Slashdot Mirror

Right. Here's an article on the topic (and a solution) dated *2011*: https://www.symantec.com/conne.... Or read about it in the Wikipedia, with references going back to *2002*: https://en.wikipedia.org/wiki/....

I would hazard a guess that every one of those "8,000 separate characters that could be abused to confuse people" has been known for a least a decade. News my eye.

https://www.symantec.com/conne...
Could it be that the AV fixed some computers too good?

https://www.symantec.com/about/legal/repository

Open Source Software. Certain Symantec products may include open source software, which is subject to the applicable open source license. To request a copy of open source software for your licensed Symantec product in accordance with the applicable open source license, please submit an e-mail request to opensource@symantec.com, including your full name, product name, product software version, product open source component(s), and your country of residence. Upon receipt, we will be able to promptly process your request in accordance with the applicable open source license.

A written offer to produce the source code upon request is all that is required by the GPLv2. Did Garrett actually try this channel before launching aspersions against Symantec?

This dogmatic approach to OS is absolutely counterproductive. So what if they used Linux?

Tell you what, start pirating Symantec's software, and see if they come after you for copyright infringement.

If you don't wish to comply with the GPL for Linux, you are entirely free to fuck off an not use Linux. If you use Linux, you have to accept the license, just like with every other piece of software.

If a company like Symantec is just going to steal other people's work and pass it off as their own, why should we refrain from stealing their work? Symantec doesn't get to take the stance that pirating their software is bad, but it's OK if they pirate someone else's. And I assure you, they would not accept you pirating their software.

As has been pointed out, the *BSD licenses basically say "hey, you want to take this and do something with it and turn it into closed source, be our guests". Linux, however, has said that you don't get to do that.

This isn't dogmatic, this is copyright law and software licenses. And the assholes who run corporations don't get to decide to take Linux and not abide by the terms and conditions.

It really is as simple as the fact that if you're not willing to follow the license agreement, don't use the software.

There is no software company on the planet who can make the argument they didn't know this, because this has been well known for 20+ years. It's hardly a secret.

Which means Symantec are assholes who feel they can do just ignore that, and profit off other people's work by stealing it. Allowing corporations to get away with that isn't dogmatic. It's holding them to the exact same fucking standards the use to protect their own work, which means they have no valid excuse for ripping off stuff from other people.

Corporate greed doesn't give them the right to software piracy. They don't have some inherent right to use that software any more than you have a right to theirs.

Their own website says:

Symantec respects the intellectual property rights of others and responds to notices of alleged infringement.

and

Report software piracy and other suspicious activity. Learn about types of piracy, fraud and other abuse (including Tech Support Scams), what are their consequences and how to avoid becoming a victim.

Sorry, but there is no way in hell you can accept a company like Symantec ignoring the terms of the GPL and pretending it's not a big fucking deal. Because they can't possibly not know they're breaking the law.

Fuck that, stop making excuses for them. This isn't 'counterproductive', this is the entire point of the fucking GPL.

There are plenty of examples of people suggesting ping to 1.1.1.1 as a delay in batch scripting. The thought of batches all over the world now failing because people used a kludge method to pause was only slightly more amusing than the thought of all the junk traffic 1.1.1.1 would see as a result.

For our next amazing trick, we're going to make 555-xxxx a valid number range! Follow the action live at example.com!

The PROBLEM is that this is pure security theater to make people feel safer! HTTPS is easily broken by the NSA

Not true. Without HTTPS, an attacker needs the ability to inspect traffic on one hop between you and the server. Stick a tap on a bunch of data centres and you've got pervasive monitoring. With HTTPS, an attacker has two choices:

Option one, they can compromise the server's private key. This requires either cooperating with the provider (if you can lean on them with a national security letter or similar), or hacking the server and exfiltrating the key. There's nothing you can do about this kind of attack, but it's infeasible to do this on all connections.

Option two, they can do an active MITM attack, where they send a valid cert to you, which is signed by a trusted CA that they can lean on to provide arbitrary certs. There are a bunch of defences against this, but the simplest is Certificate Transparency, which makes it easy for you to see that the cert that you're seeing is not the cert that everyone else is seeing. For example, you can check the logs for Slashdot and see that they're using Let's Encrypt, but there seems to be a slightly suspicious cert issued by Amazon that some people are seeing. Chrome integrates these checks, so will warn you of suspicious activity and the server administrator can inspect them and see if any of their users have been attacked in this way. You can also now add CAA records to DNS that indicate which CAs should be trusted for your domain (only useful if you use DNSSEC), which means that they'd have to lean on a specific CA - if you get your cert signed by a US CA, then it's unlikely that the FSB or Chinese intelligence agencies will be able to get a fake certificate, for example.

If you think turning an easy passive attack into a difficult active attack is security theatre then I hope you never work in security.

A fact you say? Really? Tell me more!

https://www.symantec.com/conne...

Security software helps find nation state efforts
Longhorn: Tools used by cyberespionage group linked to Vault 7
https://www.symantec.com/conne...
Equation Group https://en.wikipedia.org/wiki/...
Stuxnet https://en.wikipedia.org/wiki/...
Operation Socialist https://en.wikipedia.org/wiki/...

Lets consider some real nation backed code found in the wild over the years and read about what the reaction was? By experts, the security services and AV vendors.
The Inside Story of How British Spies Hacked Belgium’s Largest Telco (December 13 2014)
https://theintercept.com/2014/...
".. The hack would remain undetected for two years, until the spring of 2013."
When a nation does it the method works, stay in place and is undetected. Not an in the wild, random malware effort thats detected by AV.
What happens when something really interesting is detected? All over the news? Global experts?
Lets keep reading to find out what happened later. Same wide in public discussion like now?
" ... never got a chance to study the routers."
The story of Stuxnet https://en.wikipedia.org/wiki/... ?
The story of Equation Group https://en.wikipedia.org/wiki/...
'been active since at least 2001, with more than 60 actors"
Some history of Longhorn https://www.symantec.com/conne...

When nations do their cyber things, they do it to a good standard, the really code works and not many people get to read about it in the news in real time.
Nations also really, really try not to risk their own domestic systems.
Nations don't talk much about what they find or let their staff talk about results in real time.
Very different to the average gov reaction to malware that spreads randomly and does malware things. People talk, the news is told details. Sites talk about the news. AV vendors talk.

you don't follow the news much do you. OpenSSH. has had a butt load of exploitable flawes over the years and to do a comparison you need to compare it to RDP not to windows
http://www.securitytracker.com...
https://www.tenable.com/pvs-pl...
https://www.symantec.com/secur...

See subject: Per Symantec's research it uses ports 16992-16995 https://www.symantec.com/connect/articles/why-must-intel-amt-be-configured-and-what-required/ & in my case? I only allow 80, 8080 & 443 here on a SINGLE stand-alone system (that's it per my security guide I was paid for 11++ yrs. ago based on the highly esteemed CIS Tool who took security fixes from me to their ware too no less https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Google+Search&gbv=1/ )

* Of course, you must also be CERTAIN your router's internal ware is "solid" as well (turn off things like UPnP etc. also outlined in said guide 2nd link above) - get it patched ASAP if it's KNOWN exploited & TONS of routers, ARE https://it.slashdot.org/comments.pl?sid=9995967&cid=53488785/ )

APK

P.S.=> Good luck - as it's the BEST DEFENSE vs. this threat by stopping it being able to communicate in/out period, outside of the INTEL chipset, & stopped external to it via a router/firewall hardware... apk

Traffic on ports 16992-16995 are directly intercepted by Intel AMT within the chipset before being passed to the host operating system... once Intel AMT is in a configured and accessible state.

and

Intel AMT enables reliable power control of the platform, booting for a network based ISO image, integration Keyboard-Video-Mouse (KVM), and more.

So a remote exploit could just consist of power cycling to boot from a external boot image. Only OS requests are sent to the OS, everything else is supposed to be caught at the hardware level.

http://www.cvedetails.com/top-...

Android may be #17 on this all time list but Sun Solaris is also on the list... Last year (2016) Android was #1 for the most new vulnerabilities. Sadly a lot of lower end android phones never or rarely get updates.

from symantec

In 2014, Symantec found that 17 percent of all Android apps (nearly one million total) were actually malware indisguise. Additionally, grayware apps, which aren’t malicious by design but do annoying and inadvertently harmful things like track user behavior, accounted for 36 percent of all mobile apps.

https://www.symantec.com/conte...

Incorrect. The developer of vJoy, for example, recently acquired one to sign his open source kernel mode driver. Did a little fund-raiser to get $475

This does nothing for you if you're just learning Windows driver development and want to build a simple project.
Maybe you don't have a hundred users who have deep pockets and want to help.

I don't know how he pulled it off, because the EV rules say you must supply organization information, and the CAs will require documentation such as your articles of organization.
Also, take a look at the Symantec Enrollment form

Note that Organization Name and Job Title are also mandatory for their form.

All updates to the scan engine come via LiveUpdate, so run LiveUpdate (which probably is running daily or even multiple times a day and you are solved. There is no need to push out a new version of SEP to fix this. Symantec has addressed this already https://www-secure.symantec.co...

Because folks might bother hacking crap like FitBits or baby monitors or drug pumps or Barbie dolls, or maybe even cars, but it's not like a refrigerator has ever been proven to be insecure.
Oops.

Come gather round people wherever ya roam & admit that the waters (threats online) around you have grown

(... & accept it that soon you'll be drenched to the bone!)

If your time (speed) to you is worth savin'... & Ya better start swimmin' or you'll sink like a stone (being infected)

Oh the times they are a-changin' (antivir & firewalls = ineffective vs. modern threats online -> http://www.dshield.org/diary/A... + http://www.symantec.com/connec... & http://it.slashdot.org/story/1... )

Come writers & critics who prophesize w/ your pen (trolls)

&

Keep your eyes wide: The chance won't come again - & don't speak too soon, for the wheel's still in spin!

(... & there's no telling who that it's naming (APK))

Cuz the loser now will be later "the win"!

For the times they are a'changin'...

Come senators/congressmen please heed the call - Don't stand in the doorway, don't block up the hall!

Oh, He that gets hurt (users) will be he who has stalled (being infested)

Big battle outside ragin'!

Will soon shake yer Linux/OS X/MS Windows & rattle DNS/BrowserAddons/Antivirus & FIREWALLS ( http://www.symantec.com/connec... )!

For the times they are a changing!

Come mothers & fathers throughout the land!

(... & don't criticize what ya can't understand (hosts))

Your sons & daughters (ME) are beyond MEDIA command!

Your old road (above firewall/antivirus/dns + inferior inefficient browser addons) is rapidly agin'.

Please get out of the new one if ya can't lend a hand!

Oh the times they are a-changin'...

The line it is drawn (ad hominem attacks): The curse it is cast (abused downmods)!

(... The slow one now, will later be fast - as the present now (browser addon adblockers) will later be past (hosts))

The order is rapidly fadin'!

And, the 1st one now ("AlmostALLAdsBlocked" dying rapidly) will later be last!

For the times they ARE a-changin'...

APK

P.S.=> All I have to say to those who downmodded me is above courtesy of the film "The Watchmen"...

... apk

Come gather round people wherever ya roam & admit that the waters (threats online) around you have grown

(... & accept it that soon you'll be drenched to the bone!)

If your time (speed) to you is worth savin'... & Ya better start swimmin' or you'll sink like a stone (being infected)

Oh the times they are a-changin' (antivir & firewalls = ineffective vs. modern threats online -> http://www.dshield.org/diary/A... + http://www.symantec.com/connec... & http://it.slashdot.org/story/1... )

Come writers & critics who prophesize w/ your pen (trolls)

&

Keep your eyes wide: The chance won't come again - & don't speak too soon, for the wheel's still in spin!

(... & there's no telling who that it's naming (APK))

Cuz the loser now will be later "the win"!

For the times they are a'changin'...

Come senators/congressmen please heed the call - Don't stand in the doorway, don't block up the hall!

Oh, He that gets hurt (users) will be he who has stalled (being infested)

Big battle outside ragin'!

Will soon shake yer Linux/OS X/MS Windows & rattle DNS/BrowserAddons/Antivirus & FIREWALLS ( http://www.symantec.com/connec... )!

For the times they are a changing!

Come mothers & fathers throughout the land!

(... & don't criticize what ya can't understand (hosts))

Your sons & daughters (ME) are beyond MEDIA command!

Your old road (above firewall/antivirus/dns + inferior inefficient browser addons) is rapidly agin'.

Please get out of the new one if ya can't lend a hand!

Oh the times they are a-changin'...

The line it is drawn (ad hominem attacks): The curse it is cast (abused downmods)!

(... The slow one now, will later be fast - as the present now (browser addon adblockers) will later be past (hosts))

The order is rapidly fadin'!

And, the 1st one now ("AlmostALLAdsBlocked" dying rapidly) will later be last!

For the times they ARE a-changin'...

APK

P.S.=> All I have to say to those who downmodded me is above courtesy of the film "The Watchmen"...

... apk

Come gather round people wherever ya roam & admit that the waters (threats online) around you have grown

(... & accept it that soon you'll be drenched to the bone!)

If your time (speed) to you is worth savin'... & Ya better start swimmin' or you'll sink like a stone (being infected)

Oh the times they are a-changin' (antivir & firewalls = ineffective vs. modern threats online -> http://www.dshield.org/diary/A... + http://www.symantec.com/connec... & http://it.slashdot.org/story/1... )

Come writers & critics who prophesize w/ your pen (trolls)

&

Keep your eyes wide: The chance won't come again - & don't speak too soon, for the wheel's still in spin!

(... & there's no telling who that it's naming (APK))

Cuz the loser now will be later "the win"!

For the times they are a'changin'...

Come senators/congressmen please heed the call - Don't stand in the doorway, don't block up the hall!

Oh, He that gets hurt (users) will be he who has stalled (being infested)

Big battle outside ragin'!

Will soon shake yer Linux/OS X/MS Windows & rattle DNS/BrowserAddons/Antivirus & FIREWALLS ( http://www.symantec.com/connec... )!

For the times they are a changing!

Come mothers & fathers throughout the land!

(... & don't criticize what ya can't understand (hosts))

Your sons & daughters (ME) are beyond MEDIA command!

Your old road (above firewall/antivirus/dns + inferior inefficient browser addons) is rapidly agin'.

Please get out of the new one if ya can't lend a hand!

Oh the times they are a-changin'...

The line it is drawn (ad hominem attacks): The curse it is cast (abused downmods)!

(... The slow one now, will later be fast - as the present now (browser addon adblockers) will later be past (hosts))

The order is rapidly fadin'!

And, the 1st one now ("AlmostALLAdsBlocked" dying rapidly) will later be last!

For the times they ARE a-changin'...

APK

P.S.=> All I have to say to those who downmod me is above courtesy of the film "The Watchmen"...

... apk

Come gather round people wherever ya roam & admit that the waters (threats online) around you have grown

(... & accept it that soon you'll be drenched to the bone!)

If your time (speed) to you is worth savin'... & Ya better start swimmin' or you'll sink like a stone (being infected)

Oh the times they are a-changin' (antivir & firewalls = ineffective vs. modern threats online -> http://www.dshield.org/diary/A... + http://www.symantec.com/connec... & http://it.slashdot.org/story/1... )

Come writers & critics who prophesize w/ your pen (trolls)

&

Keep your eyes wide: The chance won't come again - & don't speak too soon, for the wheel's still in spin!

(... & there's no telling who that it's naming (APK))

Cuz the loser now will be later "the win"!

For the times they are a'changin'...

Come senators/congressmen please heed the call - Don't stand in the doorway, don't block up the hall!

Oh, He that gets hurt (users) will be he who has stalled (being infested)

Big battle outside ragin'!

Will soon shake yer Linux/OS X/MS Windows & rattle DNS/BrowserAddons/Antivirus & FIREWALLS ( http://www.symantec.com/connec... )!

For the times they are a changing!

Come mothers & fathers throughout the land!

(... & don't criticize what ya can't understand (hosts))

Your sons & daughters (ME) are beyond MEDIA command!

Your old road (above firewall/antivirus/dns + inferior inefficient browser addons) is rapidly agin'.

Please get out of the new one if ya can't lend a hand!

Oh the times they are a-changin'...

The line it is drawn (ad hominem attacks): The curse it is cast (abused downmods)!

(... The slow one now, will later be fast - as the present now (browser addon adblockers) will later be past (hosts))

The order is rapidly fadin'!

And, the 1st one now ("AlmostALLAdsBlocked" dying rapidly) will later be last!

For the times they ARE a-changin'...

APK

P.S.=> All I have to say to those who downmod me is above courtesy of the film "The Watchmen"...

... apk

Come gather round people wherever ya roam & admit that the waters (threats online) around you have grown

(... & accept it that soon you'll be drenched to the bone!)

If your time (speed) to you is worth savin'? Oh, Ya better start swimmin' or you'll sink like a stone (being infected)

Oh the times they are a-changin' (antivir & firewalls = ineffective vs. modern threats online -> http://www.dshield.org/diary/A... + http://www.dshield.org/diary/I... & http://it.slashdot.org/story/1... )

Come writers & critics who prophesize w/ your pen (trolls)

&

Keep your eyes wide: The chance won't come again - & don't speak too soon, for the wheel's still in spin!

(... & there's no telling who that it's naming (APK))

Cuz the loser now will be later "the win"!

Oh the times they are a'changin'...

Come senators/congressmen please heed the call - Don't stand in the doorway, don't block up the hall!

Oh, He that gets hurt (users) will be he who has stalled (being infested)

Big battle outside ragin'!

It'll soon shake yer Linux/OS X/MS Windows & rattle DNS/BrowserAddons/Antivirus & FIREWALLS ( http://www.symantec.com/connec... )!

Oh the times they are a changing!

Come mothers & fathers throughout the land!

(... & don't criticize what ya can't understand (hosts))

Your sons & daughters (ME) are beyond MEDIA command!

Your old road's (above firewall/antivirus/dns + inferior inefficient browser addons) rapidly agin'.

So get out of the new one if ya can't lend a hand!

Oh the times they are a-changin'...

The line it is drawn (ad hominem attacks): The curse it is cast (abused downmods)!

(... The slow one now, will later be fast - as the present now (browser addon adblockers) will later be past (hosts))

The order is rapidly fadin' & the 1st one now ("AlmostALLAdsBlocked" dying rapidly) will later be last!

Oh the times they ARE a-changin'!

APK

P.S.=> All I have to say to those who downmodded me is above courtesy of the film "The Watchmen"...

... apk

Come gather round people wherever ya roam & admit that the waters (threats online) around you have grown

(... & accept it that soon you'll be drenched to the bone!)

If your time (speed) to you is worth savin'? Oh, Ya better start swimmin' or you'll sink like a stone (being infected)

For the times they are a-changin' (antivir & firewalls = ineffective vs. modern threats online -> http://www.dshield.org/diary/A... + http://www.dshield.org/diary/I... & http://it.slashdot.org/story/1... )

Come writers & critics who prophesize w/ your pen (trolls)

&

Keep your eyes wide: The chance won't come again - & don't speak too soon, for the wheel's still in spin!

(... & there's no telling who that it's naming (APK))

Cuz the loser now will be later "the win"!

For the times they are a'changin'...

Come senators/congressmen please heed the call - Don't stand in the doorway, don't block up the hall!

Oh, He that gets hurt (users) will be he who has stalled (being infested)

Big battle outside ragin'!

It'll soon shake yer Linux/OS X/MS Windows & rattle DNS/BrowserAddons/Antivirus & FIREWALLS ( http://www.symantec.com/connec... )!

For the times they are a changing!

Come mothers & fathers throughout the land!

(... & don't criticize what ya can't understand (hosts))

Your sons & daughters (ME) are beyond MEDIA command!

Your old road's (above firewall/antivirus/dns + inferior inefficient browser addons) rapidly agin'.

So get out of the new one if ya can't lend a hand!

Oh the times they are a-changin'...

The line it is drawn (ad hominem attacks): The curse it is cast (abused downmods)!

(... The slow one now, will later be fast - as the present now (browser addon adblockers) will later be past (hosts))

The order is rapidly fadin'!

And, the 1st one now ("AlmostALLAdsBlocked" dying rapidly) will later be last!

For the times they ARE a-changin'...

APK

P.S.=> All I have to say to those who downmodded me is above courtesy of the film "The Watchmen"...

... apk

Come gather round people wherever ya roam & admit that the waters (threats online) around you have grown

(... & accept it that soon you'll be drenched to the bone!)

If your time (speed) to you is worth savin'? Oh, Ya better start swimmin' or you'll sink like a stone (being infected)

For the times they are a-changin' (antivir & firewalls = ineffective vs. modern threats online -> http://www.dshield.org/diary/A... + http://www.dshield.org/diary/I... & http://it.slashdot.org/story/1... )

Come writers & critics who prophesize w/ your pen (trolls)

&

Keep your eyes wide: The chance won't come again - & don't speak too soon, for the wheel's still in spin!

(... & there's no telling who that it's naming (APK))

Cuz the loser now will be later "the win"!

For the times they are a'changin'...

Come senators/congressmen please heed the call - Don't stand in the doorway, don't block up the hall!

Oh, He that gets hurt (users) will be he who has stalled (being infested)

Big battle outside ragin'!

It'll soon shake yer Linux/OS X/MS Windows & rattle DNS/BrowserAddons/Antivirus & FIREWALLS ( http://www.symantec.com/connec... )!

For the times they are a changing!

Come mothers & fathers throughout the land!

(... & don't criticize what ya can't understand (hosts))

Your sons & daughters (ME) are beyond MEDIA command!

Your old road's (above firewall/antivirus/dns + inferior inefficient browser addons) rapidly agin'.

So get out of the new one if ya can't lend a hand!

For the times they are a-changin'...

The line it is drawn (ad hominem attacks): The curse it is cast (abused downmods)!

(... The slow one now, will later be fast - as the present now (browser addon adblockers) will later be past (hosts))

The order is rapidly fadin'!

And, the 1st one now ("AlmostALLAdsBlocked" dying rapidly) will later be last!

For the times they ARE a-changin'...

APK

P.S.=> All I have to say to those who downmodded me is above courtesy of the film "The Watchmen"...

... apk

Come gather round people wherever ya roam & admit that the waters (threats online) around ya have grown

Accept it soon you'll be drenched to the bone

If yer time (speed) to you's worth savin'

You better start swimmin' or you'll sink like a stone (infected)

For the times they are a-changin' (antivir & firewalls = ineffective vs. modern threats online -> http://www.dshield.org/diary/A... + http://www.dshield.org/diary/I... & http://it.slashdot.org/story/1... )

Come writers & critics who prophesize w/ yer pen (trolls) & keep ye eyes wide: Chance won't come again - Don't speak too soon the wheel's still in spin! ... & there's no telling who that it's naming (APK>)

Oh the loser will be later a win! For the times they are a'changin'

Come senators/congressmen please head the call - Don't stand in the doorway don't block up the hall!

He that gets hurt (users) will be he who has stalled (being infested)

Big battle outside ragin'!

It'll soon shake yer MS Windows & rattle BOTH DNS AND FIREWALLS ( http://www.symantec.com/connec... )...

For the times they are a changing!

Come mothers & fathers throughout the land ( & don't criticize what ya can't understand (hosts) Yer sons & daughters (ME) = beyond MEDIA command!

Yer old road's (above firewall/antivirus + inferior inefficient browser addons) rapidly agin'.

So get out of the new one if ya can't lend a hand!

For the times they are a-changin'

The line it is drawn: The curse it is cast (ad hominem attacks + abused downmods): The slow one now will later be fast as the present now (browser addon adblockers) is later be past (hosts)

The order is rapidly fadin'! (1st one now ("AlmostALLAdsBlocked" dying rapidly) will later be last - For the times they are a-changin'!)

APK

P.S.=> All I have to say to those who downmodded me is above courtesy of Bob Dylan & the film "The Watchmen"...

... apk

Come gather round people wherever ya roam & admit waters (threats online) around ya have grown

Accept it soon you'll be drenched to the bone

If yer time (speed) to you's worth savin'

You better start swimmin' or you'll sink like a stone (infected)

For the times they are a-changin' (antivir & firewalls = ineffective vs. modern threats online -> http://www.dshield.org/diary/A... + http://www.dshield.org/diary/I... & http://it.slashdot.org/story/1... )

Come writers & critics who prophesize w/ yer pen (trolls) & keep ye eyes wide: Chance won't come again - Don't speak too soon the wheel's still in spin! ... & there's no telling who that it's naming (APK>)

Oh the loser will be later a win! For the times they are a'changin'

Come senators/congressmen please head the call - Don't stand in the doorway don't block up the hall!

He that gets hurt (users) will be he who has stalled (being infested)

Big battle outside ragin'!

It'll soon shake yer MS Windows & rattle FIREWALLS ( http://www.symantec.com/connec... )...

For the times they are a changing!

Come mothers & fathers throughout the land ( & don't criticize what ya can't understand (hosts) Yer sons & daughters (ME) = beyond MEDIA command!

Yer old road's (above firewall/antivirus + inferior inefficient browser addons) rapidly agin'.

So get out of the new one if ya can't lend a hand!

For the times they are a-changin'

The line it is drawn: The curse it is cast (ad hominem attacks + abused downmods): The slow one now will later be fast as the present now (browser addon adblockers) is later be past (hosts)

The order is rapidly fadin'! (1st one now ("AlmostALLAdsBlocked" dying rapidly) will later be last - For the times they are a-changin'!)

APK

P.S.=> All I have to say to those who downmodded me is above courtesy of Bob Dylan & the film "The Watchmen"...

... apk

"Come gather round people wherever you roam
& admit that the waters (threats online) around you have grown!

Accept it soon you'll be drenched to the bone! If your time (speed online) to you is worth savin'!

Then you better start swimmin', you could sink like a stone (being infected) For the times, they are a-changin' (traditional antivirus & firewalls = ineffective vs. modern threats from online -> http://www.dshield.org/diary/A... + http://www.dshield.org/diary/I... & http://it.slashdot.org/story/1... )

Come writers & critics who prophesize w/ your pens (trolls) & keep your eyes open the chance won't come again!

Don't speak too soon, the wheel's still in spin & there's no telling who that it's naming (APK>)

Oh, the loser will be later to win! For the times they are a'changin'.

Come senators, congressmen, please head the call Don't stand in the doorway, don't block up the hall! He that gets hurt (users) will be he who has stalled (being malware infested)

There's a battle outside ragin' - That'll soon shake your Microsoft Windows & rattle your FIREWALLS ( http://www.symantec.com/connec... ) For the times, they are a changing!

Come mothers & fathers throughout the land ( & don't criticize what you can't underst& (hosts) Your sons & your daughters (ME), beyond MEDIA command!

Your old road (above firewall/antivirus + inferior inefficient browser addons alone) is rapidly agin'.

So get out of the new one if you can't lend your hand For the times, they are a-changin'...

The line, it is drawn, the curse, it is cast (troll off-topic ad hominem attacks + abused downmods): The slow one now will later be fast... as the present now (browser addon adblockers) will later be past (hosts)

The order is rapidly fadin'! (& the 1st one now ("AlmostALLAdsBlocked" dying rapidly due to being 'souled-out') will later be last - For the times they are a-changin'!)

APK

P.S.=> That's all I have to say to my naysayers on hosts vs. browser addons... apk

AC is right, this only seems to infect MySQL running on Windows systems:

http://www.symantec.com/connec...

It modifies registry entries that fool with Termial Services and other nasty stuff. You should be safe on Linux/BSD.

"The attackers initially injected a malicious user-defined function (Downloader.Chikdos) into servers" ref

How does this trijan get executed on the host system.

I found the "Elderwood Framework" document interesting. A number of different hacker groups, including Black Vine had access to a surprisingly high number of zero day exploits. Looking at the primary targets defence, aeronautics, engineering, energy in the US and NGOs in Taiwan, Hong Kong and China, it makes sense that it is Chinese backed.

All the zero day exploits were IE, Flash and one Windows (XML core services).

Because Apple fanboys will continue moving the goalposts.

First off, I am a fan, not a fanboy. Second, I never moved the goalposts. I merely set them, by excluding the NON-virus category "Trojan". And Apple has done about as much as anyone can expect to guard against that, too, with Gatekeeper, the Mac App Store, XProtect, disabled root login, etc.

The old mantra was "Macs dont get viruses",

And so far, they don't. At least not by any generally agreed-upon definition of "virus".

That isn't "moving the goalposts"; that is simply using the term "virus" (as in computer virus) in the agreed-upon manner. Words matter. Definitions matter. Get over it.

From the second link in TFS:

http://www.symantec.com/connec...

The about shows "Unidentified Build" rather than the build number. Seems like sloppy hijacking to me.

Yes, I recall that quote. He was trying to make a big statement in front of the media and ended up leaving the company shortly after that. What I imagine he was trying to say is that signature-based AV is dead in terms of efficacy against quick moving threats. I wouldn't necessarily disagree, but even lowly Symantec has multiple layers of protection and I don't think they're all "dead" so to speak:
https://www.symantec.com/page....

That's actually the opposite of true. Many techniques (http://static.usenix.org/event/woot09/tech/full_papers/paleari.pdf, http://roberto.greyhats.it/pro..., http://honeynet.asu.edu/morphe..., http://www.symantec.com/avcent...) exist to identify the presence of a CPU emulator, because these things aren't (and will likely never be) perfect. Most of those techniques don't even rely on timing attacks. Once you introduce timing attacks (*especially* if there's an external source of time information), all bets are off.

You do realize that Bochs does software emulation of each instruction, and that you can control every aspect of the emulated computer don't you?

If you are running something under Bochs or something like it and don't care about the performance you can actually make it lie to the software underneath about timing so that the software still thinks it is running at the normal rate but in reality it isn't - Bochs after all implements the base system clock not relying on an external source. This is also why Bochs can be used to run x86 software on a non-x86 platform (f.e Sparc, PowerPC, ARM).

Yes, Bochs is dog slow; but it's a matter of how you configure it. And to be truthful, because of how Bochs is implemented I'm sure that it can be made to fool any of those detections.

That's actually the opposite of true. Many techniques (http://static.usenix.org/event/woot09/tech/full_papers/paleari.pdf, http://roberto.greyhats.it/pro..., http://honeynet.asu.edu/morphe..., http://www.symantec.com/avcent...) exist to identify the presence of a CPU emulator, because these things aren't (and will likely never be) perfect. Most of those techniques don't even rely on timing attacks. Once you introduce timing attacks (*especially* if there's an external source of time information), all bets are off.

The reality is that US defense in the CyberWar already looks like US defense in the War on Terrorism.

We hand pick straw men, set them up as fall guys, and celebrate their defeat when they are captured.

As for CyberWar Games, those will look like CSI on the set of War Games, will be sponsored by Symantec and DeVry Institute, and shown on the "No More Fake BS" Discovery Channel.

It's fairly clear from your response that you have experience in setting up in-house, corporate systems ... and not customer-facing systems.

RSA's pricing model is simply unsustainable when scaled up for customer use which is why alternative tokens from providers like Symantec are used by many/most brokerages and banks which do offer token-based two factor authentication. Those tokens are often designed specifically to allow enrollment into multiple security systems https://idprotect.vip.symantec.com/learnmoretoken.v in that neither your hypothetical Company A nor Company B are ever trusted with the seed for your fob. It works more like chip-and-PIN EMV online processing where only the security company and the hardware are trusted and that's a damn good thing.

OP was right to bitch about Schwab forcing him to use a second Symantec token when he already has a Symantec token from E-Trade.

> I'm running a browser in a VM... What malware?

Your faith in the security of VM sandboxes is misplaced.

It is trivial to write a program which can detect if it is in a VM. And then, attack the hypervisor and escape the protected environment. As virtualization has become more common, such malware has gone from academic exercises to real-world exploits.

http://www.symantec.com/avcent...

My favorite line:

Finally, the most interesting attack that malicious code can perform against a virtual machine emulator is to escape from its protected environment.

With virtualization becoming more and more common

Systems Affected: Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP ..

Will this sophisticated malware work on anything other than Microsoft Windows:

"Symantec Security Response has not obtained the Regin dropper at the time of writing. Symantec believes that once the dropper is executed on the target’s computer, it will install and execute Stage 1. It’s likely that Stage 0 is responsible for setting up various extended attributes and/or registry keys and values that hold encoded versions of stages 2, 3, and potentially stages 4 and onwards". link

Why is it that these major news outlets (Forbes, CNET, CNN, etc) all have articles about this new trojan/virus. They quote statistics from Symantec about the number of infect machines, and yet, not one describes how you can detect an infection. They must know. One previous post identifies a Symantec white paper describing the trojan's behavior (Here). Why don't these articles describe the steps required to detect it? It's not like they're under any obligation to encourage readers to buy into Symantec's bloated anti-virus products.

Here is a link to the analysis white paper about Regin published by Symantec. An interesting read and it does look very similar to Duqu in structure.

This 'highly advanced' computer worm will only work on Microsoft Windows:

"Symantec Security Response has not obtained the Regin dropper at the time of writing. Symantec believes that once the dropper is executed on the target’s computer, it will install and execute Stage 1. It’s likely that Stage 0 is responsible for setting up various extended attributes and/or registry keys and values that hold encoded versions of stages 2, 3, and potentially stages 4 and onwards". ref

http://ipremoval.sms.symantec.... Turns out there is something in addition to the standard lists I was familiar with, these 'nice guys' of brightmail acquired by symantec) are used by hotmail. If you email hotmail, they will send it to symantec on your behalf thats it, they will email you canned answers telling you to do the same things over and over again, they never bother to read the history of the ticket etc as for contacting symantec, not even a canned answer may be you will get a better answer if thats the source of your problems

1. Create a linux image (you can use Clonezilla, g4u or Ghost) that requires labusers authenticate to either LDAP, AD or something so you have their actual user details for logging and auditing. Alternatively you could boot it from the network or from CD. Another alternative is to use deep freeze.
2. Ensure that the system is checked for integrity on startup and the latest image is downloaded and applied if it doesn't match the correct version. cron a reboot that forces this if you're worried about users doing stuff and not rebooting.
3. Ensure that logs are written to a syslog log server or that you get the authlogs somewhere (who logged in where, on what ip address and when etc...).
4. Give users as much access as you need to (yes, even root). If they do anything wrong you have audit logs and because of the imaging unwanted software and programs will be removed.

You asked WHY it's allowed & my post on DCOM using it maliciously (via RPC for exploits to marshall lib code into action remotely) appears "spot on" per my last post http://yro.slashdot.org/commen... per -> Metasploit Framework, Part 2 http://www.symantec.com/connec...

PERTINENT QUOTE/EXCERPT:

"Now we will describe the procedure to select a specific exploit and then run it. The command use exploit_name activates the exploit environment for the exploit exploit_name. If you select the Microsoft RPC DCOM MSO3-026 exploit using the name msrpc_dcom_ms03_026, you may have noticed the prompt changes from msf> to msf msrpc_dcom_ms03_026 >. This notifies that we are working in the temporary environment of that exploit."

See this http://support.microsoft.com/k... & THIS excerpt from it (which Metasploit above IS using):

"Microsoft originally released this bulletin and patch on July 16, 2003, to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is effective in eliminating the security vulnerability. However, the "mitigating factors" and "workarounds" discussions in the original security bulletin did not clearly identify all the ports by which the vulnerability could potentially be exploited. Microsoft has updated this bulletin to more clearly enumerate the ports over which RPC services can be invoked and to make sure that customers who choose to implement a workaround before installing the patch have the information that they must have to protect their systems. Customers who have already installed the patch are protected from attempts to exploit this vulnerability and do not have to take further action. Remote Procedure Call (RPC) is a protocol that is used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program that is running on one computer to seamlessly run code on a remote computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol. The RPC protocol that is used by Windows includes some additional Microsoft-specific extensions. There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC-enabled ports. This interface handles DCOM object activation requests that are sent by client machines (for example, Universal Naming Convention [UNC] path requests) to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.
To exploit this vulnerability, an attacker would have to send a specially formed request to the remote computer on specific RPC ports."

So, even though I was operating on "theory only" I was pretty much "dead on right" as to HOW remote exploits can use it to inject in REMOTED code via RPC (which dcom uses, since it's "lighter weight" than other methods...)

APK

P.S.=> "Pats self on back" - not too shabby, for operating on theory alone here, regarding HOW remote exploits could use it using DCOM to "inject" dll code into a process from another completely REMOTE system no less (minus even having it around locally, which is in & of itself, pretty spooky)... apk

Actually, I think the best way is to do it like both. List the permissions (in groups, sure, that's fine) so that users can decide not to install the torch app which requests permission to their contact list and text messages at all (because you can bet if it is doing that then when an exploit appears one day that developer will pounce) and then on-demand so users can choose whether an app should have permission to XYZ in context. Using Facebook: at one point its app grabbed your phone number and sent it to Facebook before you'd even logged in for the first time.
(For updates, I think it is insane not to require approval for permission changes within groups. 'Why yes, twitter, I know you only wanted to read my contacts and SMS but sure you can delete all my message, contacts, and calendar entries').

Ideally, I think having a default set of options (e.g. Allow or Ask) for permissions, and then at install time when the groups are being shown having the ability to choose to change them (for the more unusual users who want to do it at that point), and finally doing the iOS ask-in-context so that you can see that XYZ app only wants to look at your contacts when you click 'find friends using the service', not 8 seconds after installation and before you even have an account.

There are other issues too: e.g. how do you force an app to only be allowed to record audio or take images from the camera when in the foreground. It would be good to at least get the broad brush strokes right first, though.

Won’t comment on unsubstantiated “senior developer” claims, but as for the encrypting malware issue, recovery of older versions of Cryptodefense was possible because the malware itself had a bug which leaked the necessary decryption keys somewhere on the target system. After the bug was made public, future versions of the malware fixed it and are no longer recoverable using that technique. It wasn’t a Bitlocker backdoor or similar. Not that I have evidence to contradict the existence of such backdoors, but the particular malware case didn’t rely on one.

http://www.symantec.com/connec...

http://www.symantec.com/threat...

US is number 2: how can that be explained? If you look, its dominated by the Rustock botnet, which is operated from..... McColo, in Russia.

Look at botnet operator country-of-origin, and time and again it is eastern europe and China.

http://www.team-cymru.org/Read...
According to this report, most Botnet C&C's seem to be located in China, and / or on a .cn TLD. US features prominently mostly because dot-com is such a popular TLD, and is technically a US one-- but that hardly indicates presence in the US. Using a dot-CN domain, on the other hand, almost certainly indicates geographic location in China, which is reflected in their graphs.

EDIT: However--- I will say that here:
https://www.shadowserver.org/w...
Gives me pause for thought. If those stats are accurate, the US has more C&Cs than I realized.

Cute - apparently Slashdot mobile eats HTML. Fine - Symantec has their HQ location listed here: http://www.symantec.com/about/...

TFA has very little info on the supposed Synology management interface vulnerability.

I believe this article covers some some of the general info on the vulnerabilities: http://www.symantec.com/connec...