ToxynSummers - Slashdot User

Comment Re:Good thing there is Linux... (Score 1) 383

by ToxynSummers on Tuesday June 26, 2018 @03:16PM (#56849372) Attached to: Microsoft Quietly Cuts Off Windows 7 Support For Older Intel Computers

Why? The Siemens Magnetom line are perfectly good scanners. The older machines run Windows XP and the newer ones run 7. I've never seen one fail for OS related reasons. Did you actually have a point to make with this, or are you just trolling?

Comment Re:Probably the terrestrial C&C servers. (Score 1) 199

by ToxynSummers on Wednesday April 25, 2018 @01:18PM (#56500993) Attached to: Hacking a Satellite is Surprisingly Easy

Although even there I would expect most of them to be running some sort of unix.

As far as satellite OSes go, I would expect something better than linux or embedded OSes. It needs to be a nuclear/medical grade RTOS with failover capabilities on every codepath and piece of hardware. Otherwise what is the point when a stray bit of cosmic radiation flips or damages something important?

And yet every CT/MRI/X-ray machine I've ever used was running Windows 2000, XP or 7 with the exception of a single GE portable x-ray machine that was unstable as hell...

Submission + - Lenovo Discovers and Removes Backdoor in Networking Switches (bleepingcomputer.com)

Submitted by Anonymous Coward on Saturday January 13, 2018 @10:52AM

An anonymous reader writes: Lenovo engineers have discovered a backdoor in the firmware of RackSwitch and BladeCenter networking switches. The company released firmware updates earlier this week. The Chinese company said it found the backdoor after an internal security audit of firmware for products added to its portfolio following the acquisitions of other companies. Lenovo says the backdoor affects only RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System).

The backdoor was added to ENOS in 2004 when ENOS was maintained by Nortel's Blade Server Switch Business Unit (BSSBU). Lenovo claims Nortel appears to have authorized the addition of the backdoor "at the request of a BSSBU OEM customer." In a security advisory regarding this issue, Lenovo refers to the backdoor under the name of "HP backdoor." The backdoor code appears to have remained in the firmware even after Nortel spun BSSBU off in 2006 as BLADE Network Technologies (BNT). The backdoor also remained in the code even after IBM acquired BNT in 2010. Lenovo bought IBM's BNT portfolio in 2014.

Submission + - Adult Themed VR Game Leaks Data on Thousands (securityledger.com) 2

Submitted by chicksdaddy on Friday January 12, 2018 @08:11PM

chicksdaddy writes: Somebody deserves a spanking after personal information on thousands of users of an adult virtual reality game were exposed to security researchers in the UK by a balky application.

Researchers at the firm Digital Interruption on Tuesday warned (https://www.digitalinterruption.com/single-post/2018/01/09/Attention-SinVR-users) that an adult-themed virtual reality application, SinVR, exposes the names, email and other personal information via an insecure desktop application – a potentially embarrassing security lapse. The company decided to go public with the information after being frustrated in multiple efforts to responsibly disclose the vulnerability to parent company inVR, Inc., Digital Interruption researcher and founder Jahmel Harris told The Security Ledger. (https://securityledger.com/2018/01/adult-vr-application-spills-data-on-thousands/)

Jahmel estimated that more than 19,000 records were leaked by the application, but did not have an exact count.

SinVR is a sex-themed virtual reality game that allows players to navigate in various adult-themed environments and interact with virtual characters in common pornographic themes including BDSM, cosplay, naughty teacher, and so on.

The company discovered the data after reverse-engineering the SinVR desktop application and noticing a function named “downloadallcustomers“. That function called a web service that returned thousands of SinVR customer records including email addresses, user names, computer PC names and so on. Passwords and credit card details were not part of the data dump, Harris said.

Submission + - Researcher Finds Another Security Flaw In Intel Management Firmware (arstechnica.com)

Submitted by Anonymous Coward on Friday January 12, 2018 @03:57PM

An anonymous reader writes: Meltdown and Spectre are not the only security problems Intel is facing these days. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware—remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. [T]he latest vulnerability—discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post—is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer—even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords—by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel’s Management Engine BIOS Extension (MEBx).

If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin.” The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they’re able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."

Slashdot Top Deals