social.stefan-muenz.de

Search

Items tagged with: gnulinux

@gnulinux
Doch keine Schweizer Suchmaschine, da sie zu Nah am Amerikaner sind. Zudem zu Pervers mit etlichen Preisen aus Open-Source Welt sind. Es also Asozial ausnutzen oder besser Ausschlachten. Man muss auf #GNULinux aufpassen, das sich solche Unternehmen aus der Schweiz das nicht immer mehr Aushöhlen
 
Bonjour à tous et toutes, je suis #nouveauici (ou #nouvelleici) ! J’aime #framasoft, #diaspora, #debian, #gnulinux, #linux et le #logiciel-libre en général !

Ce nouveau compte est celui de l'association Debian-Facile. Vous pourrez y suivre les actualités de l'association, de ses projets, et de #Debian




Pour rester dans les thèmes des nouveaux venus, l'association vient justement tenir son Assemblée Générale et renouveler son Conseil d'Administration ! :)
Vous trouverez l''annonce complète ici : https://debian-facile.org/viewtopic.php?pid=340205#p340205

Au plaisir ! :D
#debianfacile #debian-facile
 
Bonjour à tous et toutes, je suis #nouveauici (ou #nouvelleici) ! J’aime #framasoft, #diaspora, #debian, #gnulinux, #linux et le #logiciel-libre en général !

Ce nouveau compte est celui de l'association Debian-Facile. Vous pourrez y suivre les actualités de l'association, de ses projets, et de #Debian




Pour rester dans les thèmes des nouveaux venus, l'association vient justement tenir son Assemblée Générale et renouveler son Conseil d'Administration ! :)
Vous trouverez l''annonce complète ici : https://debian-facile.org/viewtopic.php?pid=340205#p340205

Au plaisir ! :D
#debianfacile #debian-facile
 
Bonjour à tous et toutes, je suis #nouveauici (ou #nouvelleici) ! J’aime #framasoft, #diaspora, #debian, #gnulinux, #linux et le #logiciel-libre en général !

Ce nouveau compte est celui de l'association Debian-Facile. Vous pourrez y suivre les actualités de l'association, de ses projets, et de #Debian




Pour rester dans les thèmes des nouveaux venus, l'association vient justement tenir son Assemblée Générale et renouveler son Conseil d'Administration ! :)
Vous trouverez l''annonce complète ici : https://debian-facile.org/viewtopic.php?pid=340205#p340205

Au plaisir ! :D
#debianfacile #debian-facile
 

Mobian pretende llevar Debian a los móviles conservando sus virtudes » MuyLinux



A pesar de no haber conseguido hacerse un hueco en el mercado, eso no ha detenido los intentos para hacer llegar GNU/Linux al sector de la movilidad. Aparte de PINE64, UBProts e iniciativas como el Volla Phone, también existen diversos sistemas, entre los que se encuentra Mobian.

Como bien deja entrever su nombre, Mobian es un proyecto que intenta “integrar la distribución estándar de Debian y el proyecto Phone Shell (Phosh) en un paquete que funciona en ciertos teléfonos móviles, como el Pinephone”. Ahí ya tenemos el primer dispositivo oficialmente compatible con Mobian, el smartphone de PINE64, el cual está más orientado a los entusiastas de la informática (sobre todo de Linux) que al público general. Sobre la interfaz gráfica, Phosh es el desarrollo impulsado por Purism para adaptar las tecnologías de GNOME a los dispositivos móviles. Funciona con Wayland empleando un compositor propio llamado Phoc.
https://www.muylinux.com/2020/07/10/mobian-debian-moviles-pinephone/
#Ñ #gnu #linux #gnulinux
Mobian pretende llevar Debian a los móviles conservando sus virtudes
 

Mobian pretende llevar Debian a los móviles conservando sus virtudes » MuyLinux



A pesar de no haber conseguido hacerse un hueco en el mercado, eso no ha detenido los intentos para hacer llegar GNU/Linux al sector de la movilidad. Aparte de PINE64, UBProts e iniciativas como el Volla Phone, también existen diversos sistemas, entre los que se encuentra Mobian.

Como bien deja entrever su nombre, Mobian es un proyecto que intenta “integrar la distribución estándar de Debian y el proyecto Phone Shell (Phosh) en un paquete que funciona en ciertos teléfonos móviles, como el Pinephone”. Ahí ya tenemos el primer dispositivo oficialmente compatible con Mobian, el smartphone de PINE64, el cual está más orientado a los entusiastas de la informática (sobre todo de Linux) que al público general. Sobre la interfaz gráfica, Phosh es el desarrollo impulsado por Purism para adaptar las tecnologías de GNOME a los dispositivos móviles. Funciona con Wayland empleando un compositor propio llamado Phoc.
https://www.muylinux.com/2020/07/10/mobian-debian-moviles-pinephone/
#Ñ #gnu #linux #gnulinux
Mobian pretende llevar Debian a los móviles conservando sus virtudes
 

Facebook is not good for you...


https://www.vice.com/en_us/article/z3beea/facebook-moderators-lawsuit-ptsd-trauma-tracking-bathroom-breaks

"Despite Facebook’s push for secrecy, Zaicev is now among dozens of current and former moderators who have contacted Coleman Legal Partners in Dublin about bringing legal action against the company for failing to provide a safe work environment. Unlike a recent class action case in the U.S., each moderator has to file a separate case in Ireland.

“The happiest people are the people who are away from Facebook. The more unhappy you are in life, the more you are going to spend on Facebook,” one fomer moderator who is preparing a legal action against Facebook told VICE News. “And we spent the whole fricking day on Facebook. We can probably guess that it is not good for you.”"

#facebook #happiness #security #privacy #gnu #linux #gnulinux #deletefacebook
 

Facebook is not good for you...


https://www.vice.com/en_us/article/z3beea/facebook-moderators-lawsuit-ptsd-trauma-tracking-bathroom-breaks

"Despite Facebook’s push for secrecy, Zaicev is now among dozens of current and former moderators who have contacted Coleman Legal Partners in Dublin about bringing legal action against the company for failing to provide a safe work environment. Unlike a recent class action case in the U.S., each moderator has to file a separate case in Ireland.

“The happiest people are the people who are away from Facebook. The more unhappy you are in life, the more you are going to spend on Facebook,” one fomer moderator who is preparing a legal action against Facebook told VICE News. “And we spent the whole fricking day on Facebook. We can probably guess that it is not good for you.”"

#facebook #happiness #security #privacy #gnu #linux #gnulinux #deletefacebook
 

Comparison between web browsers


https://spyware.neocities.org/articles/browsers.html

Top Tier - Best Privacy
These are all browsers that require a minimal amount of configuration and can achive the required level of privacy needed to browse the modern web- compatibility with a comperhensive suite of content-blocking extensions that can block spyware providers correctly and fully. Iridium and Pale Moon both are configured in a way that leaks user information and thus require additional configuration.

TOR Browser
GNU IceCat
Ungoogled Chromium
Iridium Browser
Pale Moon

#gnu #linux #gnulinux #browsers #tor #icecat #ungoogledchromium #iridium #palemoon #firefox #browser
 

Comparison between web browsers


https://spyware.neocities.org/articles/browsers.html

Top Tier - Best Privacy
These are all browsers that require a minimal amount of configuration and can achive the required level of privacy needed to browse the modern web- compatibility with a comperhensive suite of content-blocking extensions that can block spyware providers correctly and fully. Iridium and Pale Moon both are configured in a way that leaks user information and thus require additional configuration.

TOR Browser
GNU IceCat
Ungoogled Chromium
Iridium Browser
Pale Moon

#gnu #linux #gnulinux #browsers #tor #icecat #ungoogledchromium #iridium #palemoon #firefox #browser
 
Yeah, that #herbs made me wonder too... If you look at those, there is too much bullshit. There should be more tags like #debian, #arch, #gentoo, #gimp #xfce #kde and so on... #linux is not even on the list, at least #gnulinux is.
 

Filtered word: nsfw

 
Immer noch #Windows7 auf dem PC? Nach dem 14. Januar endet die offizielle Versorgung mit Sicherheitsupdates - ein guter Zeitpunkt, um auf die freie Alternative #GNULinux umzusteigen.

https://www.digitalcourage.de/adventskalender/14

#DigitaleSelbstverteidigung #Adventskalender2019
Bild/Foto
 
Wer die Hoheit über den eigenen Rechner behalten möchte, sollte auf #FreieSoftware setzen. Verwenden sie auf Ihrem PC #GNULinux - optional auch parallel zu #Windows.

https://www.digitalcourage.de/adventskalender/14

#DigitaleSelbstverteidigung #Adventskalender2019
Bild/Foto
 
Auf der #LinuxInstallParty am Donnerstag haben wir natürlich auch wieder unsere #Multiboot-Sticks dabei, auf denen u.a. #MXLinux, #Debian und #LinuxMint vertreten sind. :tux: Sie sind sowohl in #Legacy- als auch #UEFI-Bootmodi nutzbar. Gegen einen kleinen Beitrag geben wir diese auch gern wieder ab. 🙂

Mehr Infos zur Veranstaltung im Blog: https://digitalcourage.de/blog/2019/gnu-linux-install-party-uni-bielefeld-2019-11

#Linux #GNULinux #FOSS #FLOSS #GRUB #Digitalcourage #DigitalcourageHSG #Bielefeld #UniBielefeld
Bild/Foto
 

Kali Linux 2019.4 est disponible

Nous sommes incroyablement heureux d'annoncer notre quatrième et dernière version de 2019, Kali Linux 2019.4, qui est disponible immédiatement en téléchargement.

2019.4 inclut quelques nouvelles mises à jour passionnantes :

* Un nouvel environnement de bureau par défaut, Xfce
* Un nouveau thème GTK3 (pour Gnome et Xfce)
* Introduction du mode "Kali Undercover
* Kali Documentation a un nouveau domicile et est maintenant alimenté par Git
* Emballage public - introduisez vos outils dans Kali
* Kali NetHunter KeX - Bureau Kali complet sur Android
* BTRFS pendant l'installation
* PowerShell ajouté
* Le noyau est mis à jour vers la version 5.3.9
* etc.
Traduit avec www.DeepL.com/Translator

Annonce officielle (en): https://www.kali.org/news/kali-linux-2019-4-release/

Téléchargement: https://www.kali.org/downloads/

#exploit #floss #gnu-linux #gnu linux #gnulinux #kali-linux #kali linux #kalilinux #libre #linux #open-source #open source #opensource #sécurité #securite #securite-informatique #sécurité-informatique #securite informatique #sécurité informatique #securiteinformatique #sécuritéinformatique #test-de-pénétration #test-de-penetration #test de pénétration #test de penetration #testdepénétration #testdepenetration
 
how to htaccess limit wordpress searches

lately this blog gets bombarded with queries like these: which decoded are Korean SPAM? which translates as: iptables / firewalld seem not to work and have to really really figure out why. until then this is a little workaround, it limits the[...]

\#linux #gnu #gnulinux #opensource #administration #sysops #wordpress #ddos #htaccess #webserver #apache #apache2
Quelle: https://dwaves.org/2019/03/04/how-to-htaccess-limit-wordpress-searches/
how to htaccess limit wordpress searches
 

Filtered word: nsfw

 
Bild/Foto

Avoid Intel and AMD Universal Backdoors


Only use computers certified to Respect Your Freedom (RYF)

The #Intel #Management #Engine is present on all Intel #desktop, #mobile ( #laptop ), and #server #systems since mid 2006. It consists of an #ARC #processor core (replaced with other processor cores in later generations of the ME), #code and #data #caches, a #timer, and a secure #internal #bus to which additional #devices are connected, including a #cryptography engine, internal #ROM and #RAM, #memory #controllers, and a direct memory access ( #DMA ) engine to access the host operating system’s memory as well as to reserve a region of protected external memory to supplement the ME’s limited internal RAM. The ME also has #network access with its own #MAC #address through an Intel #Gigabit #Ethernet #Controller. Its #boot program, stored on the internal ROM, loads a #firmware “manifest” from the PC’s SPI #flash #chip. This manifest is signed with a strong #cryptographic #key, which differs between versions of the ME firmware. If the manifest isn’t signed by a specific Intel key, the boot ROM won’t load and execute the firmware and the ME processor core will be halted.

The Active Management Technology ( #AMT ) application, part of the Intel “vPro” brand, is a #Web server and application code that enables #remote #users to #power on, power off, view information about, and otherwise manage the #PC. It can be used remotely even while the PC is powered off ( via #Wake-on-Lan ). Traffic is encrypted using #SSL / #TLS libraries, but recall that all of the major SSL/TLS implementations have had highly publicized vulnerabilities. The AMT application itself has known #vulnerabilities, which have been #exploited to develop #rootkits and #keyloggers and #covertly gain #encrypted #access to the management features of a PC. Remember that the ME has full access to the PC’s RAM. This means that an #attacker exploiting any of these vulnerabilities may gain access to everything on the PC as it runs: all open #files, all running #applications, all #keys pressed, and more.

ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include an ME application for audio and video DRM called “Protected Audio Video Path” (PAVP). The ME receives from the #host operating system an encrypted #media #stream and encrypted key, decrypts the key, and sends the encrypted media decrypted key to the #GPU, which then #decrypts the media. PAVP is also used by another ME application to draw an #authentication PIN pad directly onto the screen. In this usage, the PAVP application directly controls the graphics that appear on the PC’s screen in a way that the host #OS cannot detect. ME firmware version 7.0 on PCHs with 2nd Generation Intel Core #i3 / #i5 / #i7 (Sandy Bridge) CPUs replaces PAVP with a similar DRM application called “Intel Insider”. Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the #omnipotent #capabilities of the ME: this #hardware and its proprietary firmware can access and #control everything that is in RAM and even everything that is shown on the #screen.

The Intel Management Engine with its #proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and #mouse movements, and even #capture or #display #images on the screen. And it has a network interface that is demonstrably #insecure, which can allow an attacker on the network to #inject #rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a #threat to #freedom, #security, and #privacy that can’t be ignored.

Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be #removed entirely from the flash memory space. Libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400. ME firmware versions 6.0 and later, which are found on all systems with an Intel #Core i3/i5/i7 CPU and a PCH, include “ME Ignition” firmware that performs some hardware #initialization and power management. If the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.

Due to the signature verification, developing free #replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. As previously stated, the ME firmware includes proprietary code licensed from third parties, so Intel couldn’t release the source code even if they wanted to. And even if they developed completely new ME firmware without third-party proprietary code and released its source code, the ME’s boot ROM would reject any modified firmware that isn’t signed by Intel. Thus, the ME firmware is both hopelessly proprietary and #tivoized.

For years, #coreboot has been #struggling against Intel. Intel has been shown to be extremely uncooperative in general. Many coreboot #developers, and #companies, have tried to get Intel to #cooperate; namely, releasing source code for the firmware components. Even #Google, which sells millions of #Chromebooks (coreboot preinstalled) have been #unable to #persuade them.

Even when Intel does cooperate, they still don’t provide source code. They might provide limited #information (datasheets) under #strict #corporate #NDA ( #non-disclosure #agreement ), but even that is not guaranteed. Even ODMs and IBVs can’t get source code from Intel, in most cases (they will just integrate the blobs that Intel provides).

In summary, the Intel #Management #Engine and its applications are a #backdoor with #total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the Libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all #recent #generations of Intel hardware.

Recent Intel graphics chipsets also require firmware blobs


Intel is only going to get #worse when it comes to user freedom. Libreboot has no support recent Intel platforms, precisely because of the problems described above. The only way to solve this is to get Intel to #change their #policies and to be more #friendly to the free software #community. Reverse engineering won’t solve anything long-term, unfortunately, but we need to keep doing it anyway. Moving forward, Intel hardware is a non-option unless a #radical change happens within Intel.

Basically, all Intel hardware from year 2010 and beyond will never be supported by Libreboot. The Libreboot project is actively #ignoring all modern Intel hardware at this point, and focusing on #alternative platforms.

Why is the latest AMD hardware unsupported in Libreboot?


It is extremely unlikely that any post-2013 #AMD hardware will ever be supported in Libreboot, due to severe security and freedom #issues; so #severe, that the Libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the #problems described below, then you should get rid of it as soon as possible.

AMD Platform Security Processor (PSP)


This is basically AMD’s own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the #implementation is wildly different.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main #x86 core #startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the #x86 cores will not be #released from #reset, rendering the system #inoperable.

The PSP is an ARM core with TrustZone #technology, built onto the main CPU die. As such, it has the ability to #hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, #login data, #browsing #history, #keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the #network controllers and any other PCI/PCIe peripherals installed on the #system.

In theory any #malicious entity with access to the AMD signing key would be able to install persistent #malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD #firmware in the #past, and there is every #reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to #remotely #monitor and control any PSP enabled machine completely outside of the user’s #knowledge.

A reliable way to avoid Intel and AMD’s universal backdoors is to use computers with such spyware effectively removed or disabled like the ones certified to Respect Your Freedom (RYF).

#NSA #spyware #spy #mass #surveillance #FSF #GNU #GNULinux #RYF #technology #laptops #CPU #processor #universal #backdoor #malware #Corei3 #Corei5 #Corei7
 
Bild/Foto

Avoid Intel and AMD Universal Backdoors


Only use computers certified to Respect Your Freedom (RYF)

The #Intel #Management #Engine is present on all Intel #desktop, #mobile ( #laptop ), and #server #systems since mid 2006. It consists of an #ARC #processor core (replaced with other processor cores in later generations of the ME), #code and #data #caches, a #timer, and a secure #internal #bus to which additional #devices are connected, including a #cryptography engine, internal #ROM and #RAM, #memory #controllers, and a direct memory access ( #DMA ) engine to access the host operating system’s memory as well as to reserve a region of protected external memory to supplement the ME’s limited internal RAM. The ME also has #network access with its own #MAC #address through an Intel #Gigabit #Ethernet #Controller. Its #boot program, stored on the internal ROM, loads a #firmware “manifest” from the PC’s SPI #flash #chip. This manifest is signed with a strong #cryptographic #key, which differs between versions of the ME firmware. If the manifest isn’t signed by a specific Intel key, the boot ROM won’t load and execute the firmware and the ME processor core will be halted.

The Active Management Technology ( #AMT ) application, part of the Intel “vPro” brand, is a #Web server and application code that enables #remote #users to #power on, power off, view information about, and otherwise manage the #PC. It can be used remotely even while the PC is powered off ( via #Wake-on-Lan ). Traffic is encrypted using #SSL / #TLS libraries, but recall that all of the major SSL/TLS implementations have had highly publicized vulnerabilities. The AMT application itself has known #vulnerabilities, which have been #exploited to develop #rootkits and #keyloggers and #covertly gain #encrypted #access to the management features of a PC. Remember that the ME has full access to the PC’s RAM. This means that an #attacker exploiting any of these vulnerabilities may gain access to everything on the PC as it runs: all open #files, all running #applications, all #keys pressed, and more.

ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include an ME application for audio and video DRM called “Protected Audio Video Path” (PAVP). The ME receives from the #host operating system an encrypted #media #stream and encrypted key, decrypts the key, and sends the encrypted media decrypted key to the #GPU, which then #decrypts the media. PAVP is also used by another ME application to draw an #authentication PIN pad directly onto the screen. In this usage, the PAVP application directly controls the graphics that appear on the PC’s screen in a way that the host #OS cannot detect. ME firmware version 7.0 on PCHs with 2nd Generation Intel Core #i3 / #i5 / #i7 (Sandy Bridge) CPUs replaces PAVP with a similar DRM application called “Intel Insider”. Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the #omnipotent #capabilities of the ME: this #hardware and its proprietary firmware can access and #control everything that is in RAM and even everything that is shown on the #screen.

The Intel Management Engine with its #proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and #mouse movements, and even #capture or #display #images on the screen. And it has a network interface that is demonstrably #insecure, which can allow an attacker on the network to #inject #rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a #threat to #freedom, #security, and #privacy that can’t be ignored.

Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be #removed entirely from the flash memory space. Libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400. ME firmware versions 6.0 and later, which are found on all systems with an Intel #Core i3/i5/i7 CPU and a PCH, include “ME Ignition” firmware that performs some hardware #initialization and power management. If the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.

Due to the signature verification, developing free #replacement firmware for the ME is basically impossible. The only entity capable of replacing the ME firmware is Intel. As previously stated, the ME firmware includes proprietary code licensed from third parties, so Intel couldn’t release the source code even if they wanted to. And even if they developed completely new ME firmware without third-party proprietary code and released its source code, the ME’s boot ROM would reject any modified firmware that isn’t signed by Intel. Thus, the ME firmware is both hopelessly proprietary and #tivoized.

For years, #coreboot has been #struggling against Intel. Intel has been shown to be extremely uncooperative in general. Many coreboot #developers, and #companies, have tried to get Intel to #cooperate; namely, releasing source code for the firmware components. Even #Google, which sells millions of #Chromebooks (coreboot preinstalled) have been #unable to #persuade them.

Even when Intel does cooperate, they still don’t provide source code. They might provide limited #information (datasheets) under #strict #corporate #NDA ( #non-disclosure #agreement ), but even that is not guaranteed. Even ODMs and IBVs can’t get source code from Intel, in most cases (they will just integrate the blobs that Intel provides).

In summary, the Intel #Management #Engine and its applications are a #backdoor with #total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the Libreboot project strongly recommends avoiding it entirely. Since recent versions of it can’t be removed, this means avoiding all #recent #generations of Intel hardware.

Recent Intel graphics chipsets also require firmware blobs


Intel is only going to get #worse when it comes to user freedom. Libreboot has no support recent Intel platforms, precisely because of the problems described above. The only way to solve this is to get Intel to #change their #policies and to be more #friendly to the free software #community. Reverse engineering won’t solve anything long-term, unfortunately, but we need to keep doing it anyway. Moving forward, Intel hardware is a non-option unless a #radical change happens within Intel.

Basically, all Intel hardware from year 2010 and beyond will never be supported by Libreboot. The Libreboot project is actively #ignoring all modern Intel hardware at this point, and focusing on #alternative platforms.

Why is the latest AMD hardware unsupported in Libreboot?


It is extremely unlikely that any post-2013 #AMD hardware will ever be supported in Libreboot, due to severe security and freedom #issues; so #severe, that the Libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the #problems described below, then you should get rid of it as soon as possible.

AMD Platform Security Processor (PSP)


This is basically AMD’s own version of the Intel Management Engine. It has all of the same basic security and freedom issues, although the #implementation is wildly different.

The Platform Security Processor (PSP) is built in on all Family 16h + systems (basically anything post-2013), and controls the main #x86 core #startup. PSP firmware is cryptographically signed with a strong key similar to the Intel ME. If the PSP firmware is not present, or if the AMD signing key is not present, the #x86 cores will not be #released from #reset, rendering the system #inoperable.

The PSP is an ARM core with TrustZone #technology, built onto the main CPU die. As such, it has the ability to #hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, #login data, #browsing #history, #keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM “features” to work as intended), which means that it has at minimum MMIO-based access to the #network controllers and any other PCI/PCIe peripherals installed on the #system.

In theory any #malicious entity with access to the AMD signing key would be able to install persistent #malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD #firmware in the #past, and there is every #reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to #remotely #monitor and control any PSP enabled machine completely outside of the user’s #knowledge.

A reliable way to avoid Intel and AMD’s universal backdoors is to use computers with such spyware effectively removed or disabled like the ones certified to Respect Your Freedom (RYF).

#NSA #spyware #spy #mass #surveillance #FSF #GNU #GNULinux #RYF #technology #laptops #CPU #processor #universal #backdoor #malware #Corei3 #Corei5 #Corei7
 

Filtered word: nsfw

 
Bild/Foto

#GnuLinux - #Arch

Free Torrents For All #ft4a.xyz site ft4a.xyz


zen_installer-2019.06.22-x86_64.iso

Le programme d’installation #Zen fournit un #environnement-graphique complet pour l’i #nstallation d’ #Arch-Linux.
Il prend en charge l’installation de plusieurs environnements de #bureau, AUR. Les environnement de bureau disponibles incluent #Gnome, #KDE, #Mate, #XFCE Bild/Foto et #LXDE.
L’ #ISO démarrera l’environnement en direct, puis téléchargera la version #stable la plus récente du programme d’installation dès que vous serez connecté à Internet. Vous disposerz ainsi toujours de la dernière version programme d’installation avec des fonctionnalités mises à jour.

ne demander rien ou si peu, car je suis nul en informatique
moi je tourne sur une base Debian :MX Linux
et Arch ma toujours fait peur et pourtant m’attire Bild/Foto
 
Bild/Foto

#GnuLinux - #Arch

Free Torrents For All #ft4a.xyz site ft4a.xyz


zen_installer-2019.06.22-x86_64.iso

Le programme d’installation #Zen fournit un #environnement-graphique complet pour l’i #nstallation d’ #Arch-Linux.
Il prend en charge l’installation de plusieurs environnements de #bureau, AUR. Les environnement de bureau disponibles incluent #Gnome, #KDE, #Mate, #XFCE Bild/Foto et #LXDE.
L’ #ISO démarrera l’environnement en direct, puis téléchargera la version #stable la plus récente du programme d’installation dès que vous serez connecté à Internet. Vous disposerz ainsi toujours de la dernière version programme d’installation avec des fonctionnalités mises à jour.

ne demander rien ou si peu, car je suis nul en informatique
moi je tourne sur une base Debian :MX Linux
et Arch ma toujours fait peur et pourtant m’attire Bild/Foto
 
#unitoodailynews, #opensource, #softwarelibero, #phoronix, #gnulinux Oracle's Kernel Test Framework Might Be Added To The Linux Kernel Tree - Phoronix https://t.co/TETWtoQKyj
 
Bild/Foto

Evita ser víctima de las puertas traseras universales de Intel y AMD


Solo usa computadoras certificadas por la Fundación del Software Libre

La "Maquina Gestora de Intel" (Intel Management Engine) es una #computadora #autónoma e #integrada en todos los procesadores #Intel de computadoras de #escritorio, #portátiles y #servidores desde el año 2006. Consiste en un #procesador ARC (remplazado por otro tipo en versiones más recientes), #almacenamiento temporal, un temporizador y un #interfaz de comunicación cifrado que está conectado a otros #componentes adicionales tales como una unidad #criptográfica, unidades de almacenamiento #ROM y #RAM internas y la función de acceso directo a la memoria ( #DMA ) del #sistema #operativo anfitrión, así como también posee la habilidad de #reservar un #sector de la #memoria RAM externa para expandir la memoria limitada de la #máquina #gestora. Por si fuera poco, esta #puerta #trasera también cuenta con acceso independiente a la red ( #Internet ) con su propia #dirección #MAC diferente a la del #dispositivo de #red.

El #funcionamiento de la máquina gestora sucede de la siguiente manera: el #programa de #arranque que reside en un #componente #interno de solo lectura carga un "manifiesto" desde el chip #SPI y dicho #manifiesto contiene una #firma #electrónica #criptográfica que varia entre #versiones de la máquina gestora. Si este manifiesto no contiene una firma electrónica válida de Intel (por ejemplo, por haber sido modificado), el dispositivo de arranque no funcionará ni ejecutará los #programas de arranque y esto a su vez causaría que el procesador de la computadora deje de funcionar.

La aplicación #AMT (Active Management Technology), parte de la serie Intel "vPro", es un servidor web que permite que las #agencias de #espionaje y #atacantes #remotos puedan #encender o #apagar el equipo y #acceder a toda la #información de la computadora: en pocas palabras, esto permite que los #espías remotos tomen el #control #total del equipo. Esto lo pueden hacer aún cuando la computadora esté #apagada por medio de la #funcionalidad de encendido por red local ( #Wake-on-LAN ). Aunque el flujo de datos envíado a las agencias de espionaje esté cifrado con #SSL / #TLS (¡vaya consuelo!), es bien sabido que estos #protocolos han tenido #vulnerabilidades muy bien #documentadas que ya han sido aprovechadas para desarrollar #rootkits, #keyloggers y así lograr el control #secreto de todas las #funciones de la computadora. El tener #acceso a todos los #datos de la memoria significa que las agencias de espionaje tienen acceso a todos los #archivos abiertos, a todas las #aplicaciones, a un #registro de todas las #teclas oprimidas, etc.

Las versiones 4.0 y posteriores de la máquina gestora de Intel incluyen una aplicación de #grilletes #digitales ( #DRM ) llamada “Protected Audio Video Path” (PAVP). La operación de estos grilletes digitales se lleva a cabo cuando la máquina gestora recibe la #señal de #audio y #video cifrada del sistema operativo #anfitrión, decifra su #clave y la envía al dispositivo de video ( #GPU ) el cual descifra la señal y la reproduce. De esta manera la aplicación #PAVP controla directamente que #gráficos aparecen en la #pantalla de una manera que el sistema operativo del #usuario no puede ni #controlar ni #detectar.

En las versiones 7.0 de la máquina gestora en procesadores de #segunda #generación de Intel #Core #i3 / #i5 / #i7, la aplicación PAVP ha sido remplazada con una aplicación similar de grilletes digitales llamada "Intel Insider". Estas aplicaciones de grilletes digitales, que además son Defectuosas por Diseño, demuestran las #habilidades #omnipotentes de la máquina gestora debido a que estos componentes y sus programas #privativos pueden acceder y controlar todo lo que se encuentra en la memoria del equipo y #espiar todo lo que aparece en pantalla. Al igual que en sus versiones anteriores, la máquina gestora puede #encender o #apagar el equipo, #leer todos los #archivos #abiertos, #examinar todas las #aplicaciones en ejecución, #registrar todas las teclas oprimidas y los #movimientos del #ratón e incluso #capturar y #controlar todo lo mostrado en pantalla. De la misma manera, su #interfaz de #red insegura permite que atacantes informáticos inyecten rootkits que pueden infectar el sistema por #completo y permitir que espías remotos puedan #vigilar todas las #actividades llevadas a cabo en la computadora. Esto representa una #grave #amenaza a tu #libertad, #seguridad y #privacidad que no puede ser #ignorada.

En versiones #anteriores a la 6.0, en sistemas del 2008 y 2009 o anteriores, la máquina gestora podía ser #desactivada escribiendo un par de #valores en la memoria SPI. Esto permitía que la máquina gestora pudiera ser #eliminada #completamente de la memoria fija. El proyecto #Libreboot ha logrado esto en los #modelos #compatibles de la serie 4 de Intel. Sin embargo, las #versiones 6.0 y #posteriores de la máquina gestora, presentes en todos los #sistemas con #procesadores Intel Core i3/i5/i7 incluyen un programa llamado "ME Ignition" que lleva a cabo #tareas de arranque y de #gestión de #energía. Dicho programa #verifica la #existencia y #validez de la firma electrónica de Intel y en caso de que esta firma no está #presente o no sea #válida, la computadora se apaga en 30 minutos.

Debido a la verificación de la firma electrónica, la #posibilidad de #desarrollar un remplazo del programa de la máquina gestora es básicamente #imposible. La única #entidad #capaz de #remplazar dicho programa es Intel. La máquina gestora incluye código privativo sujeto a #licencias de #terceras #partes, por lo que Intel no podría #revelar el código #legalmente aunque así lo quisiera. Aunque otras #personas desarrollen programas para remplazar para la máquina gestora, estos no funcionarían si no son #firmados #digitalmente por Intel. Por lo tanto, la máquina gestora de Intel es #irremediablemente #privativa y tivoizada.

Por años el #proyecto #Coreboot ha estado #presionando a Intel, pero este se ha #negado #rotundamente a #cooperar. Muchos #desarrolladores de Coreboot y otras #compañías han tratado de #presionar a Intel para que coopere; es decir, que publique el #código #fuente de la máquina gestora. Incluso #Google, compañía que vende #millones de #computadoras #Chromebooks (con Coreboot pre-instalado), no ha podido lograr #persuadir a Intel.

Incluso cuando Intel ha llegado a cooperar, este no publica el código fuente y solo da #información #limitada ( #especificaciones #técnicas ) bajo #estrictos #acuerdos de #confidencialidad. Ni siquiera las #empresas #fabricantes de computadoras reciben el código fuente de Intel y se ven #obligadas a incluir las #porciones #binarias ( #blobs ) tal como se las da Intel.

En #resumen, la máquina gestora de Intel y sus programas son #puertas #traseras #universales con acceso y control total de la computadora y representan una #terrible #amenaza para la libertad, seguridad y privacidad de sus usuarios. Por lo tanto, el proyecto Libreboot #recomienda firmemente que se #evite su #uso #completamente. Debido a que en todas las versiones recientes de procesadores Intel esta puerta trasera no puede ser eliminada, esto #implica #evitar #usar todas las generaciones recientes de procesadores de Intel.

¿Y qué hay con AMD?


#AMD tiene su #propia #versión de la máquina gestora llamada AMD Platform Security Processor ( #PSP ) que presenta las mismas amenazas de seguridad que la de Intel. El PSP es un procesador #ARM #autónomo e #integrado en el procesador #principal y como tal tiene la #habilidad de #ocultar su propio código de #ejecución, obtener los #datos de la memoria RAM como #claves de #cifrado, datos #personales #confidenciales, #historial de #navegación, teclas oprimidas, etc. En teoría, cualquier #entidad #hostil que cuente con la clave de firma digital de AMD puede #instalar #software #maligno que solo podría ser eliminado por medio de #herramientas #especializadas y una versión #íntegra del programa PSP. Además, al igual que con Intel, se han descubierto diversas vulnerabilidades que ya han sido #demostradas en el #pasado y lo más #probable es que haya más en el código privativo del PSP. Dichas vulnerabilidades permiten que agencias de espionaje y #criminales #informáticos logren #monitorear y controlar cualquier computadora que tenga el PSP de AMD sin que el usuario tenga #conocimiento de ello.

Es muy poco probable que los procesadores AMD posteriores al año 2013 puedan alguna vez ser #compatibles con Libreboot y por esa razón también se recomienda evitar usar #todos los procesadores AMD recientes.

¿Entonces qué puedo usar?


Por ahora la manera más #sencilla y #confiable de evitar las puertas traseras universales de Intel y AMD es usar únicamente computadoras que han obtenido la certificación RYF de la Fundación del Software Libre. Aunque estas computadoras certificadas aún contienen modelos anteriores de procesadores Intel o AMD, las puertas traseras en ellos han sido eliminadas o desactivadas y por lo tanto proveen mayor seguridad y privacidad siempre y cuando se utilicen única y exclusivamente con sistemas operativos completamente libres.
#NSA #CIA #inteligencia #Snowden #Wikileaks #laptops #ordenador #criptografía #hardware #CPU #tecnología #libre #GNU #GNUlinux #FSF #SoftwareLibre #soberanía #ñ #español #Mexico #México #España #Colombia #Argentina #Perú #Peru #Venezuela #Chile #Ecuador #Guatemala #Cuba #Bolivia #Guatemala #RepúblicaDominicana #Honduras #ElSalvador #Paraguay #Nicaragua #CostaRica #PuertoRico #Panamá #Panama #Uruguay
#computadora #autónoma #integrada #Intel #escritorio #portátiles #servidores #procesador #almacenamiento #interfaz #componentes #criptográfica #ROM #RAM #DMA #sistema #operativo #reservar #sector #memoria #máquina #gestora #puerta #trasera #Internet #dirección #MAC #dispositivo #red #funcionamiento #programa #arranque #componente #interno #SPI #manifiesto #firma #electrónica #versiones #programas #AMT #agencias #espionaje #atacantes #remotos #encender #apagar #acceder #información #espías #control #total #apagada #funcionalidad #Wake-on-LAN #SSL #TLS #protocolos #vulnerabilidades #documentadas #rootkits #keyloggers #secreto #funciones #acceso #datos #archivos #aplicaciones #registro #teclas #grilletes #digitales #DRM #señal #audio #video #anfitrión #clave #GPU #PAVP #gráficos #pantalla #usuario #controlar #detectar #segunda #generación #Core #i3 #i5 #i7 #habilidades #omnipotentes #privativos #espiar #leer #abiertos #examinar #registrar #movimientos #ratón #capturar #completo #vigilar #actividades #grave #amenaza #libertad #seguridad #privacidad #ignorada #anteriores #desactivada #valores #eliminada #completamente #Libreboot #modelos #compatibles #posteriores #sistemas #procesadores #tareas #gestión #energía #verifica #existencia #validez #presente #válida #posibilidad #desarrollar #imposible #entidad #capaz #remplazar #licencias #terceras #partes #revelar #legalmente #personas #firmados #digitalmente #irremediablemente #privativa #proyecto #Coreboot #presionando #negado #rotundamente #cooperar #desarrolladores #compañías #presionar #código #fuente #Google #millones #computadoras #Chromebooks #persuadir #limitada #especificaciones #técnicas #estrictos #acuerdos #confidencialidad #empresas #fabricantes #obligadas #porciones #binarias #blobs #resumen #puertas #traseras #universales #terrible #recomienda #evite #uso #implica #evitar #usar #AMD #propia #versión #PSP #ARM #autónomo #integrado #principal #habilidad #ocultar #ejecución #claves #cifrado #personales #confidenciales #historial #navegación #hostil #instalar #software #maligno #herramientas #especializadas #íntegra #demostradas #pasado #probable #criminales #informáticos #monitorear #conocimiento #todos #sencilla #confiable #NSA #CIA #inteligencia #Snowden #Wikileaks #laptops #ordenador #criptografía #hardware #CPU #tecnología #libre #GNU #GNUlinux #FSF #SoftwareLibre #soberanía #ñ #español #Mexico #España #Colombia #Argentina #Perú #Venezuela #Chile #Ecuador #Guatemala #Cuba #Bolivia #RepúblicaDominicana #Honduras #ElSalvador #Paraguay #Nicaragua #CostaRica #PuertoRico #Panamá #Uruguay
 
Bild/Foto

Evita ser víctima de las puertas traseras universales de Intel y AMD


Solo usa computadoras certificadas por la Fundación del Software Libre

La "Maquina Gestora de Intel" (Intel Management Engine) es una #computadora #autónoma e #integrada en todos los procesadores #Intel de computadoras de #escritorio, #portátiles y #servidores desde el año 2006. Consiste en un #procesador ARC (remplazado por otro tipo en versiones más recientes), #almacenamiento temporal, un temporizador y un #interfaz de comunicación cifrado que está conectado a otros #componentes adicionales tales como una unidad #criptográfica, unidades de almacenamiento #ROM y #RAM internas y la función de acceso directo a la memoria ( #DMA ) del #sistema #operativo anfitrión, así como también posee la habilidad de #reservar un #sector de la #memoria RAM externa para expandir la memoria limitada de la #máquina #gestora. Por si fuera poco, esta #puerta #trasera también cuenta con acceso independiente a la red ( #Internet ) con su propia #dirección #MAC diferente a la del #dispositivo de #red.

El #funcionamiento de la máquina gestora sucede de la siguiente manera: el #programa de #arranque que reside en un #componente #interno de solo lectura carga un "manifiesto" desde el chip #SPI y dicho #manifiesto contiene una #firma #electrónica #criptográfica que varia entre #versiones de la máquina gestora. Si este manifiesto no contiene una firma electrónica válida de Intel (por ejemplo, por haber sido modificado), el dispositivo de arranque no funcionará ni ejecutará los #programas de arranque y esto a su vez causaría que el procesador de la computadora deje de funcionar.

La aplicación #AMT (Active Management Technology), parte de la serie Intel "vPro", es un servidor web que permite que las #agencias de #espionaje y #atacantes #remotos puedan #encender o #apagar el equipo y #acceder a toda la #información de la computadora: en pocas palabras, esto permite que los #espías remotos tomen el #control #total del equipo. Esto lo pueden hacer aún cuando la computadora esté #apagada por medio de la #funcionalidad de encendido por red local ( #Wake-on-LAN ). Aunque el flujo de datos envíado a las agencias de espionaje esté cifrado con #SSL / #TLS (¡vaya consuelo!), es bien sabido que estos #protocolos han tenido #vulnerabilidades muy bien #documentadas que ya han sido aprovechadas para desarrollar #rootkits, #keyloggers y así lograr el control #secreto de todas las #funciones de la computadora. El tener #acceso a todos los #datos de la memoria significa que las agencias de espionaje tienen acceso a todos los #archivos abiertos, a todas las #aplicaciones, a un #registro de todas las #teclas oprimidas, etc.

Las versiones 4.0 y posteriores de la máquina gestora de Intel incluyen una aplicación de #grilletes #digitales ( #DRM ) llamada “Protected Audio Video Path” (PAVP). La operación de estos grilletes digitales se lleva a cabo cuando la máquina gestora recibe la #señal de #audio y #video cifrada del sistema operativo #anfitrión, decifra su #clave y la envía al dispositivo de video ( #GPU ) el cual descifra la señal y la reproduce. De esta manera la aplicación #PAVP controla directamente que #gráficos aparecen en la #pantalla de una manera que el sistema operativo del #usuario no puede ni #controlar ni #detectar.

En las versiones 7.0 de la máquina gestora en procesadores de #segunda #generación de Intel #Core #i3 / #i5 / #i7, la aplicación PAVP ha sido remplazada con una aplicación similar de grilletes digitales llamada "Intel Insider". Estas aplicaciones de grilletes digitales, que además son Defectuosas por Diseño, demuestran las #habilidades #omnipotentes de la máquina gestora debido a que estos componentes y sus programas #privativos pueden acceder y controlar todo lo que se encuentra en la memoria del equipo y #espiar todo lo que aparece en pantalla. Al igual que en sus versiones anteriores, la máquina gestora puede #encender o #apagar el equipo, #leer todos los #archivos #abiertos, #examinar todas las #aplicaciones en ejecución, #registrar todas las teclas oprimidas y los #movimientos del #ratón e incluso #capturar y #controlar todo lo mostrado en pantalla. De la misma manera, su #interfaz de #red insegura permite que atacantes informáticos inyecten rootkits que pueden infectar el sistema por #completo y permitir que espías remotos puedan #vigilar todas las #actividades llevadas a cabo en la computadora. Esto representa una #grave #amenaza a tu #libertad, #seguridad y #privacidad que no puede ser #ignorada.

En versiones #anteriores a la 6.0, en sistemas del 2008 y 2009 o anteriores, la máquina gestora podía ser #desactivada escribiendo un par de #valores en la memoria SPI. Esto permitía que la máquina gestora pudiera ser #eliminada #completamente de la memoria fija. El proyecto #Libreboot ha logrado esto en los #modelos #compatibles de la serie 4 de Intel. Sin embargo, las #versiones 6.0 y #posteriores de la máquina gestora, presentes en todos los #sistemas con #procesadores Intel Core i3/i5/i7 incluyen un programa llamado "ME Ignition" que lleva a cabo #tareas de arranque y de #gestión de #energía. Dicho programa #verifica la #existencia y #validez de la firma electrónica de Intel y en caso de que esta firma no está #presente o no sea #válida, la computadora se apaga en 30 minutos.

Debido a la verificación de la firma electrónica, la #posibilidad de #desarrollar un remplazo del programa de la máquina gestora es básicamente #imposible. La única #entidad #capaz de #remplazar dicho programa es Intel. La máquina gestora incluye código privativo sujeto a #licencias de #terceras #partes, por lo que Intel no podría #revelar el código #legalmente aunque así lo quisiera. Aunque otras #personas desarrollen programas para remplazar para la máquina gestora, estos no funcionarían si no son #firmados #digitalmente por Intel. Por lo tanto, la máquina gestora de Intel es #irremediablemente #privativa y tivoizada.

Por años el #proyecto #Coreboot ha estado #presionando a Intel, pero este se ha #negado #rotundamente a #cooperar. Muchos #desarrolladores de Coreboot y otras #compañías han tratado de #presionar a Intel para que coopere; es decir, que publique el #código #fuente de la máquina gestora. Incluso #Google, compañía que vende #millones de #computadoras #Chromebooks (con Coreboot pre-instalado), no ha podido lograr #persuadir a Intel.

Incluso cuando Intel ha llegado a cooperar, este no publica el código fuente y solo da #información #limitada ( #especificaciones #técnicas ) bajo #estrictos #acuerdos de #confidencialidad. Ni siquiera las #empresas #fabricantes de computadoras reciben el código fuente de Intel y se ven #obligadas a incluir las #porciones #binarias ( #blobs ) tal como se las da Intel.

En #resumen, la máquina gestora de Intel y sus programas son #puertas #traseras #universales con acceso y control total de la computadora y representan una #terrible #amenaza para la libertad, seguridad y privacidad de sus usuarios. Por lo tanto, el proyecto Libreboot #recomienda firmemente que se #evite su #uso #completamente. Debido a que en todas las versiones recientes de procesadores Intel esta puerta trasera no puede ser eliminada, esto #implica #evitar #usar todas las generaciones recientes de procesadores de Intel.

¿Y qué hay con AMD?


#AMD tiene su #propia #versión de la máquina gestora llamada AMD Platform Security Processor ( #PSP ) que presenta las mismas amenazas de seguridad que la de Intel. El PSP es un procesador #ARM #autónomo e #integrado en el procesador #principal y como tal tiene la #habilidad de #ocultar su propio código de #ejecución, obtener los #datos de la memoria RAM como #claves de #cifrado, datos #personales #confidenciales, #historial de #navegación, teclas oprimidas, etc. En teoría, cualquier #entidad #hostil que cuente con la clave de firma digital de AMD puede #instalar #software #maligno que solo podría ser eliminado por medio de #herramientas #especializadas y una versión #íntegra del programa PSP. Además, al igual que con Intel, se han descubierto diversas vulnerabilidades que ya han sido #demostradas en el #pasado y lo más #probable es que haya más en el código privativo del PSP. Dichas vulnerabilidades permiten que agencias de espionaje y #criminales #informáticos logren #monitorear y controlar cualquier computadora que tenga el PSP de AMD sin que el usuario tenga #conocimiento de ello.

Es muy poco probable que los procesadores AMD posteriores al año 2013 puedan alguna vez ser #compatibles con Libreboot y por esa razón también se recomienda evitar usar #todos los procesadores AMD recientes.

¿Entonces qué puedo usar?


Por ahora la manera más #sencilla y #confiable de evitar las puertas traseras universales de Intel y AMD es usar únicamente computadoras que han obtenido la certificación RYF de la Fundación del Software Libre. Aunque estas computadoras certificadas aún contienen modelos anteriores de procesadores Intel o AMD, las puertas traseras en ellos han sido eliminadas o desactivadas y por lo tanto proveen mayor seguridad y privacidad siempre y cuando se utilicen única y exclusivamente con sistemas operativos completamente libres.
#NSA #CIA #inteligencia #Snowden #Wikileaks #laptops #ordenador #criptografía #hardware #CPU #tecnología #libre #GNU #GNUlinux #FSF #SoftwareLibre #soberanía #ñ #español #Mexico #México #España #Colombia #Argentina #Perú #Peru #Venezuela #Chile #Ecuador #Guatemala #Cuba #Bolivia #Guatemala #RepúblicaDominicana #Honduras #ElSalvador #Paraguay #Nicaragua #CostaRica #PuertoRico #Panamá #Panama #Uruguay
#computadora #autónoma #integrada #Intel #escritorio #portátiles #servidores #procesador #almacenamiento #interfaz #componentes #criptográfica #ROM #RAM #DMA #sistema #operativo #reservar #sector #memoria #máquina #gestora #puerta #trasera #Internet #dirección #MAC #dispositivo #red #funcionamiento #programa #arranque #componente #interno #SPI #manifiesto #firma #electrónica #versiones #programas #AMT #agencias #espionaje #atacantes #remotos #encender #apagar #acceder #información #espías #control #total #apagada #funcionalidad #Wake-on-LAN #SSL #TLS #protocolos #vulnerabilidades #documentadas #rootkits #keyloggers #secreto #funciones #acceso #datos #archivos #aplicaciones #registro #teclas #grilletes #digitales #DRM #señal #audio #video #anfitrión #clave #GPU #PAVP #gráficos #pantalla #usuario #controlar #detectar #segunda #generación #Core #i3 #i5 #i7 #habilidades #omnipotentes #privativos #espiar #leer #abiertos #examinar #registrar #movimientos #ratón #capturar #completo #vigilar #actividades #grave #amenaza #libertad #seguridad #privacidad #ignorada #anteriores #desactivada #valores #eliminada #completamente #Libreboot #modelos #compatibles #posteriores #sistemas #procesadores #tareas #gestión #energía #verifica #existencia #validez #presente #válida #posibilidad #desarrollar #imposible #entidad #capaz #remplazar #licencias #terceras #partes #revelar #legalmente #personas #firmados #digitalmente #irremediablemente #privativa #proyecto #Coreboot #presionando #negado #rotundamente #cooperar #desarrolladores #compañías #presionar #código #fuente #Google #millones #computadoras #Chromebooks #persuadir #limitada #especificaciones #técnicas #estrictos #acuerdos #confidencialidad #empresas #fabricantes #obligadas #porciones #binarias #blobs #resumen #puertas #traseras #universales #terrible #recomienda #evite #uso #implica #evitar #usar #AMD #propia #versión #PSP #ARM #autónomo #integrado #principal #habilidad #ocultar #ejecución #claves #cifrado #personales #confidenciales #historial #navegación #hostil #instalar #software #maligno #herramientas #especializadas #íntegra #demostradas #pasado #probable #criminales #informáticos #monitorear #conocimiento #todos #sencilla #confiable #NSA #CIA #inteligencia #Snowden #Wikileaks #laptops #ordenador #criptografía #hardware #CPU #tecnología #libre #GNU #GNUlinux #FSF #SoftwareLibre #soberanía #ñ #español #Mexico #España #Colombia #Argentina #Perú #Venezuela #Chile #Ecuador #Guatemala #Cuba #Bolivia #RepúblicaDominicana #Honduras #ElSalvador #Paraguay #Nicaragua #CostaRica #PuertoRico #Panamá #Uruguay
 
2019 status of jailbreak apple devices tools overview - trying to unlock ipad 3 and ipad 4

Bild/Foto

to be straight: have not managed yet to unlock a pin locked ipad 3 and ipad 4 and/or recover the data.

it is easy to just overwrite the ipad with the latest firmware via itunes.

but i want to backup and extract all possible files before that.

if you want to jailbreak your Apple device, basically there are a lot of tools and you need to find the one that suits your hardware and firmware model.

not an easy task.

have an older ipad 3 to wich the PIN was lost (no it is not stolen, it’s from a relative who forgot it and also can not remember his itunes password (alzheimer is very comon these days)). (Model: A1430 iPad 3, Early 2012, +Wi-Fi + Cellular, 30-pin connecto) but latest redsn0w (redsn0w_win_0.9.15b2.zip) says „iPad 3 is not supported“ (probably it has a newer iOS installed than 5.1.1)

this site helps you find and download newer and older firmwares for your device: (GOOD JOB! 🙂

https://ipsw.me/device-finder

https://ipsw.me/iPad3,3

http://www.getios.com/ here you also can get a lot of firmware versions for your iDevice.

also interesting: https://nerdpol.ch/tags/jailbreak

theory:

  • pull an (encrypted) backup from the device
    • not possible via itunes with PIN locked ipad
    • most approaches use some exploit to load their own ramdisk and get access to the device
  • via brute force, find the decryption PIN
  • extract the data
  • reset the device
…. not so easy.

„Imagine a computer which is protected with an OS level password – we can still access the hard disk data by booting a live CD, or by removing the hard disk and connecting it to another machine. When we compare computers to the iPhone, it is an embedded device. So it is not easy to take out the chips (hard disk) and dump data into it. To perform iPhone forensics, we use the Live CD approach. As the iPhone has only one serial port, we are going to load custom OS over the USB to access the hard disk of the device. The problem here is: the iPhone only loads firmware designed by Apple.

In order to create and load the forensic toolkit, first we need to understand iPhone functions at the operating system level. iOS (previously known as iPhone OS) is the operating system that runs on all Apple devices like iPhone, iPod, Apple TV and iPad. iOS is a zip file (ships with .ipsw extension) that contains boot loaders, kernel, system software, shared libraries & built in applications.

When an iPhone boots up, it walks through a chain of trust, which is a series of RSA signature checks among the software components in a specific order as shown below:




The BootRom is Read-only memory (ROM) and it is the first stage of booting an iOS device. BootRom contains all the root certificates to signature check the next stage.

iPhone operates in 3 modes – Normal Mode, Recovery Mode, DFU mode

In Normal mode, BootRom start off some initialization stuff and loads the low level boot loader (LLB) by verifying its signature. LLB signature checks and loads the stage 2 boot loader (iBoot). iBoot signature checks the kernel and device tree, while the kernel signature checks all the user applications.

In DFU mode, iPhone follows the boot sequence with a series of signature checks as shown below. BootRom signature checks the second level boot loaders (iBSS, iBEC). Boot loader signature checks the kernel, and the kernel signature checks the Ramdisk.




During iOS update, the Ramdisk gets loaded into RAM and it loads all the other OS components.

In Forensics, we will create a custom Ramdisk with our complete forensic tool kit and load it into the iPhone’s volatile memory.

Signature checks implemented at various stages in the boot sequence do not allow us to load our custom Ramdisk. To load our custom Ramdisk, we have to bypass all these signature checks. In the chain of trust boot sequence, if we compromise one link, we can fully control all the links that follow. The hacker community has found several vulnerabilities in BootRom. By using these, we can flash our own boot loader and patch all other signature checks in all the subsequent stages. Apart from signature checks, every stage is also encrypted. These encryption keys can be grabbed from JailBreaking tools.“

src: https://resources.infosecinstitute.com/iphone-forensics/

another lengthy writeup: https://blog.elcomsoft.com/2017/11/the-art-of-ios-and-icloud-forensics/

unlocking iDevices: how ex-empoyees make business


„Cellebrite, through means currently unknown, provides these services at $5,000 per device,“

https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/

Mysterious $15,000 ‚GrayKey‘ Promises To Unlock iPhone X For The Feds


https://youtu.be/gpzl11uPmyY

https://www.magnetforensics.com/
  • AXIOM has the most advanced parsing and carving techniques which finds more evidence than any other tool, including 25% more pictures.
  • Get more detailed information about what someone was doing at any given time and where, with artifacts like KnowledgeC, iOS Wallet, geolocation data, Screen Time, and more.
  • Analyze the full file system (including iTunes backup-style images) and decrypted Keychain from iOS devices and find evidence that other tools miss.
  • Memory images could contain valuable evidence like messages, call logs, and email. AXIOM natively supports the analysis of memory from GrayKey images without the need to install third-party conversions or plugins.
  • iOS images contain a lot of native files and raw data. Use AXIOM to cut through the noise of data and save time during your investigations by quickly surfacing only relevant evidence rather than unactionable data.
  • Discover new artifacts with Dynamic App Finder to automatically scan your file system and memory images for relevant chat, browser, geolocation, and identifier data.
  • AXIOM is a complete digital investigation platform that gives you the power to analyze evidence from GrayKey images alongside data from other computer, cloud, social media, and mobile evidentiary sources.
src: https://www.magnetforensics.com/graykey/




„can take up to three days or longer to (crack) for six-digit passcodes“ … and recover the data of the iDevice.




src: https://www.forbes.com/sites/thomasbrewster/2018/03/05/apple-iphone-x-graykey-hack/#566b2c9c2950

Jailbreak iPhone XS, iPhone XR on iOS 12 – iOS 12.1.2 Using Chimera Jailbreak [How to]


Bild/Foto

Posted by Rajesh Pandey on Apr 30, 2019

The Electra team surprised everyone today by releasing Chimera, a new iOS 12 – iOS 12.1.2 jailbreak for A7-A12 devices including the iPhone XS and iPhone XR. Chimera has been built from the ground up and comes with Sileo as its default package manager.

the hardware hack: How to unlock iCloud locked Apple iPad 2, 3, 4, iPad Air and Air 2, iPad mini 1, 2, 3, 4, iPad 12.9 and 9.7 – WARNING!

This method works ONLY on iPads with 3G/4G/LTE and removes cellular from your iPad.

it will become wifi-only! (no 3G/4G/LTE no more!)


„This method will help you bypass iCloud on locked iPads.

This manual will help you with iCloud bypass on your iPad Cellular.
  • After bypass iCloud you will have iPad Wi-Fi Only.
  • Sim-slot (GSM, Mobile, SimCard) will not work.
  • GPS and Bluetooth will work.
At this moment it works with Apple iPad 2, iPad 3, iPad 4, iPad Air, iPad mini, iPad mini 2, iPad Air 2, iPad mini 3, iPad mini 4, iPad Pro 12.9, iPad Pro 9.7 which is locked by service iCloud. Include locked through “Lost and erased” mode.
  • On the iPad 2 3G Model A1396 (GSM) remove the resistor r1205. On the Model iPad 2 3G A1397 (CDMA) move resistor r1205 to position r1204.
  • iPad 2 3G will enter DFU mode.
  • Connect the iPad 2 3G to your PC or Mac.
  • After that you need to restore the iPad 2 3G through iTunes with firmware of Wi-Fi ONLY model and activate using the official method.
  • Turn off the automatic firmware update: Settings \ iTunes Store, App Store \ Automatic download \ Updates.
You can support this project through donations. „PayPal block my account with all money because I’m from Ukraine. “

After this you will can install any apps on your iCloud free iPad, make jailbreak, assign your own Apple ID account and do any other things.

Apple devices (for example iPads) have some part on logic board which called Board_id. Board_id is responsible for how device identifies itself. For iPad there are several possible configurations: Apple TV, Apple iPhone, Apple iPad Cellular, Apple iPad WiFi only.

When Apple’s iCloud servers bloсked iPads they do this in 2 ways:
  • iPad WiFi only will be blocked by it serial number.
  • iPad Cellular will be blocked by it serial number and IMEI.
To bypass iCloud on iPads Cellular you need disable it modem chip and change Board_id.

If you just only disable modem you will get error and not working device. Sometimes this happens when modem or cable modem is broken even on iPads which isn’t blocked in iCloud. My method can revive such devices.

When you disabled modem chip and changed Board_id device will stop work properly. Something inside will say: “Hey man, something wrong! My hardware is like for WiFi only model, but you use firmware for Cellular model. I go in DFU-mode and you should go in iTunes and restore me”.

When you connect your iPad to BigBrother OS will install driver for it.

At finish you will have iCloud unlocked iPad WiFi only. Now It can be registered on your own Apple ID through new clean serial number. Voila!

If you have some problem with recovering check USB cable and restore iPad manualy from file with firmware. You can download firmware from ipsw.me. Remember that now you have iPad WiFi only hardware and you should download WiFi only firmware. For example, if you have iCloud locked iPad Air Cellular A1475 you should download firmware for iPad Air WiFi only A1474.

And Yes. At any moment you can covert your iCloud freу iPad WiFi only with hardware method back to iPad Cellular. But iCloud blocking will back too.

Be careful and good luck!“

Here you can read manual to bypass iCloud on model of your iPad:If you are looking for a way to unlock the iCloud on iPad Wi-Fi Only, iPhone or iPod, then read this article: How to bypass iCloud on iPad WiFi, iPad Cellular, iPhone and iPod

src: https://pasha4ur.org.ua/

https://pasha4ur.org.ua/articles/difdevices/131-how-unlock-apple-ipad-2-3g-icloud-locked

unlock: A1430 (GSM) and A1403 (CDMA)








… respect! this border_id change thing needs further investiagion.

src: https://pasha4ur.org.ua/images/phocagallery/stories/portfolio/apple/ipad2unlock/ipad3-icloud-unlock-by-pasha4ur.png

how to open the thing:




warning!


all sort of weird things happening:

Hi can someone help me with ipad mini A1454 I have removed the resistor R1204 as stated in the instructions I need to now make a jumper on R1205 because itunes detects my ipad as a apple tv so a jumper going from R1205 but unsure where the other end of the jumper goes please help me I would be really grateful

„use good pencil (graphite) to make short (jumper) in R1205“

src: http://forum.gsmhosting.com/vbb/f631/bypass-icloud-ipad-2-3-4-air-mini-mini-retina-3g-hardware-method-1872271/index8.html

redsn0w is ooooold:


in this video DiplInf Sebastian Scheiber shows how to jailbreak an locked (!) iPad and recover the data.

Method used:problem: this probably only works with on older versions of the iPad / iPhone supported by Redsn0w and iOS 5.1 is rather old, most devices will have a newer version of iOS installed by now.

how to get into DFU (recovery) mode:

  • hold power button pressed for 3 seconds
  • now keep power button pressed while also holding home button pressed
  • after a few seconds screen goes dark, now RELEASE POWER BUTTON but still keep home button pressed
… screen should stay dark and PC you connect do should detect an iPad in DFU mode.

Stuck in DFU mode – How to Exit DFU Mode:


Press Home and Power/ Sleep buttons at the same time for 10s > Release the Home and Power/ Sleep buttons together.

iOS 9.2 – 9.3.3 64-bit devices only


iphone 5s iphone 6 iphone 6 plus iphone 6s iphone 6s plus iphone se ipod touch 6g ipad mini 2 ipad mini 3 ipad mini 4 ipad air ipad air 2 ipad pro

will need your apple id and password.

https://en.pangu.io/

Evasi0n (Evasi0n7) Jailbreak Tool:

for iOS 6.x – iOS 7.0.x


… this can not be used to unlock an iPad. Your iPad/iPhone will have to be unlocked (PIN) before jailbreaking.

http://www.ijailbreak.com/evasi0n/

evasi0n is an unconventional utility able to perform jailbreak operations on devices running iOS 6 and 7.

A consequence of the procedure is the removal of several limitations imposed by Apple, allowing users to install software that is not approved by the company and switch phone carriers seamlessly.

evasi0n became a success just days after its first release.

Supposedly, a few million copies have been downloaded in a very short period, which is not necessarily an indication of its efficiency, but sure says a lot. Statistics aside, the general opinion (as stated by most users on the Internet) is that evasi0n is a trustworthy jailbreak application, one that has to offer everything and asks for nothing in return.

evasi0n is special because it can perform an untethered jailbreak operation, which translates into the fact that the iOS device will be able to reboot without requiring a connection with an external device.

The principle it relies on involves a number of complicated steps, most of which are related to exploiting several vulnerabilities that were overlooked by Apple. However, the process is completed silently, without user intervention.

This is the main reason why evasi0n is considered one of the most easy-to-use and accessible applications of its type. It’s not pretentious as far as OS requirements are concerned, nor does it require advanced configurations.

In order for the jailbreak operation to be successful, you need to equip your system with iTunes and connect your iPhone, iPad or iPod to the computer via a USB cable.

It is also recommended that you backup the device in case something goes wrong.

Once you’ve completed these steps, you can proceed with the jailbreak operation, which, if free of errors, shouldn’t take more than five minutes. However, if the process fails, simply reboot the device and relaunch evasi0n.

On an ending note, this is a well-built jailbreak software, easy to use and user-friendly. Nevertheless, a backup operation is vital in case anything goes wrong.

windows versions:

https://www.softpedia.com/get/Mobile-Phone-Tools/IPhone/evasi0n.shtml

https://www.softpedia.com/downloadTag/jailbreak

linux version:

https://www.mediafire.com/file/21zlxh81cqtqqgb/evasi0n-linux-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.tar+%281%29.lzma

phoenixpwn.com


jailbreak works only on 32-bit devices, which includes :
  • iPhone 4S, 5C and 5
  • iPad 2, 3, 4
  • iPad Mini 1
  • iPod Touch 5
https://phoenixpwn.com/ -> you will need an apple id associated with the device?

https://youtu.be/6I8V-BRx2hk

https://twitter.com/saurik/status/1119211957188345856

for older devices and firmwares (iOS 5.1.X)


„RedSn0w actually evolved from the Jailbreaking tool Quickpwn, which was an early Jailbreaking tool used to Jailbreak the 2nd generation of iOS. Nowadays RedSn0w can be used to Jailbreak a lot of versions of iPhone, iPod Touch and iPad.“ … but not all, iPad 4 seems not supported.

RedSn0w iPhone Support:


iPhone 6s Plus: Not Supported
iPhone 6s: Not Supported
iPhone 6 Plus: Not Supported
iPhone 6: Not Supported
iPhone 5s: Not Supported
iPhone 5c: Not Supported
iPhone 5: Not Supported
iPhone 4S: iOS 5 (iOS 5.1.1, iOS 5.0.1, iOS 5.0)
iPhone 4: iOS 6 (iOS 6.0,6.0.1) + iOS 5 (iOS 5.1.1, iOS 5.1, iOS 5.0.1, iOS 5.0) + iOS 4 (4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3, 4.2.6, 4.2.1, 4.1, 4.0.2, 4.0.1, 4.0) + iOS 3 (iOS 3.1.3)
iPhone 3GS: iOS 6 (iOS 6.0, 6.0.1) + iOS 5 (iOS 5.1.1, iOS 5.1, iOS 5.0.1, iOS 5.0) + iOS 4 (4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3, 4.2.6, 4.2.1, 4.1, 4.0.2, 4.0.1, 4.0) + iOS 3 (3.1.3)
iPhone 3G: iOS 4 (4.3.4, 4.2.1, 4.1, 4.0.2, 4.0.1, 4.0) + iOS 3 (3.1.3)

RedSn0w iPad Support:


iPad Pro: Not Supported
iPad Air 2: Not Supported
iPad Air: Not Supported
iPad Mini 4: Not Supported
iPad Mini 3: Not Supported iPad Mini 2: Not Supported
iPad Mini: Not Supported
iPad 4: Not Supported <- argh!
iPad 3: iOS 5 (iOS 5.1.1) <- RedSn0w told me „Ipad 3 is not supported“, probably it has a newer iOS installed than 5.1.1)
iPad 2: iOS 5 (iOS 5.1.1, 5.0.1)
iPad 1: iOS 5 (iOS 5.1.1, iOS 5.1, iOS 5.0.1, iOS 5.0) + iOS 4 (iOS 4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3, 4.2.1) + iOS 3 (iOS 3.2.2)

src: http://www.ijailbreak.com/redsn0w/

PwnageTool 4.3 Info

http://public.stuff.hu/pwnagetool/PwnageTool_4.3.dmg

Method 2: Get Out of DFU Mode on iPhone/iPad/iPod touch with PhoneRescue


Click here to download PhoneRescue free version!

Step 1: Launch PhoneRescue on your computer > Connect your iOS device to your computer with a USB cable > Wait for PhoneRescue to recognize your iOS device.

Step 2: Click on „Exit Ramdisk Mode“ at the bottom of the Homepage.

other jailbreaking tools:

links:


https://www.antid0te.com/

https://www.sektioneins.de/

http://www.ijailbreak.com/jailbreak-software/

https://www.theiphonewiki.com/wiki/I0n1c

tweets:


https://twitter.com/angelXwind

\#linux #gnu #gnulinux #opensource #administration #sysops #apple #ipad #phone #jailbreak
Quelle: https://dwaves.org/2019/05/12/2019-status-of-jailbreak-apple-devices-tools-overview-trying-to-unlock-ipad-3-and-ipad-4/
2019 status of jailbreak apple devices tools overview – trying to unlock ipad 3 and ipad 4
 
2019 status of jailbreak apple devices tools overview - trying to unlock ipad 3 and ipad 4

Bild/Foto

to be straight: have not managed yet to unlock a pin locked ipad 3 and ipad 4 and/or recover the data.

it is easy to just overwrite the ipad with the latest firmware via itunes.

but i want to backup and extract all possible files before that.

if you want to jailbreak your Apple device, basically there are a lot of tools and you need to find the one that suits your hardware and firmware model.

not an easy task.

have an older ipad 3 to wich the PIN was lost (no it is not stolen, it’s from a relative who forgot it and also can not remember his itunes password (alzheimer is very comon these days)). (Model: A1430 iPad 3, Early 2012, +Wi-Fi + Cellular, 30-pin connecto) but latest redsn0w (redsn0w_win_0.9.15b2.zip) says „iPad 3 is not supported“ (probably it has a newer iOS installed than 5.1.1)

this site helps you find and download newer and older firmwares for your device: (GOOD JOB! 🙂

https://ipsw.me/device-finder

https://ipsw.me/iPad3,3

http://www.getios.com/ here you also can get a lot of firmware versions for your iDevice.

also interesting: https://nerdpol.ch/tags/jailbreak

theory:

  • pull an (encrypted) backup from the device
    • not possible via itunes with PIN locked ipad
    • most approaches use some exploit to load their own ramdisk and get access to the device
  • via brute force, find the decryption PIN
  • extract the data
  • reset the device
…. not so easy.

„Imagine a computer which is protected with an OS level password – we can still access the hard disk data by booting a live CD, or by removing the hard disk and connecting it to another machine. When we compare computers to the iPhone, it is an embedded device. So it is not easy to take out the chips (hard disk) and dump data into it. To perform iPhone forensics, we use the Live CD approach. As the iPhone has only one serial port, we are going to load custom OS over the USB to access the hard disk of the device. The problem here is: the iPhone only loads firmware designed by Apple.

In order to create and load the forensic toolkit, first we need to understand iPhone functions at the operating system level. iOS (previously known as iPhone OS) is the operating system that runs on all Apple devices like iPhone, iPod, Apple TV and iPad. iOS is a zip file (ships with .ipsw extension) that contains boot loaders, kernel, system software, shared libraries & built in applications.

When an iPhone boots up, it walks through a chain of trust, which is a series of RSA signature checks among the software components in a specific order as shown below:




The BootRom is Read-only memory (ROM) and it is the first stage of booting an iOS device. BootRom contains all the root certificates to signature check the next stage.

iPhone operates in 3 modes – Normal Mode, Recovery Mode, DFU mode

In Normal mode, BootRom start off some initialization stuff and loads the low level boot loader (LLB) by verifying its signature. LLB signature checks and loads the stage 2 boot loader (iBoot). iBoot signature checks the kernel and device tree, while the kernel signature checks all the user applications.

In DFU mode, iPhone follows the boot sequence with a series of signature checks as shown below. BootRom signature checks the second level boot loaders (iBSS, iBEC). Boot loader signature checks the kernel, and the kernel signature checks the Ramdisk.




During iOS update, the Ramdisk gets loaded into RAM and it loads all the other OS components.

In Forensics, we will create a custom Ramdisk with our complete forensic tool kit and load it into the iPhone’s volatile memory.

Signature checks implemented at various stages in the boot sequence do not allow us to load our custom Ramdisk. To load our custom Ramdisk, we have to bypass all these signature checks. In the chain of trust boot sequence, if we compromise one link, we can fully control all the links that follow. The hacker community has found several vulnerabilities in BootRom. By using these, we can flash our own boot loader and patch all other signature checks in all the subsequent stages. Apart from signature checks, every stage is also encrypted. These encryption keys can be grabbed from JailBreaking tools.“

src: https://resources.infosecinstitute.com/iphone-forensics/

another lengthy writeup: https://blog.elcomsoft.com/2017/11/the-art-of-ios-and-icloud-forensics/

unlocking iDevices: how ex-empoyees make business


„Cellebrite, through means currently unknown, provides these services at $5,000 per device,“

https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/

Mysterious $15,000 ‚GrayKey‘ Promises To Unlock iPhone X For The Feds


https://youtu.be/gpzl11uPmyY

https://www.magnetforensics.com/
  • AXIOM has the most advanced parsing and carving techniques which finds more evidence than any other tool, including 25% more pictures.
  • Get more detailed information about what someone was doing at any given time and where, with artifacts like KnowledgeC, iOS Wallet, geolocation data, Screen Time, and more.
  • Analyze the full file system (including iTunes backup-style images) and decrypted Keychain from iOS devices and find evidence that other tools miss.
  • Memory images could contain valuable evidence like messages, call logs, and email. AXIOM natively supports the analysis of memory from GrayKey images without the need to install third-party conversions or plugins.
  • iOS images contain a lot of native files and raw data. Use AXIOM to cut through the noise of data and save time during your investigations by quickly surfacing only relevant evidence rather than unactionable data.
  • Discover new artifacts with Dynamic App Finder to automatically scan your file system and memory images for relevant chat, browser, geolocation, and identifier data.
  • AXIOM is a complete digital investigation platform that gives you the power to analyze evidence from GrayKey images alongside data from other computer, cloud, social media, and mobile evidentiary sources.
src: https://www.magnetforensics.com/graykey/




„can take up to three days or longer to (crack) for six-digit passcodes“ … and recover the data of the iDevice.




src: https://www.forbes.com/sites/thomasbrewster/2018/03/05/apple-iphone-x-graykey-hack/#566b2c9c2950

Jailbreak iPhone XS, iPhone XR on iOS 12 – iOS 12.1.2 Using Chimera Jailbreak [How to]


Bild/Foto

Posted by Rajesh Pandey on Apr 30, 2019

The Electra team surprised everyone today by releasing Chimera, a new iOS 12 – iOS 12.1.2 jailbreak for A7-A12 devices including the iPhone XS and iPhone XR. Chimera has been built from the ground up and comes with Sileo as its default package manager.

the hardware hack: How to unlock iCloud locked Apple iPad 2, 3, 4, iPad Air and Air 2, iPad mini 1, 2, 3, 4, iPad 12.9 and 9.7 – WARNING!

This method works ONLY on iPads with 3G/4G/LTE and removes cellular from your iPad.

it will become wifi-only! (no 3G/4G/LTE no more!)


„This method will help you bypass iCloud on locked iPads.

This manual will help you with iCloud bypass on your iPad Cellular.
  • After bypass iCloud you will have iPad Wi-Fi Only.
  • Sim-slot (GSM, Mobile, SimCard) will not work.
  • GPS and Bluetooth will work.
At this moment it works with Apple iPad 2, iPad 3, iPad 4, iPad Air, iPad mini, iPad mini 2, iPad Air 2, iPad mini 3, iPad mini 4, iPad Pro 12.9, iPad Pro 9.7 which is locked by service iCloud. Include locked through “Lost and erased” mode.
  • On the iPad 2 3G Model A1396 (GSM) remove the resistor r1205. On the Model iPad 2 3G A1397 (CDMA) move resistor r1205 to position r1204.
  • iPad 2 3G will enter DFU mode.
  • Connect the iPad 2 3G to your PC or Mac.
  • After that you need to restore the iPad 2 3G through iTunes with firmware of Wi-Fi ONLY model and activate using the official method.
  • Turn off the automatic firmware update: Settings \ iTunes Store, App Store \ Automatic download \ Updates.
You can support this project through donations. „PayPal block my account with all money because I’m from Ukraine. “

After this you will can install any apps on your iCloud free iPad, make jailbreak, assign your own Apple ID account and do any other things.

Apple devices (for example iPads) have some part on logic board which called Board_id. Board_id is responsible for how device identifies itself. For iPad there are several possible configurations: Apple TV, Apple iPhone, Apple iPad Cellular, Apple iPad WiFi only.

When Apple’s iCloud servers bloсked iPads they do this in 2 ways:
  • iPad WiFi only will be blocked by it serial number.
  • iPad Cellular will be blocked by it serial number and IMEI.
To bypass iCloud on iPads Cellular you need disable it modem chip and change Board_id.

If you just only disable modem you will get error and not working device. Sometimes this happens when modem or cable modem is broken even on iPads which isn’t blocked in iCloud. My method can revive such devices.

When you disabled modem chip and changed Board_id device will stop work properly. Something inside will say: “Hey man, something wrong! My hardware is like for WiFi only model, but you use firmware for Cellular model. I go in DFU-mode and you should go in iTunes and restore me”.

When you connect your iPad to BigBrother OS will install driver for it.

At finish you will have iCloud unlocked iPad WiFi only. Now It can be registered on your own Apple ID through new clean serial number. Voila!

If you have some problem with recovering check USB cable and restore iPad manualy from file with firmware. You can download firmware from ipsw.me. Remember that now you have iPad WiFi only hardware and you should download WiFi only firmware. For example, if you have iCloud locked iPad Air Cellular A1475 you should download firmware for iPad Air WiFi only A1474.

And Yes. At any moment you can covert your iCloud freу iPad WiFi only with hardware method back to iPad Cellular. But iCloud blocking will back too.

Be careful and good luck!“

Here you can read manual to bypass iCloud on model of your iPad:If you are looking for a way to unlock the iCloud on iPad Wi-Fi Only, iPhone or iPod, then read this article: How to bypass iCloud on iPad WiFi, iPad Cellular, iPhone and iPod

src: https://pasha4ur.org.ua/

https://pasha4ur.org.ua/articles/difdevices/131-how-unlock-apple-ipad-2-3g-icloud-locked

unlock: A1430 (GSM) and A1403 (CDMA)








… respect! this border_id change thing needs further investiagion.

src: https://pasha4ur.org.ua/images/phocagallery/stories/portfolio/apple/ipad2unlock/ipad3-icloud-unlock-by-pasha4ur.png

how to open the thing:




warning!


all sort of weird things happening:

Hi can someone help me with ipad mini A1454 I have removed the resistor R1204 as stated in the instructions I need to now make a jumper on R1205 because itunes detects my ipad as a apple tv so a jumper going from R1205 but unsure where the other end of the jumper goes please help me I would be really grateful

„use good pencil (graphite) to make short (jumper) in R1205“

src: http://forum.gsmhosting.com/vbb/f631/bypass-icloud-ipad-2-3-4-air-mini-mini-retina-3g-hardware-method-1872271/index8.html

redsn0w is ooooold:


in this video DiplInf Sebastian Scheiber shows how to jailbreak an locked (!) iPad and recover the data.

Method used:problem: this probably only works with on older versions of the iPad / iPhone supported by Redsn0w and iOS 5.1 is rather old, most devices will have a newer version of iOS installed by now.

how to get into DFU (recovery) mode:

  • hold power button pressed for 3 seconds
  • now keep power button pressed while also holding home button pressed
  • after a few seconds screen goes dark, now RELEASE POWER BUTTON but still keep home button pressed
… screen should stay dark and PC you connect do should detect an iPad in DFU mode.

Stuck in DFU mode – How to Exit DFU Mode:


Press Home and Power/ Sleep buttons at the same time for 10s > Release the Home and Power/ Sleep buttons together.

iOS 9.2 – 9.3.3 64-bit devices only


iphone 5s iphone 6 iphone 6 plus iphone 6s iphone 6s plus iphone se ipod touch 6g ipad mini 2 ipad mini 3 ipad mini 4 ipad air ipad air 2 ipad pro

will need your apple id and password.

https://en.pangu.io/

Evasi0n (Evasi0n7) Jailbreak Tool:

for iOS 6.x – iOS 7.0.x


… this can not be used to unlock an iPad. Your iPad/iPhone will have to be unlocked (PIN) before jailbreaking.

http://www.ijailbreak.com/evasi0n/

evasi0n is an unconventional utility able to perform jailbreak operations on devices running iOS 6 and 7.

A consequence of the procedure is the removal of several limitations imposed by Apple, allowing users to install software that is not approved by the company and switch phone carriers seamlessly.

evasi0n became a success just days after its first release.

Supposedly, a few million copies have been downloaded in a very short period, which is not necessarily an indication of its efficiency, but sure says a lot. Statistics aside, the general opinion (as stated by most users on the Internet) is that evasi0n is a trustworthy jailbreak application, one that has to offer everything and asks for nothing in return.

evasi0n is special because it can perform an untethered jailbreak operation, which translates into the fact that the iOS device will be able to reboot without requiring a connection with an external device.

The principle it relies on involves a number of complicated steps, most of which are related to exploiting several vulnerabilities that were overlooked by Apple. However, the process is completed silently, without user intervention.

This is the main reason why evasi0n is considered one of the most easy-to-use and accessible applications of its type. It’s not pretentious as far as OS requirements are concerned, nor does it require advanced configurations.

In order for the jailbreak operation to be successful, you need to equip your system with iTunes and connect your iPhone, iPad or iPod to the computer via a USB cable.

It is also recommended that you backup the device in case something goes wrong.

Once you’ve completed these steps, you can proceed with the jailbreak operation, which, if free of errors, shouldn’t take more than five minutes. However, if the process fails, simply reboot the device and relaunch evasi0n.

On an ending note, this is a well-built jailbreak software, easy to use and user-friendly. Nevertheless, a backup operation is vital in case anything goes wrong.

windows versions:

https://www.softpedia.com/get/Mobile-Phone-Tools/IPhone/evasi0n.shtml

https://www.softpedia.com/downloadTag/jailbreak

linux version:

https://www.mediafire.com/file/21zlxh81cqtqqgb/evasi0n-linux-1.0-3c53ba10e2448d311b0f4157f2d7eb568f106c4f-release.tar+%281%29.lzma

phoenixpwn.com


jailbreak works only on 32-bit devices, which includes :
  • iPhone 4S, 5C and 5
  • iPad 2, 3, 4
  • iPad Mini 1
  • iPod Touch 5
https://phoenixpwn.com/ -> you will need an apple id associated with the device?

https://youtu.be/6I8V-BRx2hk

https://twitter.com/saurik/status/1119211957188345856

for older devices and firmwares (iOS 5.1.X)


„RedSn0w actually evolved from the Jailbreaking tool Quickpwn, which was an early Jailbreaking tool used to Jailbreak the 2nd generation of iOS. Nowadays RedSn0w can be used to Jailbreak a lot of versions of iPhone, iPod Touch and iPad.“ … but not all, iPad 4 seems not supported.

RedSn0w iPhone Support:


iPhone 6s Plus: Not Supported
iPhone 6s: Not Supported
iPhone 6 Plus: Not Supported
iPhone 6: Not Supported
iPhone 5s: Not Supported
iPhone 5c: Not Supported
iPhone 5: Not Supported
iPhone 4S: iOS 5 (iOS 5.1.1, iOS 5.0.1, iOS 5.0)
iPhone 4: iOS 6 (iOS 6.0,6.0.1) + iOS 5 (iOS 5.1.1, iOS 5.1, iOS 5.0.1, iOS 5.0) + iOS 4 (4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3, 4.2.6, 4.2.1, 4.1, 4.0.2, 4.0.1, 4.0) + iOS 3 (iOS 3.1.3)
iPhone 3GS: iOS 6 (iOS 6.0, 6.0.1) + iOS 5 (iOS 5.1.1, iOS 5.1, iOS 5.0.1, iOS 5.0) + iOS 4 (4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3, 4.2.6, 4.2.1, 4.1, 4.0.2, 4.0.1, 4.0) + iOS 3 (3.1.3)
iPhone 3G: iOS 4 (4.3.4, 4.2.1, 4.1, 4.0.2, 4.0.1, 4.0) + iOS 3 (3.1.3)

RedSn0w iPad Support:


iPad Pro: Not Supported
iPad Air 2: Not Supported
iPad Air: Not Supported
iPad Mini 4: Not Supported
iPad Mini 3: Not Supported iPad Mini 2: Not Supported
iPad Mini: Not Supported
iPad 4: Not Supported <- argh!
iPad 3: iOS 5 (iOS 5.1.1) <- RedSn0w told me „Ipad 3 is not supported“, probably it has a newer iOS installed than 5.1.1)
iPad 2: iOS 5 (iOS 5.1.1, 5.0.1)
iPad 1: iOS 5 (iOS 5.1.1, iOS 5.1, iOS 5.0.1, iOS 5.0) + iOS 4 (iOS 4.3.5, 4.3.4, 4.3.3, 4.3.2, 4.3.1, 4.3, 4.2.1) + iOS 3 (iOS 3.2.2)

src: http://www.ijailbreak.com/redsn0w/

PwnageTool 4.3 Info

http://public.stuff.hu/pwnagetool/PwnageTool_4.3.dmg

Method 2: Get Out of DFU Mode on iPhone/iPad/iPod touch with PhoneRescue


Click here to download PhoneRescue free version!

Step 1: Launch PhoneRescue on your computer > Connect your iOS device to your computer with a USB cable > Wait for PhoneRescue to recognize your iOS device.

Step 2: Click on „Exit Ramdisk Mode“ at the bottom of the Homepage.

other jailbreaking tools:

links:


https://www.antid0te.com/

https://www.sektioneins.de/

http://www.ijailbreak.com/jailbreak-software/

https://www.theiphonewiki.com/wiki/I0n1c

tweets:


https://twitter.com/angelXwind

\#linux #gnu #gnulinux #opensource #administration #sysops #apple #ipad #phone #jailbreak
Quelle: https://dwaves.org/2019/05/12/2019-status-of-jailbreak-apple-devices-tools-overview-trying-to-unlock-ipad-3-and-ipad-4/
2019 status of jailbreak apple devices tools overview – trying to unlock ipad 3 and ipad 4
 
Solyde Sache
Debian ist zwar grundsolide, hinkt aber auf dem Desktop hinterher. SolydXK macht das ausgezeichnete Server-Betriebssystem fit für den Desktop.

https://www.linux-community.de/ausgaben/linuxuser/2019/05/solyde-sache/
#News #Linux #Gnu #GnuLinux #Debian #Computer #IT #Holland #Super
Kein Käse aus Holland: SolydXK mit XFCE- und KDE-Desktop
 
Solyde Sache
Debian ist zwar grundsolide, hinkt aber auf dem Desktop hinterher. SolydXK macht das ausgezeichnete Server-Betriebssystem fit für den Desktop.

https://www.linux-community.de/ausgaben/linuxuser/2019/05/solyde-sache/
#News #Linux #Gnu #GnuLinux #Debian #Computer #IT #Holland #Super
Kein Käse aus Holland: SolydXK mit XFCE- und KDE-Desktop
 
How to install flash LibreBoot / CoreBoot on Lenovo X60S Tutorial from 2018

NOTE: LibreBoot (status of 2018) can NOT boot Windows X-D (who cares). So i guess you want to use LibreBoot with Linux and Linux only. even when CoreBoot is a 10 year old project... replacing your BIOS with LINUX can be a[...]

\#linux #gnu #gnulinux #opensource #administration #sysops #free #fsf #libreboot #coreboot #thinkpad #freehardware #hardware #bios #computrace #surveillance
Quelle: https://dwaves.org/2018/06/18/how-to-install-flash-libreboot-coreboot-on-lenovo-x60s-tutorial-from-2018/
How to install flash LibreBoot / CoreBoot on Lenovo X60S Tutorial from 2018
 
How to install flash LibreBoot / CoreBoot on Lenovo X60S Tutorial from 2018

NOTE: LibreBoot (status of 2018) can NOT boot Windows X-D (who cares). So i guess you want to use LibreBoot with Linux and Linux only. even when CoreBoot is a 10 year old project... replacing your BIOS with LINUX can be a[...]

\#linux #gnu #gnulinux #opensource #administration #sysops #free #fsf #libreboot #coreboot #thinkpad #freehardware #hardware #bios #computrace #surveillance
Quelle: https://dwaves.org/2018/06/18/how-to-install-flash-libreboot-coreboot-on-lenovo-x60s-tutorial-from-2018/
How to install flash LibreBoot / CoreBoot on Lenovo X60S Tutorial from 2018
 

GNU/Linux Tips: Thunar's Secret Weapon!

If you use a desktop environment then there's a lot of reasons to like the Thunar file manager. Especially so, for example, if you're tired of Nautilus trying to be Windows Explorer, crashing at the worst times, like while you're transferring files over sFTP, or just generally devouring your system's memory (e.g. tracker & tracker miners run even if you use Nautilus without the Gnome DE). But I digress.

The real purpose of this post isn't to vent my frustrations with Nautilus, it is to shed some extra light on a feature of Thunar that often goes unmentioned and unnoticed - the bulk renamer. It's no secret, really, but it isn't specifically mentioned in the Edit or right-click menus, where you only find the regular 'Rename...' option. In fact, I don't see it mentioned, or even hinted at, anywhere in the app, despite the great utility this little tool possesses!

So how do we access this bulk renamer? Does it even exist, or am I just toying with you here? So many questions... Well, the Thunar developers are actually quite ingenious; the bulk renamer is context-activated! Whenever you select multiple items, and then choose that regular old 'Rename...' function - poof - there it is!
Bild/Foto

Isn't that nifty? It can even support regular expressions, as well as several other functions aside from your standard 'Search & Replace'. For example, the bulk renamer can pull tags from your music files, making it easy to fix those CD rips that end up all named 'Track_01.mp3', and so on, and give them a meaningful name based on something like the track number and song title. Likewise, you can add timestamps to filenames from various meta-data sources such as last access, last modified, or even get the time a photo was taken using it's meta-data! I could go on and on, but it's just a great bulk rename utility! Especially so, given that it's already built in to the file-manager many of us use.

But maybe you don't use Thunar, or for whatever reason you would just rather just have a stand-alone bulk rename utility... Well, remember when I mentioned how ingenious the Thunar devs are? They got you covered here as well! If we run thunar --help we get the following:
Usage:
  thunar [OPTION…]

Help Options:
  -h, --help                 Show help options
  --help-all                 Show all help options
  --help-gapplication        Show GApplication options
  --help-gtk                 Show GTK+ Options

Application Options:
  -B, --bulk-rename          Open the bulk rename dialog
  --daemon                   Run in daemon mode
  -q, --quit                 Quit a running Thunar instance
  -V, --version              Print version information and exit
  --display=DISPLAY          X display to use

Ah ha! So you can run Thunar with that -B or --bulk-rename switch and it will open the bulk renamer in stand-alone mode, and not even display the Thunar file-manager!

On my system (Arch Linux) there's already an application launcher to run the bulk renamer this way If you have Thunar installed. I imagine this is pretty standard, so you should see it on your system as well and it goes by the unassuming title of 'Bulk Rename'. Personally, I use i3 window manager and simply added a line in the config to allow me to easily run exec /usr/bin/thunar -B at the press of a key (...board shortcut). And of course similar functionality can be achieved in most window managers, for those who prefer keyboard shortcuts over excessive mousing around :P

Now, I know a lot of you probably use the terminal, and solve these issues by piping various commands and such... Which is admittedly pretty powerful, and a bad ass way of working! I too prefer the terminal for many tasks and always at least four tiled terminals open at any given time. However, I do find it more convenient to do certain tasks with a GUI, and I love that the Thunar bulk renamer allows me to quickly and easily preview the file names, and make changes as needed in real time.

This may have been totally obvious to many of you, but I had been using Thunar for a couple of years before I discovered the bulk rename functionality some time back! I hope this tip helps others, who may also be oblivious to this little (simi-) hidden gem!

Happy file organizing!

#Linux #GNULinux #GNU-Linux #thunar #filemanager #file-manager #desktop #windowmanager #OpenSource #open-source #mp3 #photos #music #files #rename #bulk #tips #tricks #HOWTO #tutorial
 
Later posts Earlier posts