[dayglored]

Pretty tricky, those Chinese.

No, wait... "Those Israelis".

Wait, what?

[dayglored]

Duqu malware -- signed Foxconn certs ... PING!

You can find all the Windows Ping list threads with FR search: search on keyword "windowspinglist".

[doc1019]

.

[Delta 21]

Its not hard to defeat a lock when you have the key.

Russians know better than most that the success of any cypher program is the security of its keys.

[Lurkina.n.Learnin]

As pointed out by the Russians. Yippee!

[zeugma]

OK, so we now know that hackers have a key that is signed by Verisign. Has that key been revoked? Folks, especially windows folks, are pretty screwed until they can get that revocation out. This is bad for Linux and OSX users as well, because I would imagine that most folks are going to trust that cert, which we now know is in malicious hands.

[familyop]

“Israel’s spies are suspected,” according to the commie/fascist Russians.

[wastedyears]

I’m not all that concerned, because I’ll be building my own PCs from now on. I don’t have to worry about bloatware and whoever else installing useless slow programs.

[__rvx86]

And this is why I build my own computers...or purchase from an independent system integrator...

Of the four computers that are sitting next to me, two are custom builds.

/ping

[__rvx86]

A temporary fix: If at all possible, downgrade to a 32-bit version of Windows.

(Isn't there a loophole in the E.U.L.A. for recent versions of Windows NT, where you could downgrade to the equivalent 32-bit edition at no cost?)

From the looks of it, the root-kit is a 64-bit K-mode Windows NT driver. It could not possibly load in a 32-bit Windows NT environment.

Unfortunately, if you have massive amounts of RAM available, it becomes inaccessible, since Microsoft removed most of the features of Physical Address Extension.

In recent versions of NT, PAE is only used to gain access to the X-D processor feature—preventing the execution of data-segments as code; see D.E.P.

Full PAE support existed in Windows 2000 and .NET Server, but was removed in Windows Vista due to problems with video drivers that screwed up when >4GB of memory was available in 32-bit mode.

[lapsus calami]

 

 

They Chinee, they play joke, they put malware in your code.

 

 

 

[PAR35]

The Foxconn certificate used in this instance was most likely stolen.

Assuming facts not in evidence. No wonder they ran into problems if they are that trusting.

[Thunder90]

Chinese and Russians discover Israeli “malware”...

Hmmmm....

[Bob]

It’s late and I may be missing something obvious — How does this malware reside solely in memory with nothing written to the disk? How does it get into the memory on power-up if not from the disk?

[rarestia]

So let me see if I understand this...

Vendor buys EV cert from VeriSign to sign code.
Vendor’s cert is part of the trusted roots, as VeriSign always is, and anything using the vendor’s signed code is permitted to run.
Vendor’s cert is compromised (read: stolen) and used to sign malicious code.
Code is distributed and runs unabated because the cert chain is trusted.

What’s the attack vector? Is it social engineering (i.e. through email download) or is it a rootkit embedded in the OS? I’m a little fuzzy on details.

[daniel1212]

Chrome trumps all comers in reported vulnerabilities

IE for Win 10 preview Make up your mind: Microsoft puts a bullet in Internet Explorer after all Spartan to be default in Windows 10, IE11 to 'remain fundamentally unchanged' 48 Comments

[Tolerance Sucks Rocks]

Yes, it’s da Jooooooooooz.

/sarc

[GOPJ]

America first. American internet first - freeze out scammers.