Slashdot Mirror
Researchers Catch Microsoft Zero-Day Used To Install Government Spyware (vice.com)
An anonymous reader quotes a report from Motherboard: Government hackers were using a previously-unknown vulnerability in Microsoft's .NET Framework, a development platform for building apps, to hack targets and infect them with spyware, according to security firm FireEye. The firm revealed the espionage campaign on Tuesday, on the same day Microsoft patched the vulnerability. According to FireEye, the bug, which until today was a zero-day, was being used by a customer of FinFisher, a company that sells surveillance and hacking technologies to governments around the world. The hackers sent a malicious Word RTF document to a "Russian speaker," according to Ben Read, FireEye's manager of cyber espionage research. The document was programmed to take advantage of the recently-patched vulnerability to install FinSpy, spyware designed by FinFisher. The spyware masqueraded as an image file called "left.jpg," according to FireEye.
yep. yours, too, and to all the places you'll go.
What is the point of referring to this as a "Zero Day" exploit? Providing some kind of definition of zero-day?
Who has caused the most damage for American citizens?
NORTH KOREA or THE NSA?
The guy still had to download and open the Word doc.
And I hope FireEye isn't trying to claim to be some kind of hero in this. The timing of their "revelation" is highly suspicious.
“He’s not deformed, he’s just drunk!”
Questions: Are you surprised by this?
a) No
b) Yes
c) I'm a clueless asshat, can I read a story now?
FUCK YOU REDMOND
This is pretty much why I can't help but snicker every time someone says "But the Russians...". The harm "the Russians" can do to you are minimal compared to what your very own government can.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Who has caused the most damage for American citizens?
NORTH KOREA or THE NSA?
Or state-sponsored hackers, fighting an undeclared cyber-war? 99% of the American citizenry were enjoying their usual lives, un-molested, prior to said hackers, oh, and of course, "patriotic" leakers, sharing our state secrets and many of our own cyber-war weapons with our "friends" at Wiki-Leaks. Dear Julian, having absolutely no compunctions, if it increases his importance and fluffs his, umm, ego has done quite a bit of damage. Did was really need him to out the basis for the recent ransom-ware attacks or could he have published enough to let everyone know it was legit without releasing the actual code to the NSA malware?
Show us where the NSA contributed to skew the election one way or another, hmm Trumpies? You're morons.
Those guys are playing with evil forces.
FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands.
RTF -> VBScript -> PowerShell -> Chtulhu awakens
lucm, indeed.
The NSA doesn't care about elections. They will get funded no matter who is elected.
There was, however, a concerted effort by the media to skew election polling results so they could keep saying the other guys are losing. They were wrong BTW. The media is always full of shit. Especially how badly they're covering EquiFUCKED, trying to do everything they can to not blame Equifuckers...
considering the current resident of 1600 penn ave, and his antics since that change-of-address was filed, that's a no brainer...
neither.
the rednecks and idiots that voted for trump are the ones that have done the most damage to this country since the civil war. yes, this past election even eclipses the events of 16 years ago.
mod points and disturbing. If you OUTER SPACE THE and, after initial though, I have to Can be like ev3ryday...We some of you have Love of two is Feel obligated to
This is pretty much why I can't help but snicker every time someone says "But the Russians...". The harm "the Russians" can do to you are minimal compared to what your very own government can.
I wonder if we might be able to concentrate on more than one issue at a time.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Brian Malacchia was one of the authors of .NET. I had the pleasant experience of hearing him speak at MIT about the upcoming "Trusted Computing" software. What made it fun was that Richard Stallman was in the room, which Brian was *not* expecting, and proceeded to call into question the entire "Microsoft holds the private keys, and revolcation keys for all your hardware and software" security model. Brian pointed out that if Microsoft ever did the pernicious tricks Richard Stallman was worried about, that he and ethical engineers like him would resign.
I managed to rivet the room by pointing out "just like you resigned from the .NET project for their violations of basic security"? The fact that he hopped from security from .NET to Trusted Computing, and .NET *had government backdoors built in*, is precisely why we should trust neither project. He *knew* it was flawed, and instead of resigning he just went to the next security project that has nothing to do with actual user security. It's about digital rights management, at every single level, and about giving Microsoft access to user's private keys in their own private and uncontrolled escrow storage.
without us army you would be writing how fresh and pink vladimir putin's nipples are
Software proprietors, regardless of nationality, current employment, or current residence. Brad Kuhn said it well in his blog post, "Software Freedom Doesn't Kill People, Your Security Through Obscurity Kills People".
Digital Citizen
The harm "the Russians" can do to you are minimal compared to what your very own government can
Direct harm, yes. But if the Russians can skew the results of an election by a couple percentage points in a few key states, then they can help to install a government that can do direct harm.
The concept of transparency and accountability must be new to you.
The NSA was checking everyone's front door, so they could gain access "if" they ever needed to, but claiming they have your interest at heart.
Area51 - We are watching...
Keep on snickering while your democracy is eroded by Russian active measures. You're so very clever.
One crime doesn't cancel out another.
I think that's a bit disingenuous. Both things are threats to our liberty, in different ways and to different degrees. Just because I am concerned about Russia interfering in our elections doesn't mean that I am not concerned about the rise of the surveillance state.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
Exactly.
While Drumpf in the White House is quite possibly the worst thing to happen to our nation in a very long time, Clinton would have done nothing to dismantle either the surveillance state or Presidential power.
I mean, she was certainly obviously far less bad than Drumpf, who is essentially a cartoon villain with real power at this point, but she was not ideal either.
How do we begin to fix it? Vote in the Democratic primary (The Rethuglicans are lost) and vote for the candidate most likely to actually work toward cutting down the surveillance state. And NEVER vote for a Rethuglican. Vote a straight Democratic ticket in EVERY general election, not just the Presidential ones.
If you are so blind that you cannot grasp the simple fact that the US IS under attack every day. Russia, China, NK, and any other countries have state sponsored cyber security agencies dedicated to finding and exploiting US weaknesses. And do you know why people compare the US against "the Russians"? Because it is a valid argument. I suggest you make a trip to Russia or NK for some prospective.
Behind every blade of grass, there is a gun. - it's been attributed to Tojo, though the true originator is unknown.
The United States cannot be invaded. If the entire US army vanished tomorrow, that would still be true. American civilians probably own more AK-47s than the Russian government does, and they own more AR-15s by far than they do AKs. There are more ARs in the US than Russia has citizens.
I wonder if we might be able to concentrate on more than one issue at a time.
Given that the whole point of the "Russia hacked the elections" thing is to distract people from more important things, it seems that the answer is "No."
p>How do we begin to fix it? Vote in the Democratic primary (The Rethuglicans are lost) and vote for the candidate most likely to actually work toward cutting down the surveillance state. And NEVER vote for a Rethuglican. Vote a straight Democratic ticket in EVERY general election, not just the Presidential ones.
A better way to fix it is to break the chains binding you to a particular party. The "us versus them" mentality is a distraction. It has been carefully cultivated by both parties in varying degrees, blinding people to the fact that neither the Democrat nor Republican parties represent the average person, regardless whether you believe they did at some point in the past.
We are mice voting for white versus black cats.
Who has caused the most damage for American citizens?
NORTH KOREA or THE NSA?
NSA... and not just american citizens.. citizens around the world too...
Its one thing that they keep exploits secret
Another thing that they force manufacturers to make backdoors most likely
A third thing that they inject hardware and software backdoors in to existing products
But the worst part isn't even that they have unrestricted access to everyone and everything around the planet...
the worst part is that they can't even keep their cyberweapons secret, so they leak and have leaked to everyone now... including terrorists, hackers, dictators, foreign countries, criminals, script kiddies, etc...
its even become to bad that ransomware (RAAS) as a service has become mainstream and every fucker no matter HOW retarded or HOW ignorant about IT, can use that god damn service to screw everyone over
On top of all this bullshit... the NSA STILL haven't learned a god damn thing..
You can all BYTE my SHINE digital ASS!
Show us where anything the Russians purportedly did had any effect whatsoever.
Y'all ran a sociopathic, self-shitting side of beef. There existed zero possibility of winning against anyone with a pulse.
Good PR schtick but the reality is the whole world is concerned about the US hacking their elections, from extortion, to colour revolutions, coups against democracies to turn them into autocracies who will ruthlessly exploit their citizens at the behest of US corporations, to out and out invasion and mass murder of the population. Now all of these are proven facts and histories and not some bullshit about Russia spending $100,000 buying advertisements or foreign citizens reporting the crimes of the US government against foreign countries somehow being a crime against the US government or email detailing corruption being Russia's fault even when they were locally exposed and a whole host of crimes were exposed and nothing done about it, nothing what so ever except the global exposure of the US as a blatantly corrupt state.
Reality is the US government lies nearly all of the time at every level about nearly everything, the only people with a worse reputation for lying than the US government is US main stream media, not only repeating the lies of the US government but spreading even more on behalf of US corporations. If you think screaming Russia will improve the reputation of the US government, than you are nucking futs, seriously, the US has become a joke. I know people just like the US government, inveterate liars, can't help themselves, the lie so much you stop bothering to correct them, the idiots than believe you believe them, rather than the reality of you have simply stopped listening. Each US government press announcement has become a joke, so what lies will they spread today and who bothers to listen any more. Yeah, yeah, WMDs wolf boy, sure we believe you.
Chaos - everything, everywhere, everywhen
Like it would be any different for the average person if the other branch of The Party ruled.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Unlikely. He doesn't like faggy fawning of people over him.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So? Nothing a few nukes can't fix.
And the fun part about the US' nukes is that the average person has no control over them. That's what you still need your army for.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Again, you live in the delusion that the other side of The Party does anything different. Care to show me the difference between 2000-2008 and 2008-2016 in US politics?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Holy shit, someone gets it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Who has caused the most damage for American citizens?
NORTH KOREA or THE NSA?
Microsoft.
Anons need not reply. Questions end with a question mark.
"Oh, them? It never changes," she said. "It's always: location, location, location."
If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
The question was, “Who has caused the most damage for American citizens?” The NSA’s activities are certainly objectionable but how much real damage have they done to American citizens?
Neither of them. The American citizens themselves, by electing Donald Trump as a president - and previously Bush Jr. and his regime, who probably caused the biggest damage to the US so far that any government has ever caused.
So far Kim has done Jack all, but thrown a few insults and made threats. The NSA in its irresponsible handling of sensitive data and munitions has cost the Americans much more indirectly.
Area51 - We are watching...
....the same way you do with Java. It's only fair.
And probably about 5% of those people would actually resist an invasion. The rest would simply fall into line and do what they were told. Just as they do now. Having lots of guns is no gurantee that they would actually get used. The Roshschilds et al took over America, the UK, Europe etc. without firing so much as a shot. You all work fro the banking cartel becuase you believe in their idea of money.
Are companies such as Microsoft and Google "western only companies" . I presume they only open up their stack to five eyes. So where does this leave Russia, Brazil, India, and China? Not to mention France, Germany - second world powers?
Thank you for pointing out the obvious that so many people have been missing for the past (shoot, I lost count) years. Divide and conquer has always been a tried and true method in ANY type of conflict.
Yes and no: Republicans promise welfare to rich people and work their arses off, to deliver. Democrats promise more egalitarian service then offer the same back-room deals and exemptions to the rich that Republicans do: They're slowing the shrinking of the middle-class and growth in welfare-bashing, not undoing it. There is a difference in Democrat versus Republican government but as Shooter (2007) explains, there is no "us versus them".
Alas, one cannot put 50 governors in a room and get agreement: The co-operative portion of US federalism is broken so the federal government is making the rules and kicking state butts. This creates a nice point of failure for a political system that wasn't designed to be attacked by the rich: Lobbyists offering bribes and lawyers writing bills that are almost incomprehensible. There are many symptoms in a corrupt government but these need to be fixed first: These faults can only be fixed by US politicians taking responsibility for the political system and changing it. Until then, corruption remains.
PR schtick? Fuck you.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
You’re certainly correct that Kim hasn’t done anything overt as yet. But I guarantee you North Korea has had indirect impact on Americans, increased defense expenditures in the region come to mind. It is certainly true the NSA‘s activities have impacted Americans, and others worldwide, with the release of their hacking tools leading directly to ransomware attacks.
The point in my original post was that those ransomware attacks were less the fault of the NSA, and more the fault of the hackers and leakers that gave the NSA’s hacking tools to WikiLeaks, who promptly published them, without regard to the potential for damage to all of us, American or not. Scratch that, I think that Julian Assange published the NSA hacking tools and exploits specifically because of the damage they would do to us.
See subject: Prime reasons I used TRUE executable statically compiled code vs. runtimes for APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ was twofold - BETTER PERFORMANCE & LESS SECURITY ISSUES!
APK
P.S.=> Give you a case-in-point e.g. - this program http://www.majorgeeks.com/files/details/hosts_file_editor.html/ is .NET interpreted SLOWER code (& has the potential for problems like this article shows) - test its initial loadtime ALONE w/ a large hosts file program vs. mine & see my point on that note too (& like hostsman which uses SQLite (C buffer overflow issues + a 17++ yr. long exploit in it recently), it too doesn't do hardcoded favorites @ TOP of hosts for more speed, security, reliability & anonymity vs. DNS security issues). Depending on others' code = bad idea... apk
Donald Trump
That is just APK spamming pretending to be a security expert
He feels the need to spam his hosts file any chance he gets
Afterwards he will go rub one out to his overly complex bloated hosts file engine
Then he will come back and complain if someone modded him down and will state that he dusted you
It is just how APK rolls
Hobbyist Russian defender Opportunist can't even let this one slide.
fucking rusophobia)
google
I wonder if we might be able to concentrate on more than one issue at a time.
Given that the whole point of the "Russia hacked the elections" thing is to distract people from more important things, it seems that the answer is "No."
Well, I can't be certain of course, but I'd wait a few months her for further news before the conspiracies are closed.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
See subject: I write TRUE "stand-alone" .exes statically compiled code vs. runtime driven for APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Twofold - BETTER PERFORMANCE & LESS SECURITY ISSUES (as well as less complexity & dependence on others' possibly shoddy/defective work)!
* Depending on others' code = bad idea (libs OR runtimes).
APK
P.S.=> E.g. - This http://www.majorgeeks.com/file... is .NET interpreted SLOWER code (& has the potential for problems like this article shows) - test its initial loadtime ALONE w/ a large hosts file vs. mine & see (& like hostsman which uses SQLite (C buffer overflow issues + a 17++ yr. long exploit in it recently), it too doesn't do hardcoded favorites @ TOP of hosts for more speed, security, reliability & anonymity vs. DNS security issues)... apk
Trump is obamas true legacy. Now have a nice day.
If you are going to build such munitions and store them, it's your responsibility to secure them.
Attributing blame on Assange isnt logical. Unknown hackers breached US security and had these tools. The responsible thing was to make the world know they're in the wild.
Area51 - We are watching...
Hey, if you put a ball on the penalty point, don't be surprised if someone kicks it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Thanks, but no thanks. Freedom-wise they're even worse than the US, and that's already a place I try to avoid.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.