Flatbed Scanners Used as Relay Point for Controlling Malware in Air-Gapped Systems

Found on Bleeping Computer on Saturday, 01 April 2017
Browse Computer

For this technique to work, two conditions must be met. First, the flatbed scanner lid must be left open in an upright position so an attacker can aim light beams at its sensors.

Second, an attacker must find a way to install malware on an air-gapped system.

Similarly, scientists hacked a smart lightbulb that was installed in the same room as the air-gapped PC, and made it pulsate in a controlled manner that relayed commands to the scanner, and to the attached air-gapped PC.

From the headline, the news sound pretty interesting, but with the requirements it is highly unlikely to be seen in the wild instead of being just a proof of concept.

New ASLR-busting JavaScript is about to make drive-by exploits much nastier

Found on Ars Technica on Wednesday, 15 February 2017
Browse Computer

The attack uses simple JavaScript code to identify the memory addresses where system and application components are loaded. When combined with attack code that exploits vulnerabilities in browsers or operating systems, the JavaScript can reliably eliminate virtually all of the protection ASLR provides.

Given how crucial caching is to the performance of modern CPUs, the researchers say architectural fixes are likely to be too costly to be feasible.

"We hence recommend ASLR to no longer be trusted as a first line of defense against memory error attacks and for future defenses not to rely on it as a pivotal building block."

Just your daily reminder that nothing is secure.

Tech Industry Warns Against French-German Plans To Weaken Encryption

Found on CCIA on Wednesday, 24 August 2016
Browse Computer

A new European Commission proposal could undermine the confidentiality of encrypted communication. A new “ePrivacy proposal”, expect end of this year, would likely include a loophole for governments to request access to encrypted data.

The following can be attributed to CCIA Europe Director, Christian Borggreen:

“We are worried that EU proposals can allow governments to challenge end-to-end encryption and thus threaten the security and confidentiality of Europeans’ communications.”

Either encryption works, or it does not. Having backdoor access means it does not and should be replaced by a product that is not respecting such ridiculous laws.

New Plastic For Old Amigas and Commodores

Found on Slashdot on Monday, 19 October 2015
Browse Computer

Amiga enthusiast Philippe Lang has created a new Kickstarter campaign to design and build new, improved molds for Amiga 1200 housings and do a licensed production run using anti-UV ASA plastic in the original color plus black, transparent, and 9 other colors. His team is also investigating the feasibility of producing new Amiga 1200 keyboards if this campaign succeeds.

Good things never die.

Lenovo has been selling laptops that come loaded with Superfish 'malware'

Found on Business Insider on Thursday, 19 February 2015
Browse Computer

Computer manufacturer Lenovo is being criticized for selling laptops that come pre-installed with invasive software, which many users are calling malware.

There are reports that Superfish is carrying out what's known as a "man in the middle" attack — impersonating the security certificates of encrypted websites to let it serve up its ads.

Lenovo says it has now "temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues."

Lenovo might have removed Superfish, but reports say that the problematic certificate remains on the system, allowing third parties to carry out MITM attacks. Which is only a matter of time because the Superfish private key and password have been found and are now public. So if you are using a Lenovo laptop, don't rely on the lock icon anymore: check who signed the certificate.

The Almost forgotten Story of the Amiga 2000

Found on Amiga Lounge on Monday, 21 July 2014
Browse Computer

Steve Jobs was quoted that he wanted to" Make a dent in the Universe", and now,everyone (other than Amiga users) wants to change the history books and erase Commodore and the Amiga from history but, there actually was one Amiga that truly changed the world.

TV shows like "Home Improvement" to the Pilot of Babylon 5, to Seaques DSV took full advantage not only of the A2000 with a Video Toaster, but of the 3D animation software that came with the VT called "Light Wave". LightWave also made movies like "Jurasic Park" Possible, because without test animations for it, it would have ended up a "stop motion" dinosaurs (it was originally planed as stop motion and miniatures like the old harryhausen movies).

NASA chose the Amiga over the Apple, because they could make and developed their own custom hardware. When they asked Commodore for documentation, Commodore sent them palettes full of books, schematics and software. In Fact, Some Amiga's were being still used at NASA up until 2003.

Yet management ruined it. Commodore could be the biggest player on the market these days. Back then you could only laugh at PC users with their monochrome desktop while you played amazing games on your A500 (and up).

The NSA has nearly complete backdoor access to Apple's iPhone

Found on The Daily Dot on Wednesday, 01 January 2014
Browse Computer

An NSA program called DROPOUTJEEP allows the agency to intercept SMS messages, access contact lists, locate a phone using cell tower data, and even activate the device’s microphone and camera.

“Either [the NSA] have a huge collection of exploits that work against Apple products, meaning they are hoarding information about critical systems that American companies produce, and sabotaging them, or Apple sabotaged it themselves,” Appelbaum said at the Chaos Communication Conference in Hamburg, Germany.

That's why Apple devices are so simple and easy to use; that way, a lot of people want to use them. Widespread adoption makes a product a very interesting target.

U.S. says Chinese government behind cyberespionage

Found on CNet News on Tuesday, 07 May 2013
Browse Computer

The Chinese government and military have engaged in widespread cyberespionage targeting U.S. government and business computer networks, the Pentagon said Monday.

"In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military," the report said.

In March, the Obama administration demanded that China end its "unprecedented" campaign of cyberespionage, warning that the hacking activity threatens to derail efforts to build stronger ties between the two countries.

This is nothing really new. Every government has similar projects running; China is just not keeping it secret enough.

New Mac malware opens secure reverse shell

Found on CNrét News on Tuesday, 19 February 2013
Browse Computer

A new backdoor Trojan for OS X is making the rounds, attempting to set up a secure connection for a remote hacker to connect through and grab private information.

The malware, dubbed "Pintsized" by Intego, is suspected of using a modified implementation of OpenSSH to set up a reverse shell that creates a secure connection to a remote server.

I remember it was one of the pro-Mac arguments that you will never get infected with a virus or trojan; how times have changed.

Canadian Business Groups Lobby For Right To Install Spyware on Your Computer

Found on Michael Geist on Wednesday, 06 February 2013
Browse Computer

During the anti-spam law debates in 2009, copyright lobby groups promoted amendments that would have allowed for expansive surveillance of user computers. Coming on the heels of the Sony rootkit scandal, the government ultimately rejected those proposals (the Liberals had plans to propose such amendments but backed down), leaving in place an important provision that requires express consent prior to the installation of computer software.

The Canadian Chamber of Commerce and other business groups want to ensure that the anti-spam law does not block their ability to secretly install spyware on personal computers for a wide range of purposes. In doing so, these groups are proposing to turn the law upside down by shifting from protecting consumers to protecting businesses.

Just don't do any business with them and consider using an operating system which does not make it easy to install spyware (which is usually designed for Windows).