Firefox SECRETLY storing your login credentials?

In article , Paul
wrote:

I had a think about it, and I don't think you could
read a NAND flash with an electron microscope. That
would probably erase the NAND cell floating gate.

https://www.spiedigitallibrary.org/c...-of-spie/8700/
1/Determining-the-state-of-non-volatile-memory-cells-with-floating/10.11
17/12.2017156.short?SSO=1

In article , default
wrote:


Bloomberg news had this article about some Chinese manufacturer adding
a chip that wasn't in the boards they were supposed to be making.
October 4, 2018...

Here it is:

https://www.bloomberg.com/news/featu...ow-china-used-
a-tiny-chip-to-infiltrate-america-s-top-companies

or:
https://tinyurl.com/ycywjdmo

If you read some of the denials by Apple and the rest. They don't say
it didn't happen, the legalese jibber-jabber sounds more like "we are
not to blame and had no idea this was happening."

wrong. they all said it *definitely* didn't happen. even the department
of homeland security said it didn't happen.

not a single affected board has been seen.

it's quite clear this is yet another fabricated story from bloomberg.

https://www.businessinsider.com/supe...st-denial-yet-
bloomberg-chinese-chip-hacking-story-2018-12
Super Micro also published a video that said that the allegations in
the Bloomberg story were "impossible" due to the complexity of the
technology and safeguards in the manufacturing process, and called
the San Jose-based company an "American success story."

In addition, Rob Joyce, a Homeland Security advisor and NSA official,
also said on Tuesday that despite his call for additional
information, he has not seen any evidence supporting the Bloomberg
Businessweek story.

In article , default
wrote:


Bloomberg news had this ...

... load of complete horse****

It may be;

it *is* bull****. no question about it.

I'm skeptical that something like that would be done. I
haven't been able to verify it though,

others have done multiple thorough investigations and found *zero*
evidence. none.

and I do think
Bloomberg makes an effort to get their stories right.

they definitely do not. bloomberg rewards journalists who write stories
that 'move the market', and that's exactly what this bogus story did.

I certainly could be done, but should be easy enough to spot.

yet it hasn't been spotted anywhere. not a single affected board has
been found, nor any other evidence.

"Andy Burns" wrote

| ... load of complete horse****
|

Not exactly a rational, thorough rebuttal. If you want
to say he's talking nonsense you should at least have
more than swearing to back you up.

The Register did an analysis:

https://www.theregister.co.uk/2018/1...cro_bloomberg/

The result is inconclusive. Was it a very complex
misunderstanding? Was there a pervasive problem
that the gov't and several tech companies
conspired to cover up in order not to cause anxiety
among American customers? Or did Tim Cook tell the
truth in forcefully denying the claims as bad reporting?
We don't know, but the second possibility sounds the
most convincing to me. I've never seen footage of
Tim Cook where he didn't seem to me to be speaking
half-truths meant to mislead people.

[Hiding tens of billions offshore to
avoid paying corporate taxes? Tim Cook's response
was that Apple pays all the taxes they owe. Then he
went on with one of his feel-good squealing rants about
how the iPhone unites the world by using parts from
numerous countries. By the time he got through one
could almost see a circle of children, holding hands,
singing "I'd Like to Teach the World to Sing".
That's Always been Apple's racket: "We're amazing
and more enlightened than you, and our products
are made of faeries and shamrocks... but you can
have one for a couple thousand bucks."
Meanwhile the reality is avoiding taxes, using
virtual slave labor, gouging their customers, and
frivolous lawsuits.

You could say Cook didn't technically lie about the
taxes, but according to "the spirit of the moral" it was
a vicious, baldfaced lie because he twisted the facts
to make them appear the opposite of what they are.]

So why do you seethe that the report is "horse****"? Do you
know something we don't? Supermicro apparently did have
uncontested trouble with malware. And isn't the recent
Huawei controversy all about China shipping backdoored
hardware?
So isn't the essence of default's position valid, even if
that particular story turns out not to be true? And as noted
above, we don't seem to have any reason to dismiss that
story outright. Bloomberg vs Tim Cook and Amazon? I
wouldn't hesitate for a moment in choosing the former if
I had to trust one of them. One group is journalists. The
other is arrogant, billionaire geeks whose business model
is generally based on exploitation.
Lying tech companies has almost become a tradition.
Not so for journalists. (Unless you happen to be Donald
Trump still trying to deny he's ever heard of Stormy
Daniels.)

Mayayana wrote:

The Register did an analysis:

https://www.theregister.co.uk/2018/1...cro_bloomberg/

Sorry I thought I'd included this link, but I failed

https://www.theregister.co.uk/2018/10/22/super_micro_chinese_spy_chip_sec/

On 12/9/2018 7:40 AM, Mr. Man-wai Chang wrote:

How could we find out whether browsers are secretly storing your login
credentials?

Where is the guarantee? Where is the certification?



Firefox is malware as is Chrome

And, you can't uninstall them completely.

Firefox installation includes changing
all desktop icons! Chrome installation
includes numerious (29 was one count)
tracking cookies.
And, one cannot, using commonly available
uninstallers, completely uninstall Chrome.

In article , Mayayana
wrote:

| ... load of complete horse****

Not exactly a rational, thorough rebuttal. If you want
to say he's talking nonsense you should at least have
more than swearing to back you up.

everyone other than bloomberg says it's bull****.

The Register did an analysis:

https://www.theregister.co.uk/2018/1...cro_bloomberg/

that's not an analysis. that was written when the story broke, which is
too soon to have done an analysis of any kind. they're just repeating
the original story.

The result is inconclusive.

nope. the result is very clear that it's bull****.

it's been two months and not a single shred of evidence anywhere has
been found. even the dhs says it's bull****.


rest of your irrelevant babble snipped.

"Andy Burns" wrote

| Sorry I thought I'd included this link, but I failed
|
|
https://www.theregister.co.uk/2018/10/22/super_micro_chinese_spy_chip_sec/
|

Thanks. I hadn't seen that one. But it still reads
as inconclusive to me. A possible journalistic
faux pas vs likely tech company lying. And there
was an acknowledged case of the comapny in
question, SuperMicro, having malware on their
servers:

https://arstechnica.com/information-...rmware-update/

If the question was whether malware -- hardware
or software -- can be put in devices, I don't think
there's any doubt about that point.

This all started out talking about Firefox. I think
it gets tricky. This week the NYT claimed 75
companies are spying on cellphones and selling the
data. (Though, typically, the NYT didn't tell the real
story -- they left out the list of companies and apps
in order to protect American business!)

A couple of days later, Sundar Pichai had the nerve
to sit in front of Congress and claim that Android/
Google customers understand what privacy they're
giving up. They're using an essentially kiosk OS with
adware apps and most don't even know what a
browser is, but he chooses to believe they've agreed
to all the spying with full awareness and choice.
As Bill Clinton famously put it, whether there's spyware
sometimes hinges on what your definition of is is.

On 13/12/2018 08:43, default wrote:
On Thu, 13 Dec 2018 08:07:07 +0000, "David B." "David
wrote:

On 13/12/2018 00:18, Stephen Wolstenholme wrote:
On Wed, 12 Dec 2018 17:45:52 +0000, "David B." "David
wrote:

On 12/12/2018 16:04, nospam wrote:
In article , Panthera Tigris Altaica
wrote:


It can be on and still act as if it is off. You have no way of
telling without some pretty sophisticated test equipment, and even
then, if I thought it may be monitored I'd find a way for it to hide
all activity until the threat passed.

I find this difficult to believe. For one thing, if this is true, then
why has no-one ever seen this magical spy equipment when they take a
phone apart?

exactly.


No one can see what is *INSIDE* a COMPONENT i.e. within the circuitry of
a 'chip'.

Yes they can. It's not easy but anyone who has been into chip design
and component failure diagnosis will know how to make a start!

Wow! Thanks for explaining, Steve!

From what Paul and 'default' have said too, it's clear that nothing
would be obvious to a layman who opened up a smart 'phone and simply
looked inside!

Bloomberg news had this article about some Chinese manufacturer adding
a chip that wasn't in the boards they were supposed to be making.
October 4, 2018...

Here it is:
https://www.bloomberg.com/news/featu...-top-companies

or:
https://tinyurl.com/ycywjdmo

If you read some of the denials by Apple and the rest. They don't say
it didn't happen, the legalese jibber-jabber sounds more like "we are
not to blame and had no idea this was happening."

Thank you for publicising this.

I've reposted the article into my 'home' group.

--
Regards,
David B.

https://vxer.home.blog/2018/12/08/vxer-a-profile/

In article , default
wrote:

Sorry I thought I'd included this link, but I failed

https://www.theregister.co.uk/2018/10/22/super_micro_chinese_spy_chip_sec/

It would seem easy enough to verify, so why all the denials without
proof?

there have been multiple audits that turned up nothing.

where's the proof that it happened? not a single affected board has
been found and not a single person supposedly involved has said yes
it's true.

The stock price of Super Micro lost close to half it's value on the
news and recovered some with the strong denials.

it hasn't fully recovered, but regardless, a *lot* of people made a
*lot* of money because of that.

That right there,may
indicate the news was false and the real agenda was an effort to
manipulate the stock price for fun and profit. It isn't like that
hasn't been done a time or two in the past.

that's *exactly* why it was done. bloomberg has a lengthy history of
doing that.

This rebuttal sounds similar to a DTrump tweet:

nonsense.

Super Micro stresses that no one has come to the support of
Bloomberg's article, and that numerous officials, including FBI
director Christopher Wray, NSA Senior Cybersecurity Advisor Rob Joyce,
Director of National Intelligence Dan Coats, the US Department of
Homeland Security, and the UK’s GCHQ have all questioned the story.

yep. many, many sources all say it's bull****.

Personally I don't know who is telling the truth. If the news is
false it is blatant stock manipulation and the SEC should be
investigating that. (but that is the same SEC that Madoff ran rings
around, so no hope from that quarter)

yes they should, but that won't happen.

The Register is not taking a position and consensus is not the same
thing as corroboration. So there is no conclusive proof. There is a
lot of spin and no substance.

there's plenty of substance that it's bull****.

not a single shred of evidence to back up bloomberg's story. zero.

In article , default
wrote:


Then we have Elon Musk, another market manipulator.

nonsense.

On 11/12/2018 17:08, default wrote:
On Tue, 11 Dec 2018 16:44:08 +0000, "David B." "David
wrote:

Is your computer/device CLOCK wrong?

Yes, thanks for noticing. It is about noon and showing 4xx am... and
according to my desktop it is synchronized with nist.gov, I switched
to time.windows.com and it is more believable now.

Are you willing to disclose your credentials - do you have a LinkedIn
persona, for example, to give more credibility to your words? (in case
of doubt, I believe YOU - I do NOT believe 'nospam', who I know to be
untrustworthy).

Nope, I'm not on facebook either... LinkedIn is a joke, my sister was
using it and they were sending me spam so they managed to hack into
her Yahoo email account and then sent encouragements to everyone it
found there.

I was tinkering with electronics since I was seven, and it has been my
life's work (or at least the well-paying jobs, I was a motorcycle bum
and was a cook, railroad section crew member, handyman at a lodge in
NC, did some power line construction etc. to pay for the freedom being
a bum is all about.) I'm married retired "settled" but still design
electronic devices because it's satisfying. My wife is a scientist-
it is in her job title.

I think it was you who mentioned your wife's computer not being able to
update Windows 10 (but sadly, I cannot find the post!)

If that was ideed the case you may like to read the thread I started
elsewhere - I was posting as GA11. Here's the first part of that thread
of mine, it was back in October!


=

Installing Linux Mint on an old Apple iMac
Post by GA11 » Mon Oct 08, 2018 3:47 pm

Hello - this my first post in these forums! :mrgreen:

I'm just an amateur computer user who last week was presented with a
small Dell computer by my daughter - "dad, can you fix this"? It was
running Windows 10 but only has 32GB RAM. There was less than 3GB of
disk space free - the new Update from Microsoft said it needed 8GB to
install it. Long story short, the laptop now has Linux Mint 19 Cinnamon
installed and it's running like a dream. That was my learning curve!

My principal computer is now a new 27in Apple iMac. My 'old' 24in 2008
(model) iMac died and because it is now 'vintage' neither Apple nor
appointed Apple authorised agents would touch it. A local computer shop
diagnosed that the hard drive had failed but wanted much money to repair
it. I decided to do the job myself! I've installed a brand new 1TB drive
obtained from Western Digital through Amazon UK. However, I'm having
great difficulty installing another operating system so checked my RAM
with MemTest. Crucial are going to replace the RAM free of charge under
their lifetime guarantee and I'm currently awaiting delivery of same.

In the meantime, I've had a 'play' with trying to put Mint on the
machine (using the RAM which came with the iMac back in 2009). This I
have done and have been able to 'surf' on the Internet!

The whole thread is he-

https://forums.linuxmint.com/viewtop...A11#p 1537501
--
Regards,
David B.

https://vxer.home.blog/2018/12/08/vxer-a-profile/


--
Regards,
David B.

https://vxer.home.blog/2018/12/08/vxer-a-profile/

nospam wrote:
In article , Paul
wrote:

I had a think about it, and I don't think you could
read a NAND flash with an electron microscope. That
would probably erase the NAND cell floating gate.

https://www.spiedigitallibrary.org/c...-of-spie/8700/
1/Determining-the-state-of-non-volatile-memory-cells-with-floating/10.11
17/12.2017156.short?SSO=1

https://www.bruker.com/fileadmin/_pr...ef3cee8b98.png

That would take a while. If you had to read out 32GB, you'd have
to move the probe to each location, one location at a time, then
use the probe tip to measure attraction or repulsion. And the tip
might also need correction for physical topography (surface
roughness).

On 64L or 96L VNAND, you'd also have to peel apart the
layers and scan each one.

These are hardly fun things to do. And would take
forever, even for a machine. You'd lose your patience
waiting for it to complete.

Once you have the readout, then you have to correct for
the tiling pattern (the cell layout may not be linear),
and also the virtual to physical table lookup would be
needed to put the data back in LBA order. If any flash
blocks have been spared out, you'd have to figure that
out too.

Paul

On 2018-12-12 17:36, David B. wrote:
On 12/12/2018 21:51, Panthera Tigris Altaica wrote:
On 2018-12-12 15:09, nospam wrote:
In article , David B.
wrote:

So what about possible hidden malware which may *NOT* have (yet) been
found?

what about it?

I know nothing about it.

yep, you sure don't.

Nor do you!

false.

assuming you obtain hardware and software from reputable sources, it's
a non-issue.

Hopefully so.

it is so.

on the other hand, if you get a phone from someone at defcon, all bets
are off.

I 'm no longer in the armed services, so that's unlikely.

further confirming that you know *nothing* about security.

He knows so little about security that he doesn't know what defcon, in
this context, is. That says all that needs be said.

If anyone reading here REALLY needs to know, they may look right he-

https://en.wikipedia.org/wiki/DEF_CON

I'll wager my next months pension that THIS virus writer has never
attended!

https://vxer.home.blog/2018/12/08/vxer-a-profile/


You keep finding new ways to show just how much of an idiot you are.

On 13/12/2018 13:19, default wrote:
On Thu, 13 Dec 2018 16:05:28 +0000, "David B." "David
wrote:
[....]
Thanks. My wife uses it for email, playing solitaire, and watching
Netflix. I'm not sure she'd appreciate having Linux on it. It is one
of those ~$200 laptops whose only saving grace is the superb screen
resolution. She's got a real laptop and desktop for the things that
require a real computer.

Sometime when her computer is not in use I may try booting Linux with
a flash drive and play around with it.

I use Ubuntu on my laptop after one of M$'s Win 7 updates trashed the
OS.

Thanks for chatting! :-)

Here a piccie of my daughter's machine showing what was inside when I
opened it up:-

https://imgur.com/a/nSV3DAN#PrALH8U

It didn't take me long to decide not to try to replace the hard drive!

After making sure it worked properly with Linux, I then installed a
fresh version of Windows 10 which I downloaded from Microsoft. I can't
recall exactly how much of the hard drive it took up but it DID leave
PLENTY of space to accomodate the 8GB or so the Windows 10 'updates'
required. When I returned it to her, it was a fully up-to-date Windows
10 machine!

Wife and I don't interfere in each other's choices as a rule, works
better that way... She has her house, I have my house.

I'm not sure that would work for us! We do have our house .... and a
narrowboat (our 'house' in the summer!). It's our aniversary in four
days time - hard to belive it's going to be 52 years!

--
Regards,
David B.