Domain: security.nl
Stories and comments across the archive that link to security.nl.
Comments · 12
-
#BadBIOS - BIOS Malware 2/2
- Persistent BIOS malware with hypervisor and SDR found
http://www.wilderssecurity.com/showthread.php?t=354463
=
- [Cryptography] programable computers inside our computers
Quoting Viktor Dukhovni (2013-10-22 06:50:38)
> I am much more concerned about the proliferation of miniature programmable
> computers inside our computers (CPUs and programmable firmware in disk
> controllers, battery controllers, BMC controllers, with opaque binary firmware
> update blobs, and complex supply chains) that about secp256r1 vs secp521r1.
>
> We thought embedded devices were for physical infrastructure
> engineers to worry about, but now they are proliferating inside
> our general purpose computers. The next Stuxnet will run on one
> of the invisible computers inside your computer.http://www.metzdowd.com/pipermail/cryptography/2013-October/018380.html
=
Researcher discovers mysterious BIOS malware [Translated]
Friday, October 11th, 2013, 14:53 by Editorial
"A security researcher has discovered several laptops mysterious malware hiding in the BIOS of computers. The BIOS (Basic Input / Output System) is a set of basic instructions for communication between the operating system and the hardware.
It is essential for the operation of the computer, and also the first major software running at the start-up. An attack on the BIOS may have far-reaching consequences and is difficult to detect. Example by a virus on the desktop
Researcher Dragos Ruiu, creator of the famous Pwn2Own hacker competitions, reports via Twitter that he has discovered that flashing the BIOS can survive. Persistent BIOS malware In addition, the malware on a BIOS hypervisor, also called a virtual machine monitor (VMM) in which a virtual machine is running, and Software Defined Radio (SDR) functionality to 'air gaps to bridge.
SDR is a radio communication system in which components that are normally part of the hardware (for example, mixers, filters and amplifiers) are carried out by means of software on a computer. A-SDR basic system can consist of a computer with a sound card or other analog-to-digital converter preceded by a form of RF front end.
Air gap
An air gap is a computer that is not connected on the internet. Recently left security guru Bruce Schneier even know that he uses an air gap for the documents whistleblower Edward Snowden, he also examines, with a computer that has never been connected on the internet. By means of the SDR attackers would also be able to communicate in this way. With the machine
The malware was discovered by the Copernicus tool that dumps the contents of the BIOS and then to examine them. Dump Ruiu states that Copernicus seen the discovery of the BIOS malware already the main tool of the recent times.
LaptopsThe researcher reports that the BIOS malware on a Dell Alienware, Thinkpads and Sony laptops is found. Would have become infected MacBooks also possible but has not been confirmed. The malware uses DHCP options for encrypted communication. Using their skill On the basis of the tweets that the investigation into the malware is still in progress. Security.NL Ruiu has asked for more information. As soon as more details are known, we will let you know."
https://www.security.nl/posting/366329/Onderzoeker+ontdekt+mysterieuze+BIOS-malware
=
- New Bios Malware
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2998
=
eof
-
Re:Have you talked to anyone?
The law isn't explicit, but it's been established by precedent as a part of Dutch Copyright Law, article 7. Explicit answer here (dutch text).
Rough translation: "copyright on works made as part of your job are assigned to your employer. It does not matter whether the work was explicitly requested, only whether the work can be judged as "part of your job description". Creating a tool to support your own job almost always means that your employer holds the copyright to that."
Regarding your assertion: "A common misperception is that you own a work if you create it off company hours and do not use company resources. Those are irrelevant. What matters is whether your activities can reasonably be interpreted as part of your job".
-
The Dutch are doing this for 2 years already
The Dutch Government CSIRT is doing this for two years already. So you can chill out to a cool Legowelt CD and get warned when there's a new threat.
-
Check out the stats!The stats at Security.nl show a great increase in scans. There's also a map of the geographic distribution of the worm available.
-
Re:Map of geographical spread of the Wormw00t!
There's an interactive version of the map too !
-
Map of geographical spread of the WormDutch website Security.nl has published a preliminary map of the geographical dispersion of the infected hosts that visited a dutch ISP network. They will update the map as more data is analysed.
It's at http://www.security.nl/misc/codered-stats/kaart.j
p g. -
Map of geographical spread of the WormDutch website Security.nl has published a preliminary map of the geographical dispersion of the infected hosts that visited a dutch ISP network. They will update the map as more data is analysed.
It's at http://www.security.nl/misc/codered-stats/kaart.j
p g. -
SourceForge was warned months ago !security.nl received a screenshot which shows a security problem in the SourceForge site, which was sent to the SF people months ago. They never reacted to this. Apparently a malicious person found the vulnerability as well.
-
SourceForge was warned months ago !security.nl received a screenshot which shows a security problem in the SourceForge site, which was sent to the SF people months ago. They never reacted to this. Apparently a malicious person found the vulnerability as well.
-
Spoofing filters
If everyone would wake up and implement their fscking egress filters, at least there would be some way to track down DDoS zombies much easier.
-
Hushmail !
I like Hushmail a lot. It can be used with a browser of through a secure HushPop connection. Check out www.hushmail.com (or www.security.nl/hush)
-
Re:Some correctionsI know mr. Gerrie Mansur from irc and weblogs (and dutch tv). I can't think of a decent description of mr. Mansur without resorting to flame.
Before he started his HIT2000 company, mr. Mansur AKA "Gerrie" AKA "Dokter" used to be on irc even more then he is now, and was not shy of using the good old packets. Whenever Gerrie was on irc, he was asking people "in the know" for the latest exploits and flooding tools. As Gerrie's "skills" increased, he got more and more arrogant.
Mr. Mansur wanted to make his hobby his work, so for years he was talking on irc about how he was going to start this security company, and so he did. In the beginning his company doesn't get noticed much organising the hacker meeting HIT2000, so mr. Mansur starts pulling stunts to get his well deserved attention. He claims to know who did the hack on the dutch ISP Sonera back in april (warning: dutch), in which more then 100.000 passwords were stolen; but not how it was done. Then he goes on claiming he is on such good terms with the hacker that his company (yes, HIT2000) could employ the hacker, as to restore the damages done to Sonera...
Mr. Mansur has often been dared by the dutch hacker community to show the source of even a tiny exploit he himself produced. Mr. Mansur is the laughing stock of the dutch hacker/security community. In his last tv appearance (in an amusement show), he pulls out his laptop (running windows), does some obscure things and says "look, I could now hack Nasdaq" (amongst other websites). Then he goes off to his irc session, while still being interviewed. Here is al link to a dutch secrity website with an article called "Gerrie's Goochelshow" (warning: dutch), which roughly translates to "Gerrie's Magic Show". In there, mr. Mansur gets flamed to the bone, and his thoughful responces make things worse.
(On a sidenote: most of the people who work at HIT2000 actually know what they are talking about.)
-><-
Grand Reverence Zan Zu, AB, DD, KSC