Slashdot Mirror
Experts Closing In On Google Attack Coders
ancientribe writes "The targeted attacks out of China that hit Google, Adobe, and other US organizations are still ongoing and have affected many more companies than the original 20 to 30 reported. Security experts now say they are getting closer to identifying the author or authors of the malware used to breach Google and other organizations."
Why on earth would I download and run the "inoculation" removal software from some unknown company? It might actually be installing more crap! Why not just give us a shell script if it's just wmi calls?
Sounds to me like you're the propaganda machine here. There is nothing new or shocking about U.S. export laws preventing companies like google from offering certain types of services or software to certain countries.
As soon as the United States identifies the culprits in China...wow are they in trouble.
Weaselmancer
rediculous.
Apparently you're too stupid to read the article YOU linked. They are not permitted to allow countries like Syria and Iran to download their apps to comply with US law. Given that they're a US based company, what the fuck do you expect them to do?
You need to work a lot harder than that to prove propaganda.
Are agnostics skeptical of unicorns too?
The US media, however, is eager to twist the story.
It would seem not, as you linked to PBS, a news outlet funded by the U.S. Government. LOL
Currently hooked on AMP
Do you really expect that they would say anything else? "Sorry guys, this one has us stumped, we've no idea who did it." There are 15 paragraphs in TFA, and they've used them to not say a damned thing. Why did they even put this press release out?
*runs*
I failed to do enough research. Is there a way I can delete the parent post?
The largest prime factor of my UID is 263267.
Probably a Kuang Grade Mark Eleven. Big mother.
About 80 percent of APT attacks use custom malware, Mandia says. "We recently took over 1,800 programs we've collected since 2008 that are all part of APT ... and ran it through AV, and only 24 percent of the malware triggered antivirus," he says. "Over a year ago, none of it was triggering AV."
Signature-based anti-virus scanning isn't going to help. That model is broken and only useful for the "AOL mindset" of the general public. That is, the people who go "ohhhh, SHINY. [click]" and get infected by year-old malware.
Serious pressure on software vendors to make sure their app doesn't need admin rights to run on a Windows box would be a nice step.
Learning HOW to think is more important than learning WHAT to think.
Why should they bother with the hassle of getting an exemption? More importantly, how does the fact that they do not have an exemption make them part of some government propaganda machine?
Oh, and Chrome runs on Linux and OS-X. Not sure where you get the notion that it's Windows only.
The only thing that doesn't hold water here is your argument.
Are agnostics skeptical of unicorns too?
pbs (and npr) is increasingly funded by corporate underwriting. i would certainly consider the pbs underwriting system to be paid advertising. in addition to corporate funding, pbs is brought to you in part by the corporation for public broadcasting, which is indeed federally funded
Ah, I'm worng. Again.
And again as well. ;P
Just ain't your day is it?
Just to be a little clearer about the grandparent's points about chrome. Google could probably get a similar exception for Chromium to the firefox one and still have to export control Chrome. The use of Windows crypto functions also won't help since software which uses crypt functions is just as much controlled as software which implements them.
Controls on use of crypt (as well as implementations) actually kind of make sense. a) it's very easy to mess up a use and use a secure crypto function insecurely b) the actual value of a crypto function is in your use of it. In terms of the crazy world of crypto embargos, a typical wish would be to allow the Iranians to do cryptographic signatures, but not to encrypt. However, it can be shown that any signature algorithm can be used to encrypt (well actually hash algorithm). This means that the only control that could possibly be effective is on delivery of software, not delivery of algorithms.
Of course none of the embargo stuff actually is very effective since there are plenty of people (e.g. China) who are more than happy to treat unilateral US embargoes as a business opportunity.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
In retaliation to the investigations and accusations, BAE Uk got a massive attack wave this weekend, much larger than anything Google saw. All the attacks came from proxys, but deeper probes showed all the traffic was from china.
BAE had all their systems crippled and apprently had shut the whole network down(we are talking about thousand upon thousands of machines), reset all passwords and wipe a lot of boxes. You wont hear this in the news though. It would be seriously bad for business if the US and Uk governments got wind of it.
China* wont go down without a fight.
*whoever is organising it.
*Chromium* runs on Linux. Chrome doesn't exist for Linux.
http://www.google.com/chrome?platform=linux Seems official Chrome to me (at least is what the package says).
What I meant was that I didn't permit regular users to write into Program Files. My problem was that quite a few of the applications I had installed expected to be able to write into their own installation folders. Even Microsoft is an offender - one has to be an Administrator to run the Visual Studio debugger. I don't see why that should be necessary, unless one is debugging a Service. If one is debugging a non-Administrative executable, Administrative priveliges shouldn't be necessary at all.
Request your free CD of my piano music.
Some states do use secret "Echelon" system to break into private and other states' communication systems. Yes, supposedly and by a self-proclamation these are the "good guys".
Is it a feasible international framework that if one feels himself to be a "good guy" he can eavesdrop on electronic systems? But if he looks like a bad guy, speaks in some exotic ethnic language, then it is a condemnable behavior.
But to Chinese and other Asian people we look like strange exotic humans. There is even a word for European-like people in Asia - "long-noses". And when one lives there it feels exactly this: being a "long nose" among normal people.
So they know that good guys eavesdrop on them with an "Echelon" and keep silence philosophically, but when they try to get some info via eavesdropping a commercial company "Google", it causes a global panic. Or do I get it wrongly?
Maybe it makes sense to lead by an example?
We have to find the villains who did this nefarious thing. Otherwise, we'd lack scapegoats and would have it admit to ourselves that:
- Adobe didn't learn a single damn lesson from Microsoft's Word Macro Virus debacles as to why allowing code to be embedded in what most users consider to be a static, non-code executing document is such a bad thing.
- A business that supposedly hires the Best And The Brightest and discards applicants due to bad SAT scores 15 years ago got pwned.
- Businesses were too dumb and shortsighted to update their browsers to something less obsolete and pay for a standard's compliant redesign of their web applications.
- That most of these massive attacks are caused by script kiddies in China trying to impress girls by exploiting corporate stupidity, as opposed to Neo's elite evil twin.