Angelesen #79

One Glitch to Rule Them All: Fault Injection Attacks Against AMD’s Secure Encrypted Virtualization (arxiv.org)

This paper introduces a new approach to attack SEV-protected virtual machines (VMs) by targeting the AMD-SP. We present a voltage glitching attack that allows an attacker to execute custom payloads on the AMD-SPs of all microarchitectures that support SEV currently on the market (Zen 1, Zen 2, and Zen 3). The presented methods allow us to deploy a custom SEV firmware on the AMD-SP, which enables an adversary to decrypt a VM’s memory. Furthermore, using our approach, we can extract endorsement keys of SEV-enabled CPUs, which allows us to fake attestation reports or to pose as a valid target for VM migration without requiring physical access to the target host

Power glitch attacks against AMD’s Secure Encrypted Virtualization

Universal income for open source maintainers (futureu.europa.eu)

First reaction : Yes
Second reaction: No, UBI should be there for everyone

GPSD time will jump back 1024 weeks at after week=2180 (23-October-2021) (gitlab.com)

This code is going to trigger a 1024 week backward time jump from Saturday October 16, 2021 to Sunday March 3, 2002.

whoopsie time and date are still very complex problems – yes, looking at you year 2038 problem

usb-c cable colour codes (sa.lj.am)

USB-C was supposed to be the answer to the chaos that is charge and data cable compatibility. And to an extent it was. It unified ports and reduced the amount of cables and chargers I need to travel with. The cables themselves, however, turned out to be a mess. They come in many varieties with obtuse names, confusing markers, and unclear compatibility rules. Yet they all look exactly the same.

This is a very neat colour scheme to patch my cables with – the main issue is… how do I identify those cables?

Amazon’s older Kindles will start to lose their internet access in December (theverge.com)

My Kindle has come of age; sad to see the internet go – I think that was one of the first devices I got that just came with Cell-Based internet right from the start.

Having the very rustic browser and internet wherever you go was a great thing to have several years ago. Now with easier roaming, it’s a thing of the past.

SSD belonging to Euro-cloud Scaleway was stolen from back of a truck, then turned up on YouTube (theregister.com)

Lechelle said Scaleway worked with the YouTuber to recover the disk. The French-language video creator has written to Scaleway with assurances they have not copied the information contained on the disk. It is said some customer data was on the drive, unencrypted, including the source code and SSH keys of an Italian VPS provider.

wow what a nightmare when a disk of a cloud provider just shows up on a marketplace

Bundesgerichtshof: Cum-Ex-Geschäfte sind strafbare Steuerhinterziehung (correctiv.org)

Anders ausgedrückt: Die Geschäfte, mit denen Hunderte Beteiligte über Jahre hinweg viele Millionen Euro, wenn nicht Milliarden Euro, verdient haben, sind nach Ansicht des Karlsruher Gerichts strafbar. Diese Entscheidung hat Auswirkungen auf viele Prozesse, die derzeit bei deutschen Gerichten laufen. In den kommenden Monaten und Jahren dürfte es zu weiteren Verurteilungen kommen, bei denen die Hauptverdächtigen mit harten Haftstrafen rechnen müssen.

Das wird spannend, wenn die Cum-Ex-Geschäfte strafbare handlungen nach sich ziehen, wird es vermutlich einige Rückzahlungen geben (hoffentlich)

Special Swiss Hosting: «Man darf von digitaler Kolonialisierung sprechen» (itmagazine.ch)

Die grosse Geopolitik findet nun auch online statt, das ist so. Die Schweiz ist ihr Spielball und hat nur eine Option: Sich für eine Weltordnung einzusetzen, die auf Regeln basiert, nicht auf dem Recht des Stärkeren." @anderageru

Das Europa ziemlich viele technologische Schritte verpasst hat wird nicht nur in der IT sichtbar sondern eigentlich fast in jeder Branche wo China quasi der einzige Ansprechspartner ist (Solarpanels, Windanlagen, Lithium-Ionen-Akkus etc.)