Jump to content











Photo
- - - - -

IT news . . .


  • Please log in to reply
6 replies to this topic

#1 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 17 February 2015 - 11:31 AM

"The hardware will be able to infect the computer over and over," ...  "spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers,"... "in the obscure code called firmware,"  "There is zero chance that someone could rewrite the [hard drive] operating system using public information".

 

 

 

http://www.reuters.c...N0LK1QV20150216

 

  :buehehe:



#2 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 17 February 2015 - 12:14 PM

Let's go back to abacus and slide rule.

 

There is no chance for hackers to spy!

 

Maybe some calculations take some more time ...

 

Peter :cheers:



#3 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 February 2015 - 01:10 PM

 

 

Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.

"There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.

Hmmm. :unsure:

 

If a single guy in his spare time can do this :thumbup:

http://spritesmods.com/?art=hddhack

I believe that a $ milliion governement project can do it even without access to source code....

 

:duff:

Wonko



#4 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 17 February 2015 - 04:12 PM

Very interesting articles mentioned here, I'm quite sure my laptop has no such thing as a "firmware" to infect Windows. :)

 

On a serious note, they seem to be getting very restrict about the software auditing part and request disclosure of the source code. Interesting stuff indeed.



#5 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 01 October 2015 - 08:30 AM

A773TA.jpg
Akamai announced on Tuesday that its Security Intelligence Response Team has discovered a massive Linux-based botnet that's reportedly capable of downing websites under a torrent of DDoS traffic exceeding 150 Gbps. The botnet spreads via a Trojan variant dubbed XOR DDoS. This malware infects Linux systems via embedded devices like network routers then brute forces SSH access. Once the malware has Secure Shell credentials, it secretly downloads and installs the necessary botnet software, then connects the newly-infected computer to the rest of the hive.
Security researchers had been aware of XOR DDoS since last year but have just recently noticed the effects of the botnet itself. According to Akamai, the network strikes around 20 times a day, though 90 percent of its targets are various businesses in Asia -- typicallygambling and educational sites. What's troubling isn't the scope of attacks but rather the size. This botnet is capable of driving anywhere from a couple Mbps to over 150 Gbps of traffic every minute at its targets. That upper figure is many times more than what even most multinational corporate networks can handle. It's the digital equivalent of hunting mosquitos with a hydrogen bomb.
"A decade ago, Linux was seen as the more secure alternative to Windows environments, which suffered the lion's share of attacks at the time, and companies increasingly adopted Linux as part of their security-hardening efforts," Akamai told PC World. "As the number of Linux environments has grown, the potential opportunity and rewards for criminals has also grown." As such, anyone with a Linux rig is strongly advised to review their existing security implementations and harden them accordingly.




http://www.engadget.....150-gbps-ddos/


That was OS unsurpassed by security?

I must ask Mr. Snowden over Twitter whether he knew what is libreboot/coreboot and whether he used them instead proprietary BIOS/UEFI.laie_67.gif



#6 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 01 October 2015 - 04:35 PM

They're targeting servers, which are very good machines for this purpose with its 24/7 high-bandwidth connectivity.

 

Still Microsoft has control over a billion machines running their OS. Technically speaking, what keeps them from selectively weaponizing a portion of these machines against an adversary? I don't mean picking on machines around us, but imagine what could be done with the pirated edition of their OS and then put the blame on "anonymous".. :)



#7 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 771 posts
  •  
    United Nations

Posted 12 October 2015 - 11:00 AM

Outhere  is (certainly outdated :buehehe: ) a catalogue of NSA firmware-hacking tools (ARKSTREAM) for  BIOS-spy hacking. :hyper:
 
Proprietary BIOS firmwares (installed at manufacturing time) are many years now with malicious implants (payloads) which operates above antivirus and any available OS.

 

Over a billion machines running proprietary BIOS. 
 
BIOS malwares uses certain functions with high-level system privileges to read all data and code that appears into a machine’s memory.

 

Even the Tails Linux, system that Snowden use to protect himself can’t actually protect him from the NSA or anyone else if use the proprietary UEFI firmware and BIOS.  :secret:
 
Possible solution/replacement - LinuxBIOS (Coreboot, Libreboot and SageBIOS) is available only for a limited number of hardware platforms, on the approximately 200 supported motherboards in total.  :merc:

 

The truth is sad and hard to swallow :duff:


  • Brito likes this




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users