#what kind of malware is this
Explore tagged Tumblr posts
morbid-dreamzz · 5 months ago
Text
WHY DOES FACEBOOK KEEP AUTO-INSTALLING ON MY PHONE??????
I've desinstalled it 2 times and deleted all the updates & etc but it keeps coming back
10 notes · View notes
fiestylittlebeetle · 2 months ago
Text
Tumblr media
Malware 23 concept from my old account, with a recolor and slightly edited version of GC Malware too
Azmuth managed to help him when he came back to deal with the Ben situation. He was still pretty upset about how long it took him to get around to it, but ya know, they talked about it. Mal 23 is a lab assistant to Azmuth, and is friends with that universe's Myaxx and Tetrax. He isn't much for fighting, and tries to avoid confrontation for his own sanity, cause despite it all, if he looses his temper it's still pretty hard for him to cool off. he needs a tantrum hole /j
Ben Prime was startled when he first met him and was incredibly wary of him. Ben 23 thinks he's kind of a dork ass looser
43 notes · View notes
wasabikitcat · 2 months ago
Text
community college is so funny because half of the teachers are like "For this class you need to use lockdown browser for all quizzes and tests. You need to buy this 70 dollar textbook, and all papers turned in must be in APA format with a title page even if they're only 500 words long. I will not accept late assignments. Also you have a minimum of 4 assignments a week." and the other half are like "you don't need proctoring for the final exam I trust you. here's a download link to a pirated copy of the textbook. as long as your writing is coherent and demonstrates an understanding of the material I literally could not care less what format you use. I can't figure out how canvas works so I'm not giving you due dates, just make sure it's turned in before the grading period ends. your only weekly assignment is a forum post with a minimum of 100 words."
#my favorite teacher so far is still the film history professor I had in my first semester.#he was very old and didn't understand how canvas worked at all and sometimes had trouble opening a video file#but simultaneously he was tech literate enough to recommend we use firefox with an ad blocker#because whenever someone missed class and was like 'where do i go to find the movie' he'd be like 'use an ad blocker and google it'#he said the school made him stop emailing links to free movie sites because people would open them on chrome with no ad block#and there'd be borderline malware on them. like this guy gave me the impression he was like. a veteran movie pirate lol.#that class had barely any assignments. like there wasn't a final exam or anything.#he just wanted us to write a paragraph or so answering a few questions about the movies we watched. it was chill.#and i also learned a lot actually. like i didn't know what a nickelodeon was before then. or the Hays Code.#the movies were genuinely good. i never thought Id be that into old black and white movies or westerns for example but they actually slapped#some of them had really mature themes and i definitely started to understand the people on this website who are like#'if the only media you consume is children's media you should maybe branch out instead of calling steven universe problematic'#because a lot of the movies we watched depicted very 'problematic' things and were able to directly address them because they are for adults#(to clarify I didn't just like kids media before then. i just mean that it introduced me to some older stuff i didn't think I'd like)#(but i ended up liking a lot. it also made me realize that movies made today are kind of shit. which i also already knew)#(but it put it more into perspective because I have more to compare it to)#im rambling now. community college is pretty swag i enjoy it. and i do get along with the teachers who have crazy requirements too lol.
9 notes · View notes
ilovedthestars · 4 months ago
Note
The thing in your work that stuck with me most is the middle bit of the malware trilogy one where mb thinks it’s killed Mensah, and the way both it and pin-lee and gurathin are Having A Bad Day in different ways and the emotions there
Thank you! I love that scene too! what did i do? is my personal favorite of the malware trilogy. I love them all, but Mensah will always be my favorite and so that one is particularly special to me. And I think it's some of my best and most emotional writing, that I'm still very proud of.
I remember being so conflicted over how much to spoil the ending in the summary/tags, because I didn't want to kill the tension. But I eventually realized that I was the kind of reader who wants to know "this will be emotionally intense but it will be okay in the end," and I wanted to make sure the fic found that kind of reader, and that meant letting people know. And I think the fact that so many people have told me it gave them Emotions, and they felt the tension regardless, has really validated that decision. It's found its audience. I'm so glad you liked it <3
(Anonymously - or not - tell me what passage, fic, line of narration, or anything you remember me by as a writer.)
7 notes · View notes
crowcryptid · 10 months ago
Text
my job is also paying for photoshop, illustrator, lightroom, and indesign subscriptions for every employee..
why
Edit: never mind it is actually the entire adobe suite? WHY??
2 notes · View notes
cyclone-rachel · 11 months ago
Text
Azmuth still hadn’t come back yet.
It had been about a week since Ben had returned from his trip to (what he learned was) Ben Prime’s universe, not to mention the other one they’d taken a detour to during his visit. And sure, things had been busy, and he could always talk to Tetrax, but…
He never thought he’d be thinking this- especially since up until recently, he didn’t even know the guy’s real name- but he really did miss Azmuth. He felt bad about what had happened, even though he’d thought he was making the best decision at the time. He wanted to apologize, in person if possible, but otherwise would be just as good.
And that was when he found himself fiddling around with the Omnitrix.
(He’d been going out of his way to call it that, rather than the Hero Watch, especially when Azmuth was around- and it never hurt to see the watch’s creator smile just a little bit at the name of his best creation)
He remembered seeing Ben 10 do it, getting a message from his version of Grandpa Max, and though their watches weren’t the same, he hoped his own also had a communicator function built into it.
Of course, he couldn’t take an entire day to figure it out- but every spare moment, he was back at it again, pressing every button, turning the dial every way he could think of. He nearly gave up- Azmuth was the genius after all. He had important things to do on his home world, and it was up to him when he was ready to come back. Not Ben. Why should he listen to him, anyway? Almost a year before, he’d nearly…
He tried not to think about that. It was behind him now, and he wanted to be better. He was getting better, with the help of Azmuth and his assistants.
And it was just when he thought Azmuth’s name that he got a message.
“Ben.” the hologram of him said, popping up from the Omnitrix without any prompting. What Ben assumed was his lab stood behind him, and his mentor himself looked tired, or at least more so than usual. “I… have a situation that I need to continue to attend to, here on Galvan Prime. However, I believe it would be beneficial to have a different perspective on this matter.”
“And that means?”
“I will be teleporting you here.”
Again, Ben had no idea how that would work- but Azmuth surely did, so he just went along with it.
“So I get to see your home?”
“Some of it.”
Ben couldn’t hide his smile, even though he had no idea what was happening.
“Let me text my people.” he said, out of habit- although really, there was no question about what he wanted to do.
More interviews and public appearances, or going to the home planet of the guy who created the Omnitrix? He could definitely clear his schedule for the latter.
4 notes · View notes
youhavesevendays · 2 years ago
Text
god what IS it about kokichi as a character that burrows into the folds of your grey matter and hangs there like a spider. he is in my skull reconfiguring my synapses
0 notes
subcorax · 1 year ago
Text
Tumblr media
you’re not insane, but i might be, because now i’m wondering how much of tumblr live is paulina blart serving cunt under different AI filters
Tumblr media
This is driving me insane because I swear this is this image:
Tumblr media
But with like an AI filter style thing to turn it into a goth girl. I stg
29K notes · View notes
pigcatapult · 1 year ago
Text
Okay, real talk. Does anyone actually fall for shit like this?
Tumblr media
All of its likes were obvious astroturfing from bots with the exact same "Sexy Video" blog description.
Who sees this and actually thinks "oh wow that's probably a real woman spamming my tag follows looking for dick"?
0 notes
darabeatha · 2 years ago
Text
Tumblr media Tumblr media
-Pats the empty passenger seat of his mecha horse-
Tumblr media Tumblr media
#IM SURPRISED??? WAS IT THE B.OOBS?? IT WAS WASN'T IT-#i understand#also very surprised about v.lad in there as well#if he gets dehydrated; ur giving him ur b.lood now-#that aside; it IS the famous wooden horse from the troy war#except--- its not made out of wood-- and its a mecha#BUT- the idea is there#ody brought the idea which in question sounds very funny like;; why would YOU (as parts of the trojans.meme)#-accept a huge wooden horse like that?? from ur enemy??#not only did he bring in the matter but my guy was lit inside there as well with the other soldiers#HE'S LIT THE 'oh dont worry about it' meme#also curious fact of the day that might sound obvious but it wasnt to me#u know how there's a kind of m.alware called 'trojan horse' or just 'trojan' ; its in reference to the wooden horse#as in this case; symbolically the wooden horse comes to represent the idea of letting in a foe into a securely protected place#which is what happens when the malware installs itself into the computer#funny story; i once got a turbo trojan on my old pc like LIT-#-10/10 would not recommend#;dash comment#;o.dysseus#i once saw a comic where i dunno who it was that asked him why did he have a gap specifically in the middle of his b.oobs and#how it would just make it even a more noticeable target if someone were shooting arrows or something#but the catch was that it was intended to be that way and the arrows just bounced off OITROINH#i think thats quite ic to how his plans tend to be-#TBH;; it makes sense#like; his third skill is lit that; it lit says its an invincible armor that carries the conceptualized defenses of the gods#of course; me thinks that it must be something like k.arna's golden armor where its not -impossible- to damage#but def a nice thing for him
0 notes
notherpuppet · 4 months ago
Note
What is your opinion of AI? Personally, I think that like any technology, it depends on the user and their intentions, but that is just me.
What about you?
1. Theft
The most central issues with AI as it is now is that the programs were trained/are trained with STOLEN art. Stolen visual art, music, writing, etc.
The vast majority of what it has been fed is stolen. As in, the artists behind the work were not ever given the chance to consent nor be compensated for their works being used to feed the machine.
This reason alone is straight up copyright infringement and the optimist in me does believe the long arm of the law is gonna shut these programs down for that. But the long arm of the law is looooooong, and the technology is disrupting people’s livelihoods now. Unlike robots or machinery that was invented and built to expedite assembly line/factory work, this technology is only functional by using other people’s labor. If we didn’t live in a society where you have to “earn” your right to live in it, then this would still be wrong, but it probably wouldn’t be such an existential problem.
There are active class action lawsuits for infringement of copyright. And the private sector has begun filing suits and I’m quite certain they’ll win because again—it’s simply theft. These companies did not make licensing contracts, they’re not paying royalties to the artists they stole from.
So if you consider using ai that generates “art” (whether it is visual, music, writing, etc.) please consider stopping immediately, as you would actively be benefiting from theft (which is wrong imo!!!!)
2. AI in its present form dishonors the human spirit
In my personal relationship with AI technology, I do not use it to generate ideas or ‘art’. I detest the notion to use technology in that way tbh. AI is a form of technology, so it’s difficult to break it down into every specific use it actually has. But here’s an attempt; no to generative AI, okay to certain AI.
There are kinds of AI programming in the programs I use (such as features that help you color in a shape quickly or make a perfect circle). This is useful tech (that requires zero IP theft) and I like it because it helps me by taking care of tedious tasks so that I have more time to spend in the creative and drawing processes. But I still choose the colors, I still draw the images, I still write the stories.
I think the way AI is used right now with a focus on “creative thinking” (where it’s not actually creating anything it’s just churning out other people’s *stolen* ideas and practice) is a total waste. AI being used as an assistant to help humans find information easily can be/has been swell. And requires no theft :D
But for whatever reason (greed, capitalism are my guesses), tech companies are leaning into a direction to replace creativity with AI?? I imagine the people behind this view the practice of art as tedious work because it is challenging??
But the beauty of art and the practice of it is that it allows humans to experience and overcome challenges with little to no stakes.
When society determines that is not a valuable use of human time, then I think we’ll all be significantly more miserable. If we allow a machine to be “creative” and leave us to only experience challenges with stakes—like survival (rent, putting food on the table).
So here are some examples of how I feel about AI uses;
AI to translate languages, find resources, discern malicious malware/spam from harmless messages > 👍🏽
AI to generate ideas/art for you > 🤢 Why??????? Why would you want that…that’s the most exceptional part of the human experience and you relinquish it to a bot trained on stolen ideas? 😭
1K notes · View notes
cowvboyenema · 8 months ago
Text
im a small yet enthusiastic fan now
@cowvboyenema
technically they're antlers
13 notes · View notes
phantomrose96 · 4 months ago
Note
At this point, after this has happened a dozen times, why the hell is anyone pushing any update that wide that fast. They didn't try 10 nearby computers first? Didn't do zone by zone? Someone needs to be turbo fired for this and a law needs to get written.
The "this has happened a dozen times" really isn't correct. This one is unprecedented.
But yes the "how the hell could it go THAT bad?" is the thing everyone with even a little software experience is spinning over. Because it is very easy to write code with a bug. But that's why you test aggressively, and you roll out cautiously - with MORE aggressive testing and MORE cautious rollout the more widely-impacting your rollout would be.
And this is from my perspective in product software, where my most catastrophic failure could break a product, not global systems.
Anti-malware products like Crowdstrike are highly-privileged, as in they have elevated trust and access to parts of the system that most programs wouldn't usually have - which is something that makes extremely thorough smoke-testing of the product way MORE important than anything I've ever touched. It has kernel access. This kind of thing needs testing out the wazoo.
I can mostly understand the errors that crop up where like, an extremely old machine on an extremely esoteric operating system gets bricked because the test radius didn't include that kind of configuration. But all of Windows?
All of Windows, with a mass rollout to all production users, including governments?
There had to be layers upon layers of failures here. Especially given how huge Crowdstrike is. And I really want to know what their post-mortem analysis ends up being because for right now I cannot fathom how you end up with an oversight this large.
626 notes · View notes
celestialalpacaron · 3 months ago
Note
Ayo, someone by the name of Curly-B-Blog is redlining art of yours from 2020 (while pretending that it's actually Sai Scribble's work), and kind of being a dick about it. just thought you should know.
You know, originally I was just gonna brush it off, but then I went back to look at my old SU art from 2020 and did so much self reflection from then till now.
I think this was around the time I was just learning how to do perspective and tried to use the perspective tool on Procreate for the first time? :0 and I remember telling Sai “Sai I have this STUPID idea, I CANT believe it this stupid joke it’s so DUMBBBB, it’s living rent free in my BRAIN I SWEAR THIS IS GONNA BE SO STUPID DCIUWHEFIUWHIRFUIW4F” and being super excited to show her the finished product. People still think Sai created the Cursed Skin Gloves comic and I think it’s hilarious wjhwnuhwijwuiw
Tumblr media
The comic was received very well and it made LOTS of people laugh and I’m still proud of this comic to this very day! :D and tbh if it wasn’t for my obsession for Sai’s Switcheroo AU I never would have found my passion in comic work! (love you you stinky hoe @saiscribbles 🩷)
Tumblr media
HOWEVER…. I definitely still had lots to learn! I wasn’t very good at perspective at the time I’ll admit, but I was definitely having lots of fun learning :3
And throughout the past 4 years, ALOT has happened.
I graduated from college with TWO fancy pieces of expensive papers in Visual Development in Animation and Illustration learning from Will Kim and Jeff Soto, and as a I was working with the funny voice man Cougar MacDowall as a comic/story artist and reached in total around 7 million views for my fan series FNAF Security Malware Breached (it was even #21 on the trending list around the time of my birthday 🩷 what a lovely gift), had an insane opportunity to work with Mike Geno and with the voice cast from The Amazing Digital Circus for a fan song as a background and character asset artist, Vivienne Medrano liking and sharing my silly Overlord Husk AU comics, currently on my route to getting my certificate from Aaron Blaise’s Character design program and graduating from Marc Brunet Art School, and now I am completing my first year as professional colorist and art assistant for my storyboard and comic mentor Michelle Lam, aka Mewtripled! (Also I’ll be heading out to Lightbox Expo 2024 on October 26 with Michelle and the team so if y’all ever wanna meetup hahahajaj wink wink wink wink wink)
So you can say I learned ALOT and I enjoyed every minute of what I do :D I try to be humble about my accomplishments because blah blah being humble good yes yes but this time I wanna be selfish and say HELL YEAH I DID ALL THIS!!! AND IM SO EXTREMELY PROUD OF MYSELF FIUGEIURGERGGRS
Now here’s my most recent comic page that I posted like 2 days ago without the text.
Tumblr media
That’s pretty freakin wild to me, I can’t believe I used to draw Steven Universe art like that back in 2020 LOL LIKE GUYS I DREW THIS!! WITH!!! MY HANDS!!! IS THAT NOT INSANE!!!???
Anyways moral of the story:
Learn from everyone and everything! Yes, even then mean ones too! If you can learn to work with anyone, I promise you’ll get to where you want to be faster. People can be a little mean on the internet, but that shouldn’t stop you from being where you want to be in the future. I’m so EXTREMELY grateful for all the opportunities and to all the kind professionals who were willing to give me a chance. Seriously, I’m so graciously thankful for everything, and I hope everyone here will support me and my silly little comics I will do now and in the future!
And one more thing:
Don’t be a jerk. Be to be nice to everyone :D nothing good comes out when you’re bad to everyone.
226 notes · View notes
mostlysignssomeportents · 10 months ago
Text
Demon-haunted computers are back, baby
Tumblr media
Catch me in Miami! I'll be at Books and Books in Coral Gables on Jan 22 at 8PM.
Tumblr media
As a science fiction writer, I am professionally irritated by a lot of sf movies. Not only do those writers get paid a lot more than I do, they insist on including things like "self-destruct" buttons on the bridges of their starships.
Look, I get it. When the evil empire is closing in on your flagship with its secret transdimensional technology, it's important that you keep those secrets out of the emperor's hand. An irrevocable self-destruct switch there on the bridge gets the job done! (It has to be irrevocable, otherwise the baddies'll just swarm the bridge and toggle it off).
But c'mon. If there's a facility built into your spaceship that causes it to explode no matter what the people on the bridge do, that is also a pretty big security risk! What if the bad guy figures out how to hijack the measure that – by design – the people who depend on the spaceship as a matter of life and death can't detect or override?
I mean, sure, you can try to simplify that self-destruct system to make it easier to audit and assure yourself that it doesn't have any bugs in it, but remember Schneier's Law: anyone can design a security system that works so well that they themselves can't think of a flaw in it. That doesn't mean you've made a security system that works – only that you've made a security system that works on people stupider than you.
I know it's weird to be worried about realism in movies that pretend we will ever find a practical means to visit other star systems and shuttle back and forth between them (which we are very, very unlikely to do):
https://pluralistic.net/2024/01/09/astrobezzle/#send-robots-instead
But this kind of foolishness galls me. It galls me even more when it happens in the real world of technology design, which is why I've spent the past quarter-century being very cross about Digital Rights Management in general, and trusted computing in particular.
It all starts in 2002, when a team from Microsoft visited our offices at EFF to tell us about this new thing they'd dreamed up called "trusted computing":
https://pluralistic.net/2020/12/05/trusting-trust/#thompsons-devil
The big idea was to stick a second computer inside your computer, a very secure little co-processor, that you couldn't access directly, let alone reprogram or interfere with. As far as this "trusted platform module" was concerned, you were the enemy. The "trust" in trusted computing was about other people being able to trust your computer, even if they didn't trust you.
So that little TPM would do all kinds of cute tricks. It could observe and produce a cryptographically signed manifest of the entire boot-chain of your computer, which was meant to be an unforgeable certificate attesting to which kind of computer you were running and what software you were running on it. That meant that programs on other computers could decide whether to talk to your computer based on whether they agreed with your choices about which code to run.
This process, called "remote attestation," is generally billed as a way to identify and block computers that have been compromised by malware, or to identify gamers who are running cheats and refuse to play with them. But inevitably it turns into a way to refuse service to computers that have privacy blockers turned on, or are running stream-ripping software, or whose owners are blocking ads:
https://pluralistic.net/2023/08/02/self-incrimination/#wei-bai-bai
After all, a system that treats the device's owner as an adversary is a natural ally for the owner's other, human adversaries. The rubric for treating the owner as an adversary focuses on the way that users can be fooled by bad people with bad programs. If your computer gets taken over by malicious software, that malware might intercept queries from your antivirus program and send it false data that lulls it into thinking your computer is fine, even as your private data is being plundered and your system is being used to launch malware attacks on others.
These separate, non-user-accessible, non-updateable secure systems serve a nubs of certainty, a remote fortress that observes and faithfully reports on the interior workings of your computer. This separate system can't be user-modifiable or field-updateable, because then malicious software could impersonate the user and disable the security chip.
It's true that compromised computers are a real and terrifying problem. Your computer is privy to your most intimate secrets and an attacker who can turn it against you can harm you in untold ways. But the widespread redesign of out computers to treat us as their enemies gives rise to a range of completely predictable and – I would argue – even worse harms. Building computers that treat their owners as untrusted parties is a system that works well, but fails badly.
First of all, there are the ways that trusted computing is designed to hurt you. The most reliable way to enshittify something is to supply it over a computer that runs programs you can't alter, and that rats you out to third parties if you run counter-programs that disenshittify the service you're using. That's how we get inkjet printers that refuse to use perfectly good third-party ink and cars that refuse to accept perfectly good engine repairs if they are performed by third-party mechanics:
https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon
It's how we get cursed devices and appliances, from the juicer that won't squeeze third-party juice to the insulin pump that won't connect to a third-party continuous glucose monitor:
https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/
But trusted computing doesn't just create an opaque veil between your computer and the programs you use to inspect and control it. Trusted computing creates a no-go zone where programs can change their behavior based on whether they think they're being observed.
The most prominent example of this is Dieselgate, where auto manufacturers murdered hundreds of people by gimmicking their cars to emit illegal amount of NOX. Key to Dieselgate was a program that sought to determine whether it was being observed by regulators (it checked for the telltale signs of the standard test-suite) and changed its behavior to color within the lines.
Software that is seeking to harm the owner of the device that's running it must be able to detect when it is being run inside a simulation, a test-suite, a virtual machine, or any other hallucinatory virtual world. Just as Descartes couldn't know whether anything was real until he assured himself that he could trust his senses, malware is always questing to discover whether it is running in the real universe, or in a simulation created by a wicked god:
https://pluralistic.net/2022/07/28/descartes-was-an-optimist/#uh-oh
That's why mobile malware uses clever gambits like periodically checking for readings from your device's accelerometer, on the theory that a virtual mobile phone running on a security researcher's test bench won't have the fidelity to generate plausible jiggles to match the real data that comes from a phone in your pocket:
https://arstechnica.com/information-technology/2019/01/google-play-malware-used-phones-motion-sensors-to-conceal-itself/
Sometimes this backfires in absolutely delightful ways. When the Wannacry ransomware was holding the world hostage, the security researcher Marcus Hutchins noticed that its code made reference to a very weird website: iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. Hutchins stood up a website at that address and every Wannacry-infection in the world went instantly dormant:
https://pluralistic.net/2020/07/10/flintstone-delano-roosevelt/#the-matrix
It turns out that Wannacry's authors were using that ferkakte URL the same way that mobile malware authors were using accelerometer readings – to fulfill Descartes' imperative to distinguish the Matrix from reality. The malware authors knew that security researchers often ran malicious code inside sandboxes that answered every network query with fake data in hopes of eliciting responses that could be analyzed for weaknesses. So the Wannacry worm would periodically poll this nonexistent website and, if it got an answer, it would assume that it was being monitored by a security researcher and it would retreat to an encrypted blob, ceasing to operate lest it give intelligence to the enemy. When Hutchins put a webserver up at iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, every Wannacry instance in the world was instantly convinced that it was running on an enemy's simulator and withdrew into sulky hibernation.
The arms race to distinguish simulation from reality is critical and the stakes only get higher by the day. Malware abounds, even as our devices grow more intimately woven through our lives. We put our bodies into computers – cars, buildings – and computers inside our bodies. We absolutely want our computers to be able to faithfully convey what's going on inside them.
But we keep running as hard as we can in the opposite direction, leaning harder into secure computing models built on subsystems in our computers that treat us as the threat. Take UEFI, the ubiquitous security system that observes your computer's boot process, halting it if it sees something it doesn't approve of. On the one hand, this has made installing GNU/Linux and other alternative OSes vastly harder across a wide variety of devices. This means that when a vendor end-of-lifes a gadget, no one can make an alternative OS for it, so off the landfill it goes.
It doesn't help that UEFI – and other trusted computing modules – are covered by Section 1201 of the Digital Millennium Copyright Act (DMCA), which makes it a felony to publish information that can bypass or weaken the system. The threat of a five-year prison sentence and a $500,000 fine means that UEFI and other trusted computing systems are understudied, leaving them festering with longstanding bugs:
https://pluralistic.net/2020/09/09/free-sample/#que-viva
Here's where it gets really bad. If an attacker can get inside UEFI, they can run malicious software that – by design – no program running on our computers can detect or block. That badware is running in "Ring -1" – a zone of privilege that overrides the operating system itself.
Here's the bad news: UEFI malware has already been detected in the wild:
https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
And here's the worst news: researchers have just identified another exploitable UEFI bug, dubbed Pixiefail:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
Writing in Ars Technica, Dan Goodin breaks down Pixiefail, describing how anyone on the same LAN as a vulnerable computer can infect its firmware:
https://arstechnica.com/security/2024/01/new-uefi-vulnerabilities-send-firmware-devs-across-an-entire-ecosystem-scrambling/
That vulnerability extends to computers in a data-center where the attacker has a cloud computing instance. PXE – the system that Pixiefail attacks – isn't widely used in home or office environments, but it's very common in data-centers.
Again, once a computer is exploited with Pixiefail, software running on that computer can't detect or delete the Pixiefail code. When the compromised computer is queried by the operating system, Pixiefail undetectably lies to the OS. "Hey, OS, does this drive have a file called 'pixiefail?'" "Nope." "Hey, OS, are you running a process called 'pixiefail?'" "Nope."
This is a self-destruct switch that's been compromised by the enemy, and which no one on the bridge can de-activate – by design. It's not the first time this has happened, and it won't be the last.
There are models for helping your computer bust out of the Matrix. Back in 2016, Edward Snowden and bunnie Huang prototyped and published source code and schematics for an "introspection engine":
https://assets.pubpub.org/aacpjrja/AgainstTheLaw-CounteringLawfulAbusesofDigitalSurveillance.pdf
This is a single-board computer that lives in an ultraslim shim that you slide between your iPhone's mainboard and its case, leaving a ribbon cable poking out of the SIM slot. This connects to a case that has its own OLED display. The board has leads that physically contact each of the network interfaces on the phone, conveying any data they transit to the screen so that you can observe the data your phone is sending without having to trust your phone.
(I liked this gadget so much that I included it as a major plot point in my 2020 novel Attack Surface, the third book in the Little Brother series):
https://craphound.com/attacksurface/
We don't have to cede control over our devices in order to secure them. Indeed, we can't ever secure them unless we can control them. Self-destruct switches don't belong on the bridge of your spaceship, and trusted computing modules don't belong in your devices.
Tumblr media
I'm Kickstarting the audiobook for The Bezzle, the sequel to Red Team Blues, narrated by @wilwheaton! You can pre-order the audiobook and ebook, DRM free, as well as the hardcover, signed or unsigned. There's also bundles with Red Team Blues in ebook, audio or paperback.
Tumblr media
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2024/01/17/descartes-delenda-est/#self-destruct-sequence-initiated
Tumblr media
Image: Mike (modified) https://www.flickr.com/photos/stillwellmike/15676883261/
CC BY-SA 2.0 https://creativecommons.org/licenses/by-sa/2.0/
576 notes · View notes
amazinglyspicy · 2 years ago
Text
PIRATE SAFELY!! But pirate ;)
Hello! I’ve gotten a flood of new followers thanks to an addition I made about NOT torrenting from the Pirate Bay, so I want to address it better.
If you’ve come to check my blog for more piracy resources, advice, guides, etc, then check out some of the links in this pinned!
First and Foremost, Do not do Anything without an adblocker. Ublock Origin is the best.
Resources/Wikis: 🌟Top recommendation is the Free Media Heck Yeah Wiki, frequently updated, maintained, and transparent, as well as has a welcoming community behind it if you have questions. The rest are for redundancy's sake and for anything not found in FMHY, though most Wikis on this topic tend to repeat the same info. 🌟
VPN Comparison Chart - General Rule of Thumb, DO NOT use any VPN recommended by Youtubers, influencers, or any other shill with a profit motive. Large marketing budget does not equal good privacy practices. Do your own research.
-Since both Mullvad VPN and IVPN are planned to now suspend port forwarding support, the next best choices for torrenting though a VPN seem to be AirVPN and ProtonVPN.
HOWEVER, AirVPN has no evidence of a no logging policy (aka there’s a chance they keep records of what you do on their service) and ProtonVPN has no method of anonymously signing up and use a subscription model instead of a preferable pay-as-you-go model. So take that as you will.
(NOTE: You do not need to pay for a VPN if you are only directly downloading from a server or streaming off of websites! But it’s probably a good idea for privacy reasons anyways.)
A very good Comprehensive Torrenting Guide! -eye strain warning
And another one!
-If you torrent you need a VPN depending on how strict your government is on copyright laws. This works on a case by case basis, so I recommend looking up your own country's laws on the matter. Generally speaking, use a VPN to torrent if your country falls under The 14 Eyes Surveillance Alliance. More info on what that is Here.
A Note about Antivirus: - If you're using trusted websites, and not clicking on any ad links/fake download ads (Should be blocked by ublock), then you don't necessarily need any antivirus. Common Sense and Windows Defender should be enough to get you by. If you would like to be certain on what you are downloading is legitimate, then run your file through a virus scanner like VirusTotal. Keep in mind that when scanning cracked software some scans may flag “false positives” as the injectors used to crack the software look like malware to these scanners. Once again, the best way to avoid malware is to use trusted sites listed here and use an adblocker at all times.
If you have any questions on anything posted, need help finding things, or just need some clarification on any terms used, shoot me an ask or message! I've got a few years experience with not paying for anything I want, and LOVE to help others with this kind of stuff. But if you don't trust me, since I am a random stranger on the internet, that's fine (I wont be offended promise)! Do your own research!
INFORMATION SHOULD BE FREE!
Last updated: February 16th 2024
2K notes · View notes