Over the past few weeks, the news of a hardware security issue have become publicly known thanks to the group “Fail0verflow.
This provides a means for individual to short a specific pin on the device and this will cause a series of events that throws
the device into the “Nvidia Tegra” chip’s USB Recovery Mode (RCM). The Tegra X1 Bug
has allowed many creative minds to take a look at the platform and a few have been nice enough to document everything, including
the Fusée Gelée vulnerability which
is the meat and potatoes of this so called problem for Nintendo. Some have even gone so far as to get Linux running on the
device! Surely, I do not advocate doing any of this, as you may damage your Switch in the process if not careful, and do not
condone any illegal acts that this could enable. Regardless, it is neat to see how this has been done and, in this video, below
you can Linux running on a Nintendo Switch and it’s pretty neat.
For further instruction and details here is a link to "Fail0verflow"'s documents.
The newly patched Microsoft Outlook vulnerability, discovered and reported in Q4 of 2016, gave malicious
users access to Windows login credentials. All the user needed to do was preview the email sent to them on
Microsoft Outlook, and then without any other action, the user’s information was compromised. Going in to
more detail, the problem is based in that of using a RTF (Rich Text Format) message and allowing the message
to be previewed, this would then “phone home” and start a SMB connection.
Outlook instantaneously loads OLE content (remote-host image file) and will start an automatic authentication
session with the attacker and their remote system via the SMB connection with SSO (single sign-on). This then
gives the victims username and hashed password, which is more than enough information to potentially gain access
to the victim’s computer system.
This is all accomplished when an attacker exploits the newly publicized
by sending an RTF type message to the victim machine, via email, and because it contains
an OLE object, it will load this automatically and connect to the remote attackers session, ultimately exposing
their private information. To fix this you should update your Windows machine and continue to practice digital vigilance.
Recently announced early this April (2018), Apple announced that it will be using custom ARM chips by
their own design in favor of Intel. It has been said that this transition may take place as soon as
2020 and will primarily affect the current Intel powered devices, such as Apple’s laptops and desktops.
This decision by Apple will still need to be determined as to whether or not it will future problems
may arise. This speculatively will save Apple money in the long run but will cost them much in terms
of research and development. Apple does however have experience in making their own CPU’s, as is seen
in their A-series chips in recent mobile products.
Recent development of this new project will allow Apple to have a uniform production of their unique
architecture across many of their devices. The challenge will be in creating a processor for desktops
that is ARM compatible, but yet will allow for scalability. Other projects have been announced but they
have yet to be fully announced and or are simply speculative at this point. However, among these
changes surely will come a splendid revolution for Apple and their devices, allowing for better optimized
and more efficient products in the end.
Little known to most, on November 29th, 2017 “House Bill 5257” was put into motion
to make possession of “ransomware” a felony. This bill explained that to own ransomware
in Michigan could be punishable up to a 10 year sentence in prison, this comes with the
caveat that this is only applicable if the user has malicious intent. According to bill
5257, the judicial definition of ransomware is described as “a computer or data
containment, encryption, or lock” that has potential to be used or introduced without
authorization on an information system also demanding “payment of money or other
consideration” in order to resolve the issue.
Ultimately, the bill was checked and edited in a manner in which the law would express
that owning ransomware in Michigan, with a malicious intent, is “a crime punishable by
up to three years in prison…”. On the dates of March 22nd and 23rd of 2018, the U.S.
Senate voted 34 (Yes) to 0 (No) on the matter and then moving on to the House, it was
voted 106 (Yes) to 3 (No) in agreement with the Senate. Now the bill has become a
fully enforceable law.
A fast, new, "privacy-first", service for consumers
DNS is known as the “Domain Name System”, it's like the librarian at a library.
For example, you can submit your book request (search the internet) and the Liberian
(DNS) will check to see if it is available (resolve the address), if so they will
provide you with the exact location of the book (routing to site) and it will be
super easy to locate (connected!). Moving past the librarian analogy, the most common
DNS connection has to be that of “Google” with their iconic quad eight (188.8.131.52), most
commonly used and known to most techies.
Cloudflare, being one of the largest hosting organizations, has recently decided that
they were big enough to get in on the consumer DNS service side of the internet.
Interestingly enough they had to acquire the 184.108.40.206 address from the “APNIC” research
group in charge of IP distribution in the Asia Pacific region. After snagging that sweet
deal the team had to coincidentally decide on a launch date for this new DNS service.
Keeping it in fashion with the address they decided on April 1st, 2018 and even though
many thought it was a joke, it turned out to be the real deal. Thus we have achieved a
new resolver for our usage, that of (220.127.116.11) . For more
information on how to setup this new DNS service address, just click on the link
or navigate to it!