actually it's the only way to be fully protected against local root (kernel/system daemons) vulnerabilities, keyloggers, data theft, etc.
I'm not entirely sure about the scope of what you're claiming here, but know that virtual machine escapes aren't uncommon. I'm not saying that virtualizing the browser is a bad idea (defense in depth and all that), but it won't get you perfect security. Also, in some cases, it's possible to attack the host OS without leaving the VM. Then there's the sensitive information within the VM (user credentials, session cookies, etc.), which doesn't require an escape.
I don't know man, I quite enjoy automated conversion from high-level source code to low-level object code. If using a compiler makes me a "code money", so be it.
While that's mostly true, I do have some Atmel based boards designed by companies that manufacture knockoffs. I've also got some FGPA and CPLD dev boards as well, and have seen ARM stuff.
Glad to here this is happening. My Arduino Diecimila lead to my first misadventure into the hardware world, and I still have it as a keepsake. Seeing the community fracture was sad, and it made many question whether open source hardware was feasible.
Why wouldn't they? At a minimum, modern governments have an obligation to protect their constituents from espionage, and in some cases that means using software exploitation to gain the upper hand. Of course, such powers can be abused, but all to often we choose to ignore their necessity.
Winning the arms race like that is going to be tough. A more general solution would be thorough, targeted instrumentation to better assess any file IO operations performed. It should be easy enough to fingerprint Office and use the data to monitor for anomalous file activity.
Well, it depends largely on context. The question isn't always, "what does this malware do?" A lot of the time it's, "is this malware?" In the former case, sure, the appearance of innocuousness is going to evoke even more curiosity, and something like this will be little more than a speed bump. But in the latter case (which is by far the more common scenario), simple anti-forensics can prove very effective in evading detection.
Think about it, if you've got a backlog of hundreds or even thousands of questionable files, how much time can you really commit to each one? Reversing all of them is probably out of the question. Most samples will get the regular treatment: fire up a fresh VM with some instrumentation, run the sample, and check for artifacts indicative of malicious behavior. Depending on the sophistication of the tooling, such artifacts may or may not be discovered. Considering the extremely low cost of implementation (probably a few lines to enumerate doc files), this was a good call on part of the attackers--a few minutes of work for a chance at flying under the radar for a bit longer.
That said, there are plenty of open source tools available to dump VBA macros from Office documents, so the cost isn't exactly on par with reversing something like object code, but I still think the attackers made the right call here.
Actually, the summary explicitly states that the purpose of this malware's behavior is to thwart human analysts testing in a fresh environment. It's not the most impressive technique, but it is a cheap way to increase the defender's costs, given the potentially high price of reverse engineering.
If it's a live system, permission has not been granted, and a similar test environment cannot be setup, then I Ignore it, and if at all possible, I avoid using the vulnerable system in question. Bear in mind I say this as someone that does vulnerability research for a living. I'm not a fan of the extant legislation, but if that's what society wants from me, that's what it's going to get. I refuse to risk my freedom for a bunch of assholes that don't want my help, and I've plenty of paying customers that aren't complete idiots, so my attention is better spent on them.
Maybe someday the pols will get their shit together and the problem will work itself out, but I have little faith at this point.
Agreed. Our current laws sound good on paper, but we need exemptions for stagnant government organizations that won't grant permission for penetration tests. Actual attackers aren't going to ask for permission, nor will they reveal actions.
Nonsense, nobody is paying for garbage like this. And if you've got something that's actually good, such as an exploit for Chrome, you can easily sell it for five or six figures to a "legitimate" company with absolutely no risk of repercussions.
IANAL, but this is blatantly wrong. If you test a system without permission, you are breaking the law. It does not matter if you exploit any vulnerabilities or not.
I'm certainly no VB advocate. I agree with your points, especially related to syntax. But, it's alive nonetheless. Plenty of VB.NET jobs out there for others that feel differently.
Slashdot Mirror
Maybe if Steam streamed games and could revoke access at any point, but it's a bit different. More akin to iTunes and similar services, I think.
Agreed. Let's kill this pop culture abomination once and for all.
actually it's the only way to be fully protected against local root (kernel/system daemons) vulnerabilities, keyloggers, data theft, etc.
I'm not entirely sure about the scope of what you're claiming here, but know that virtual machine escapes aren't uncommon. I'm not saying that virtualizing the browser is a bad idea (defense in depth and all that), but it won't get you perfect security. Also, in some cases, it's possible to attack the host OS without leaving the VM. Then there's the sensitive information within the VM (user credentials, session cookies, etc.), which doesn't require an escape.
The American spelling of terrorist.
Dead on. Fuck BuzzFeed.
Never leave us, app appers LUDDITE AC guy.
I don't know man, I quite enjoy automated conversion from high-level source code to low-level object code. If using a compiler makes me a "code money", so be it.
Security fixes are great, but the lack of mitigations present in newer versions of Windows make it more vulnerable in comparison.
Attention.
While that's mostly true, I do have some Atmel based boards designed by companies that manufacture knockoffs. I've also got some FGPA and CPLD dev boards as well, and have seen ARM stuff.
Wow, thats worse then normal four me. Were is mind? Maybe over their.
Glad to here this is happening. My Arduino Diecimila lead to my first misadventure into the hardware world, and I still have it as a keepsake. Seeing the community fracture was sad, and it made many question whether open source hardware was feasible.
Why wouldn't they? At a minimum, modern governments have an obligation to protect their constituents from espionage, and in some cases that means using software exploitation to gain the upper hand. Of course, such powers can be abused, but all to often we choose to ignore their necessity.
If you actually had a chance, you wouldn't be talking about it here.
Winning the arms race like that is going to be tough. A more general solution would be thorough, targeted instrumentation to better assess any file IO operations performed. It should be easy enough to fingerprint Office and use the data to monitor for anomalous file activity.
Well, it depends largely on context. The question isn't always, "what does this malware do?" A lot of the time it's, "is this malware?" In the former case, sure, the appearance of innocuousness is going to evoke even more curiosity, and something like this will be little more than a speed bump. But in the latter case (which is by far the more common scenario), simple anti-forensics can prove very effective in evading detection.
Think about it, if you've got a backlog of hundreds or even thousands of questionable files, how much time can you really commit to each one? Reversing all of them is probably out of the question. Most samples will get the regular treatment: fire up a fresh VM with some instrumentation, run the sample, and check for artifacts indicative of malicious behavior. Depending on the sophistication of the tooling, such artifacts may or may not be discovered. Considering the extremely low cost of implementation (probably a few lines to enumerate doc files), this was a good call on part of the attackers--a few minutes of work for a chance at flying under the radar for a bit longer.
That said, there are plenty of open source tools available to dump VBA macros from Office documents, so the cost isn't exactly on par with reversing something like object code, but I still think the attackers made the right call here.
Actually, the summary explicitly states that the purpose of this malware's behavior is to thwart human analysts testing in a fresh environment. It's not the most impressive technique, but it is a cheap way to increase the defender's costs, given the potentially high price of reverse engineering.
Hopefully this one doesn't get taken out by a drone. https://www.youtube.com/watch?...
You must be a member of the tolerant left.
If it's a live system, permission has not been granted, and a similar test environment cannot be setup, then I Ignore it, and if at all possible, I avoid using the vulnerable system in question. Bear in mind I say this as someone that does vulnerability research for a living. I'm not a fan of the extant legislation, but if that's what society wants from me, that's what it's going to get. I refuse to risk my freedom for a bunch of assholes that don't want my help, and I've plenty of paying customers that aren't complete idiots, so my attention is better spent on them.
Maybe someday the pols will get their shit together and the problem will work itself out, but I have little faith at this point.
I didn't say the law was just, I merely pointed out that the distinction is not between discovery and exploitation.
Agreed. Our current laws sound good on paper, but we need exemptions for stagnant government organizations that won't grant permission for penetration tests. Actual attackers aren't going to ask for permission, nor will they reveal actions.
Nonsense, nobody is paying for garbage like this. And if you've got something that's actually good, such as an exploit for Chrome, you can easily sell it for five or six figures to a "legitimate" company with absolutely no risk of repercussions.
IANAL, but this is blatantly wrong. If you test a system without permission, you are breaking the law. It does not matter if you exploit any vulnerabilities or not.
I'm certainly no VB advocate. I agree with your points, especially related to syntax. But, it's alive nonetheless. Plenty of VB.NET jobs out there for others that feel differently.