.For #grsecurity users, check your kernel configurations to make sure CONFIG_GRKERNSEC_FUSE_RESTRICT is enabled (it should be on by default whenever FUSE support is present) https://t.co/eFMnbSUpRq
— grsecurity (@grsecurity) March 9, 2022
Godzil (./1898):Voilà. Soit on a suffisamment peu d'onduleurs et ils sont à moins de 5m de la machine de surveillance, auquel cas on peut utiliser USB (sans extenders pas forcément très bon marché), soit on utilise un réseau isolé, pour bien faire les choses. Ah pardon, économies de bouts de chandelle sur le matériel, sur le logiciel et sur les salaires. Et puis VIVE LE CLOUD, on croit qu'on n'a rien à faire mais on est emmerdés avec quand la disponibilité ou l'intégrité souffrent (et je ne parle même pas de la confidentialité) !!
Faut encore que les dit onduleurs soit a coté d'un PC et suivant le nombre d'onduleurs avoir autant de port USB que d'onduleur.
Ce n'est pas non plus idiot qu'il soit sur un réseau, mais c'est surtout idiot de le mettre sur un réseau qui est accessible
Zerosquare (./1900) :L'intérêt de ces alarmes, outre d'être au courant que "ça va trancher les gars
Pouvoir superviser à distance et remonter les alarmes (batterie bientôt vide, surcharge, etc.)
flanker (./1908) :J'imagine, oui
Redangel > ça marche aussi en USB, théoriquement.
I just learned that for the past three years, Wyze has been fully aware of a vulnerability in its home security cameras that could have theoretically let hackers access your video feeds over the internet — but chose to sweep it under the rug. And the security firm that found the vulnerability largely let them do it.
Their recent study found that the Graphics Processing Unit (GPU) in some Android smartphones could be used to eavesdrop on a user's credentials when the user types these credentials using the smartphone's on-screen keyboard, making it an effective target for hacking. This hardware security vulnerability exposes a much more serious threat to user's sensitive personal data, compared to the previous attacks that can only infer the user's coarse-grained activities, such as the website being visited or the length of the password being typed.
NSA Says ‘No Backdoor’ for Spies in New US Encryption Scheme:Y'a encore quelqu'un pour croire ce qu'ils disent ?
NIST agency running competition for new encryption standards. Quantum computing comes with risks for modern data protection
A Decade-Long Chinese Espionage Campaign Targets Southeast Asia and Australia
A previously undocumented Chinese-speaking advanced persistent threat (APT) actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013.
https://www.theblock.co/post/156038/how-a-fake-job-offer-took-down-the-worlds-most-popular-crypto-game :
Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter. One source added that the approaches were made through the professional networking site LinkedIn.
After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package.
The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded — allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network — leaving them just one validator short of total control.