A weblog about Signals Intelligence, Communications Security and top level telecommunications equipment

Another round of crappy journalism. It's not obscure, it's not a CPU feature but a platform feature, and there are plenty of out-of-band communication channels out there, this isn't the only one. On top of that, this was already published two DEF CONs ago.

You can exfil data and even do practival bi-directional communication over: SOL, IPMI, ASF, MT's ARC CPU via injected firmware and then via TCP/IP. Any of them will work. Add vendor-specific firmware addons on top of that (i.e. Broadcom tends to have exploitable firmware in their NIC controllers)

Most of them are in a vulnerable state by default because the technology was supposed to be 'easy' and 'user friendly', but 'users' don't even know what they are, and most deployments are done by the WinTel horde that doesn't actually know anything outside the Microsoft framework. (and thus leave the defaults as-is)

I probably posted something similar on https://news.ycombinator.com/item?id=11913379

Is it bad? Yes. Is it new? No. Is it ever reported on correctly? Also no.

The Financial Times reports big internet companies are paying Adblock Plus "30% of additional revenues" they would make from ads being unblocked.

Les employés de Yahoo! n'étaient, eux, pas pressés que les choses avancent. En effet, 2 000 postes vont être supprimés au sein de la structure une fois le rachat bouclé. Cela représentera environ 15 % des effectifs de Yahoo!. Ce qu'il restera alors de Yahoo! sera renommé Altaba. Son activité sera celle d'une holding, dont les deux principaux actifs seront les 35,5 % de parts détenues dans Yahoo! Japan et une participation dans l'énorme groupe chinois Alibaba.

Google’s ad blocker, far from a benign offering, is another step toward dominating the internet itself.

Backdoor tied to espionage campaign that has targeted governments in 45 countries.

Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.

Because of the way the Intel AMT SOL technology works, SOL traffic bypasses the local computer's networking stack, so local firewalls or security products won't be able to detect or block the malware while it's exfiltrating data from infected hosts.

In March, the government of the Slovak Republic officially approved its 2014 guideline on ICT standards. The guide provides detailed instructions for public sector organisations, including mandating making future desktop software solutions platform independent, and making new browser plug-ins and client applications available as open source.