Author Archives: pappp

Article note: If Microsoft released an XP patch, they are trying to get out ahead of a _major_ clusterfuck.

Article note: Another day, another microarchitectural side-channel data exfiltration attack. These things are getting ludicrously complicated, but the fact that the environment they work in has enough moving parts for that kind of complication is always the root cause.

Article note: Why the hell aren't they signed in a "Signature valid at timestamp" system with revocation (like app signing in several major commercial OSes), which while obnoxious, at least is not set up so things will break via inaction? Users' working binaries should never just stop working because an out-of-mind third party did something, and even moreso because they did not do something.

Article note: Don't buy Internet of Shit crap, you will eventually get screwed.

Article note: Tuition has more-than-doubled since I started my BS, and it's effectively worse since housing went up faster. On one hand, the state has cut a ridiculous amount of funding during that time, so of course they have to. On the other hand, juxtaposed against the biweekly "We have spawned another deanlet of overhead generation" proclamations, it's hard not to think administrative bloat has a lot to do with it.

Article note: When the financial industry looting is so heinous that the NYT writes a sympathetic article about a firearms manufacturer...

Article note: I'm not sold on some of the conclusions, but the motivating observations are really interesting, and, like Big-O analysis of memory-bound everything, another case of measuring badly for legacy reasons. I've been eying doing some work on a platform with an insanely powerful DMA engine and a feeble CPU for the last few days, so my head is already tilted the right direction for the paradigm.

Article note: Bahahahaha. A saga of failure that just keeps giving.

Article note: This is aspirational and nicely written (and counter to the current fucked-up incentives in the industry).

Article note: Hiding behind Hanlon's razor (let's go with the modified "Any sufficiently advanced incompetence is indistinguishable from malice"): We _genuinely can't tell_ if internet connected garbage is insecure because it's garbage, or because it's backdoored.

Enlarge / PORTUGAL - 2019/03/04: 5G logo is seen on an android mobile phone with Huawei logo on the background. (credit: Omar Marques/SOPA Images/LightRocket via Getty Images)

Vodafone, the largest mobile network operator in Europe, found backdoors in Huawei equipment between 2009 and 2011, reports Bloomberg. With these backdoors, Huawei could have gained unauthorized access to Vodafone's "fixed-line network in Italy." But Vodafone disagrees, saying that while it did discover some security vulnerabilities in Huawei equipment, these were fixed by Huawei and in any case were not remotely accessible, and hence they could not be used by Huawei.

Bloomberg's claims are based on Vodafone's internal security documentation and "people involved in the situation." Several different "backdoors" are described: unsecured telnet access to home routers, along with "backdoors" in optical service nodes (which connect last-mile distribution networks to optical backbone networks) and "broadband network gateways" (BNG) (which sit between broadband users and the backbone network, providing access control, authentication, and similar services).

In response to Bloomberg, Vodafone said that the router vulnerabilities were found and fixed in 2011 and the BNG flaws were found and fixed in 2012. While it has documentation about some optical service node vulnerabilities, Vodafone continued, it has no information about when they were fixed. Further, the network operator said that it has no evidence of issues outside Italy.