The problem of ugly "baseband management controllers" rears its head again as two popular chips deployed on a variety architectures have been demonstrated exploitable (archived). The marketers have dubbed the vulnerablity "pantsdown" but you never really had pants if you were using these.
As Joaqín 'El Chapo' Guzman's trial continues USG agents are alleging they flipped an IT guy running a private VOIP network, then had him deliver 'the' encryption keys to him after which they recorded hundreds of hours of calls (archived). The IT guy in question, Cristian Rodriguez was even kept alive and working after Guzman suspected him of incompetence following an FBI induced incident where the network's servers "needed" moved from Canada to the Netherlands.
After this move Rodriguez delivered the new network's keys to the FBI, the possibility of which suggests poor key management procedures and a lack of functional information security knowlege on Guzman's part. The tools and culture necessary to thrive in the future are being developed in The Most Serene Republic. To ignore the Republic and its offerings is a choice, and that choice means adopting a posture of perpetual vulnerability.
Russian trade minister Denis Manturov has annouced that Russia will be phasing out the USD for valuing and settling arms contracts in favor of national currencies of the parties, or the euro in situations where national currencies are impractical (archived). This move comes as the USG continues make moves to marginalize its own USD altcoin in international trade.
After 17 years of refocusing to combat rural adversaries fighting as small units, and still more years of procurement boondoggles, a report commisioned by the United States congress suggested the US is positioned to lose wars against either Russia or China (archived). While the US is looking to procure Latino combat aircraft to counter the non-perforance of their decades long F-35 development disaster, it turns out that other countries were making procurement decisions on criteria other than how many congressional districts manufacturing can be spread across.
Researchers at the Netherland's Radboud University, total enrollment 19,904 students, have confirmed the safe assumption that the onboard encryption offered by a number of SSD makers is indeed homeopathic and useless (archived). They describe what they refer to as a "pattern of critical issues" which allow them the freedom to read nominally encrypted volumes on a number of Crucial and Samsung drive models. Users of Microsoft Window's "Bitlocker" drive encryption are especially vulnerable since "Bitlocker" trusts onboard SSD encryption engines and will forgo applying its own software encryption when an SSD offers to do the encrypting. The "Make Security Theatre Again" movement is alive and well with mainstream hardware and software vendors.
Another issue with Intel CPUs has been documented demonstrating the things are leaking bits from what Intel's marketing labels "secure" parts of CPU cores through a sidechannel made available via the simultanuous multi threading gimmick Intel's marketers labeled "hyperthreading" (archived). This has not been a good year for the accumulated gimmicks Intel has been tossing in their chips to simulate speed.
This vulnerability has been dubbed "Portsmash" as the continued accretion of trendy names for these things shows no signs of stopping.
Various "national security" agencies in the US and Airstrip One are aggressively denying reports that server motherboards assembled in China for their darlings including Amazon and Apple by way of a defense contractor, contained hardware implants allowing for Chinese ownership of the machines (archived). The language of the denials, especially on the part of the afflicted darlings, involves substantial claims and fabrications of ignorace with respect to this particular embarrassing episode. At the same time the denials on the part of the companies are sufficiently slimey to likely evade claims of fraud over the denials when weighed according to the rituals performed by empire courts at a later date.
Given their hallucinations of immunity from claims, denials by "national security" agencies are rarely bounded by such cautions. Given the weight of incentives, hedging by parties that might have problems, and the contrasting boldness by parties imagining themselves to immunity from those problems… The credibility of these denials is very low.
Bloomberg reports that servers used by Apple, Amazon, and others have been bugged using hardware implants thanks to China owning the supply chain. Bloomberg's report specifically mentions server boards commisioned by USG contractor Elemental and manufactured by California based Supermicro in China. Before Amazon became interested in Elemental, Elemental had contracted with the US Department of Defense to assist with surveillance drone video processing. The Chinese implant appears to work by tapping into the baseboard management controller, itself a USG backdoor.