Slashdot Mirror

You are missing my point:

Google issuing a fix for Android does not mean my Sony phone running 5.1.1 will get it.

What is the exact mechanism that will send it to me? I only know of two: the phone manufacturer issuing a security update (and we all know that they have not been doing this), or Google Play Services, but you are saying that is not it. So how will it be pushed to phones that are not made by Google?

Related: A list of affected vendors for KRACK quotes Google as saying "Android 6.0 and higher" is affected and that they will issue a fix in a few weeks. Does this mean 5.1.1 is not affected, or affected but they will not issue fixes?

here.

Indeed a handful of other countries were arguing against Simon and Speck, but not on the merits of the algorithm, but on the history of the USA in crypto standards and SP800-90A in particular.

The "merits of the algorithm" is communally undefined if the design party is keeping secret the existence of differential cryptography—or any other advanced mode of attack—as IBM and the NSA once did with the DES. It was pretty clear that something fishy had gone into the design of the S-boxes. Whether fair or foul is impossible to decide when you're on the outside looking in (turns out, for DES, it was fair—foul play was confined to mandating a short key length).

What people don't understand is that as much as the Americans would like to read everyone else's traffic, it's far worse if any backdoor leaked to an adversary (your whole financial system is protected by these codes), so they were sensibly reluctant to put one in—until they invented the one-way back door, where only the designers could ever know. Unable to resist the siren call of this new brass ring, the NSA immediately blew their entire history of trust (which had always been more out of enlightened self-interest than gentlemanly) into a giant mushroom cloud.

It remains difficult to decide whether "merit" can be debated in these matters on a level playing field.

On the other side of the coin, while I'm far from a serious cryptographer, Specks' ARX design does not appear to leave many places for newly discovered snookery to hide itself.

That said, banning the runt versions smells like prudence to me, as any covert American attack is probably a combination of a downgrade attack—tricking a cipher to operate at less than full strength (world and dog are not freaking out over the Intel Management Engine for no reason)—perhaps injecting some known plaintext, finished off with a giant can of precomputed whup ass (the mechanism of attack one can best keep confined to your side of the fight is a multimodal attack).

Once you take the downgrade attacks off the table, it's a lot easier to swallow the inequitable debate on merit as a pure cipher.

ISO is a political organization and the arguments are political. Don't let technical considerations muddy the waters.

Not buying it. I really don't see how you performed that neat dissection of history from technology from capabilities, without the use of a white glove and a black hat.
____

Addendum:

Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA — 28 August 2017

Researchers believe Intel has added the ME disabling bit at the behest of the NSA, who needed a method of disabling ME as a security measure for computers running in highly sensitive environments. ME or any vulnerabilities in its firmware could lead to leaks of highly dangerous information, hence the reason why the NSA did not want to take the risk.

True to form, the NSA's greatest terror is being hoist by their own petard.

They don't advertise this fear, because they prefer to viewed through the do-unto-others side of the lens. Trying to turn these weapons into technological diodes is an enormous practical constraint.

That, and resource saturation (what they can do and what they can afford to do are two different beasts) are in my experience the only reliable external vantage points for 99.999999% of the planet's population incapable of wading into the merit debate at anywhere near eye level.

Funny, actually sad, considering Google Corporate motto. Add Google trying to patent public domain technology,
https://www.bleepingcomputer.c...
1/2 of their revenue coming from the US Government & military, (aka, selling YOU the user out)
http://politicalblindspot.com/...
Google is just a company, like most corporations today. There is little concern about people, it's all about profit. If people get hurt, so what as long as investors get a return.

I purchased an upscale Cable Modem with Gig Ethernet ports and wireless 802.11 AC only to find out that it fails when sent a stream of UDP packets. My son noticed the performance drop immediately while playing Steam.

Here is a test to see if your modem contains the infamous Intel Puma 6 Chipset.

I'm not as surprised as I am a bit confused as to why every tech-related company and their CEO/CIO/COO/CTO decides to do some overbearing data collection secrecy and bury it in a T&S agreement, all-the-while knowingly have a pretty good idea that there is going to be a massive end-user boycott, push-back and the venom that is social media isn't going to propagate it like a pandemic disease?

I'm sure I've seen this movie before like the rest of you --- heck, Plex was just in the news about this, so it's not like any company, their management driving the decisions are naive what-so-ever; it would never work to say you would have never guessed this type of backlash before, plenty of examples all over.

It's either the classic I-dont-give-a-fuck pompous stance in the conference room, the probability is that high that they could eek a change every once in without a gazillion of their user base knowing (or caring), or maybe I greatly under-estimate just how much value monetarily and also an in-house asset all user habit and usage data really is.

No for the love of God NO.

For the sake of anyone that has been taken into bad areas and killed, or in Seattle where Google maps wants to take you off then back on I-5 in the middle of the city to going to the *completely* wrong place.

Don't get me started on the worse ones like Bing and *shudder* apple.

Do not tie these apps to an autonomous machine on public roads moving at lethal speeds without intelligent oversight in between. Don't even try and pretend that current "AI" or "machine Learning" is better than a human. All testing so far has been done under perfectly ideal conditions without having to account for degraded infrastructure or vandalized signs. ( https://www.bleepingcomputer.c... )

The site also has a different, more interesting article detailing the AlphaBay admin's OpSec mistakes. In short, they were many. https://www.bleepingcomputer.c...

From the Windows 10 S FAQ: "When in Windows 10 S configuration, you are able to download any browser available in the Windows Store"

From "Windows Store Policies", as reported in "Microsoft Has Effectively Banned Third-Party Browsers From the Windows Store" by Catalin Cimpanu:

10.2.1
Apps that browse the web must use the appropriate HTML and JavaScript engines provided by the Windows Platform.

Thus all web browsers for Windows 10 S are wrappers for the same EdgeHTML engine that Microsoft Edge uses, in the same way that all* web browsers for iOS are wrappers for the same Apple WebKit engine that Safari uses. If a user encounters a site that relies on a new web platform feature that Edge does not implement, the option to switch to a Blink or Gecko browser in order to work around lack of support in Edge is paywalled to users of Windows 10 S, as the user would first have to purchase the upgrade to Windows 10 Pro.

I know Google has made Chrome In Name Only for iOS, and Mozilla has made Firefox In Name Only for iOS, both of which wrap Apple WebKit. But to what extent would it be a worthwhile effort and positive brand move for Google and Mozilla to produce browsers that wrap EdgeHTML for Windows Store?

* Except Opera Mini, which is more like running Remote Desktop to a web browser running on a VPS somewhere.

According to BleepingComputer.com, you can vaccinate against NotPetya by creating and adding 3 write-protected files to your C:\Windows folder: perfc, perfc.dat, and perfc.dll.

Content doesn't matter but "Read-only" status does.

This ransomware has actually previously been defeated (April 2016), and a key generator tool was released:

https://www.bleepingcomputer.c...

fyi

That means it is based on or related to that malware, that does not mean all the same tools and counter measures will apply. From my experience you're probably fine if you're running a next gen AV product and if you're running traditional AV software, you may or may not have sigs yet.

This ransomware has actually previously been defeated (April 2016), and a key generator tool was released:

https://www.bleepingcomputer.c...

fyi

Uhh you must have missed the memo as MSFT released a patch for all their no longer supported systems including XP SP2 & 3, 2K3, Vista, and Windows 8.

The write up on Bleeping Computer lists all of the suspect HP models: https://www.bleepingcomputer.c... Sure enough, I found MicTray running on one of our 640 models.

Why get a half baked OS when you can get a similar tablet with Android and a much larger selection of software, or just full Windows 10 that doesn't suck as much for a little more money?

Two words: Microsoft Office.

This has potential as an office-drone machine, where their entire workload revolves around Outlook, Word, Excel, PowerPoint, and a web browser. Granted, they'll have to allow Chrome because Edge isn't going to be acceptable.

Add on the other big Microsoft toys -- Visio and Project -- and they may have a hit in the corporate world.

Granted, this could already be implemented with proper application whitelisting policies, but that takes real work...

The link is in the article title, https://www.bleepingcomputer.c...

The other submission, which mods ignored, contained a better list of the exploits: https://www.bleepingcomputer.c...

Well, to me it seems really, really, stupid. Might sound like a good idea without thinking about the numbers but seriously a global warrant for anyone who searched for a specific name and to add even more stupid to that, variants of the name. I sure hope that name was globally unique, not many people have that though, I do and a fully appreciate how rare that is.

So goggle concedes this one, because the reward for a stupid question has always been a stupid answer. Not a unique name and taking into accounts variants, sure, not a problem, here are the, I don't know imagine a number between one thousand and one million, have fun and good luck with that. Think that's not likely to happen, sure goggle does 3.5 billion searches per day and even the tiniest percentage of that becomes a huge number.

Never to forget trackmenot http://www.cs.nyu.edu/trackmen..., hey trackmenot, did you go somewhere naughty and get me in trouble and new stuff like https://adnauseam.io/, hey adnauseam, did you click at naughty add, cheeky bugger. My computer makes more searches than I do, by an order of magnitude and adnauseam, well it clicks more ads than I do, by many, many, orders of magnitude (adnauseam helping to boost many web sites profits, I am suprised a lot of web sites have not be actively promoting that add on, even when asshats at google work to ban it on chrome https://www.bleepingcomputer.c..., spoilsports but of course https://github.com/dhowe/AdNau....

In the world of spy vs spy misinformation is often the most effective means of security (you can play to, another good example would be a fake file on your desktop with fake credit card details, passwords and information, they find it, take it and leave). How long before fame email tools turn up as well as a full range of other data base toxins (filling invasive databases with poisoned data creating false links eventually killing the database, actually dead in reality, requiring most of the data to be tossed and forced to start again).

"We were hacked, but nobody was locked in or out," said the hotel's Managing Director Christopher Brandstaetter. "For one day we were not able to make new keycards." "Since the locking system must work even in the event of power failure, the guests in the hotel almost did not notice the incident," the manager also added. "We simply could not issue new keycards because the computers were encrypted."

Fire code regulations all over the globe mandate that electronic key locks to open manually from the inside, which means no guest was locked inside their rooms. Additionally, electronic key systems are also created to handle power failures, so there was a way to open the doors from the outside, meaning no one was locked out either. According to Austrian news site ORF, the hotel was fully-booked with 180 guests. According to hospitality news site Allgemeine Hotel- und Gastronomie-Zeitung, at the time the ransomware took root, all the hotel's guests were on the local ski slopes.

The source of the story, at the bottom of TheLocal article, is Central European News, which BuzzFeed proved to be a source of fake news: https://www.buzzfeed.com/alanw... There's an accurate report here, with statements from the hotel's manager: https://www.bleepingcomputer.c...

Hello,

I guess it was a slow day at CBS Interactive's CNet web site, or perhaps they are not very familiar with using Windows. This behavior can easily be disabled by a simple registry tweak. Here's a .REG file which does exactly that:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001

If you would rather script it using a .CMD file, that's easy enough, too. You can even do it in one line:

REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1

Or, for the PowerShell-inclined, here's a three-line version:

New-Item HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
New-Item HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Set-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -Name "NoAutoRebootWithLoggedOnUsers" -Value 1 -Type DWord

As always, you are responsible for your computer and should make a backup before making any changes to it.

Yes, Windows can be difficult to use at times, and the learning curve can be quite high. But these days that's pretty true of any operating system if you're coming to it for the first time. You can find the answers to a lot of questions by searching the web, and in case you can't (or you still have questions), you can go to a web site with an active Windows user forum like BleepingComputer. GeeksToGo, Neowin, Scot's Newsletter,Sysnative, WindowsForums or even Microsoft's own Microsoft Answers forum and someone will help you. Those are just a few off the top of my head, there are plenty of others, although you should probably avoid CBS Interactive's own CNet forums.

Regards

Aryeh Goretsky

Android is NOT #17. It is #1.

https://www.bleepingcomputer.com/news/security/android-was-2016s-most-vulnerable-product/

The remainder of your claims are skewed and based on analysis of a few individual vulnerabilities. Besides, why should your claims be trusted when you begin with an utterly false and uncited claim?

I have them determined & blocked in my custom hosts file for ZEUS variants just as I have blocked MIRAI's current crop of C&C servers hardcoded + other networked systems it uses here https://it.slashdot.org/comments.pl?sid=10009063&cid=53507971/ & here https://it.slashdot.org/comments.pl?sid=10009063&cid=53508081/ so I am awaiting the .onion TOR domains to block once they're determined - as is, I've got this thing corralled & nullified via hosts files usage.

APK

P.S.=> Use of .onion by this "bestbuy" GOOF (anyone doing botnet crap's an a-hole imo) isn't what he says it is quoted "Try to shut down .onion 'domains' over Tor," BestBuy boasted FROM https://www.bleepingcomputer.com/news/security/security-firms-almost-brought-down-massive-mirai-botnet// BECAUSE YOU'RE CORRECT & THOSE .onion DOMAINS GET REVEALED JUST LIKE ANY OTHER C&C + OTHER NETWORKED PARTS ALWAYS DO - hosts block them easily! apk

See subject - Blocking communication w/ it's C&C servers:

HARDCODED INTERNAL TO BOTNET CODE:

0.0.0.0 zugzwang.me
0.0.0.0 tr069.online
0.0.0.0 tr069.tech
0.0.0.0 tr069.support

DGA GENERATED:

0.0.0.0 vmdefmnsndoj.tech
0.0.0.0 xpknpxmywqsr.tech
0.0.0.0 lvfjcwwobycj.tech
0.0.0.0 nympompksmfx.tech
0.0.0.0 kedbuffigfjs.online
0.0.0.0 bwhrdaumwuvn.online
0.0.0.0 bpmsfckfkrpr.online
0.0.0.0 oornduuwjli.tech
0.0.0.0 qjqubpciajoc.tech
0.0.0.0 exvdaajegjur.online
0.0.0.0 poorcetnmjfc.online
0.0.0.0 vtrndmhsgada.online

* BOTNET NO LONGER USES DGA THOUGH

"the DGA feature had been removed" FROM https://www.bleepingcomputer.com/news/security/security-firms-almost-brought-down-massive-mirai-botnet/

(TOR DOMAINS != LISTED BUT CAN BE BLOCKED ONCE DETERMINED)

APK

P.S.=> For the best custom hosts file creator? APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

> the electronic voting machines aren't even net-connected

So far they have not alleged that the voting machines were hacked. But an airgap is not much of an obstacle. Do not forget how well Iran's offline centrifuges were hacked by stuxnet. Voting machines don't even have the kind of operational security procedures that Iran's classified program had. A voter could do it. Or they could attack the PCs of the people who do maintenance on the voting machines, and put a virus on the media they use to copy files to/from the voting machines.

> merely that by releasing the DNC's emails that they hacked they swayed public opinion.

While simultaneously withholding RNC emails. Selectively telling the truth is propaganda 101.

See subject - By stalling it's network communication as follows:

0.0.0.0 3hnuhydu4pd247qb.onion
0.0.0.0 popcorn-time-free.net

* Using those entries in your custom hosts file to block communication with them...

(SOURCE = https://www.bleepingcomputer.c... )

APK

P.S.=> For more protection, speed & anonymity online via hosts files vs. this & other online threats, see APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

See subject - By stalling it's network communication as follows:

0.0.0.0 3hnuhydu4pd247qb.onion
0.0.0.0 popcorn-time-free.net

* Using those entries in your custom hosts file to block communication with them...

(SOURCE = https://www.bleepingcomputer.c... )

APK

P.S.=> For more protection, speed & anonymity online via hosts files, see APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

See subject - By stalling it's network communication as follows:

0.0.0.0 3hnuhydu4pd247qb.onion
0.0.0.0 popcorn-time-free.net

* Using those entries in your custom hosts file to block communication with them...

(SOURCE = https://www.bleepingcomputer.c... )

APK

P.S.=> For more protection + more speed & anonymity online via hosts files, see APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

It's Mirai: http://www.bleepingcomputer.co...

Looks like a standalone executable, from this article on Bleepingcomputer:

http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/

CryptXXX only runs on Microsoft Windows I presume ..

I recently switched to Linux Mint; could you perhaps recommend some good Linux-compatible ransomware that I can run on my machine?

The SCO Group

CryptXXX only runs on Microsoft Windows I presume ..

I recently switched to Linux Mint; could you perhaps recommend some good Linux-compatible ransomware that I can run on my machine?

CryptXXX only runs on Microsoft Windows I presume ..

Well maybe if you ask nicely the authors will compile it for your platform of choice. I'm not sure how easily you'll find a steady supply of non-Microsoft shops to spearfish, though.

CryptXXX only runs on Microsoft Windows I presume ..

http://www.bleepingcomputer.co...

Conduit is real nasty. Only a reimage can uninstall it

I did a quick search and found this entry on the Bleeping Computer forum.

If everything in that post is true, I fully understand why SpyHunter gets a bad review.

Really?

It would probably have been better if the original source of the story was posted rather than Softpedia's bad replay.

Bleeping clearly states:

"Other sites have also been calling this ransomware DecryptorMax due to a hard coded string found inside the ransomware executable"

I agree, its strange how there is nothing on Emsisoft's site, but if you look through BleepingComputer's articles on ransomware you see there is some sort of relationship between them and AV experts such as Fabian. As far as I am concerned, BleepingComputer has become the authority on crypto ransomware. If you look through their news, any new ransomware that comes out is typically reported by them first.

What confuses me,though, is why softpedia is even mentioned at all considering they just regurgitated what was originally posted in BleepingComputer's article.

Windows 10 kernel was code by Linus Torvalds. http://www.bleepingcomputer.co...

I ran it in a virtual Win7 machine and it displayed a splash screen and just sat there like that for hours until I killed it.

How is this any better than, say, ComboFix,exe? http://www.bleepingcomputer.co...

It's not by default, but can be re-enabled easily enough.

I know, it's a bit late for that once the machine doesn't boot, but for future reference : http://www.bleepingcomputer.co...

Take a look at this article

basically, set software restriction policies such as PATH RULE
C:\Users\ DISALLOW

Or better yet, set to DISALLOW by default. And whitelist specific system directories, including the default allowed directories.

Only allow installed software to run, and software in C:\Windows c:\program files c:\program files (x86) etc.

And perhaps some temporary directories

For web browsers such as Chrome, I suggest you should use "Chrome for business" installed globally, instead of installed in the individual user's directory.

You may need to allow some programs to execute from some temporary directories of the user profile to allow automatic updates running as the user instead of admin.

Especially since DX10 was almost certainly developed on XP, as Microsoft was screwing around with Longhorn/Vista at the time. Not the first time they've pushed forced obsolescence on gamers...the Age of Empires III installer demanded XP, but you could install it on 2000 with a simple command line switch....

'First I got infected by "malware protection designed to protect" and "windows xp recovery" I used rkill to fix this. But now any google search gets redirected and I hear commercials even with no browser open. The TDSSKiller won't run even when is renamed. And SAS or malware bytes won't detect anything.' link

Just turn them off. Same thing we do with Window Servers. Download updated but let me choose when to install them.

http://www.bleepingcomputer.com/tutorials/disable-silent-updates-in-firefox/

Don't know what site was infected but I saw the JAVA icon pop up in the system tray on my windows 7 pc and the next thing I know there are a hundred popup windows telling me my HDD had failed and one window for S.M.A.R.T. HDD telling me I needed to purchase the full version to remove viruses. I spent all morning and much of the afternoon cleaning that crap up...

...why I contracted a rogueware/rootkit while surfing reddit the other night. I sure as hell didn't click on any executables, I was running FF 8 with noscript, and MSE was running too. I was greeted with a rogueware popup for antivirus program, and knew immediately I had been infected. MSE never made a sound...in fact, it was shut down immediately.

Oh, and I'm running 64-bit W7.

Thanks to the good folks at bleepingcomputer.com for the tools needed to wipe the machine clean. Thumbs down to MSE, which didn't even pick it up.

So yes, there is a vulnerability here, and it sure as hell involves more than Safari.

I've never known anybody to use Zone Alarm, I've hosed a few windows with FreeAVG > killed performance and uninstalling didn't do as much as it should have...

Comodo is hard to use, but a lot better than the ones you've mentioned, and though I tend to conform to your view on third party software, think of comodo as a layer between the user and the OS that prompts for user interaction to let the OS do anything. Definitely, don't use it if you don't want to though, but you do have the wrong impression of what I am referring to :)

Easiest way would be to set up another windows instance and play with it, as you probably regret not doing with AVG :)

If you think malware / spyware is sketchy on a windows box, root kits are just plain out creepy
http://www.bleepingcomputer.com/startups/rootkit.html

The rootkit is what makes me want to reinstall windows on compromised machines than try and fix em,
http://www.bleepingcomputer.com/startups/rootkit.html

I've never known anybody to use Zone Alarm, I've hosed a few windows with FreeAVG > killed performance and uninstalling didn't do as much as it should have...

Comodo is hard to use, but a lot better than the ones you've mentioned, and though I tend to conform to your view on third party software, think of comodo as a layer between the user and the OS that prompts for user interaction to let the OS do anything. Definitely, don't use it if you don't want to though, but you do have the wrong impression of what I am referring to :)

Easiest way would be to set up another windows instance and play with it, as you probably regret not doing with AVG :)

If you think malware / spyware is sketchy on a windows box, root kits are just plain out creepy
http://www.bleepingcomputer.com/startups/rootkit.html

The rootkit is what makes me want to reinstall windows on compromised machines than try and fix em,
http://www.bleepingcomputer.com/startups/rootkit.html