|
News News regarding BSD and related. |
|
Thread Tools | Display Modes |
|
|||
How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
From http://arstechnica.com/security/2015...found-at-last/
Quote:
A shorter version of this story submitted by "frcc" : http://www.theinquirer.net/inquirer/...kdoor-epidemic And as the idiom says "three times lucky" a quote from the New York Times submitted by "Mike-Sanders" : Quote:
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 18th February 2015 at 12:15 AM. Reason: Added two more reports of this story ;) |
|
|||
Kaspersky Labs seems to be on a roll.
Two aspects of the story caught my attention. One is the need to have flash able memory in a hard drive. I can think of one hard drive I owned where the SATAI (1.5) needed a windows *exe file to set SATAII (3.0) transfer rates. I did not, and still do not, have windows. The last time I purchased a hard drive, I looked for one that used jumper pins. The second aspect is the large size of the flashable memory. If the functionality was coded in a memory efficient manner and the physical memory space for the code had no extra room, this would not have been possible. |
|
|||
Yet, isn't extra space a requirement in order to reflash firmware for updates? That appears to be the loop-hole for the exploit...
__________________
www.tacoshack.xyz |
|
|||
I do no know for sure, but wouldn't reflashing remove extraneous code?
|
|
|||
Yes, but I keep wondering: If the routines that launch/accept the update are now controlled by the exploit, then the exploit simply need deny the reflash...
Code:
// pseudo code, just thinking aloud // oem firmware if exists update-fimrware.bin then patch && reboot // nsa exploit ignore update-fimrware.bin && boot // or worse still if nsa == happy then just reboot else if nsa not happy then...
__________________
www.tacoshack.xyz |
|
|||
Both our regulars frcc and Mike-Sanders submitted additional reports about these Kaspersky findings.
I added the URLs of these reports to the first post of this thread. My conclusions: "These days, the only things you can count on, are your fingers" and "If the men in the dark suits are going to get you, they are going to get you"
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
More thinking out loud. Edward Snowden is working in Moscow on aspects of computer security and the Kaspersky reports are consistent with Snowden's NSA disclosures. I imagine searching for security flaws to be akin to looking for needles in haystacks. It is easier if it is narrowed down to a specific flashable chip in a specific piece of hardware. Could the string of Revelations from Moscow have a guide on a mission?
|
|
|||
Apologies in advance for such a long post, just hoping to share my findings. Certainly skepticism is highly warranted with respect to the links below, & I'm applying that same rigor to the US government equally. Here's a dump of my notes to date, you guys tell me what you think (I dont know anymore, its all very Orweillian):
'Last fall, Kaspersky and the US security company Symantec both reported for the first time the discovery of a cyber-weapon system which they christened "Regin". According to Kaspersky, the malware had already been in circulation for 10 years and had been deployed against targets in at least 14 countries, including Germany, Belgium and Brazil but also India and Indonesia.' <http://goo.gl/fn86zT> 'Microsoft's operating systems require all cryptography suites that work with its operating systems to have a digital signature. Since only Microsoft-approved cryptography suites can be installed or used as a component of Windows, it is possible to keep export copies of this operating system (and products with Windows installed) in compliance with the Export Administration Regulations, which are enforced by the US Department of Commerce Bureau of Industry and Security .' <http://goo.gl/0KXNV> 'The National Security Agency has backdoor access to all Windows software since the release of Windows 95, according to informed sources, a development that follows the insistence by the agency and federal law enforcement for backdoor “keys” to any encryption, according to Joseph Farah’s G2 Bulletin.' <http://goo.gl/IdGkb> 'The Court is troubled that the government's revelations regarding NSA's acquisition of Internet transactions mark the third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program.' <http://goo.gl/4v7tNO> 'The N.S.A.'s Sigint Enabling Project is a $250 million-a-year program that works with Internet companies to weaken privacy by inserting back doors into encryption products. This excerpt from a 2013 budget proposal outlines some methods the agency uses to undermine encryption used by the public.' <http://goo.gl/uwQfXu> 'The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.' <http://goo.gl/vbwxmP> 'The Justice Department had told Judge Bates that N.S.A. officials had discovered that the program had also been gathering domestic messages for three years. Judge Bates found that the agency had violated the Constitution and declared the problems part of a pattern of misrepresentation by agency officials in submissions to the secret court.' <http://goo.gl/kA0DVV> 'A little-known provision of the Patriot Act, overlooked by lawmakers and administration officials alike, appears to give President Obama a possible way to keep the National Security Agency’s bulk phone records program going indefinitely — even if Congress allows the law on which it is based to expire next year.' <http://goo.gl/lvcKHH> 'According to Bloomberg's sources, Microsoft provides information about security flaws and other bugs in its software in advance of public releases of fixes.' <http://goo.gl/OLzw9> 'It is common for individuals or companies who discover zero-day attacks to sell them to government agencies for use in cyberwarfare.' <http://goo.gl/wup7> (huh? dude!)
__________________
www.tacoshack.xyz |
|
|||
Now that's a spooky thought shep...
__________________
www.tacoshack.xyz |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Hardware MIPS Tempts Hackers With Raspbery Pi-like Dev Board | J65nko | News | 4 | 31st August 2014 09:29 PM |
Secret contract tied NSA and security industry pioneer | J65nko | News | 1 | 24th December 2013 01:29 AM |
Security FBI warns of U.S. government breaches by Anonymous hackers | LeFrettchen | News | 0 | 16th November 2013 03:06 PM |
OpenBSD Hackers in need of hardware | J65nko | News | 1 | 29th January 2010 04:28 AM |
BSD hackers game! | DNAeon | FreeBSD General | 8 | 2nd August 2009 11:19 AM |