involves applying a coating of cholesteric crystals to the top of the chip. And using a polarizer. As the chip state changes, little patches of black and white show up (contrast). You would have to slowly single-step the clock on a chip, and this was *only* possible on ancient 3u technology. At some point, the feature size of chips would be too small (10nm) to make this a worthwhile endeavor. Some processors use dynamic storage inside, and must be refreshed regularly or the contents would be corrupted. That's why it would be impractical to clock a modern CPU at 1Hz. With some of the older, pure CMOS processors, with static storage inside, you could run those at 1Hz if you wanted, and they would work just fine. There's lots of spooky capabilities out there. But some of it is no longer relevant. Paul You can look inside, last place I worked had an electron microscope, and once in awhile you could even spot where static electricity fried a cmos gate. But the firmware is more important (in a privacy context) than the hardware, and I don't know any way to "see"that. |
#108
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David
wrote: On 12/12/2018 16:04, nospam wrote: In article , Panthera Tigris Altaica wrote: It can be on and still act as if it is off. You have no way of telling without some pretty sophisticated test equipment, and even then, if I thought it may be monitored I'd find a way for it to hide all activity until the threat passed. I find this difficult to believe. For one thing, if this is true, then why has no-one ever seen this magical spy equipment when they take a phone apart? exactly. No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of a 'chip'. Yes they can. It's not easy but anyone who has been into chip design and component failure diagnosis will know how to make a start! Steve -- http://www.npsnn.com |
#109
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
Stephen Wolstenholme wrote:
On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David wrote: On 12/12/2018 16:04, nospam wrote: In article , Panthera Tigris Altaica wrote: It can be on and still act as if it is off. You have no way of telling without some pretty sophisticated test equipment, and even then, if I thought it may be monitored I'd find a way for it to hide all activity until the threat passed. I find this difficult to believe. For one thing, if this is true, then why has no-one ever seen this magical spy equipment when they take a phone apart? exactly. No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of a 'chip'. Yes they can. It's not easy but anyone who has been into chip design and component failure diagnosis will know how to make a start! Steve There is a company in town who do this professionally. They dip integrated circuits in sulphuric acid and remove the epoxy, then examine the chip with an electron microscope. They are typically hired to check for patent violations. You tell them what patents you think might be violated, and they would look for matching structures. The company was bought out by some big defense industry company. But the employees are still working there. You can also visualize running silicon chips. The technique involves applying a coating of cholesteric crystals to the top of the chip. And using a polarizer. As the chip state changes, little patches of black and white show up (contrast). You would have to slowly single-step the clock on a chip, and this was *only* possible on ancient 3u technology. At some point, the feature size of chips would be too small (10nm) to make this a worthwhile endeavor. Some processors use dynamic storage inside, and must be refreshed regularly or the contents would be corrupted. That's why it would be impractical to clock a modern CPU at 1Hz. With some of the older, pure CMOS processors, with static storage inside, you could run those at 1Hz if you wanted, and they would work just fine. There's lots of spooky capabilities out there. But some of it is no longer relevant. Paul |
#110
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , Stephen
Wolstenholme wrote: No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of a 'chip'. Yes they can. It's not easy but anyone who has been into chip design and component failure diagnosis will know how to make a start! it's very easy with an x-ray, which is enough to show something 'extra'. |
#111
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
default wrote:
You can look inside, last place I worked had an electron microscope, and once in awhile you could even spot where static electricity fried a cmos gate. But the firmware is more important (in a privacy context) than the hardware, and I don't know any way to "see"that. I had a think about it, and I don't think you could read a NAND flash with an electron microscope. That would probably erase the NAND cell floating gate. I used to use expensive titanium-tungsten fuse ROMs in the lab, and those you could read with an electron microscope. If the NAND was on a JTAG chain, you might be able to read it. Apple actually disconnected the JTAG chain on one of their designs, so the Feds couldn't clock out the memory contents. JTAG chains haven't always been that popular in the computer industry, and it was the Telecom industry that tried to scan out everything. The typical desktop computer doesn't have a lot of JTAG spigots to access. The FPGA board I bought a number of years ago, you program that via JTAG, and presumably you can also read it out. But that's more of a special case, and the circuit still needs power. Paul |
#112
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On 13/12/2018 00:18, Stephen Wolstenholme wrote:
On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David wrote: On 12/12/2018 16:04, nospam wrote: In article , Panthera Tigris Altaica wrote: It can be on and still act as if it is off. You have no way of telling without some pretty sophisticated test equipment, and even then, if I thought it may be monitored I'd find a way for it to hide all activity until the threat passed. I find this difficult to believe. For one thing, if this is true, then why has no-one ever seen this magical spy equipment when they take a phone apart? exactly. No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of a 'chip'. Yes they can. It's not easy but anyone who has been into chip design and component failure diagnosis will know how to make a start! Wow! Thanks for explaining, Steve! From what Paul and 'default' have said too, it's clear that nothing would be obvious to a layman who opened up a smart 'phone and simply looked inside! -- Regards, David B. |
#113
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Thu, 13 Dec 2018 08:07:07 +0000, "David B." "David
wrote: On 13/12/2018 00:18, Stephen Wolstenholme wrote: On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David wrote: On 12/12/2018 16:04, nospam wrote: In article , Panthera Tigris Altaica wrote: It can be on and still act as if it is off. You have no way of telling without some pretty sophisticated test equipment, and even then, if I thought it may be monitored I'd find a way for it to hide all activity until the threat passed. I find this difficult to believe. For one thing, if this is true, then why has no-one ever seen this magical spy equipment when they take a phone apart? exactly. No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of a 'chip'. Yes they can. It's not easy but anyone who has been into chip design and component failure diagnosis will know how to make a start! Wow! Thanks for explaining, Steve! From what Paul and 'default' have said too, it's clear that nothing would be obvious to a layman who opened up a smart 'phone and simply looked inside! Bloomberg news had this article about some Chinese manufacturer adding a chip that wasn't in the boards they were supposed to be making. October 4, 2018... Here it is: https://www.bloomberg.com/news/featu...-top-companies or: https://tinyurl.com/ycywjdmo If you read some of the denials by Apple and the rest. They don't say it didn't happen, the legalese jibber-jabber sounds more like "we are not to blame and had no idea this was happening." |
#114
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Thu, 13 Dec 2018 13:46:25 +0000, Andy Burns
wrote: default wrote: Bloomberg news had this ... ... load of complete horse**** It may be; I'm skeptical that something like that would be done. I haven't been able to verify it though, and I do think Bloomberg makes an effort to get their stories right. I certainly could be done, but should be easy enough to spot. |
#115
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Thu, 13 Dec 2018 14:34:16 +0000, Andy Burns
wrote: Mayayana wrote: The Register did an analysis: https://www.theregister.co.uk/2018/1...cro_bloomberg/ Sorry I thought I'd included this link, but I failed https://www.theregister.co.uk/2018/10/22/super_micro_chinese_spy_chip_sec/ It would seem easy enough to verify, so why all the denials without proof? The stock price of Super Micro lost close to half it's value on the news and recovered some with the strong denials. That right there,may indicate the news was false and the real agenda was an effort to manipulate the stock price for fun and profit. It isn't like that hasn't been done a time or two in the past. This rebuttal sounds similar to a DTrump tweet: Super Micro stresses that no one has come to the support of Bloomberg's article, and that numerous officials, including FBI director Christopher Wray, NSA Senior Cybersecurity Advisor Rob Joyce, Director of National Intelligence Dan Coats, the US Department of Homeland Security, and the UK’s GCHQ have all questioned the story. Personally I don't know who is telling the truth. If the news is false it is blatant stock manipulation and the SEC should be investigating that. (but that is the same SEC that Madoff ran rings around, so no hope from that quarter) The Register is not taking a position and consensus is not the same thing as corroboration. So there is no conclusive proof. There is a lot of spin and no substance. |
#116
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Thu, 13 Dec 2018 09:25:22 -0500, "Mayayana"
wrote: "Andy Burns" wrote | ... load of complete horse**** | Not exactly a rational, thorough rebuttal. If you want to say he's talking nonsense you should at least have more than swearing to back you up. The Register did an analysis: https://www.theregister.co.uk/2018/1...cro_bloomberg/ The result is inconclusive. Was it a very complex misunderstanding? Was there a pervasive problem that the gov't and several tech companies conspired to cover up in order not to cause anxiety among American customers? Or did Tim Cook tell the truth in forcefully denying the claims as bad reporting? We don't know, but the second possibility sounds the most convincing to me. I've never seen footage of Tim Cook where he didn't seem to me to be speaking half-truths meant to mislead people. [Hiding tens of billions offshore to avoid paying corporate taxes? Tim Cook's response was that Apple pays all the taxes they owe. Then he went on with one of his feel-good squealing rants about how the iPhone unites the world by using parts from numerous countries. By the time he got through one could almost see a circle of children, holding hands, singing "I'd Like to Teach the World to Sing". That's Always been Apple's racket: "We're amazing and more enlightened than you, and our products are made of faeries and shamrocks... but you can have one for a couple thousand bucks." Meanwhile the reality is avoiding taxes, using virtual slave labor, gouging their customers, and frivolous lawsuits. You could say Cook didn't technically lie about the taxes, but according to "the spirit of the moral" it was a vicious, baldfaced lie because he twisted the facts to make them appear the opposite of what they are.] So why do you seethe that the report is "horse****"? Do you know something we don't? Supermicro apparently did have uncontested trouble with malware. And isn't the recent Huawei controversy all about China shipping backdoored hardware? So isn't the essence of default's position valid, even if that particular story turns out not to be true? And as noted above, we don't seem to have any reason to dismiss that story outright. Bloomberg vs Tim Cook and Amazon? I wouldn't hesitate for a moment in choosing the former if I had to trust one of them. One group is journalists. The other is arrogant, billionaire geeks whose business model is generally based on exploitation. Lying tech companies has almost become a tradition. Not so for journalists. (Unless you happen to be Donald Trump still trying to deny he's ever heard of Stormy Daniels.) Nicely written Yeah boy, I'm still waiting on Lockheed Martin's fusion reactor.. Lying tech company that it is. No doubt the "news" gave their stock price a bump. (probably the only fusion they care about) Then we have Elon Musk, another market manipulator. |
#117
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
On Thu, 13 Dec 2018 16:05:28 +0000, "David B." "David
wrote: On 11/12/2018 17:08, default wrote: On Tue, 11 Dec 2018 16:44:08 +0000, "David B." "David wrote: Is your computer/device CLOCK wrong? Yes, thanks for noticing. It is about noon and showing 4xx am... and according to my desktop it is synchronized with nist.gov, I switched to time.windows.com and it is more believable now. Are you willing to disclose your credentials - do you have a LinkedIn persona, for example, to give more credibility to your words? (in case of doubt, I believe YOU - I do NOT believe 'nospam', who I know to be untrustworthy). Nope, I'm not on facebook either... LinkedIn is a joke, my sister was using it and they were sending me spam so they managed to hack into her Yahoo email account and then sent encouragements to everyone it found there. I was tinkering with electronics since I was seven, and it has been my life's work (or at least the well-paying jobs, I was a motorcycle bum and was a cook, railroad section crew member, handyman at a lodge in NC, did some power line construction etc. to pay for the freedom being a bum is all about.) I'm married retired "settled" but still design electronic devices because it's satisfying. My wife is a scientist- it is in her job title. I think it was you who mentioned your wife's computer not being able to update Windows 10 (but sadly, I cannot find the post!) If that was ideed the case you may like to read the thread I started elsewhere - I was posting as GA11. Here's the first part of that thread of mine, it was back in October! = Installing Linux Mint on an old Apple iMac Post by GA11 » Mon Oct 08, 2018 3:47 pm Hello - this my first post in these forums! :mrgreen: I'm just an amateur computer user who last week was presented with a small Dell computer by my daughter - "dad, can you fix this"? It was running Windows 10 but only has 32GB RAM. There was less than 3GB of disk space free - the new Update from Microsoft said it needed 8GB to install it. Long story short, the laptop now has Linux Mint 19 Cinnamon installed and it's running like a dream. That was my learning curve! My principal computer is now a new 27in Apple iMac. My 'old' 24in 2008 (model) iMac died and because it is now 'vintage' neither Apple nor appointed Apple authorised agents would touch it. A local computer shop diagnosed that the hard drive had failed but wanted much money to repair it. I decided to do the job myself! I've installed a brand new 1TB drive obtained from Western Digital through Amazon UK. However, I'm having great difficulty installing another operating system so checked my RAM with MemTest. Crucial are going to replace the RAM free of charge under their lifetime guarantee and I'm currently awaiting delivery of same. In the meantime, I've had a 'play' with trying to put Mint on the machine (using the RAM which came with the iMac back in 2009). This I have done and have been able to 'surf' on the Internet! The whole thread is he- https://forums.linuxmint.com/viewtop...A11#p 1537501 -- Regards, David B. https://vxer.home.blog/2018/12/08/vxer-a-profile/ Thanks. My wife uses it for email, playing solitaire, and watching Netflix. I'm not sure she'd appreciate having Linux on it. It is one of those ~$200 laptops whose only saving grace is the superb screen resolution. She's got a real laptop and desktop for the things that require a real computer. Sometime when her computer is not in use I may try booting Linux with a flash drive and play around with it. I use Ubuntu on my laptop after one of M$'s Win 7 updates trashed the OS. Wife and I don't interfere in each other's choices as a rule, works better that way... She has her house, I have my house. |
#118
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
default wrote:
Bloomberg news had this ... .... load of complete horse**** |
#119
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
default wrote:
Andy Burns wrote: default wrote: Bloomberg news had this ... ... load of complete horse**** It may be; I'm skeptical that something like that would be done. Oh I agree something similar could be done, but bloomberg said it *had* been done, yet produced no evidence |
#120
|
|||
|
|||
Firefox SECRETLY storing your login credentials?
In article , default
wrote: You can look inside, last place I worked had an electron microscope, and once in awhile you could even spot where static electricity fried a cmos gate. But the firmware is more important (in a privacy context) than the hardware, and I don't know any way to "see"that. it's even easier to read the firmware. no expensive microscope required. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|