Node.js "event-stream" Library Added Bitcoin Wallet Stealer After New Maintainer Takes Over

The "popular" node.js "event-stream" library was loaded with a module stealing from Bitpay's Copay Bitcoin wallet after creator and longtime maintainer Dominic Tarr handed maintenance over to an unknown identifying itself with the text string "right9ctrl" (archived). Before the handover right9ctrl made a couple of contributions to event-stream building rapport with Tarr. After getting the keys to the repository right9ctrl added a dependency in event-stream on a new "flatmap-stream" library which had been distributed in an encrypted form, which should itself have been a warning if anyone had been bothering to read code they run. Instead it took two months for supicions to emerge.

Bitpay's Copay wallet used the even-stream library, and Bitpay was not involved in raising the alarm over this grave subversion of their product.

IEEE Journal Announces 29 Article Retractions Without Identifying Articles

The "Institute of Electrical and Electronics Engineers" announced their retraction of 29 articles published within the past two years in their journal "IEEE Transactions on Electromagnetic Compatibility" (archived). Curiously the withdrawn articles are not identified. The IEEE is pinning the retractions on some sort of misconduct involving three volunteer editors, also unnamed, who the group saw fit to bar from further membership. Apparently in US Academia's post-post modern age enumerating problems is fine, but naming them is not.

Forkcoin That Split From Bitcoin Now Struck By Contentious Hardfork

The failed Forkcoin referred to as "bitcoin cash" has been hit by its own contentious hardfork. A Roger VER-ified1 client called ABC decided to implement new rules from an "official roadmap" while a client backed by notorious fraudster Craig 'Hoaxtoshi' Wright decided not to. As of this writing one chain has more blocks committed than the other, but the clear losers appear to be all parties involved in this dispute including those furthest on the periphery who let themselves become affected by it through failing to appropriately discount the deficits in credibility attached to the folks positioned as "leaders" in this incredibly sour and bitter wank competition.


  1. In a legally and morally dubious move Roger Ver's mining pool redirected hash power subscribers intended to aim a mining actual Bitcoin to instead prop up his favored side of the Forkcoin.  

US: Our 'Military Edge' Has Eroded

After 17 years of refocusing to combat rural adversaries fighting as small units, and still more years of procurement boondoggles, a report commisioned by the United States congress suggested the US is positioned to lose wars against either Russia or China (archived). While the US is looking to procure Latino combat aircraft to counter the non-perforance of their decades long F-35 development disaster, it turns out that other countries were making procurement decisions on criteria other than how many congressional districts manufacturing can be spread across.

Numerous Western Fiat "Governments" Pushing For New Wave of Internet Totalitarianism

The Australia's Department of Home Affairs published a statement, since deleted annoucing an agreement during a 5Eyes meeting to pursue measures "prevent illegal and illicit content from ever being uploaded"1 and this move among the 5Eyes has been comfirmed by French collaborator Macron who argued for measures rather similar to those being whispered by the Anglophone 5Eyes cartel (archived). Another since deleted memo2 originally published by the Australian Home Affairs referring to conclusions reached during the 5Eyes powwow suggests New Zealand's recent adoption of "Digital Customs Searches" is a preview of things to come for the rest of the totalitarian criminal Anglophone block.


  1. Full statement since deleted:

    This is Google's cache of https://www.homeaffairs.gov.au/about/national-security/five-country-ministerial-2018/countering-illicit-use-online-spaces. It is a snapshot of the page as it appeared on Oct 14, 2018 05:10:38 GMT. The current page could have changed in the meantime. Learn more. Full versionText-only versionView source Tip: To quickly find your search term on this page, press Ctrl+F or ⌘-F (Mac) and use the find bar. Home Menu Five Country Ministerial 2018 Access to evidence and encryption Countering the illicit use of online spacesCurrently selected Department of Immigration and Border Protection Ministers Contact us Report suspicious behaviour Search this site Search ​​Individuals and Travellers Businesses, Agents and Trade Professionals Australian Border Force About Us About Us Five Country Ministerial 2018 Access to evidence and encryption Countering the illicit use of online spacesCurrently selected Skip Navigation LinksHome > About Us > National security > Five Country Ministerial 2018 > Countering the illicit use of online spaces Five Country Ministerial Statement on Countering the Illicit Use of Online Spaces We, the Homeland Security, Public Safety, and Immigration Ministers of Australia, Canada, New Zealand, the United Kingdom, and the United States, stand united in our commitment to protect our citizens from child predators, terrorists, violent extremists and other illicit actors. We are as determined to counter these threats online as we are to counter them in the physical world. We note with disappointment that senior digital industry leaders did not accept our invitation to engage on critical issues regarding the illicit use of online spaces at the 2018 Five Country Ministerial meeting. Nevertheless, we reiterate our determination to work together constructively to ensure our response is commensurate to the gravity of the threat. Our citizens expect online spaces to be safe, and are gravely concerned about illegal and illicit online content, particularly the online sexual exploitation of children. We stand united in affirming that the rule of law can and must prevail online. We are committed to an open, safe and secure internet; one that provides global connectivity, better access to services, and new ways to conduct business and share news and information. But we recognise that the anonymous, instantaneous and networked nature of the online environment has magnified the threats we face, and has opened up new vectors for harm. We are determined to ensure that the technologies that have been developed to enhance prosperity and freedom are not exploited by those who seek to promote terrorism and violent extremism; prey upon and exploit our children; or spread disinformation and discord to undermine our democratic institutions. The evolution of digital technology has created new opportunities for widespread transmission of child exploitation material, and for perpetrating the most abhorrent kinds of child sexual exploitation, such as live-streaming of abuse. And it is not only in the recesses of the dark web that such material is accessible. Much is hosted on the most common top‑level domains. Moreover, the growing sophistication of mobile technology has enabled offenders to target children, including through apps that can be used to recruit and coerce children to engage in sexual activity. The low financial cost, and the anonymised nature of this criminal enterprise, is contributing to a growth in the sexual exploitation of children. We must escalate government and industry efforts to stop this. We also affirm the need to build upon efforts to counter the use of the internet by terrorists and violent extremists who continue to exploit online spaces to share materials designed to radicalise and mobilise individuals to violence. These materials are used for recruitment, facilitation, training and financing purposes, often with devastating consequences. Governments and industry have made some progress in tackling this issue. However, the task is far from complete. Terrorists and violent extremists remain able to disseminate propaganda promoting violence, and to use online platforms to radicalise and recruit. And, despite concerted efforts, a great deal of terrorist and violent extremist content remains accessible online to anyone inclined to seek it out. We therefore call upon industry to go further in proactively and innovatively addressing the illicit use of their platforms and applications at pace. In this context we welcome and support the Global Internet Forum to Counter Terrorism (GIFCT). But we urge industry leaders to champion more rapid responses, both under the auspices of the GIFCT and beyond. Digital industry must take responsibility to reduce the availability of online terrorist and violent extremist content across all platforms and applications, and to do so comprehensively. Recognizing the G7 Interior Ministers' statement on terrorism and violent extremism, we echo and amplify their call to action, and we affirm that efforts must extend to all types of illegal and illicit online content. We are also increasingly seeing the use of online spaces to spread disinformation, sow division, and undermine our democratic institutions. The proliferation of interference activities and disinformation undermines the trust of citizens in online communications and information, delegitimizing the benefits and opportunities that communications and social media platforms create. We call upon industry to meet public expectations regarding online safety by: Developing and implementing capabilities to prevent illegal and illicit content from ever being uploaded, and to execute urgent and immediate takedown where there is a failure to prevent upload. Deploying human and automated capabilities to seek out and remove legacy content. Acting on previous commitments to invest in automated capabilities and techniques (including photo DNA tools) to detect, remove and prevent re‑upload of illegal and illicit content, as well as content that violates a company's terms of service. Prioritising the protection of the user by building user safety into the design of all online platforms and services, including new technologies before they are deployed. Building upon successful hash sharing efforts to further assist in proactive removal of illicit content. Setting ambitious industry standards, and increasing assistance to smaller companies in developing and deploying illicit content counter-measures. Building and enhancing capabilities to counter foreign interference and disinformation. Preventing live streaming of child sexual abuse on all platforms. We recognise that governments also have a major role to play in addressing the spread of illicit content online. We commit to build the capacity of non-'five eyes' countries to protect and defend the most vulnerable. We undertake to enhance information flows from government to industry, and work towards overcoming barriers to cross-sectoral collaboration. We agree to ensure our enforcement capabilities, including technical data such as hashes, can be shared with industry to support the development of scalable, Artificial Intelligence-driven solutions. Through the same innovation and cross-sectoral collaboration that has underpinned so many technological advances, the challenge of countering illicit online content is not insurmountable. To focus our collective efforts, we agree to establish a senior officials group charged with monitoring industry progress on the above actions on a quarterly basis and reporting back to us. We welcome digital industry Chief Executive Officers to future meetings of the Five Country Ministerial to update us on their efforts directly. Australian Border Force (ABF) Who ​We Are A career with us Border Force officer recruit traineeship Report something suspicious​ ​About us

     

  2. Full text:

    This is Google's cache of https://www.homeaffairs.gov.au/about/national-security/five-country-ministerial-2018/access-evidence-encryption. It is a snapshot of the page as it appeared on Nov 2, 2018 21:38:38 GMT. The current page could have changed in the meantime. Learn more. Full versionText-only versionView source Tip: To quickly find your search term on this page, press Ctrl+F or ⌘-F (Mac) and use the find bar. Home Menu Department of Immigration and Border Protection Search Skip Navigation LinksHome > About Us > National security > Five Country Ministerial 2018 > Access to evidence and encryption Statement of Principles on Access to Evidence and Encryption Preamble The Governments of the United States, the United Kingdom, Canada, Australia and New Zealand are committed to personal rights and privacy, and support the role of encryption in protecting those rights. Encryption is vital to the digital economy and a secure cyberspace, and to the protection of personal, commercial and government information. However, the increasing use and sophistication of certain encryption designs present challenges for nations in combatting serious crimes and threats to national and global security. Many of the same means of encryption that are being used to protect personal, commercial and government information are also being used by criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution. Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute. It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards. The same principles have long permitted government authorities to search homes, vehicles, and personal effects with valid legal authority. The increasing gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is a pressing international concern that requires urgent, sustained attention and informed discussion on the complexity of the issues and interests at stake. Otherwise, court decisions about legitimate access to data are increasingly rendered meaningless, threatening to undermine the systems of justice established in our democratic nations. Each of the Five Eyes jurisdictions will consider how best to implement the principles of this statement, including with the voluntary cooperation of industry partners. Any response, be it legislative or otherwise, will adhere to requirements for proper authorization and oversight, and to the traditional requirements that access to information is underpinned by warrant or other legal process. We recognize that, in giving effect to these principles, governments may have need to engage with a range of stakeholders, consistent with their domestic environment and legal frameworks. Principles The Attorneys General and Interior Ministers of the United States, the United Kingdom, Canada, Australia and New Zealand affirm the following principles in relation to encryption. 1. Mutual Responsibility Diminished access to the content of lawfully obtained data is not just an issue for Governments alone, but a mutual responsibility for all stakeholders. Providers of information and communications technology and services - carriers, device manufacturers or over-the-top service providers -– are subject to the law, which can include requirements to assist authorities to lawfully access data, including the content of communications. Safe and secure communities benefit citizens and the companies that operate within them. We are always willing to work with technology providers in order to meet our public safety responsibilities and ensure the ability of citizens to protect their sensitive data. Law enforcement agencies in our countries need technology providers to assist with the execution of lawful orders. Currently there are some challenges arising from the increasing use and sophistication of encryption technology in relation to which further assistance is needed. Governments should recognize that the nature of encryption is such that that there will be situations where access to information is not possible, although such situations should be rare. 2. Rule of law and due process are paramount All governments should ensure that assistance requested from providers is underpinned by the rule of law and due process protections. The principle that access by authorities to the information of private citizens occurs only pursuant to the rule of law and due process is fundamental to maintaining the values of our democratic society in all circumstances – whether in their homes, personal effects, devices, or communications. Access to information, subject to this principle, is critical to the ability of governments to protect our citizens by investigating threats and prosecuting crimes. This lawful access should always be subject to oversight by independent authorities and/or subject to judicial review. 3. Freedom of choice for lawful access solutions The Governments of the Five Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services that they create or operate in our countries. Governments should not favor a particular technology; instead, providers may create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements. Such solutions can be a constructive approach to current challenges. Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions. Australian Border Force (ABF) Who ​We Are A career with us Border Force officer recruit traineeship Report something suspicious​ ​About us

     

Dutch Seize "Encrypted" Messaging Service And Make Some Arrests While Advertising Their Hope To Make Many More Arrests

Police in the Netherlands have siezed servers for the Edward Snowden endorsed "Blackbox IronPhone IronChat" app and made a few arrests (archived). Dutch police say they are advertising their hope to make hundreds of more arrests early in the process of digesting the server contents to avoid provoking snitching accusation driven violence among the local outlaws. Earlier this year criminal organizations role playing "law enforcement" in the US and Canada arrested a small business owner for marketing improved privacy enhanced Blackberry communications devices in a similar case.

Onboard SSD Crypto Demonstrated To Be Homeopathic On Numerous Drives

Researchers at the Netherland's Radboud University, total enrollment 19,904 students, have confirmed the safe assumption that the onboard encryption offered by a number of SSD makers is indeed homeopathic and useless (archived). They describe what they refer to as a "pattern of critical issues" which allow them the freedom to read nominally encrypted volumes on a number of Crucial and Samsung drive models. Users of Microsoft Window's "Bitlocker" drive encryption are especially vulnerable since "Bitlocker" trusts onboard SSD encryption engines and will forgo applying its own software encryption when an SSD offers to do the encrypting. The "Make Security Theatre Again" movement is alive and well with mainstream hardware and software vendors.

Another Intel CPU Sidechannel Leak Documented With The Leak Dependent Once Again On A Thing Intel Did To Boost Appearance Of Speed

Another issue with Intel CPUs has been documented demonstrating the things are leaking bits from what Intel's marketing labels "secure" parts of CPU cores through a sidechannel made available via the simultanuous multi threading gimmick Intel's marketers labeled "hyperthreading" (archived). This has not been a good year for the accumulated gimmicks Intel has been tossing in their chips to simulate speed.

This vulnerability has been dubbed "Portsmash" as the continued accretion of trendy names for these things shows no signs of stopping.

IBM Buying Red Hat

IBM has reached an agreement to buy Red Hat, paying cash at a price of 190 USD per share (archived). IBM will colocate Red Hat in their "Hybrid Cloud" section. Red Hat ran out of "rebel" and "Innovator" credibility when the red hat inspiring their name was discovered to be a Cornell University lacross team hat, but being bought out by the punch card company is something else.

SystemD Vulnerability Allows Crashing Systems Remotely (And Probably Executing Code Too) With DHCPv6 Packets

The hole-iest of move fast and break things cults, SystemD has had another hole documented (archived). In systemd-networkd the DHCPv6 client will write outside the bounds of its heap when fed the right kind of packet leading to a range of effects depending on the particular packet fed. Chief SystemD thing breaker and professional tumor Leonart Poettering has published a patch which supposedly addresses this particular documented issue while introducing a unknown number1 of new bugs.


  1. And likely unknowable. Can you truly count how many individual bacteria in a gram of sewer effluent are alive or dead at any moment in time?