How does the marco run considering autorun macros were disable by default on Microsoft Word and how does the rest of it execute without the user providing the admin password. Sounds to me like a veersion of any old word macro virus.
Evolution requires the species propagate, longevity being a side effect of evolution. The longer we live the more genetic errors accumulate at the replication stage, leading to cancer. What we need is a new form of error correction mechanism that works at the DNA level.
'Intel Management Engine (ME).. described as "an extra general purpose computer running a firmware blob.. a chip protected by RSA 2048 security on a chip'
Can I replace this firmware blob with one of my own?
Can I replace the RSA key with one of my own?
Can I audit this firmware blob to see what it does?
Can I disable this ME subsystem?
Who else can access this ME subsystem?
"there are mechanisms in place to address vulnerabilities should the need arise."
So basically Intel and any designated third party can access your computer regardless of in place security mechanisms.
"Microsoft has open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues"
Defence against 'computer network attacks', that would be like trying to stop their Microsoft Windows computers being hacked. No one in their right minds would put Microsoft Windows anywhere near a war domain. Have they that short a memory:
Have Microsoft ever considered looking at their own Source Code. Considering Microsoft is primarily responsible for the malware infestation. That would be like describing Dr. Hannibal Lecter as a food nutritionist researcher.
July 1991: 'SteveB went on the road to see the top weeklies, industry analysts. The meetings included demos of Windows 3.1 (pen and multimedia included), Windows NT, OS/2 2.0 including a performance comparison to Windows and a "bad app" that corrupted other applications and crashed the system".'
'The demos of OS/2 were excellent, crashing the system had the intended effect -- to FUD OS/2 2.0. People paid attention to this demo and were often suprised to our favor. Steve positioned it as -- OS/2 is not "bad" but from a performance and "robustness" standpoint, it is NOT better than Windows.' ref
Some Anonymous Coward: "All OS's are vulnerable to attack"
Except in this case it happens to be Microsoft Windows that's the prime vector to spreading the Ransom.DDOD.ware:)
"To pretend otherwise only shows your lack of intelligence."
Insert painfully ignorant ad hominem.
"Windows just happens to provide a larger target audience where phishing, e-mail attack vectors, and social engineering have a better chance of succeeding."
Illogical, the number of audiences has no bearing on the lack of security of the target machine.
"And I always find it amusing that any time a vulnerability is found in Windows the wanna be techies milk it for all it's worth in their daily prayers in hopes of converting the heretic windows users to the one and only OS god."
And I find it amusing to see someone hide behind an anonymous account to spout abuse in defense of their precious:)
Actually, once upon a time an ATM couldn't be programmed without the presence of a sealed hardware unit that couldn't be activated without entering two unique pass-codes entered by two bank officials, the codes being provided by a portable handheld device. Later on the banks 'upgraded' to Windows.
@Anonymous: "So which OS protects you from a admin with malicious intent?"
@bloodhawk: "At some point you are at the mercy of those running the system. Operating System is irrelevant, it is the programs, the auditing and alerting that run on the system. Given how many people have been caught over the last hundred years doing similar scams from inside banks"
The second system that runs transparently to the first, that provides a full and irrevocable audit trail on the first, in order to precisely catch such scams.
"The NRC has chosen to include numerous scientists who work on promotion or development of genetically engineered (or GMO) crops and who have financial ties to biotech companies, which have an economic and political agenda in this debate."
Is this what international banking has been reduced to by the worlds most innovative computer ecosystem. The financial worlds currency system gets hacked through a front-end running on Windows and people think that's normal. Microsoft the company that made typing dangerous.
"Meanwhile, the U.S. Marine Corps has discovered half their computers unexpectedly can't remotely upgrade to Windows 10, slowing their transition to what they expect to be a much more secure operating system".
Windows and security don't go in the same sentence.
"Anytime the vulnerable code is being run by any sort of privileged account, an attacker can exploit the vulnerability and execute code under those same permissions," ref
Slashdot Mirror
How does the marco run considering autorun macros were disable by default on Microsoft Word and how does the rest of it execute without the user providing the admin password. Sounds to me like a veersion of any old word macro virus.
Evolution requires the species propagate, longevity being a side effect of evolution. The longer we live the more genetic errors accumulate at the replication stage, leading to cancer. What we need is a new form of error correction mechanism that works at the DNA level.
'Intel Management Engine (ME) .. described as "an extra general purpose computer running a firmware blob .. a chip protected by RSA 2048 security on a chip'
Can I replace this firmware blob with one of my own?
Can I replace the RSA key with one of my own?
Can I audit this firmware blob to see what it does?
Can I disable this ME subsystem?
Who else can access this ME subsystem?
"there are mechanisms in place to address vulnerabilities should the need arise."
So basically Intel and any designated third party can access your computer regardless of in place security mechanisms.
"Microsoft has open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues"
Bounds checking for C and C++ Nov 2004
Defence against 'computer network attacks', that would be like trying to stop their Microsoft Windows computers being hacked. No one in their right minds would put Microsoft Windows anywhere near a war domain. Have they that short a memory:
Software glitches leave Navy Smart Ship dead in the water
Technical Analysis of the August 14, 2003, Blackout:
Slammer worm crashed Ohio nuke plant network
Is there a link to a demo for this Chrome PDF reader bug?
I think the worst decision was putting security functions in dynamically loaded libraries and allowing them to be dynamically hijacked
Presumably this 'digital weapon' only runs on Microsoft Windows ©
Have Microsoft ever considered looking at their own Source Code. Considering Microsoft is primarily responsible for the malware infestation. That would be like describing Dr. Hannibal Lecter as a food nutritionist researcher.
"it should rather be disabled .. by setting KillUserProcesses=no in /etc/systemd/logind.conf ." ref
July 1991: 'SteveB went on the road to see the top weeklies, industry analysts. The meetings included demos of Windows 3.1 (pen and multimedia included), Windows NT, OS/2 2.0 including a performance comparison to Windows and a "bad app" that corrupted other applications and crashed the system".'
'The demos of OS/2 were excellent, crashing the system had the intended effect -- to FUD OS/2 2.0. People paid attention to this demo and were often suprised to our favor. Steve positioned it as -- OS/2 is not "bad" but from a performance and "robustness" standpoint, it is NOT better than Windows.' ref
OS/2 is still alive ref
The day Bill Gates screamed IBM's house down
This is the dumbest article Ars Technica has ever pushed. Ever. ..
"We wants it, we needs it, must have the precious, they stole it from us"
Some Anonymous Coward: "All OS's are vulnerable to attack"
:)
:)
Except in this case it happens to be Microsoft Windows that's the prime vector to spreading the Ransom.DDOD.ware
"To pretend otherwise only shows your lack of intelligence."
Insert painfully ignorant ad hominem.
"Windows just happens to provide a larger target audience where phishing, e-mail attack vectors, and social engineering have a better chance of succeeding."
Illogical, the number of audiences has no bearing on the lack of security of the target machine.
"And I always find it amusing that any time a vulnerability is found in Windows the wanna be techies milk it for all it's worth in their daily prayers in hopes of converting the heretic windows users to the one and only OS god."
And I find it amusing to see someone hide behind an anonymous account to spout abuse in defense of their precious
IBM chief: Microsoft killed OS/2
The day Bill Gates screamed IBM's house down
Actually, once upon a time an ATM couldn't be programmed without the presence of a sealed hardware unit that couldn't be activated without entering two unique pass-codes entered by two bank officials, the codes being provided by a portable handheld device. Later on the banks 'upgraded' to Windows.
@Anonymous: "So which OS protects you from a admin with malicious intent?"
@bloodhawk: "At some point you are at the mercy of those running the system. Operating System is irrelevant, it is the programs, the auditing and alerting that run on the system. Given how many people have been caught over the last hundred years doing similar scams from inside banks"
The second system that runs transparently to the first, that provides a full and irrevocable audit trail on the first, in order to precisely catch such scams.
"The NRC has chosen to include numerous scientists who work on promotion or development of genetically engineered (or GMO) crops and who have financial ties to biotech companies, which have an economic and political agenda in this debate."
Is this what international banking has been reduced to by the worlds most innovative computer ecosystem. The financial worlds currency system gets hacked through a front-end running on Windows and people think that's normal. Microsoft the company that made typing dangerous.
Remember when college campuses were about advancing education rather then selling product.
"Meanwhile, the U.S. Marine Corps has discovered half their computers unexpectedly can't remotely upgrade to Windows 10, slowing their transition to what they expect to be a much more secure operating system".
Windows and security don't go in the same sentence.
Would the originators of the Internet have ever thought that Facebook would become the pinnacle of online communication?
'O brave new world, / That has such people in 't!"'
I use Pale Moon, except when certain sites don't work unless noscript + flash + Java are required, which defeats the concept of safe browsing ...
None of which would work except on the Intel platform, which is a story for another day ...
"Anytime the vulnerable code is being run by any sort of privileged account, an attacker can exploit the vulnerability and execute code under those same permissions," ref