Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Submission + - sKyWIper/Flamer - possibly most complex malware ever spotted after Stuxnet/Duqu (crysys.hu) 1

Submitted by
boldi
boldi writes: "One day after IrCERT reported that they found an important malware called "Flamer", CrySyS Lab of Budapest University of Technology and Economics released a detailed report on the technical aspects of the malware. The malware is so complex it will take much more time to analyze. Kasperksy Labs made a separate analysis and give additional insight naming the malware as "Flame". Symantec released a short report with additional telemetry. We can expect more information to come."

Comment duqu definition in short (Score 3, Informative) 227

by boldi (#38217786) Attached to: Duqu Attackers Managed to Wipe C&C Servers

http://en.wikipedia.org/wiki/Duqu

Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics in Hungary, which discovered the threat, analyzed the malware and wrote a 60-page report, naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.
Symantec, based on the CrySyS report, continued the analysis of the threat, which it called "nearly identical to Stuxnet, but with a completely different purpose", and published a detailed technical paper on it with a cut-down version of the original lab report as an appendix. Symantec believes that Duqu was created by the same authors as Stuxnet, or that the authors had access to the source code of Stuxnet.

More likely Duqu==Stuxnet==Stars. Same guys, different vulns, different tools. Duqu is an instance made from a lego-kit.

Comment CrySyS duqu detector toolkit (Score 1) 64

by boldi (#37999362) Attached to: Open Source Tool Scans For Duqu Drivers

CrySys Lab released a new open-source toolkit to detect duqu traces (possibly some file left after duqu uninstalled itself after 30-36 days) and running Duqu instances.
  http://www.crysys.hu/duqudetector/
Our tool combines heurestic and signature based approach, e.g. it calculates entropy for .PNF files and reports those suspiciously random ones.
Security

A Cyber-Attack On an American City 461

Posted by timothy from the if-by-one-day-you-mean-already dept.
Bruce Perens writes "Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes in the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported. So I decided to change that."
Linux Business

"Good Enough" Computers Are the Future 515

Posted by timothy from the adequate-for-light-word-processing-and-small-sums dept.
An anonymous reader writes "Over on the PC World blog, Keir Thomas engages in some speculative thinking. Pretending to be writing from the year 2025, he describes a world of 'Good Enough computing,' wherein ultra-cheap PCs and notebooks (created to help end-users weather the 'Great Recession' of the early 21st century) are coupled to open source operating systems. This is possible because even the cheapest chips have all the power most people need nowadays. In what is effectively the present situation with netbooks writ large, he sees a future where Microsoft is priced out of the entire desktop operating system market and can't compete. It's a fun read that raises some interesting points."
Security

Intel Cache Poisoning Is Dangerously Easy On Linux 393

Posted by timothy from the anything-you-set-your-mind-to dept.
Julie188 writes "A researcher recently released proof-of-concept code for an exploit that allows a hacker to overrun an Intel CPU cache and plant a rootkit. A second, independent researcher has examined the exploit and noted that it is so simple and so stealthy that it is likely out in the wild now, unbeknownst to its victims. The attack works best on a Linux system with an Intel DQ35 motherboard with 2GB of memory. It turns out that Linux allows the root user to access MTR registers incredibly easily. With Windows this exploit can be used, but requires much more work and skill and so while the Linux exploit code is readily available now, no Windows exploit code has, so far, been released or seen. This attack is hardware specific, but unfortunately, it is specific to Intel's popular DQ35 motherboards."
Transportation

MIT Team Creates Shock That Recharges Your Car 281

Posted by samzenpus from the power-up dept.
An anonymous reader writes "If you had a GenShock, you may not mind those potholes in the road any longer because this new prototype shock actually harvests energy from bumps in the road to save on fuel. A team of students at MIT have invented a shock absorber that harnesses energy from small bumps in the road, generating electricity while it smooths the ride more effectively than conventional shocks. Senior Shakeel Avadhany and his teammates say they can produce up to a 10 percent improvement in overall vehicle fuel efficiency by using the regenerative shock absorbers. They also already have a lot of interest in their design, specifically the company that builds Humvees for the army are already planning to install them in its next version of the Humvee."

Comment What about crypto modes? Never heard of CBC, CTR? (Score 3, Insightful) 155

by boldi (#25266695) Attached to: Encrypted Images Vulnerable To New Attack

I just scanned these articles, but just from the fact I don't see a single occasion to talk about crypto modes, such as ECB,CBC,OFB,CFB,CTR etc., I'm unhappy.

20+ years old knowledge, probably badly designed software, some special attack against very bad design, and then a panic-like hype against encryption.

So please, tell the newspaper writers to learn somewhat about security and only after that start to write hype-like articles..
Sad.

Slashdot Top Deals

Never test for an error condition you don't know how to handle. -- Steinbach

Close