Posted on 06/15/2015 8:24:50 PM PDT by dayglored
The ruskis were just po’d that they couldn’t do as well.
I didn’t get an AMD64 computer until sometime last year.
As a result, I’ve been somewhat conditioned to conserve memory...like the developers and engineers of old...though I would have never been responsible for a Y2K bug, if I travelled across time...and placed in such a situation...
Assuming facts not in evidence. No wonder they ran into problems if they are that trusting.
LOL. :-)
True story. Long ago I designed an 8-bit A-D/D-A X/Y converter interface, with X-Y joystick input, and the D-As could place a single dot on the screen of an oscilloscope CRT for a split second. That was my input and output. Using hand-assembled (pencil and paper) machine language I designed and programmed:
Chinese and Russians discover Israeli “malware”...
Hmmmm....
It’s late and I may be missing something obvious — How does this malware reside solely in memory with nothing written to the disk? How does it get into the memory on power-up if not from the disk?
The malware is in the form of a 64-bit kernel-level driver, which because it will be loaded into such a secure part of the operating system (the kernel), must be signed digitally and verified. That's what the stolen key/cert is about -- it "validates" to Windows that the malware-infected driver is okay to load.
So in that sense the malware has a persistent presence, in the loadable driver, on the machines where it loads on boot.
But the driver is loaded into special machines on boot -- gateways, routers, firewalls -- that specifically have the internet on one side and the corporate local network on the other side. This means the driver gets to see, filter, change, redirect, or block any network traffic it wants to. It also -- and this is important -- can dynamically supply the infected driver over the corporate network to any/all other machines inside.
And in that way, those machines do NOT have a persistent, disk-resident copy of the malware.
Or at least, that's the picture I get from this Kaspersky release:
https://securelist.com/blog/research/70641/the-duqu-2-0-persistence-module/If you read that and get a different picture, by all means write back and correct my misapprehension. Thanks!
So you are making your own motherboards, chips, and peripherals?
Everything is made in China and they can hide what they want down at the lowest levels imaginable.
Thanks for the ping. It just keeps getting more interesting. I thought it was the Israeli’s or the US, now I’m questioning that conclusion. Maybe it’s the Chicoms, or maybe this is another clue designed to divert and confuse?
Very good, and the way to go.
At the company-level, most use Enterprise licenses, and deploy the operating system to machines rather than just use the OEM version that comes with so many boxes.
Numerous deployment tools exists, such as the free Microsoft Deployment Toolkit (MDT) or the more robust System Center Configuration Manager—which requires a license—but they make remote deployment and installation a breeze.
It’s the best way to ensure crap stays off the systems.
Good point.
It’s like the “Unknown Hacker” of old. A hacker so good, no one knows he’s there, and no system intrusion software can find him.
At some point we might just have to give up, sit back and enjoy the ride.
So let me see if I understand this...
Vendor buys EV cert from VeriSign to sign code.
Vendor’s cert is part of the trusted roots, as VeriSign always is, and anything using the vendor’s signed code is permitted to run.
Vendor’s cert is compromised (read: stolen) and used to sign malicious code.
Code is distributed and runs unabated because the cert chain is trusted.
What’s the attack vector? Is it social engineering (i.e. through email download) or is it a rootkit embedded in the OS? I’m a little fuzzy on details.
If you have an internal corporate CA, you could turn off acceptance of external code signing certificates and only trust those issued by your internal CA. It would make installation of new third-party software difficult, but it would protect your network until the CRLs and OCSPs can be updated.
bfl
I didn’t mean making my own components, I meant building a PC.
And I get exactly what I want, for quite a bit less cash. I’ll never again buy one of those premade computers again.
Thanks for the additional information. I must admit that I was a bit confused as to how the memory-resident portion of the virus was able to get there without being present on the machine's hard drive.
That's not really a surprise, especially back in March. :-) Even so (I'm not a Chrome fan), simply totaling vulnerabilities is a salesman's game, as it has little technical relevance to actual security. Vulnerabilities are generally not equally dangerous.
> IE for Win 10 preview Make up your mind: Microsoft puts a bullet in Internet Explorer after all Spartan to be default in Windows 10, IE11 to 'remain fundamentally unchanged' 48 Comments
Well yes, we've had a number of threads on Spartan/Edge since March.
But thanks for the reminders.
Gee, it couldn't be China's gubmint...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.