> A lot of phone manufacturers "save on memory" and use the same memory chips for the baseband processor and the central cpu. Which means that it's a little bit cheaper ... and the baseband has access to all the phone memory and all peripherals connected through the memory bus (which is all of them in any recent phone).
> It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips).
I don't know whether it's true or not that they use the same RAM chips. But either way it doesn't change the fact that they can still be properly segregated via the IOMMU.
This is true but there's automatic restart which will automatically restart the phone to get it back into BFU state:
> Automatic Restart is a security mechanism in iOS 18.1 iPadOS 18.1 and or later that leverages the Secure Enclave to monitor device unlock events. If a device remains locked for a prolonged period, it automatically restarts, transitioning from an After First Unlock state to a Before First Unlock state. During the restart, the device purges sensitive security keys and transient data from memory.
Yes, afaik macOS apps could theoretically be sandboxed as well (or close to) as iOS apps are.
You can find the policies for many first-party apps and deamons in /System/Library/Sandbox/Profiles. But in practice most third-party apps aren't.
Isn't possible to check in the block chain to check if the attacker is actually receiving money? Just curious how much money ine makes with such attacks.
Instead of the .torrent files, the compromised website served a .zip file, which contained a .exe. When opened, it shows a GUI to select a Xubuntu version and a button to generate the link. When that button was clicked, the malware showed a download link to the user and, in the background, deployed a second stage to %APPDATA%\osn10963\elzvcf.exe and executed it.
The second stage monitors the clipboard for cryptocurrency addresses which it will replace with attacker-controlled ones. The second stage is also added to HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ to ensure it is run whenever the user logs in.
Both stages have some limited anti-debugging and anti-VM functionality.
That's not done in the browser, malware is hidden in the Ubuntu download (but that's a rather amateurish work, image was not compromised, malware was distributed as .exe file next to it).
As soon as I saw the headline, I assumed something of this sort. Maybe it's naive, but I miss the days when you could just trust (however unfounded) open source software. I never had to hesitate before downloading a distro or a package. Now I only install something if I absolutely need it.
The whole supply chain, in fact. The project's site isn't necessarily the real one. the GitHub repo it links to isn't necessarily the real one, the binaries it offers to download aren't necessarily the real one, GitHub isn't even necessarily the real one! There's currently a phishing copy of GitHub up at hxxps://git.hubp.de/ that somebody is going to fall for before it's taken down. If you want to be help get it blocked, load that site up and flag it as unsafe in Chrome! (It's hilarious that the site has a Cloudflare challenge to get in, btw.)
It's a big bad dark scary Internet out there. Be careful.
You could argue that if not crypto, it would have been something else eventually, and that the heightened vigilance it has necessitated has made it more difficult for other motivated attackers (like state actors) to backdoor or compromise OSS. But as someone who doesn't use crypto, I completely get the "f*ck crypto" sentiment.
I don't know how familiar you are with the sheer scope of malware, black markets, data theft, various extortion techniques, but gaining the ability to drop an arbitrary .exe on Xubuntu.org and actually direct enough traffic to it that people notice it is worth a LOT more than $0.
The value of your labor is being systemically destroyed through deliberate currency manipulation by the US Federal Reserve, in conjunction with the US Government and US Treasury.
You are more than twice as productive as your equivalent 1971 counterpart, but relative to inflation, he was being paid about the same as you. You make your employer twice as much money as he did but you're not rewarded twice as much.
Five, ten, twenty years from now, when the trend that has been visible in the data since the 1970s is complete, and your labor has no value at all, are you going to be okay?
The people who spent large majorities of their income accumulating scarce stores of value (gold, bitcoin, housing, profitable businesses, land, etc) are going to be fine.
And beanie babies, right? Speculative bubbles like Bitcoin grow until there are no more greater fools to pay off the people at the top of the pyramid. Then as people realize they can't fool someone else to buy their beanie baby for more than what they paid for it, the price quickly drops to 0. Bitcoin has the added benefit that North Korea can take it from you without getting access to your closet.
I'll keep taking bitcoin, gold, land, housing. You can have my worthless paper federal reserve notes - they're all forged. Unlimited supply cap, the issuing entity literally just keeps printing trillions of them. It's monopoly money. I have no interest in that toilet paper with pictures of dead presidents the federal reserve keeps printing for 100,000% markup. Just because everyone around me is jumping off a cliff with a parachute made of federal reserve notes doesn't mean I'm obligated to do the same.
You're mixing up completely different assets. Gold and land are scarce resources that have value that goes up when more people need it. The buildings on top of the land depreciate. Bitcoin is just a beanie baby that is easier to steal without recourse that you can't even sell for the materials used to produce it.
The thing with a speculative bubble is that as soon as the value stops going up, there is no reason anyone would want to buy it instead of shares in a company or land producing valuable goods and services, so people will sell it off. There is no floor on Bitcoin, so it will go to 0 when that happens. You don't want to be the last fool holding.
You're entitled to believe that, and I'm entitled to keep buying bitcoin.
My strategy is working better for me than most other human beings' strategy is working for them. They spend several decades running in a hamster wheel to make another man wealthy because of their strategy. I'm retired before 30 because of mine.
I can sleep easily with the consequences of my interaction with Bitcoin. Can you?
the virustotal report shows the output from detectiteasy in "Details" -> "Basic properties":
DetectItEasy
PE64 Compiler: Microsoft Visual C/C++ (19.14.26715) [C++] Linker: Microsoft Linker (14.00.24241) Tool: Visual Studio (2015)
this is not meant to imply anything about whether the binary is malicious or not.
I wrote about it in a bit more detail a month ago because it seems to be a common misunderstanding: "VS Code Remote Dev and Dev Containers are not security boundaries" https://lets.re/blog/vscode-remote-dev/
I've attempted to use the sandbox-exec utility, but didn't have the stamina to get a working sandbox file written.
In general, I'd like to be able to sandbox more things. I'm using the app store version of slack because slack doesn't really need access to all of my files.
Containers on MacOS are ran inside a Linux VM. If you ensure that the Linux VM doesn't have access to anything besides the required files/networks, that should be pretty secure.
Best case you go through the settings of Docker, Podman or whatever you use to limit integrations. Then, from within the VM and container see what networks, files, etc. you can reach to be sure.
I think in context the challenge here is to use remote editing to treat the container as a VSCode remote. As shown, that's not enough of a sandbox because the agent gives a route out.
I set up Qubes OS for and with technical, less-technical and non-technical people and I very much disagree. It only works well for those who are prepared and motivated to learn, and even then, it sometimes can be frustrating.
The copy-pasting between VMs, mentioned in a sibling, requires four steps: (1) copying to the source VM's clipboard, (2) copying to the global clipboard, (3) copying to the destination VM's clipboard, and (4) pasting to the destination. The shortcuts become part of your muscle memory after some use, but until they are, that is just one way in which Qubes gets in the way of productivity.
There are a bunch of minor quirks, often specific to the hardware, which the user needs to learn about and find workarounds for. But if they do, Qubes is probably the most seamless way to work with tons of (well-isolated) VMs. For example, SecureDrop [0] is based on Qubes and does seem to work well for journalists for securely receiving and working with documents from anonymous sources.
This can be mitigated e.g. via an IOMMU: https://grapheneos.org/faq#baseband-isolation
> It may even be the case that these chips are integrated in the cpu (which I believe is the case for recent Apple chips).
I don't know whether it's true or not that they use the same RAM chips. But either way it doesn't change the fact that they can still be properly segregated via the IOMMU.