There isn't a security company on the planet that isn't hooked into the security services of some nation state. In certain cases the security apparatus of one state is a wholly owned subsidiarity of another states security apparatus.
Behind the Scenes at the Company Behind the Scenes
-- At my fingertips, the zero day is wrapped in code like a Christmas present, then becomes an exploit, the programmatic expression of my will. I live for this shit.
The reality is a two tier EU with France/Germany doing the ruling for the benefit of the richer core countries and the rest being reduced to perpetual bankruptcy and a source of cheap labor for the core countries. Greece being the prime example.
Windows detects when Edge is running and only then switches on battery saver mode. It wouldn't be the first time Microsoft was caught tweaking the OS to make using another browser a jolting experience. In the case of Opera they included browser detection code that shifted fonts 2 pixels to the left.
"Want to invisibly spy on 10 iPhone owners.. That will cost you $650,000, plus a $500,000 setup fee with an Israeli outfit called the NSO Group.. Since it is privately held, not much is known about the NSO Group’s finances"
In other words a front group for the Israeli Security Service, the same people that have full control of all telephone records in the continental United States.
'The malware enumerates all processes, and if a process has the module liboradb.dll loaded in it, it will patch 2 bytes in its memory at a specific offset. The patch will replace 2 bytes 0x75 and 0x04 with the bytes 0x90 and 0x90.'
Apple doesn't have factories in China. Apple does subcontract manufacturing to Pegatron, the same company that make the Microsoft Surface. The same Pegatron that Microsoft is extorting the Android tax from. 'China Labor Watch' most probably a front for the Microsoft organization. refrefref
"The exploit, dubbed ‘Sweet32’, isn’t easy to carry out, however. It involves mining hundreds of gigabytes of data, and targeting specific users who have accessed a malicious website which saddled them with a bit of malware" ref
"Microsoft seems happy to have its software succeed on 'competitor' platforms such as iOS, Android" especially as Microsoft is extracting revenue out of Android OEM equipment manufacturers.
Has it become Slashdot official policy to not mention Microsoft windows in relation to remote access trojan malware?
"Spencer.. said he and his team.. examined BarıÅY Pehlivanâ(TM)s computer using a technique they developed to deal with sophisticated tampering of evidence."
'It's called "Anchors in Relative Time," which means putting events logged by computers such as startups and shutdowns in chronological order, regardless of any associated dates and times that might had been altered by attackers'. ref
Such malware is only a problem if you use Microsoft Windows on the client desktop. Besides by facilitating what is basically a man-in-the-middle attack in order to examine SSL/TLS traffic entering the organization, you're opening up your company to the hackers.
"Scott McNealy, former CEO of Sun Microsystems (JAVA), met me for breakfast at an unassuming little restaurant in a strip mall tucked into the woods a few minutes’ drive from his house. We discussed one of his recent passions: applying technology’s open-source model to education. Sun was an early proponent of open source, giving the concept a huge boost when it opened up its Java software. And McNealy funded and helped promote a project called Curriki to create open-source textbooks that will ultimately be free, via the Internet. ref
I call BS on the whole story. What happened was the website fell over when most of the Australian population tried to log on at the same time. Did anyone else on the same network suffer similar outages?
@acoustix: "I was thinking the same thing, but what if a person used a span port to mirror the traffic and send the mirrored traffic to a device capable of SSL decrypt? Couldn't that info be logged using that method?"
Only if they found a universal method of cracking SSL, which is very unlikely.
"the international hub for the Olympics, was found to host many networks that are capable of decrypting Secure Sockets Layer (SSL) traffic — undoing a protocol put in place to keep data protected." link
Only if the client desktop computer is configured to accept forged certs as used in the Cisco SSL Inspection device.
"The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers"
TOR will disguise the IP address of your computer. But there are a number of ways from compromised nodes to malicious dark sites that can be used to reveal your location, especially if you use the latest iteration of Microsoft Windows.
"the SecureWorks team has witnessed the thieves deploy this method to reroute transactions averaging between US $30,000 and $60,000.. In one case, the attackers rerouted a $400,000 payment from a U.S. chemical company to its Indian supplier."
None of this would be financially viable if not for the corrupt local banking system.
Slashdot Mirror
There isn't a security company on the planet that isn't hooked into the security services of some nation state. In certain cases the security apparatus of one state is a wholly owned subsidiarity of another states security apparatus.
Behind the Scenes at the Company Behind the Scenes
--
At my fingertips, the zero day is wrapped in code like a Christmas present, then becomes an exploit, the programmatic expression of my will. I live for this shit.
The reality is a two tier EU with France/Germany doing the ruling for the benefit of the richer core countries and the rest being reduced to perpetual bankruptcy and a source of cheap labor for the core countries. Greece being the prime example.
Windows detects when Edge is running and only then switches on battery saver mode. It wouldn't be the first time Microsoft was caught tweaking the OS to make using another browser a jolting experience. In the case of Opera they included browser detection code that shifted fonts 2 pixels to the left.
"Want to invisibly spy on 10 iPhone owners .. That will cost you $650,000, plus a $500,000 setup fee with an Israeli outfit called the NSO Group .. Since it is privately held, not much is known about the NSO Group’s finances"
In other words a front group for the Israeli Security Service, the same people that have full control of all telephone records in the continental United States.
NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender
'The malware enumerates all processes, and if a process has the module liboradb.dll loaded in it, it will patch 2 bytes in its memory at a specific offset. The patch will replace 2 bytes 0x75 and 0x04 with the bytes 0x90 and 0x90.'
Apple doesn't have factories in China. Apple does subcontract manufacturing to Pegatron, the same company that make the Microsoft Surface. The same Pegatron that Microsoft is extorting the Android tax from. 'China Labor Watch' most probably a front for the Microsoft organization. ref ref ref
Nothing to read here, moving on ...
"The exploit, dubbed ‘Sweet32’, isn’t easy to carry out, however. It involves mining hundreds of gigabytes of data, and targeting specific users who have accessed a malicious website which saddled them with a bit of malware" ref
@anonymous coward: "because how exactly is it relevant? Are you trying to imply other OS's are somehow immune to a targeted trojan?"
I not implying anything, I'm stating that slashdot and the technical press are being financially enthused to not mention malware when it's Microsoft.
"Microsoft seems happy to have its software succeed on 'competitor' platforms such as iOS, Android" especially as Microsoft is extracting revenue out of Android OEM equipment manufacturers.
Has it become Slashdot official policy to not mention Microsoft windows in relation to remote access trojan malware?
.. said he and his team .. examined BarıÅY Pehlivanâ(TM)s computer using a technique they developed to deal with sophisticated tampering of evidence."
"Spencer
'It's called "Anchors in Relative Time," which means putting events logged by computers such as startups and shutdowns in chronological order, regardless of any associated dates and times that might had been altered by attackers'. ref
Such malware is only a problem if you use Microsoft Windows on the client desktop. Besides by facilitating what is basically a man-in-the-middle attack in order to examine SSL/TLS traffic entering the organization, you're opening up your company to the hackers.
"Once an inspiring effort at tech news, Slashdot now seems more driven by marketing and reckless government propaganda"...
Mod this up +10
"Scott McNealy, former CEO of Sun Microsystems (JAVA), met me for breakfast at an unassuming little restaurant in a strip mall tucked into the woods a few minutes’ drive from his house. We discussed one of his recent passions: applying technology’s open-source model to education. Sun was an early proponent of open source, giving the concept a huge boost when it opened up its Java software. And McNealy funded and helped promote a project called Curriki to create open-source textbooks that will ultimately be free, via the Internet. ref
Does anyone here really believe this cyber bullshit?
"More neocon shilling.. More russian boogeymen that never materialise on your doorstep"
..
Yea, my thoughts precisely, it's either one of North Korea, China or Russia
Does this Google malware weapon work on anything else except Microsoft Windows ?
I call BS on the whole story. What happened was the website fell over when most of the Australian population tried to log on at the same time. Did anyone else on the same network suffer similar outages?
@acoustix: "I was thinking the same thing, but what if a person used a span port to mirror the traffic and send the mirrored traffic to a device capable of SSL decrypt? Couldn't that info be logged using that method?"
Only if they found a universal method of cracking SSL, which is very unlikely.
Has it become slashdot policy to never mention Microsoft Windows in relation to malware.
"the international hub for the Olympics, was found to host many networks that are capable of decrypting Secure Sockets Layer (SSL) traffic — undoing a protocol put in place to keep data protected." link
Only if the client desktop computer is configured to accept forged certs as used in the Cisco SSL Inspection device.
It's part of the advertising deal with MICROS~1, to only mention Android in relation to vulnerabilities else it's flash or banking trojan.
"An attacker would have to trick a user into installing a malicious app"
Is this what slashdot is reduced to, posting bogus pseudo technical quotes from a known Microsoft shill.
"The director for the Cybercrime Lab at the Department of Justice urged a roomful of 100 federal judges to use Tor to protect their computers"
TOR will disguise the IP address of your computer. But there are a number of ways from compromised nodes to malicious dark sites that can be used to reveal your location, especially if you use the latest iteration of Microsoft Windows.
"the SecureWorks team has witnessed the thieves deploy this method to reroute transactions averaging between US $30,000 and $60,000 .. In one case, the attackers rerouted a $400,000 payment from a U.S. chemical company to its Indian supplier."
None of this would be financially viable if not for the corrupt local banking system.