Friday, December 27, 2019
Thursday, December 12, 2019
A lot of fake phone entered African markets between September to December
Starting from mid September this year there has been entry of fake phones on the market in east and Central Africa. According to research I tentatively conducted on the boarders of DRC, Rwanda, Tanzania and one report finding from a friend in Burundi, a group of phones with the "TYPE ALLOCATION CODE" of 35551517.....All the phone with this TAC are fake. I have been wondering if BABT(British approval board for telecommunications) whose identifying number 35 is mostly used by phones made in China and Middle Eas, is aware of such fake phones using their identification number!
Chinese companies have gone an extra mile in the production of fake electronic products. It is worth here to note that, I do not mean that all products from China are fake! The issue of these fake phones on African markets are as result of a number of pronounced factors! !
One is corruption, most quality controlling organizations in Africa connive with some of the exporting companies to allow such fake products on our markets. This is very dangerous to the environment. Most of these phone run on fake micro chips especially spreadtrum which cannot operate for a very long time, these phones also are with weak PCBs, and in most cases such phones usually do not last for more than 3months without technical issues. Am actually worried for in the next 10years,African governments will again be yearning for loans to combat environmental hazards resulting from massive dumps of these fake electronic products.
There is another problem with chinese electronic manufacturing companies, they seem to produce few genuine products, and then later flood the markets with apparent similar but fake products so as to cut the cost of production. I think in China, there are other small companies that seem to copy and imitate other technology giants, and since they cannot afford market and production terms and conditions, they simply manufacture cheap products,using cheap resources .
In Uganda, I can extend my appreciation to UCC for setting up a link for testing whether ones product is fake!but it is better for UCC to get tough and force all phone exporting and importing companies to first test all their products.
https://www.ucc.co.ug/imei.php
Now you've to look at this example... This phone in the picture below has an IMEI of another different phone model which is an itel2090 yet for it is another model
These are phones owned by innocent citizens, they do know!!! So am warning UCC not to use this information to block their IMEIs, actually it is this UCC that should sit with UNBS to solve this and have them out of market ..!!!stop this bribery and help citizens, how do you allow such products on market, do you know the repercussions behind all these fake products ! For God and my country
Chinese companies have gone an extra mile in the production of fake electronic products. It is worth here to note that, I do not mean that all products from China are fake! The issue of these fake phones on African markets are as result of a number of pronounced factors! !
One is corruption, most quality controlling organizations in Africa connive with some of the exporting companies to allow such fake products on our markets. This is very dangerous to the environment. Most of these phone run on fake micro chips especially spreadtrum which cannot operate for a very long time, these phones also are with weak PCBs, and in most cases such phones usually do not last for more than 3months without technical issues. Am actually worried for in the next 10years,African governments will again be yearning for loans to combat environmental hazards resulting from massive dumps of these fake electronic products.
There is another problem with chinese electronic manufacturing companies, they seem to produce few genuine products, and then later flood the markets with apparent similar but fake products so as to cut the cost of production. I think in China, there are other small companies that seem to copy and imitate other technology giants, and since they cannot afford market and production terms and conditions, they simply manufacture cheap products,using cheap resources .
In Uganda, I can extend my appreciation to UCC for setting up a link for testing whether ones product is fake!but it is better for UCC to get tough and force all phone exporting and importing companies to first test all their products.
https://www.ucc.co.ug/imei.php
Now you've to look at this example... This phone in the picture below has an IMEI of another different phone model which is an itel2090 yet for it is another model
There is another security flaw on Intel processors
Altering Intel’s CPU voltages and frequency directly in the operating system is a feature that many users appreciate as it allows them to use all those software-based utilities that aid in overclocking. Now, this feature may not be as secure as previously anticipated.
Recently a team of cybersecurity experts proved that this particular feature can be exploited by threat actors that can cause substantial damage by aiming to hijack Intel SGX. For those who don’t know, Intel SGX
is an extremely critical and hardware-isolated space on new models of Intel CPUs responsible for encrypting sensitive data for protecting it from being stolen in case the system gets compromised.
The research team comprised of six European members from the University of Birmingham, KU Leuven, and the Graz University of Technology. The attack technique is dubbed Plundervolt and classified as
CVE-2019-11157 .
According to the team’s findings, the attack exploits the modern processor’s frequency and voltage adjustment feature, by controlling it in a way to generate errors in the system’s memory through flipping bits. This attack affects almost all those Intel Core Processors that are SGX-enabled including the Skylake generation .
However, the technique was identified and reported to Intel in June 2019 and now that the company has fixed the issue, the findings have been disclosed to the public.
Yesterday, Intel released the BIOS and microcode updates for addressing the Plundervolt issue and 13 other medium to high vulnerabilities. The updates make locking voltage a part of the default setting in the BIOS. Therefore,, if SGX is disabled or the CPU voltage is locked at the default value, the system will be safe from any threat.
The findings were reported first by ZDNet. The report states that using the Plundervolt vulnerability, threat actors can easily access information such as AES encryption keys stored in the chip’s SGX Enclave. This enclave is not separate from CPU’s memory but is protected by software encryption.
Once its security is breached, attackers can extract data from the enclave at a much faster rate than the previous attacks like Spectre and Meltdown. The attack mechanism is quite similar to the concepts behind CLKscrew and VoltJockey attacks, as it alters SGX bits to create errors and uses them to recreate data via a side-channel observation method.
The attack works on Intel’s 6th, 7th, 8th, 9th, and 10th-Gen Core processors as well as Xeon E3, v5, v6, E-2100 and E-2200, and doesn’t need host access with administrative or root privileges to be launched.
Yet, exploiting the vulnerability would have been tough if not impossible but it would need a combination of attacks and specify particular targets, claim the researchers. It is also noted that the attack cannot be launched in virtual environments, which means Intel’s data center customers are not at risk.
Recently a team of cybersecurity experts proved that this particular feature can be exploited by threat actors that can cause substantial damage by aiming to hijack Intel SGX. For those who don’t know, Intel SGX
is an extremely critical and hardware-isolated space on new models of Intel CPUs responsible for encrypting sensitive data for protecting it from being stolen in case the system gets compromised.
The research team comprised of six European members from the University of Birmingham, KU Leuven, and the Graz University of Technology. The attack technique is dubbed Plundervolt and classified as
CVE-2019-11157 .
According to the team’s findings, the attack exploits the modern processor’s frequency and voltage adjustment feature, by controlling it in a way to generate errors in the system’s memory through flipping bits. This attack affects almost all those Intel Core Processors that are SGX-enabled including the Skylake generation .
However, the technique was identified and reported to Intel in June 2019 and now that the company has fixed the issue, the findings have been disclosed to the public.
Yesterday, Intel released the BIOS and microcode updates for addressing the Plundervolt issue and 13 other medium to high vulnerabilities. The updates make locking voltage a part of the default setting in the BIOS. Therefore,, if SGX is disabled or the CPU voltage is locked at the default value, the system will be safe from any threat.
The findings were reported first by ZDNet. The report states that using the Plundervolt vulnerability, threat actors can easily access information such as AES encryption keys stored in the chip’s SGX Enclave. This enclave is not separate from CPU’s memory but is protected by software encryption.
Once its security is breached, attackers can extract data from the enclave at a much faster rate than the previous attacks like Spectre and Meltdown. The attack mechanism is quite similar to the concepts behind CLKscrew and VoltJockey attacks, as it alters SGX bits to create errors and uses them to recreate data via a side-channel observation method.
The attack works on Intel’s 6th, 7th, 8th, 9th, and 10th-Gen Core processors as well as Xeon E3, v5, v6, E-2100 and E-2200, and doesn’t need host access with administrative or root privileges to be launched.
Yet, exploiting the vulnerability would have been tough if not impossible but it would need a combination of attacks and specify particular targets, claim the researchers. It is also noted that the attack cannot be launched in virtual environments, which means Intel’s data center customers are not at risk.
What the hell is wrong with these online currency mining companies
3 of the BitClub Network mining pool have been arrested on fraud charges for operating a Ponzi scheme that has taken a total of $722 Million USD ($1,059,754,488 AUD) from its investors.
In an indictment from the New Jersey district court (), 5 names in total appear on the document, however 2 of the names have been redacted. The 3 persons in question that are named on the document are Matthew Brent Goettsche, Jobadiah Sinclair Weeks and Joseph Frank Abel.
All 3 named persons have been charged with conspiracy to offer and sell unregistered securities, with only Goettsche and Weeks being charged with conspiracy to commit wire fraud. The 2 redacted persons named on the document are still at large so their names with remain under seal until they have been arrested.
Between April 2014 and December 2019, the scammers released false statistics of their hash rates and returns to convince people to buy shares and invest in their BitClub Network mining pool, and offered bonuses for finding more victims to invest into the scam.
The indictment document includes transcripts of the conversations where the scammers discussed in detail and planed the entire operation.
Currently the BitClub promotional website and mining pool websites are still online and operating, which has the potential to scam unwitting persons that stumble across the sites and sign up.
In an indictment from the New Jersey district court (), 5 names in total appear on the document, however 2 of the names have been redacted. The 3 persons in question that are named on the document are Matthew Brent Goettsche, Jobadiah Sinclair Weeks and Joseph Frank Abel.
All 3 named persons have been charged with conspiracy to offer and sell unregistered securities, with only Goettsche and Weeks being charged with conspiracy to commit wire fraud. The 2 redacted persons named on the document are still at large so their names with remain under seal until they have been arrested.
Between April 2014 and December 2019, the scammers released false statistics of their hash rates and returns to convince people to buy shares and invest in their BitClub Network mining pool, and offered bonuses for finding more victims to invest into the scam.
The indictment document includes transcripts of the conversations where the scammers discussed in detail and planed the entire operation.
Currently the BitClub promotional website and mining pool websites are still online and operating, which has the potential to scam unwitting persons that stumble across the sites and sign up.
Subscribe to:
Posts (Atom)
-
With the widespread availability of the Internet today, there are still times when it may not be feasibly available. Be it on a flight, du...
-
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). Most ...
-
A new way for cybercriminals to create fake social media profiles and carry identity scams using Artificial Intelligence powered tool? A ...
