After 17 years of refocusing to combat rural adversaries fighting as small units, and still more years of procurement boondoggles, a report commisioned by the United States congress suggested the US is positioned to lose wars against either Russia or China (archived). While the US is looking to procure Latino combat aircraft to counter the non-perforance of their decades long F-35 development disaster, it turns out that other countries were making procurement decisions on criteria other than how many congressional districts manufacturing can be spread across.
Researchers at the Netherland's Radboud University, total enrollment 19,904 students, have confirmed the safe assumption that the onboard encryption offered by a number of SSD makers is indeed homeopathic and useless (archived). They describe what they refer to as a "pattern of critical issues" which allow them the freedom to read nominally encrypted volumes on a number of Crucial and Samsung drive models. Users of Microsoft Window's "Bitlocker" drive encryption are especially vulnerable since "Bitlocker" trusts onboard SSD encryption engines and will forgo applying its own software encryption when an SSD offers to do the encrypting. The "Make Security Theatre Again" movement is alive and well with mainstream hardware and software vendors.
Another issue with Intel CPUs has been documented demonstrating the things are leaking bits from what Intel's marketing labels "secure" parts of CPU cores through a sidechannel made available via the simultanuous multi threading gimmick Intel's marketers labeled "hyperthreading" (archived). This has not been a good year for the accumulated gimmicks Intel has been tossing in their chips to simulate speed.
This vulnerability has been dubbed "Portsmash" as the continued accretion of trendy names for these things shows no signs of stopping.
Various "national security" agencies in the US and Airstrip One are aggressively denying reports that server motherboards assembled in China for their darlings including Amazon and Apple by way of a defense contractor, contained hardware implants allowing for Chinese ownership of the machines (archived). The language of the denials, especially on the part of the afflicted darlings, involves substantial claims and fabrications of ignorace with respect to this particular embarrassing episode. At the same time the denials on the part of the companies are sufficiently slimey to likely evade claims of fraud over the denials when weighed according to the rituals performed by empire courts at a later date.
Given their hallucinations of immunity from claims, denials by "national security" agencies are rarely bounded by such cautions. Given the weight of incentives, hedging by parties that might have problems, and the contrasting boldness by parties imagining themselves to immunity from those problems… The credibility of these denials is very low.
Bloomberg reports that servers used by Apple, Amazon, and others have been bugged using hardware implants thanks to China owning the supply chain. Bloomberg's report specifically mentions server boards commisioned by USG contractor Elemental and manufactured by California based Supermicro in China. Before Amazon became interested in Elemental, Elemental had contracted with the US Department of Defense to assist with surveillance drone video processing. The Chinese implant appears to work by tapping into the baseboard management controller, itself a USG backdoor.
Russian President Putin and Jewish Leader Bibi Netanyahu are offering measured, concilliatory words after Israeli planes conducting air strikes in Syria used a Russian Il-20 observation plane as radar cover leading to its destruction by Syrian air defenses (archived). Soon after the plane went down Russia was swift to condemn Israel for their role in the destruction of the planeand loss of the crew.
Two gentlement associated with a firm calling itself "Positive Technologies" have documented a manner for acquiring JTAG access to the "Intel Management Engine" on a machine running an 'Apollo Lake' family Intel Celeron (archived). Their recipe involves creating a special debug mode dongle of the sort used for opening up other consumer devices. This has been a very rough year for Intel's marketing wank.
Intel has begun attaching a license clause prohibiting comparative benchmarking to its CPU microcode updates (archived). Intel has spent the past year deluged with reports of critical flaws in their CPUs related to speed optimizations which fundamentally compromise the ability of their chips to be secure, especially in multi user systems. This fumbling by Intel to supress comparative benchmarks between patched and unpatched chips is only their latest attempt to paper over how much of their chips' fradulent speed advantage is lost with anything resembling effective mitigations1 for these engineered holes.