MS Bitlocker Diss SSD Crypto, ISPs Diss DNS Crypto, Sidewalk U1 Spies, CheckM8 Jailbreak

Sun Sep 29 22:55:48 PDT 2019

https://www.tomshardware.com/news/bitlocker-encrypts-self-encrypting-ssds,40504.html
https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

Microsoft gives up on SSD manufacturers: Windows will no longer trust
drives that say they can encrypt themselves, BitLocker will default to
CPU-accelerated AES encryption instead. This is after an exposé on
broad issues with firmware-powered encryption

Of course it has never been safe to trust any closed source
hardware encryption, or Microsoft's closed source Bitlocker NSA_KEY.

https://www.wsj.com/articles/google-draws-house-antitrust-scrutiny-of-internet-protocol-11569765637
https://judiciary.house.gov/sites/democrats.judiciary.house.gov/files/documents/Alphabet%20Inc.%20RFI%20-%20Signed%20(003).pdf
https://en.wikipedia.org/wiki/DNS_over_HTTPS

While Google says it's pushing for adoption of the technology to
prevent spying and spoofing, House investigators are worried this
would give the internet giant an unfair advantage by denying access to
users' data. The House sent a letter on September 13th asking if
Google would use data handled through the process for commercial
purposes... Internet service providers are worried that they may be
shut out of the data and won't know as much about their customers'
traffic patterns. This could "foreclose competition in advertising and
other industries," an alliance of ISPs told Congress in a September
19th letter...
Mozilla also wants to use the format to secure DNS in Firefox, and the
company's Marshall Erwin told the WSJ that the antitrust gripes are
"fundamentally misleading." ISPs are trying to undermine the standard
simply because they want continued access to users' data, Erwin said.
Unencrypted DNS helps them target ads by tracking your web habits, and
it's harder to thwart DNS tracking than cookies and other typical
approaches.

https://www.wired.co.uk/article/amazon-sidewalk-apple-u1-networks

Sidewalk, Amazon's new low-bandwidth long-range wireless networking
protocol, and Apple's new position- and distance-measuring U1 chip
(mentioned in a recent keynote). Apple's U1 chip -- which allows
precise, indoor positional tracking via the latest iPhones and will
power, at the very least, directional AirDrop file-sharing -- popped
up on screen but was never even mentioned. The interest-piquing phrase
"GPS at the scale of your living room" was saved for the online iPhone
product pages rather than the bombast of the Steve Jobs Theater...
Both Amazon and Apple have the hardware scale to build up the base of
access points needed to create a useful network before reaching out
to, most likely, iOS developers in Apple's case, and hardware makers
already on board with Alexa in Amazon's case. For Amazon, in fact,
that work has already begun as Sidewalk originally came out of the
Ring team's ambition to extend its connected security devices out into
gardens. "Ring lighting was the first time we ran into it as a
company, because we wanted to extend out onto the sidewalk," says
Daniel Rausch, VP of smart home at Amazon (which owns Ring).
The smart outoor Ring lights are already out. Products like the Smart
Floodlight and Pathlight list a "wireless connection to the Ring
Bridge" in the tech specs but eagle-eyed Ring owners had already
started to figure out what band Amazon was playing with for this
connection, before the Sidewalk announcement. "They've been using an
internal version of the protocol on the freely available and
unlicensed 900MHz part of the spectrum already," explains Rausch.
"What we realised was 'woah, we can actually do something special'. We
can make a version of this protocol which is secure and have this
unbelievably ubiquitous coverage if we bring it all together,
neighbours and neighbours and neighbours...." An innocent smart dog
tracker like Ring Fetch fits perfectly into this model of
Amazon-networked communities sharing video, alerts and location
tracking.

https://github.com/axi0mX/ipwndfu
http://blog.trailofbits.com/2019/09/27/tethered-jailbreaks-are-back/

EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent
unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S
(A5 chip) to iPhone 8 and iPhone X (A11 chip).