Computer virus writers, since back in the day of writing DOS viruses, did often put message directed at anti-virus companies and even individual employees, as well as shout-outs to other virus writers and virus-writing groups. Song lyrics and poems would occasionally be included as well, sometimes to be displayed as part of a payload, otherwise just in there for, one presumes, the curious. The Stoned boot sector/MBR virus' "Legalise marijauana. Your PC is now stoned" message comes to immediate mind.
Of course, these days, computer viruses are almost extinct. There are about two or three families of viruses which are still active (Sality, Virut,...). Everything else is just various kinds of non-replicating malware, like the ransomware this article discusses. Replicating ransomware like Petya and WannaCry are still comparatively rare.
Today, there is little concern from most developers about the size of their code, at least in the same way it was back in the mini-computer and dawn of the PC era where RAM might have been measured in kilobytes. When you have malware which is hundreds of KB long, or even over a megabyte like Stuxnet, the need to optimize code for size becomes something of a non-issue.
While Bulgaria was once a hot-bed of virus activity in the DOS era, the focus on malicious software has spread throughout Russia, Eastern Europe and the Baltic states, to the extent that it has crowded out Bulgaria as being a well-known source of malware. Of course, today malware is a global phenomenon, and you find clusters of development throughout the world, including regional specializations in both Asia and Latin America for targeting domestic banking, for example.
Vesselin Bontchev, one of the first people to document the Bulgarian virus scene via his seminal work, The Bulgarian and Soviet Virus Factories, remains active in the field and would probably be the best source for current information on Bulgaria's position in the threat economy. He can also be found on Twitter, where his tendency towards logorrhea is somewhat tempered by the 280-character limit.
Unsurprisingly, OKCupid is owned by IAC, the same company that owns (or owned, in this case) AskJeeves, Match.Com, Plenty of Fish, Tinder and a host of other web properties. They are a company that makes money by getting eyeball counts, and things which interfere with that, like security, are tossed by the wayside.
Several years ago, someone signed up using my name and email address for match.com, and a password of "baculum" (go ahead, look it up). There was no attempt to first authenticate me, they just allowed the account to be created and start getting responses, and when I realized what was going on and tried to log in, they sent the password for the account in plaintext to me.
Apparently using IAC properties is (or was) a popular way to harass people. I reached out to their security people, trying to find out more about how an account was created with my email address and no authentication, and asked for information like the IP address it was created from and the time, and got a form letter back saying to come back with a warrant or subpoena.
That they continue to have account abuse issues does not surprise me at all.
It is interesting how concerned Microsoft is about "building a thoughtfully curated ecosystem" with browser extensions that are "high-quality and trustworthy" for Microsoft Edge, while at the same time, its Windows Store offers many poor-quality mobile apps bordering on the scammy (fake browsers meant to look like Google Chrome, pirated copies of books, etc.) for years.
Of course, Microsoft collects a percentage of sales from Store apps, so maybe it was more to their incentive to have it filled with these in order to inflate the number of apps back when the "app gap" was a concern before they abandoned Windows Phone/Windows 10 Mobile.
I have to wonder, though, if Chrome and Firefox versus Edge is the new version of iOS and Android versus Windows Phone.
I seem to recall a discussion about this at the time of disclosure that the main concern was not so much finding exploitable bugs in Windows, per se, but finding bugs in third-party drivers like those from AMD and nVidia, as well as determining hardware and software a target might be using, in order to help perform vulnerability research on targets.
I am wondering if this has more to do with the quality of the research being done, as opposed to the patent process itself. While India's CSIR-Tech may have failed, Australia's equivalent entity, CSIRO, seems to have done quite well for Australian taxpayers, such as generating income on from Wi-Fi (some essential component of 802.11n, as I recall).
I guess it was a slow day at CBS Interactive's CNet web site, or perhaps they are not very familiar with using Windows. This behavior can easily be disabled by a simple registry tweak. Here's a.REG file which does exactly that:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "NoAutoRebootWithLoggedOnUsers"=dword:00000001
If you would rather script it using a.CMD file, that's easy enough, too. You can even do it in one line:
As always, you are responsible for your computer and should make a backup before making any changes to it.
Yes, Windows can be difficult to use at times, and the learning curve can be quite high. But these days that's pretty true of any operating system if you're coming to it for the first time. You can find the answers to a lot of questions by searching the web, and in case you can't (or you still have questions), you can go to a web site with an active Windows user forum like BleepingComputer. GeeksToGo, Neowin, Scot's Newsletter,Sysnative, WindowsForums or even Microsoft's own Microsoft Answers forum and someone will help you. Those are just a few off the top of my head, there are plenty of others, although you should probably avoid CBS Interactive's own CNet forums.
The December 9th patch - https://support.microsoft.com/... - might contain some kind of fix or workaround, although I don't see anything mentioned on the page which maps to the issue.
Microsoft is keeping customers up to date with a page on its support forum. Here's Microsoft's short link to the page: https://aka.ms/netcom
News sites (fake or otherwise) should be extremely cautious of running salacious news stories about Elon Musk, given that fellow tech mogul Peter Thiel helped sue a media outlet into oblivion. Presumably, Elon Musk has the same capability.
Intel had been investigating selling Intel Security (nee McAfee) for well over a year, so this is hardly a recent development on their part. And regardless of what the Slashdot crowd things of the products' quality, they do have massive amounts of brand recognition in both the consumer and enterprise spaces.
Mr. McAfee had given up the rights to his name when preparing McAfee Associates' IPO and did quite well in terms of how he was compensated. Even back in 1995 he was already trying to get his name back from Bill Larson (then President, CEO and Chairman of McAfee Associates) and having no luck. As much as Bill hated the McAfee name, he realized there was so much money to be made in it, and took the company from $20-30M in revenue to billions of dollars in valuation .
Mr. McAfee's one of the smartest business people I know, and his ability to rapidly absorb data, synthesize it and come up with all sorts of ideas for products is pretty darn amazing, and frankly, with all of the time and effort he's put into being in front of the media, trying to get his name back at this point is a waste of time and shareholder's money spent on lawyers: Due to his recent high-profile activities, there's enough interest in Mr. McAfee that he doesn't need to capitalize on his name, anymore. He could name a company "Spicy Lemon" and still generate media attention because of his involvement with it, just as he's done with all the products he's taken on since returning to the U.S. after fleeing Belize.
The funny thing is that equipping a target with a satellite phone improves the ability to identify them. In the case of a journalist and photographer team operating in Syria a few years ago, it was their satellite phone that allowed their location to be triangulated and subsequently attacked.
I would think it would not be too difficult to come up with some interesting usage patterns of DMs (sending messages in languages commonly used by ISIS, using certain phrases common to ISIS, geoIP location, access only from Tor nodes, proxies, VPN connections and so forth as selection criteria for further intelligence collection. Frankly, using DMs sounds like a great way to be targeted by state security services.
I did not see any mention of a bug bounty program. Is there one? If the federal government would like to not just have its open sourced software reviewed but actually receive reports of bugs, they should consider adding a bug bounty program to encourage programmers to report any errors they find to the federal government, instead of selling it to an adversary.
Since neither the original poster or the article provided it, here's a link to the page where the latest version of the Lenovo Solution Center can be downloaded from:
1. Do you think it is still possible to secure embedded systems (aka the Internet of Things), or is that an impossibility now, practically speaking?
2. If there was one thing you could every average computer user to do to improve their security, what would it be?
3. If you were a person of interest in the murder of your neighbor in a tiny Central American country, what would your strategy be for clearing your name?
Thank you for taking the time to read this. I look forward to your answers.
Another, and possibly even more likely, reason Device Guard contained the string "Windows 10 RT" is that someone forgot to change it to "Windows 10 Mobile."
I would suggest the following amendment to your draft text:
Be it resolved that computers running or intending to run Microsoft Windows purchased by the department which boot using the Unified Extensible Firmware Interface (UEFI) have the ability to disable the Secure Boot feature." REMOVING:s for both local hard drive and network booting.
If you want to put in verbiage saying Secure Boot should be disabled, the language should reflect this in its entirety, not just for what types of devices the computer boots from. Example: A manufacturer who disabled booting from SSDs, USB flash drives or optical media would still be in spec with your requirements, since you only specified hard disk drives and PXE booting in your text.
Also, keep in mind your requirement is not going to work with Windows 10 Mobile devices (phones, phablets and the like) as UEFI with Secure Boot enabled is part of the requirements for devices running that edition of Windows 10.
Mr. McAfee has a rich and varied history of stating as fact things which cannot be proven as true or as false, simply because they cannot be verified. It is most certainly not paranoid rantings, nor is it based on any actual information about the current situation. Instead, it is carefully-crafted statements made for one reason and one reason only: To maximize his coverage in the media.
Recent examples of similar behavior include:
Notifying the world that he had determined the Ashley Madison hacker to be a former female employee, based entirely on his interpretation of the language used in the disclosures. In fact, investigative journalist Brian Krebs had contemporaneously identified the probably hacker as European man who had lived in North America for a period.
Offering to decrypt the iPhone used at work by Syed Rizwan Farook, primarily through the use of social engineering to obtain the passphrase or PIN unlock code. Social engineering the dead man's close friends and relatives in order to gain relevant information would likely need to be done in Arabic, Urdu or perhaps even Pashto. And, in any case, was subsequently rendered moot when it was revealed the phone's passphrase had been reset by law enforcement.
Claiming that America was vulnerable to EMP attacks, despite the fact that EMP weaponry had been investigated for years by Winn Schwartau who eventually determined widespread use wasn't feasible.
Sometimes making comments to the media works to McAfee's advantage, sometimes they don't. But as long as he keeps coming up with new ones, he keeps getting media coverage. This story is just one more example of such continuing behavior.
Actually, hosts files are a reactive technology and not a proactive one, since they only block what is already listed in them. That does not mean they are useless, of course, but that they are just a supplemental tool, much like anti-malware software, segmenting administrative and user privilege, auditing logs, etc. There's no one magic bullet for security.
Not sure if it is still the case (it's been years since I've installed Java) but didn't the runtime installer display a message saying something like three billion devices run Java? I wonder if the reason for not uninstalling old version was to help inflate that count.
I've used the APC model without any issues, as well as models from Targus and TRC that has since been discontinued, but occasionally show up online for sale.
Last month, anti-malware testing company AV-Test issued a report titled "Self-Protection for Antivirus Software" in which they looked at the use of ASLR and DEP in 32 different anti-malware programs. Of all these programs, only one had 100% of its files compiled with those protections.
Of course, anti-malware programs usually have their own anti-tamper mechanisms to ensure code and data integrity, but it seems like there's still some ways to go, and even it is still a good idea to make use of additional security functionality available through the compiler and operating system.
Slashdot Mirror
Hello,
Computer virus writers, since back in the day of writing DOS viruses, did often put message directed at anti-virus companies and even individual employees, as well as shout-outs to other virus writers and virus-writing groups. Song lyrics and poems would occasionally be included as well, sometimes to be displayed as part of a payload, otherwise just in there for, one presumes, the curious. The Stoned boot sector/MBR virus' "Legalise marijauana. Your PC is now stoned" message comes to immediate mind.
Of course, these days, computer viruses are almost extinct. There are about two or three families of viruses which are still active (Sality, Virut, ...). Everything else is just various kinds of non-replicating malware, like the ransomware this article discusses. Replicating ransomware like Petya and WannaCry are still comparatively rare.
Today, there is little concern from most developers about the size of their code, at least in the same way it was back in the mini-computer and dawn of the PC era where RAM might have been measured in kilobytes. When you have malware which is hundreds of KB long, or even over a megabyte like Stuxnet, the need to optimize code for size becomes something of a non-issue.
Regards,
Aryeh Goretsky
Hello,
While Bulgaria was once a hot-bed of virus activity in the DOS era, the focus on malicious software has spread throughout Russia, Eastern Europe and the Baltic states, to the extent that it has crowded out Bulgaria as being a well-known source of malware. Of course, today malware is a global phenomenon, and you find clusters of development throughout the world, including regional specializations in both Asia and Latin America for targeting domestic banking, for example.
Vesselin Bontchev, one of the first people to document the Bulgarian virus scene via his seminal work, The Bulgarian and Soviet Virus Factories, remains active in the field and would probably be the best source for current information on Bulgaria's position in the threat economy. He can also be found on Twitter, where his tendency towards logorrhea is somewhat tempered by the 280-character limit.
Regards,
Aryeh Goretsky
Hello,
Unsurprisingly, OKCupid is owned by IAC, the same company that owns (or owned, in this case) AskJeeves, Match.Com, Plenty of Fish, Tinder and a host of other web properties. They are a company that makes money by getting eyeball counts, and things which interfere with that, like security, are tossed by the wayside.
Several years ago, someone signed up using my name and email address for match.com, and a password of "baculum" (go ahead, look it up). There was no attempt to first authenticate me, they just allowed the account to be created and start getting responses, and when I realized what was going on and tried to log in, they sent the password for the account in plaintext to me.
Apparently using IAC properties is (or was) a popular way to harass people. I reached out to their security people, trying to find out more about how an account was created with my email address and no authentication, and asked for information like the IP address it was created from and the time, and got a form letter back saying to come back with a warrant or subpoena.
That they continue to have account abuse issues does not surprise me at all.
Regards,
Aryeh Goretsky
Hello,
So, in other words, it is an updated copy of Lenovo's 15th anniversary "Reserve Edition" ThinkPad? http://www.notebookreview.com/...
Meh.
Regards,
Aryeh Goretsky
Hello,
CBS News reports that the same type of attack may have occurred on USAID workers in Uzbekistan; https://www.cbsnews.com/news/u...
Regards,
Aryeh Goretsky
Hello,
Here are a couple of methods for scripting re-installation of Windows Media Player after applying KB4046355.
via Command Prompt: dism.exe /online /enable-feature /featurename:WindowsMediaPlayer
via PowerShell: enable-windowsoptionalfeature -online -featureName WindowsMediaPlayer
Hopefully that will be of use to people who still need to use (or prefer) Windows Media Player.
Regards,
Aryeh Goretsky
Hello,
It is interesting how concerned Microsoft is about "building a thoughtfully curated ecosystem" with browser extensions that are "high-quality and trustworthy" for Microsoft Edge, while at the same time, its Windows Store offers many poor-quality mobile apps bordering on the scammy (fake browsers meant to look like Google Chrome, pirated copies of books, etc.) for years.
Of course, Microsoft collects a percentage of sales from Store apps, so maybe it was more to their incentive to have it filled with these in order to inflate the number of apps back when the "app gap" was a concern before they abandoned Windows Phone/Windows 10 Mobile.
I have to wonder, though, if Chrome and Firefox versus Edge is the new version of iOS and Android versus Windows Phone.
Regards,
Aryeh Goretsky
Hello,
I seem to recall a discussion about this at the time of disclosure that the main concern was not so much finding exploitable bugs in Windows, per se, but finding bugs in third-party drivers like those from AMD and nVidia, as well as determining hardware and software a target might be using, in order to help perform vulnerability research on targets.
Regards,
Aryeh Goretsky
Hello,
I am wondering if this has more to do with the quality of the research being done, as opposed to the patent process itself. While India's CSIR-Tech may have failed, Australia's equivalent entity, CSIRO, seems to have done quite well for Australian taxpayers, such as generating income on from Wi-Fi (some essential component of 802.11n, as I recall).
Regards,
Aryeh Goretsky
Hello,
I guess it was a slow day at CBS Interactive's CNet web site, or perhaps they are not very familiar with using Windows. This behavior can easily be disabled by a simple registry tweak. Here's a .REG file which does exactly that:
If you would rather script it using a .CMD file, that's easy enough, too. You can even do it in one line:
Or, for the PowerShell-inclined, here's a three-line version:
As always, you are responsible for your computer and should make a backup before making any changes to it.
Yes, Windows can be difficult to use at times, and the learning curve can be quite high. But these days that's pretty true of any operating system if you're coming to it for the first time. You can find the answers to a lot of questions by searching the web, and in case you can't (or you still have questions), you can go to a web site with an active Windows user forum like BleepingComputer. GeeksToGo, Neowin, Scot's Newsletter,Sysnative, WindowsForums or even Microsoft's own Microsoft Answers forum and someone will help you. Those are just a few off the top of my head, there are plenty of others, although you should probably avoid CBS Interactive's own CNet forums.
Regards
Aryeh Goretsky
Hello,
This issue has been going on for more than two days. Reports of it date almost a month:
https://www.reddit.com/r/sysad...
https://community.spiceworks.c...
Although reports of it in Microsoft's support forum are more recent:
https://answers.microsoft.com/...
https://answers.microsoft.com/...
https://answers.microsoft.com/...
The December 9th patch - https://support.microsoft.com/... - might contain some kind of fix or workaround, although I don't see anything mentioned on the page which maps to the issue.
Microsoft is keeping customers up to date with a page on its support forum. Here's Microsoft's short link to the page: https://aka.ms/netcom
Regards,
Aryeh Goretsky
Hello,
News sites (fake or otherwise) should be extremely cautious of running salacious news stories about Elon Musk, given that fellow tech mogul Peter Thiel helped sue a media outlet into oblivion. Presumably, Elon Musk has the same capability.
Regards,
Aryeh Goretsky
Hello,
Intel had been investigating selling Intel Security (nee McAfee) for well over a year, so this is hardly a recent development on their part. And regardless of what the Slashdot crowd things of the products' quality, they do have massive amounts of brand recognition in both the consumer and enterprise spaces.
Mr. McAfee had given up the rights to his name when preparing McAfee Associates' IPO and did quite well in terms of how he was compensated. Even back in 1995 he was already trying to get his name back from Bill Larson (then President, CEO and Chairman of McAfee Associates) and having no luck. As much as Bill hated the McAfee name, he realized there was so much money to be made in it, and took the company from $20-30M in revenue to billions of dollars in valuation .
Mr. McAfee's one of the smartest business people I know, and his ability to rapidly absorb data, synthesize it and come up with all sorts of ideas for products is pretty darn amazing, and frankly, with all of the time and effort he's put into being in front of the media, trying to get his name back at this point is a waste of time and shareholder's money spent on lawyers: Due to his recent high-profile activities, there's enough interest in Mr. McAfee that he doesn't need to capitalize on his name, anymore. He could name a company "Spicy Lemon" and still generate media attention because of his involvement with it, just as he's done with all the products he's taken on since returning to the U.S. after fleeing Belize.
Regards,
Aryeh Goretsky
Hello
The funny thing is that equipping a target with a satellite phone improves the ability to identify them. In the case of a journalist and photographer team operating in Syria a few years ago, it was their satellite phone that allowed their location to be triangulated and subsequently attacked.
I would think it would not be too difficult to come up with some interesting usage patterns of DMs (sending messages in languages commonly used by ISIS, using certain phrases common to ISIS, geoIP location, access only from Tor nodes, proxies, VPN connections and so forth as selection criteria for further intelligence collection. Frankly, using DMs sounds like a great way to be targeted by state security services.
Regards,
Aryeh Goretsky
Hello,
I did not see any mention of a bug bounty program. Is there one? If the federal government would like to not just have its open sourced software reviewed but actually receive reports of bugs, they should consider adding a bug bounty program to encourage programmers to report any errors they find to the federal government, instead of selling it to an adversary.
Regards,
Aryeh Goretsky
Hello,
Since neither the original poster or the article provided it, here's a link to the page where the latest version of the Lenovo Solution Center can be downloaded from:
https://support.lenovo.com/us/...
Note that the downloads are listed at the bottom of the page.
Regards,
Aryeh Goretsky
Hello Col. Hypponen,
I have three questions for you:
1. Do you think it is still possible to secure embedded systems (aka the Internet of Things), or is that an impossibility now, practically speaking?
2. If there was one thing you could every average computer user to do to improve their security, what would it be?
3. If you were a person of interest in the murder of your neighbor in a tiny Central American country, what would your strategy be for clearing your name?
Thank you for taking the time to read this. I look forward to your answers.
Regards,
Aryeh Goretsky
Hello,
Your copyright date needs to be updated.
Regards,
Aryeh Goretsky
Hello,
Another, and possibly even more likely, reason Device Guard contained the string "Windows 10 RT" is that someone forgot to change it to "Windows 10 Mobile."
Regards,
Aryeh Goretsky
Hello,
I would suggest the following amendment to your draft text:
Be it resolved that computers running or intending to run Microsoft Windows purchased by the department which boot using the Unified Extensible Firmware Interface (UEFI) have the ability to disable the Secure Boot feature." REMOVING: s for both local hard drive and network booting.
If you want to put in verbiage saying Secure Boot should be disabled, the language should reflect this in its entirety, not just for what types of devices the computer boots from. Example: A manufacturer who disabled booting from SSDs, USB flash drives or optical media would still be in spec with your requirements, since you only specified hard disk drives and PXE booting in your text.
Also, keep in mind your requirement is not going to work with Windows 10 Mobile devices (phones, phablets and the like) as UEFI with Secure Boot enabled is part of the requirements for devices running that edition of Windows 10.
Regards,
Aryeh Goretsky
Hello,
Mr. McAfee has a rich and varied history of stating as fact things which cannot be proven as true or as false, simply because they cannot be verified. It is most certainly not paranoid rantings, nor is it based on any actual information about the current situation. Instead, it is carefully-crafted statements made for one reason and one reason only: To maximize his coverage in the media.
Recent examples of similar behavior include:
Sometimes making comments to the media works to McAfee's advantage, sometimes they don't. But as long as he keeps coming up with new ones, he keeps getting media coverage. This story is just one more example of such continuing behavior.
Regards,
Aryeh Goretsky
Hello,
Actually, hosts files are a reactive technology and not a proactive one, since they only block what is already listed in them. That does not mean they are useless, of course, but that they are just a supplemental tool, much like anti-malware software, segmenting administrative and user privilege, auditing logs, etc. There's no one magic bullet for security.
Regards,
Aryeh Goretsky
Hello,
Not sure if it is still the case (it's been years since I've installed Java) but didn't the runtime installer display a message saying something like three billion devices run Java? I wonder if the reason for not uninstalling old version was to help inflate that count.
Regards,
Aryeh Goretsky
Hello,
Inline 100-240V laptop surge suppressors are readily available from online electronics retailers. Here are a few that will work for you:
I've used the APC model without any issues, as well as models from Targus and TRC that has since been discontinued, but occasionally show up online for sale.
Regards,
Aryeh Goretsky
Hello,
Last month, anti-malware testing company AV-Test issued a report titled "Self-Protection for Antivirus Software" in which they looked at the use of ASLR and DEP in 32 different anti-malware programs. Of all these programs, only one had 100% of its files compiled with those protections.
Of course, anti-malware programs usually have their own anti-tamper mechanisms to ensure code and data integrity, but it seems like there's still some ways to go, and even it is still a good idea to make use of additional security functionality available through the compiler and operating system.
Regards,
Aryeh Goretsky