**** BEGIN LOGGING AT Sun Oct 01 03:00:02 2017
**** BEGIN LOGGING AT Sun Oct 01 10:39:03 2017
Oct 01 16:28:46 <sicelo> DocScrutinizer05: ping
Oct 01 16:28:54 <DocScrutinizer05> hm?
Oct 01 16:29:29 <DocScrutinizer05> oooh, sunday
Oct 01 16:29:30 <sicelo> hi
Oct 01 16:29:40 <sicelo> indeed
Oct 01 16:30:02 <DocScrutinizer05> seems there was some "important" thing?
Oct 01 16:30:50 <sicelo>  #maemo-meetingg .. GA
Oct 01 16:31:25 <sicelo> you're able to join?
Oct 01 16:31:33 <DocScrutinizer05> sure
Oct 01 16:32:04 <sicelo> thank you very much :)
Oct 01 16:33:30 <DocScrutinizer05> np
Oct 01 16:48:03 <DocScrutinizer05> Oksana: ping
Oct 01 16:48:29 <DocScrutinizer05> Oksana: MC eV GA meeting in #maemo.meeting
Oct 01 18:54:52 <blap> ever see the isis flag?
Oct 01 18:55:19 <KotCzarny> yeah, few folks doing the sheeps
Oct 01 18:57:08 <blap> very interesting
Oct 01 18:57:21 <blap> they like to show the truth in their symbols
Oct 01 19:37:45 <DocScrutinizer05> huh?
Oct 01 19:41:12 <blap> people who make scrawly images often want them to refer to ideologies or groups DocScrutinizer05 
Oct 01 19:41:21 <blap> so it sometimes is useful to study what symbols they choose
Oct 01 19:43:01 <DocScrutinizer05> I'd expect isis to not use *any* pictures at all, since.. a misconception about pictures from their understanding of Quran
Oct 01 19:44:27 <DocScrutinizer05> and iirc that flag is mere Arabian writing, with a lot of deco
Oct 01 19:47:14 <DocScrutinizer05> like this, sort of ;-) https://www.ixquick.com/do/search?q=isis+flag&nj=0&cat=pics
Oct 01 19:50:49 <DocScrutinizer05> prolly too much ink in that one:  https://qph.ec.quoracdn.net/main-qimg-4b819495fcfdd9d2c754d832d973b695-c
Oct 01 19:52:29 <DocScrutinizer05> ((<NeKit> is Nokia N900 set up differently then?)) yes, N900 and Neo900 have a properly separated modem
Oct 01 19:52:55 <NeKit> Droid 4 likely too then, since it's OMAP4
Oct 01 19:53:07 <DocScrutinizer05> is it?
Oct 01 19:53:41 <NeKit> http://elektranox.org/2017/02/0013-droid-4-modem/
Oct 01 19:53:59 <DocScrutinizer05> weird, I checked a few days ago what I *thought* was driod4 and gsmarena said sth like "snapdragon 617"
Oct 01 19:54:43 <KotCzarny> http://www.gsmarena.com/motorola_droid_4_xt894-4418.php
Oct 01 19:54:46 <DocScrutinizer05> must have been another device I checked, then
Oct 01 19:54:49 <KotCzarny> says omap 4430
Oct 01 19:55:11 <KotCzarny> maybe there are more than 1 device under droid4 name
Oct 01 19:55:13 <DocScrutinizer05> aaah http://www.gsmarena.com/motorola_moto_g4-8103.php
Oct 01 19:55:37 <DocScrutinizer05> nah, I mixed names
Oct 01 19:56:33 <KotCzarny> launch january 2012
Oct 01 19:56:34 <KotCzarny> lol
Oct 01 19:58:57 <DocScrutinizer05> it's pathetic how gsmarena not even _mentions_ the modem chipset
Oct 01 19:59:39 <DocScrutinizer05> also symptomatic of the general ignorance regarding the topic
Oct 01 19:59:49 <KotCzarny> yup
Oct 01 20:00:11 <KotCzarny> regular joe only knows core quantityt and screen size
Oct 01 20:00:21 <KotCzarny> sometimes even cpu clock and ram size
Oct 01 20:00:35 <KotCzarny> but that's considered hacker's knowledge
Oct 01 20:01:41 <DocScrutinizer05> they should be more interested in e.g. if their WLAN is a broadcom chipset and thus vulnerable
Oct 01 20:02:11 <sicelo> what does 'vulnerable' mean .. :-)
Oct 01 20:02:18 <sicelo> that's the quesiton 'joe' will ask
Oct 01 20:02:31 <DocScrutinizer05> https://googleprojectzero.blogspot.de/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html
Oct 01 20:02:32 <KotCzarny> it means 'you take it in the ass without the soap'
Oct 01 20:04:34 <DocScrutinizer05> awesome how diagram in ^^^ shows a separate "baseband processor" which is _not_ what it regularly looks like today
Oct 01 20:05:47 <blap>  https://www.youtube.com/watch?v=B1ftt8uWPfU  Teknojihad
Oct 01 20:14:55 <DocScrutinizer05> one core statement >>Well… Until several months prior to this research (mid 2016), the firmware made no effort to filter these frames. Any frame received as part of the data RX-path, regardless of its ethertype, was simply forwarded blindly to the host. As a result, attackers were able to remotely send frames containing the special 0x886C ethertype, which were then processed by the driver as if they were event frames created by the 
Oct 01 20:14:57 <DocScrutinizer05> firmware itself!<<
Oct 01 20:24:59 <DocScrutinizer05> sicelo: in short it means: an atacker can *completely* take over control over your device, via WLAN
Oct 01 20:25:14 <KotCzarny> remotely.
Oct 01 20:26:34 <DocScrutinizer05> and I mean *completely*, even to or beyond what user could do after rooting their device
Oct 01 20:27:12 <sicelo> yes. i mean ... average joes don't seem to owrry themselves with all that. all they want is an iphone  :-)
Oct 01 20:27:18 <sicelo> *worry
Oct 01 20:27:56 <DocScrutinizer05> well, they also want apple's encryption and no-unlock policies
Oct 01 20:28:30 <DocScrutinizer05> prolly not only against FBI but also the random hacker attacker
Oct 01 20:29:18 <DocScrutinizer05> on the bright side, rooting all those smartphones with broadcom WLAN is as simple as hardly ever before, also for user
Oct 01 20:29:24 <DocScrutinizer05> ;-P
Oct 01 20:37:29 <DocScrutinizer05> and for the rest... PCIe to the rescue X-P
Oct 01 20:38:07 <DocScrutinizer05> isn't it a *great* idea when the peripheral can do autonomous DMA?
Oct 01 20:38:18 <DocScrutinizer05> (j/k)
Oct 01 20:54:54 <DocScrutinizer05> >>Aha! The Wi-Fi chip managed to DMA into the physical address range containing the host’s kernel, without any interference!<< LOL
Oct 01 20:56:36 <DocScrutinizer05> >>Not only does this kind of access not require a single vulnerability [[except control over the WiFi chip's firmware which is given by the original exploit]] , but it is also much more reliable to exploit<<
Oct 01 20:57:35 <DocScrutinizer05> Broadcom, the better bootloader/kexec for your android device ;-P
Oct 01 21:00:02 <DocScrutinizer05> up to further hw platform examination if it also works as wireless (android) firmware flasher right away, or if they somehow have an additional level of write protection for the firmware storage
Oct 01 21:00:56 <NeKit> <s>can this be used to install Linux on BlackBerry keyboard devices?</s>
Oct 01 21:02:19 <__Chris> DocScrutinizer05: See what questions you get now? :-)
Oct 01 21:02:57 <DocScrutinizer05> LOL
Oct 01 21:03:06 * __Chris giggles.
Oct 01 21:03:34 <DocScrutinizer05> netkat: in theory for sure. Practically I have no idea
Oct 01 21:04:06 <__Chris> Maybe we can ask about on the FB-page of broadcom.... If they have something like that. ^^
Oct 01 21:04:07 <DocScrutinizer05> NeKit: damn
Oct 01 21:04:26 <DocScrutinizer05> my tab completion fails on n vs N here
Oct 01 21:13:05 <DocScrutinizer05> >> let’s repeat the same experiment on a Galaxy S7 Edge, which is based on Samsung’s Exynos 8890 SoC. [...] Once again we are able to DMA freely into the kernel (bypassing RKP’s protection along the way)! It seems that both Samsung’s Exynos 8890 SoC and Qualcomm’s Snapdragon 810 either lack SMMUs or fail to utilise them<<
Oct 01 21:14:05 <DocScrutinizer05> (SMMU == IOMMU)
Oct 01 21:21:02 * blap ponders
Oct 01 21:21:38 <blap> that's a horrible thing
Oct 01 21:21:48 <blap> that's like economics departments teaching lies to students
Oct 01 21:24:40 <DocScrutinizer05> hm?
Oct 01 21:31:52 <blap> nobody saying anything about phones
Oct 01 21:31:58 <blap> the terrible security
Oct 01 21:32:19 <Wizzup> in 74
Oct 01 21:32:21 <Wizzup> oops.
Oct 01 21:37:24 <__Chris> People only want to have some cloud, g00gle, bling-bling-flat-design for showing ads and some curvy displays it seems.
Oct 01 21:38:13 <__Chris> OLEDs which get yellow and burned in in 2 years of usage too.
Oct 01 21:38:49 <DocScrutinizer05> well, you're aware that SMS_two-factor-auth is already deprecated? Now think about NFC payment
Oct 01 21:42:15 <DocScrutinizer05> doesn't need any far fetched scenario like hacking the smartphone navi to lure digital retards and their cars into dark side streets to rob all they got
Oct 01 21:42:57 <DocScrutinizer05> anyway I am pretty sure we will see all of that and more
Oct 01 21:54:14 <blap> i have nothing to say in contradiction
Oct 01 22:10:07 <DocScrutinizer05> not trying to feature FUD, just I'm pretty sure that "People only want to have some cloud, g00gle, bling-bling-flat-design..." of those people will and already does change drastically, considering what we're heading at
Oct 01 22:11:16 <DocScrutinizer05> bling-bling-flat-design..."  '+attitude' of
Oct 01 22:14:21 <DocScrutinizer05> soon old good style phones like N900 and even feature phones will be as useful and popular as torches, in a world where batteries for flashlights are expensive and explosive and hard to find
Oct 01 22:17:14 <DocScrutinizer05> and I think the market for a smartphone designed according to best practice regarding security and privacy like the Neo900 is better than ever
Oct 01 22:19:59 <DocScrutinizer05> I'm absolutely sure the electronics engineers who desined all that new rogue and vulnerable stuff are either well aware but ignorant of the design flaws / compromises they chosen for sake of lower costs, or they are incredibly incompetent
Oct 01 22:23:34 <__Chris> DocScrutinizer05: It was meant more sarcastic. No worries.
Oct 02 00:17:13 <__Chris> DocScrutinizer05: It's not only the smartphone which has problems. PCs too: https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it
**** ENDING LOGGING AT Mon Oct 02 03:00:01 2017