Categories
Anicyber News

Intel Suffers IP Data Breach – Here it is.

Today, data was leaked online by a Swiss security researcher after receiving it from an anonymous hacker. US chipmaker Intel is investigating a security breach after earlier today 20 GB of internal documents, with some marked “confidential” or “restricted secret,” were uploaded online on file-sharing site MEGA.

The purported hacker had this to say:

the alleged hacker claimed to have obtained the data via an unsecured server hosted on the Akamai CDN

The Data

For those of you “in the know”, here’s a magnet link:

magnet:?xt=urn:btih:38f947ceadf06e6d3ffc2b37b807d7ef80b57f21

The breached data from Intel includes:

  • Intel ME Bringup guides + (flash) tooling + samples for various platforms
  • Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
  • Silicon / FSP source code packages for various platforms
  • Various Intel Development and Debugging Tools
  • Simics Simulation for Rocket Lake S and potentially other platforms
  • Various roadmaps and other documents
  • Binaries for Camera drivers Intel made for SpaceX
  • Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
  • (poorly made) Kabylake FDK training videos
  • Intel Trace Hub + decoder files for various Intel ME versions
  • Elkhart Lake Silicon Reference and Platform Sample Code
  • Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
  • Debug BIOS/TXE builds for various Platforms
  • Bootguard SDK (encrypted zip)
  • Intel Snowridge / Snowfish Process Simulator ADK
  • Various schematics
  • Intel Marketing Material Templates (InDesign)

Worth noting: The title of the torrent says Drop 1. That implies that there’s more to come.

The Official Response

Intel was quick to reply when reached for a response.

The company’s full statement reads:

We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”

What does this mean for Intel’s future? Well in the bizarro market world where a Twitter hack is followed by a share price increase, probably nothing; But when silicon fabrication is reduced to an arms race, this little leak of intellectual property is sure to help their competitors.

For more reading, see:

https://www.govtech.com/security/Intel-Responds-to-Attempted-Theft-of-1B-Project-by-Employee.html

Categories
Software

Make a Twitter Bot ๐Ÿค– Easily

Twitter bots! It’s all the buzz — like 2 years ago ๐Ÿ˜… Anyway, now they’re really easy to make. Let’s do it!

Ready, Set, Go!

First, get python!

Be sure to check the install pip checkbox during installation – that’s how you get python libraries! We’re gonna need at least one, tweepy. To get it, run this from the command prompt (win +r, “cmd”, enter) or bash:

pip install tweepy

Next apply for Twitter Developer Access!

That’s required, as it’s how you’ll get your login keys. You’ll need (4) four!

After creating a “project” (clicking next a lot) go to your projects and grab your “consumer_key” and “consumer_secret” as we’ll call them for simplicity

twitter uses slightly different names, but the order is the same

Next, get your “access_token” and your “access_secret

make sure to put this somewhere safe for later unless you want to have to regenerate!

Do not share these! It’s basically a twitter login. Create a file (like twitterBot.py) with the .py extension and open it in your favorite editor! Ours is vscode ๐Ÿคทโ€โ™€๏ธ

Start your bot script by importing libraries (copying and pasting text into that file) like so:

import tweepy as tw

Next you will need define your login “keys” (leave the quotes!) Add:

consumer_key= 'yourkeyhere'
consumer_secret= 'yourkeyhere'
access_token= 'yourkeyhere'
access_token_secret= 'yourkeyhere'

And then pass that information on to the Twitter API…

auth = tw.OAuthHandler(consumer_key, consumer_secret)
auth.set_access_token(access_token, access_token_secret)
api = tw.API(auth, wait_on_rate_limit=True)

Got all that added? Save, and test it by opening cmd (or bash on linux ๐Ÿง), navigate to where your python script is stored:

cd C:/Users/YOU/Desktop/twitterBot.py

And run it!

python twitterBoy.py

If you didn’t get a big scary error… rejoice! ๐Ÿ‘ You have a python bot. Doesn’t do anything yet but hey that’s progress ๐ŸŽŠ

Send your first tweet

Let’s make it do something. Add the following:

api.update_status("I'm posting this from python @anicyber thx bro")

Run it just like before… did it error? If not…

Go check your Twitter! It worked!! ๐ŸŽ‰

OK so now we have a bot that can tweet. Let’s make one that searches ๐Ÿ”Ž and likes too ๐Ÿ’—

Searching Twitter for Tweets

Searching is as easy as posting! Pick some hashtags that you wanna search, and a date from which you want to search from (note: can’t go too far back!)

Also go ahead and remove that last “update_status” line if you don’t wanna try and tweet again (it won’t let you tweet duplicates ๐Ÿ˜‰), so your script should now look like this:

import tweepy as tw

consumer_key= 'yourkeyhere'
consumer_secret= 'yourkeyhere'
access_token= 'yourkeyhere'
access_token_secret= 'yourkeyhere'

auth = tw.OAuthHandler(consumer_key, consumer_secret)
auth.set_access_token(access_token, access_token_secret)
api = tw.API(auth, wait_on_rate_limit=True)

search_words = "#funny"
date_since = "2020-07-10"

If you wanna do multiple just use OR like:

search_words = "#funny OR #memes"
date_since = "2020-07-10"

Then let’s fetch a list of tweets with those #hashtags

tweets = tw.Cursor(api.search,
              q=search_words,
              lang="en",
              since=date_since).items(5)
tweets

Run it and you should see:

<tweepy.cursor.ItemIterator at 0x7facc336f211>

Without nerding out too much ๐Ÿค“ … This is basically a bunch of tweets in “object form”. To properly handle one at a time you can do a loop:

tweets = tw.Cursor(api.search,
              q=search_words,
              lang="en",
              since=date_since).items(5)

for tweet in tweets:
    print(tweet.text)

Run it and you should see something like:

2/2 blah blah
1/2 Obama's cool
RT @anicyber wow  [#horses]
RT @rabbirt stfu
RT @anicyber @rabbirt y'all r bretty cool

Taking out the “trash”

Retweets are like a repost with credit the OP. I prefer not to include those. To filter those our add the following right after: search_words = “#technology OR cyborg”

search_words = search_words + " -filter:retweets"

Run that, and you should get a curated list of tweets!

For now, we just want to work with one at a time, so we’re gonna change the .items(5) to a 1, like so:

tweets = tw.Cursor(api.search,
              q=search_words,
              lang="en",
              since=date_since).items(1)

If you’re confused, your script should look like this:

import tweepy as tw

consumer_key= 'yourkeyhere'
consumer_secret= 'yourkeyhere'
access_token= 'yourkeyhere'
access_token_secret= 'yourkeyhere'

auth = tw.OAuthHandler(consumer_key, consumer_secret)
auth.set_access_token(access_token, access_token_secret)
api = tw.API(auth, wait_on_rate_limit=True)

search_words = "#funny"
search_words = search_words + " -filter:retweets"
date_since = "2020-07-10"

tweets = tw.Cursor(api.search,
              q=search_words,
              lang="en",
              since=date_since).items(1)

for tweet in tweets:
    print(tweet.text)

Time to interact with ’em. Or it. The tweet.

Liking the tweet

Let’s start by liking it!

The actual liking part is… one line.

api.create_favorite(tweet.id)

To get a nice ‘lil status message to tell you what was liked, change the for loop to:

for tweet in tweets:
    api.create_favorite(tweet.id)
    print("liked: " + tweet.text)

Run it and feel proud of how supportive you’ve just been. Wanna reply too? Fine, but that’s the last one we’re doing in this article!!

Reply AND Like ๐Ÿ’ก

Again, really just a one liner…

api.update_status("Lol nice",in_reply_to_status_id = tweet.id, auto_populate_reply_metadata=True)

Add this before or after the like command to do both. Your whole script could look like:

import tweepy as tw

consumer_key= 'yourkeyhere'
consumer_secret= 'yourkeyhere'
access_token= 'yourkeyhere'
access_token_secret= 'yourkeyhere'

auth = tw.OAuthHandler(consumer_key, consumer_secret)
auth.set_access_token(access_token, access_token_secret)
api = tw.API(auth, wait_on_rate_limit=True)

search_words = "#funny"
search_words = search_words + " -filter:retweets"
date_since = "2020-07-10"

tweets = tw.Cursor(api.search,
              q=search_words,
              lang="en",
              since=date_since).items(1)

for tweet in tweets:
    api.create_favorite(tweet.id)
    api.update_status("Lol nice",in_reply_to_status_id = tweet.id, auto_populate_reply_metadata=True)
    print("liked AND replied to: " + tweet.text)

Run that and you should see this!

liked AND replied to: IS THAT HARASSMENT?...
#Overwatch #ow #edits #Pankake101 #gaming  #twitch #YouTuber #fail #fails #YouTube #gamesโ€ฆ https://t.co/ZhPSJ6sVpI    

Well, hopefully not that in particular. Anyway, yay ๐ŸŽ‰ Wanna expand? Add some sleep timers, maybe do some NLP?

Start here:

If you liked this then check back for more ๐Ÿ˜

Categories
Technology

The Last Good Phone

In a world where expensive dumbed-down phones rule supreme, one stood out in defiance…

Shopping for a new phone? The Xiaomi A3 is a cost-effective power-house of a phone; They usually sell for ~$210 – compare that to the $800 average. Get one while they’re still being made!

Remember headphone jacks? Of course this phone still has that. Remember IR blasters, the wonderful innovation that let your phone act as a universal remote? Yeah, it’s got that. Expandable storage, that thing Apple keeps “forgetting” to add (to keep you buying the expensive one)? Of course it has that. Not only that, but it’s got newer features too: in-screen fingerprint sensor, AMOLED screen, and multiple (three!) rear-facing cameras. There’s a really long list of things this phone does right, and that’s not too common these days.

“… at least 33% better battery life than the top of the line iPhone”

Nowadays if you have the lastest iPhone, you live by the charger. Every night you plug in before bed or else you do not have a phone the next day. Most iPhones have around ~2000mAh batteries. If you pay for the biggest, most expensive one, the iPhone XR, you get 3000mAh. The A3? 4000mAh standard. That’s not just a big battery – that’s huge even by android standards.

“Comes standard with 4GB of RAM, whereas most iPhones have 2GB”

This is basically the last good phone. What do I mean by that? Well, go shop around. Less features for more money. Smaller batteries, stupid notches, other strange “design decisions”. Unless you’re a professional photographer, I might recommend the Pixel… but at that point you might as well just invest in a Rebel camera (they’re the same price ๐Ÿคฎ) .

All that and… It’s $210

The one concern I had as I was getting into this phone was the origin. Sure, all phones are now made in China (yes, even America’s precious Apple products), but using software made by companies actually owned in China means the Chinese government has some say in how they “do business”. Tik tok is bad, Huawei is getting banned, so what about this phone? Well, to-date I have noticed no suspicious network requests. If there’s enough interest I’ll do a story on Xiaomi phone security.

In short, this is it. The last bastion of modern, well rounded phones. This is like what the FX-8350 was as a non-spyware embedded (no AMT) unicorn the processor industry before Ryzen. In other words something honestly reliable before things get… well… silly (looking at you thousand dollar phones, cloud-storage only, flexible phones that break… etc)

If you do decide to get this phone, use the link above and we get some love from Amazon – and welcome to the club ๐Ÿ˜Ž

Thanks for reading, and be sure to check back for more stories and updates!

Categories
Anicyber News

Open Sourcing Immortality

It’s about time someone went and did it! Now there’s a place to talk about extending the natural human life in a collaborative manner. Check it out at:

https://www.reddit.com/r/OpenSourceImmortality/

Reddit is a social news aggregation, web content rating, and discussion website. It’s also a great place for memes! ๐Ÿง

Categories
Anicyber News

You Should Probably Buy Bitcoin BEFORE the Next Halving

A hot take by one of our writers:

Click through to see the video on YouTube and the affiliated channel

7.8 billion

People on Earth

“In demographics, the world population is the total number of humans currently living, and was estimated to have reached 7.8 billion people as of March 2020. It took over 200,000 years of human history for the world’s population to reach 1 billion, and only 200 years more to reach 7 billion.” –

https://en.wikipedia.org/wiki/World_population

21 million

Total Number of Bitcoins

“The maximum and total amount of bitcoins that can ever exist is 21 million.”

https://www.buybitcoinworldwide.com/how-many-bitcoins-are-there/

You do the math.

Categories
Anicyber News

Goodbye AdBlock– Google to ‘Deprecate Chrome Apps’ June 2020

Global chaos; Pandemic, market crashes, and now… this? According to several pages and indications from Google, as of June 2020 Chrome will “End support for Chrome Apps on Windows, Mac, and Linux.” What does that mean for you and me? No more ad blockers (uBlock matrix, AdBlock Plus), no more dark extensions, and much, much more!

Somehow this wide-impacting decision has not yet made it to the masses. It looks like in all the buzz, this little indicator went mostly unnoticed…

A warning found by logging into https://chrome.google.com/webstore/devconsole/ (must have an account! costs $5! not worth!)

This is the post that says it all.

A screenshot of the post — just incase ๐Ÿ˜‰

While the post appears benign (it’s only on the chromium blog after all) the change is not exclusive to the purported “Google-free” version of chrome. All versions of Chrome will be impacted, including those on ChromeOS (though at a later date).

What’s next for the advertising giant’s browser? How will we keep doing the things we’ve come to know and love on the web?

Not so subtle suggestion. Yes it’s slower, but you can make a difference! And hey, free speech.

Guess we’ll have to find out ๐Ÿ˜‰

Thanks for reading!

Categories
Educational

Hiding the Header (title of your page/post) on WordPress

It’s pretty simple. Just add the following CSS…

.page-id-7 .entry-header {
display: none;
}

Where .page-id-7 is the ID# of the page you want to hide it on. You can get this by going to edit view of a post/page and looking at the URL.

As an example for this post we would use…

 .postid-687 .entry-header {
display: none;
}

I’ve also seen:

 #post-713 .entry-header {
     display: none;
 } 

Don’t ask why there’s no hyphen for posts. Seems pretty arbitrary if you ask me.

There you have it!

Categories
Shared

Are Tesla’s Cameras a Threat To Our Privacy?

“I love that my car recorded a hit-and-run on my behalf,” writes a technology columnist at the Washington Post. “Yet I’m scared we’re not ready for the ways cameras pointed inside and outside vehicles will change the open road…”

Long-time Slashdot reader Strudelkugel shared the Post’s report:

It’s not just crashes that will be different. Once governments, companies and parents get their hands on car video, it could become evidence, an insurance liability and even a form of control… [I]t’s not just the bad guys my car records. I’ve got clips of countless people’s behinds scooching by in tight parking lots, because Sentry Mode activates any time something gets close. It’s also recording my family: With another function called Dash Cam that records the road, Tesla has saved hours and hours of my travels — the good driving and the not-so-good alike.

We’ve been down this road before with connected cameras. Amazon’s Ring doorbells and Nest cams also seemed like a good idea, until hackers, stalkers and police tried to get their hands on the video feed… Applied to a car, the questions multiply: Can you just peer in on your teen driver — or spouse? Do I have to share my footage with the authorities? Should my car be allowed to kick me off the road if it thinks I’m sleepy? How long until insurance companies offer “discounts” for direct video access? And is any of this actually making cars safer or less expensive to own? Your data can and will be used against you. Can we do anything to make our cars remain private spaces…?

Their design choices may well determine our future privacy. It’s important to remember: Automakers can change how their cameras work with as little as a software update. Sentry mode arrived out of thin air last year on cars made as early as 2017… Tesla is already recording gobs. Living in a dense city, my Sentry Mode starts recording between five and seven times per day — capturing lots of people, the vast majority of whom are not committing any crime. (This actually drains the car’s precious battery. Some owners estimate it sips about a mile’s worth of the car’s 322-mile potential range for every hour it runs.) Same with the Dash Cam that runs while I’m on the road: It’s recording not just my driving, but all the other cars and people on the road, too. The recordings stick around on a memory card until you delete them or the card fills up, and it writes over the old footage… Now imagine what Google or Facebook might want to do with that data on everywhere you drive…

Without Sentry Mode, I wouldn’t have known what hit me. The city’s response to my hit-and-run report was that it didn’t even need my video file. Officials had evidence of their own: That bus had cameras running, too.


“Thank You St. Tesla,” jokes Slashdot reader DenverTech, linking to a story in which a Tesla owner shared the video it recorded of another car struck in a hit-and-run accident in the parking lot of a Colorado Olive Garden. “It just makes me really thankful that there are cars out there, that can prove what happened so justice can happen,” that car’s owner told a local news station — though the Tesla owner had also already written down the license number of the truck which struck her vehicle.

The news station also links to another story in which a man accused of dragging a knife across a parked Tesla “was also captured on the vehicle’s built-in camera.”

As read on Slashdot.

Categories
Shared

The Department of Defense agency responsible for securing the communications of President Trump has suffered a data breach

An anonymous reader quotes a report from Forbes:

The Department of Defense agency responsible for securing the communications of President Trump has suffered a data breach. Here’s what is known so far. The U.S. Defense Information Systems Agency (DISA) describes itself as a combat support agency of the Department of Defense (DoD) and is tasked with the responsibility for supporting secure White House communications, including those of President Trump. As well as overseeing Trump’s secure calls technology, DISA also establishes and supports communications networks in combat zones and takes care of military cyber-security issues. It has also confirmed a data breach of its network, which exposed data affecting as many as 200,000 users.

First picked up by Reuters, disclosure letters dated February 11 have been sent out to those whose personal data may have been compromised. Although it is not clear which specific servers have been breached, nor the nature of the users to whom the letters have been sent, that an agency with a vision to “connect and protect the war-fighter in cyberspace” should suffer such an incident is concerning, to say the least. While many of the details surrounding this breach are likely to remain, understandably, confidential, given the nature of the DISA work, the letter itself has already been published on Twitter by one recipient. Signed by Roger S. Greenwell, the chief information officer at DISA, the letter revealed the breach took place between May and July last year, and information including social security numbers may have been compromised as a result. It also stated that there is no evidence that any personally identifiable information (PII) has been misused as a result. The letter does, however, confirm that DISA will be offering free credit monitoring services to those who want it.

Categories
Shared

Google Hands Feds 1,500 Phone Locations In Unprecedented ‘Geofence’ Search

According to Forbes, Google hasย sent 1,494 device identifiers to the Bureau of Alcohol, Tobacco, Firearms and Explosivesย (ATF) to help them investigate arsons carried out across Milwaukee, Wisconsin, throughout 2018 and 2019. “The requests, outlined in two search warrants obtained by Forbes, demanded to know which specific Google customers were located in areas covering 29,387 square meters (or 3 hectares) during a total of nine hours for the four separate incidents,” the report says. “Unbeknownst to many Google users, if they have ‘location history’ turned on, their whereabouts areย stored by the tech giant in a database called SensorVault.” From the report:

To investigators, this kind of “geofence” demand is useful, allowing them to go through the data trove provided by Google, look for devices of interest such as a known suspect’s phone and ask for more personal information on the user of that mobile. But it’s also the kind of search that’s been making pro-privacy folk anxious over the last year. Such data grabs, also referred to as “reverse location searches,” see the police give Google a timeframe and an area on Google Maps within which to find every Google user within. Google then looks through its SensorVault database of user locations, taken from devices running the tech giant’s services like Google Maps or anything that requires the “location history” feature be turned on. The police then look through the list, decide which devices are of interest to the investigation and ask for subscriber information that includes more detailed data such as name, email address, when they signed up to Google services and which ones they used.

It’s unclear whether or not Google handed over any identifying information, but to Jerome Greco, a public defender in the Digital Forensics Unit of the Legal Aid Society, it’s a sign that geofence warrants are overly broad and endanger user privacy. “The number of phones identified in that area shows two key points,” he tells Forbes. “One, it demonstrates a sample of how many people’s minute-by-minute movements Google is precisely tracking. “Two, it shows the unconstitutional nature of reverse location search warrants because they inherently invade the privacy of numerous people, who everyone agrees are unconnected to the crime being investigated, for the mere possibility that it may help identify a suspect.”For what it’s worth, Forbes did obtain a search warrant that indicates Google is trying to fight back against overly broad government requests, “but still appears to be handing over innocent people’s information as well as legitimate suspect data.”

As found on: https://tech.slashdot.org/story/19/12/12/2139212/google-hands-feds-1500-phone-locations-in-unprecedented-geofence-search