Slashdot Mirror
About 15 Percent of US Agencies Detected Kaspersky Software on Networks (reuters.com)
Dustin Volz, reporting for Reuters: About 15 percent of U.S. federal agencies have reported some trace of Moscow-based Kaspersky Lab software on their systems, a Department of Homeland Security (DHS) official told Congress on Tuesday. Jeanette Manfra, assistant secretary for cyber security at DHS, told a U.S. House of Representatives panel that 94 percent of agencies had responded to a directive ordering them to survey their networks to identify any use of Kaspersky Lab products and to remove them. But Manfra said DHS did "not currently have conclusive evidence" that any networks had been breached due to their use of Kaspersky Lab software. The administration of President Donald Trump ordered civilian U.S. agencies in September to remove Kaspersky Lab from their networks, amid worries the antivirus firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.
While its certainly true that we need to worry about these Russian products, the damage that the NSA has done is enormous.
Can I trust Cisco VPNs? Can I trust Windows? Can I trust my router? The NSA opens boxes in shipment to break their security, and they have the resources to do a lot more.
Unfortunately for us in the U.S., the NSA threat is a real one, not a hypothetical.
And a question for the people who know more than me: is there any IT vendor who hasn't been corrupted by the NSA, the Russians or the Chinese?
The KGB is insulted by the notion that they would meddle in foreign networks! Trump is right to offer them conciliatory blowjobs instead.
Kaspersky is offering up the code for review by an independent party. Okay, and I'm sure that the installer is 100% in compliance with the reviewed code.
I think there is more to the story than meets the eye....
Maybe karspersky has become too effective at capturing and stop NSA's malware and spy tools.
Perform a mass uninstall of Symantec products and see how many remnants are left. It's not uncommon for software to leave behind traces when it's removed. This is based on 20 years of experience...I've seen it countless times.
http://www.securityweek.com/wi...
If we did a fair comparison of who has broken more 'trust', I wonder who would come out on top. I dont recall the last time the 'am I secure' landscape looked so uncertain.
Sorry, but all evidence shown so far seems to indicate Kaspersky software works just fine, Not caused system compromises, AND
any case where Kaspersky "exposed" or "leaked" secret files were Kaspersky working like it's supposed to --- not Kaspersky violating any privacy expectations; you
just don't get to run "secret" potentially-malicious programs on desktop computers without the possibility of malware samples of your suspicious code going to the AV vendor for analysis.... I can accept that, and I think most people SHOULD accept that with zero objections.
Pollution is all they produce well.
Limited availability in Socket 370. Half speed FPU, not fixed until the C7. Single Core.
At this point in time, the best options are ARM SBCs and certain well designed network appliances without TrustZone support included/enabled. And ONLY as long as physical security is maintained at all times.
The real solution at this point would be taping out new processors and motherboard chipsets, then using those to produce new open hardware/'socialized' computing platforms. Depending on the legal issues, Super Socket 7+SDRAM+IDE+multibus PCI with 64 bit BAR support would be the first and almost completely patent (but not trademark and copyright) free solution. This would limit systems to 2-4 gigs of ram and some other issues, but could work with single socket multicore processors and leave open opportunities for alternative northbridge/southbridge chipsets including different bus options. Super Socket 7 had headroom left when AMD abandoned it for their/DEC's own Slot A/Socket A, another potential socket that could handle faster bus speeds, but one whose sockets would be more difficult to source (SS7 sockets can still be found relatively cheaply from at least a few locations, possibly even still being produced.)
much more dangerous
if this is supposed to be a new economy, how come they still want my old fashioned money?
Warning! AV software detected multiple instances of infections with AV software.
Would you like to:
a) install additional AV software to help clean AV infection from your PC
b) quarantine other AV software
c) (not recommended) do nothing.
Who actually believes this rabid anti-Russia crap?
http://www.zerohedge.com/news/2017-11-09/wikileaks-publishes-cia-hacking-tool-designed-impersonate-russias-kaspersky-lab
Are we living in the Red Scare again? Are we going to start burning Dostoyevsky books? Will we round up all the Siberian huskies and throw them in the furnace?
I am American and even I know that USA is worse at hacking all other countries than anyone else! USA is very very bad country, the worst. Kaspersky is innocent Russian company cought up in Democrat liberal ANTIFA terror campaign.
Faster != secure.
But you knew that. Another worthless APK post.
the wording of the article suggests that Kaspersky is malware, while in fact it's in the top 3 as far as competency goes in this field. Perhaps that's why it can't be allowed in American systems -- because a foreign AV suite can't be subverted as easily as the disgraced McAffee and others..
"About 15 percent of U.S. federal agencies have reported some trace of Moscow-based Kaspersky Lab software on their systems"
How can they tell they're not detecting forged CIA digital certs. I figure Kaspersky is the only security company that hasn't been compromised by the US security apparatus.
They "traced" the connections to the update servers, nothing more.
See subject: It's outright DISGRACEFUL - dirty, low, bogus & took some REAL scumbags @ the CIA to pull that rabbit out of their hats. Nice part is, they only ended up shitting ALL OVER THEMSELVES - period.
* When I read it I was like "Who the heck can you trust from our OWN nation's security agencies if they're willing to pull THAT kind of crap?"
(The man who built that program had his life & DREAMS into it - & did a good program! They'd shit on someone like that?? Makes me angry... & ashamed of my nation!)
APK
P.S.=> Seriously unbelievable (What's making me feel BETTER though? FireFox QUANTUM - it truly IS faster & so far?? I LIKE IT!)... apk
APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script/malware rob speed/security/privacy/bandwidth.
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirect (99++% of ISP DNS != patched vs. it) + DNS tracking & lighten DNS load & resolve faster from local RAM!
* Via what u NATIVELY have in a FASTER kernelmode IP stack (doing more for less)!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ (self checking code vs. infection of it built-in)
It removed Kaspersky because of their comment about pulling photos of an alleged hacker from his PC.
To trust them, I would have to accept that they built in the ability to pull any file from a PC using their anti virus and yet would never use it against anyone but this hacker.
That's a ridiculous call to make.
So I removed their software.
Thats why I create Kaspersky.txt and rename it exe and have it on my work desktop. Make sure it is zero bytes long.
Dumb audit scanners are just that - I live for false positives. Add in some ACL's for no access.
Tricks like this mean companies like Or**** charge the ex-employer for a few thousand extra licenses on an 'Audit' because the place runs on technicians
And now that modern CPUs from Intel are running MINIX to run the microcode, you simply no longer know what is happening.
Technically, Intel ME, (and IPMI) run on a separate core inside the chipset.
You can power off your CPU, lights-out management is still running (that's the whole point of the thing, so the IT department in your business can admin the desktops remotely without even needing to turn them on).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
There are far more compelling reasons to replace Krapersky. The biggest one is that it is a total system performance killer. With Krapersky installed it is about the same as not turning the box on. It's a shit product and only gained popularity with corporations and organizations because it bulk licensing it is dirt cheap. In the end folks pay up one way or the other.
I'm looking forward to watching how the Russian government uses this US move as a pretext to squeeze foreign IT companies from the Russian market and provide Russian companies with a fantastic home base advantage - which they'll use for attacks on foreign markets. Why has the US spent almost 20 years negotiating with Russia about WTO accession when now it's handed excuse after excuse to impose import embargoes?
You mean the separate ARM cpu (on each x86 machine) to administer any machines remotely is an improvement over Wakej-on-LAN?
For an admin? Yes it's definitely an improvement.
For an end-user? It's your worst nightmares slowly coming to life one after the other.
Wake-On-LAN have that capability too.
TL;DR: ME and IPMI enable an admin to remotely debug a machine that doesn't even want to turn on. It goes much beyond what WOL offers. It's more comparable to a network-enabled-KVM, and even goes a bit further (some kind of network-enabled-KVM that could even tap into the motherboard's DIP switches, back when those still existed).
For Wake-on-LAN to be useful:
- the machine must be able to actually boot.
+- Which involves a few very low-level stuff. Like BIOS settings (hardware parameters) making the machine able to turn on stably (e.g.: correct RAM timings and CPU clock setting. A badly/unreliably overclocked machine might crash and catch fire right after receiving the WOL magic packet)
+- like the BIOS set to boot on an actual boot device (harddisk), etc. (e.g.: UEFI set to load the signed shim that start grub. Not hanging with "no boot device deteted")
- the OS must be able to actually boot.
+- Which involves a few more higher level stuff, like an OS actually being installed
+- Drivers, etc. able to bring the devices up and have the OS run stably (Windows is a bitch whenever the hardware changes a tiny bit).
- you need some remote access to the OS
+- Linux : SSH with your login keys.
+- Windows : some VNC stuff ?
- you need some specific software
+- e.g.: to flash the BIOS.
If anything along this chain breaks, you need to go in place and check the details of what doesn't work.
With ME and IPMI :
- the small embed MINIX / Linux running on the ARM core in the chipset is running some kind of VNC-like server that is able to directly tap into the shared RAM/VRAM of the GPU core inside the same chipset.
This gives similar access as a network-enabled KVM : even if the machine doesn't boot, you can remotely see what's on the screen, and remotely take over with your keyboard and mouse to do the necessary admin step to get the OS bootable and functionnal.
- this VNC variant supports some form of USB-forwarding. Meaning that you can simulate remotely plugged in floppies or DVD-ROMs using local images on your own admin console. You can use it to install Linux from an .ISO you have. You can use it to upgrade the firmware of a problematic SAS/SCSI PCIe card using an .IMG that you made of the floppy disk.
All this, again, requires ZERO cooperation of the target machine. You don't need to have a working PXE network booting setup.
Given that the VNC even works already during the BIOS settings screen, you can use it *TO* setup a working PXE net boot.
- ME and IPMI even have direct access to the BIOS it self.
Means you can change some low-level settings that currently prevent the machine from even booting. Means a PC with broken RAM timings settings that cannot reliably boot, you can correct those settings, all from the comfort of a web pages that you access from your admin console.
Means that, while the machine is currently shut down, you could even flash a new BIOS / UEFI firmware.
And if the flash breaks and the machine becomes unbootable, you can still use ME / IPMI to reflash a correct firmware.
For an admin, that's a godsend : short from an actually literally burnt motherboard, there isn't a single situation that you cannot debug remotely with this, all this without even needing expensive equipment like network-enabled KVM (and a discreet EEPROM programmer for busted BIOSes).
For an user, that's a horrendous nightmare. Even when your computer is shut down and merely just plugged into power and network, it could be hacked at a BIOS-level or even deeper level whenever an exploit in ME or IPMI is found.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]