Insufficient Entropy

@[email protected]
3 Followers
54 Following
54 Posts
Insufficient entropy is an error when a computer can't find enough randomness, or a mistake where too little randomness was used. People think of entropy as a measure of disorder and then make computers complain there is too little of it.
Insufficient EntropyApr 29, 2025
Zack WhittakerApr 28, 2025

Electronic Frontier Foundation and dozens of leading cyber and election security experts have signed an open letter saying they "unequivocally condemn" the Trump order targeting former CISA director Chris Krebs, and demand the order is rescinded.

https://www.eff.org/press/releases/eff-leads-prominent-security-experts-urging-trump-administration-leave-chris-krebs

EFF Leads Prominent Security Experts in Urging Trump Administration to Leave Chris Krebs Alone

SAN FRANCISCO – The Trump Administration must cease its politically motivated investigation of former U.S. Cybersecurity and Infrastructure Security Agency Director Christopher Krebs, the Electronic Frontier Foundation (EFF) and dozens hundreds (see update below) of prominent cybersecurity and...

Electronic Frontier Foundation
Insufficient EntropyDec 27, 2024
Zack WhittakerDec 27, 2024

New, w/ @lorenzofb: Data-loss prevention startup Cyberhaven was hacked to publish a malicious update to its Chrome extension, affecting potentially thousands of users. A security researcher says other big Chrome extensions were hacked in the same campaign.

More: https://techcrunch.com/2024/12/27/cyberhaven-says-it-was-hacked-to-publish-a-malicious-update-to-its-chrome-extension/

Cyber firm's Chrome extension hijacked to steal user passwords | TechCrunch

The data-loss startup says it was targeted as part of a "wider campaign to target Chrome extension developers."

TechCrunch
Insufficient EntropyDec 27, 2024
Jeff JohnsonNov 24, 2024

If you were a Mac developer in 2006 and earlier, you didn't have to do anything that Apple wanted.

You didn't even need an Apple Developer account, or indeed an Apple ID (which was used primarily for iTunes Music Store purchases). The Xcode developer tools came on disc with every Mac.

I'm not sure that developers today can imagine such a world of freedom. They come in adopting a servile mindset.

Insufficient EntropyFeb 2, 2023
Sheril KirshenbaumFeb 2, 2023

Well, it's Groundhog Day, again.*

“Only in America do we accept weather predictions from a rodent but deny #ClimateChange evidence from scientists.”

* I share this meme every year on February 2. Source unknown. #science

Insufficient EntropyJan 6, 2023
Martijn GrootenJan 6, 2023
Oh no! The operators of the Andromeda botnet had let their cute domain suckmycocklameavindustry[.]in expire and now suckmycocklameavindustry[.]in is owned by the Russia-linked Turla group, which is using it to deliver malware to targets in Ukraine https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
(State actors piggybacking on botnet infrastructure isn't new. The NSA has done something similar in the past https://arstechnica.com/information-technology/2015/01/nsa-secretly-hijacked-existing-malware-to-spy-on-n-korea-others/ )
Turla: A Galaxy of Opportunity | Mandiant

Mandiant
Insufficient EntropyNov 8, 2022
Sergiu GatlanNov 8, 2022

VMware fixed three critical vulnerabilities in the Workspace ONE Assist remote access solution allowing attackers to bypass authentication and gain administrative privileges.

https://www.bleepingcomputer.com/news/security/vmware-fixes-three-critical-auth-bypass-bugs-in-remote-access-tool/

VMware fixes three critical auth bypass bugs in remote access tool

VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that enable remote attackers to bypass authentication and elevate privileges to admin.

BleepingComputer