monkeyFuzz - Slashdot User

Submission + - USB flash drives used in robbery of ATMs (bbc.co.uk)

Submitted by JeffOwl on Monday December 30, 2013 @10:41AM

JeffOwl writes: BBC is reporting that thieves are infecting ATMs with malware using USB sticks. The malware creates a backdoor that can be accessed at the front panel. The thieves are damaging the ATM to access a USB port then patching it back up to avoid notice. This indicates that the crew is highly familiar with the ATMs in question. Once the ATM is infected, the thieves use a 12 digit code to bring up the alternate interface. The thieves, not wanting their crew to go rogue, have built a challenge-response access control into their software and must call another member who can generate the response for them. Maybe they believe in the saying "no honor among thieves."

Submission + - Pre-hacked Electronics Come Straight From China's Factories (theepochtimes.com)

Submitted by jjp9999 on Thursday November 21, 2013 @11:47AM

jjp9999 writes: Cybercriminals may be taking a new route to hack your computers, and are taking their attacks straight to the factories. A shipment of Chinese kettles and clothing irons was recently picked up by Russian customs agents who said inside the products were WiFi chips and microprocessors. If the devices were plugged in, they would search for unsecured WiFi networks (which are still common in Russia) and infect them with malware. The devices were far from the first though. In the past few years we've seen spying devices in Hong Kong cars, Olympus cameras and Samsung smartphones with infected memory cards, infected TomTom GPS systems, and the infamous Best Buy digital picture frames that were pre-loaded with a virus that could bypass firewalls and over 100 security and anti-virus programs. The US government seems to know about the problem, yet has been oddly silent. Among the only public discussions was in 2011 when Greg Schaffer of Homeland Security said he was aware of the problem, adding 'This is one of the most complicated and difficult challenges that we have.'

Submission + - Bionic Eye Implant Available In U.S. Next Month (singularityhub.com)

Submitted by kkleiner on Thursday November 21, 2013 @10:11AM

kkleiner writes: Starting next month, Americans suffering from degenerative eye diseases can get excited about the launch of the Argus II, a bionic eye implant to partially restore vision. Designed for those suffering from retinitis pigmentosa, the Argus II is a headset that looks akin to Google Glass but is actually hard wired into the optic nerve to transmit visual information from a 60 electrode array. The device opens the door for similar "humanitarian" implants that both reduce the difficulty in getting government approval and increase the adoption of brain implants.

Comment Re:The US does not have any stations in Russia (Score 2) 232

by monkeyFuzz on Monday November 18, 2013 @06:23PM (#45458523) Attached to: US Wary of Allowing Russian Electronic Monitoring Stations Inside US

Or any of the former satellites of the CCCP for that matter. The authoritative list is here.

On that list was a station out in the middle of the Indian Ocean that caught my eye - Diego Garcia, and how it was depopulated by the British to enable the US to set up shop for military purposes. The following cable and corresponding wikipedia article was quite an interesting read on yet another hegemonic adventure undertaken by the US govt. I wonder how long before the European Court of Human Rights will take to decide the case. Odds anyone for the outcome?

Submission + - Illegal anal probe during routine traffic stop results in a federal lawsuit (kob.com)

Submitted by sharknado on Tuesday November 05, 2013 @03:41PM

sharknado writes: Police in New Mexico ordered an illegal anal cavity search against a New Mexico man after he failed to stop at a stop sign. The anal probe was ordered because the man was believed to be "clenching his buttocks", which the police believed indicated that he was hiding narcotics in his anus. After more than half a dozen medical procedures, including 3 enemas, 2 x-rays and an anal probe under general anesthetic, the narcotics were nowhere to be found. The New Mexico man did not consent to any of these medical procedures, the warrant was executed illegally (in the wrong county, and after the expiration of the warrant), and the man is now suing the police in federal court.

Submission + - Million Mask March not even on the radar? (millionmaskmarch.org)

Submitted by monkeyFuzz on Tuesday November 05, 2013 @01:39PM

monkeyFuzz writes: A quick search just now on google news suggests that as expected the main stream media in the US has predictably ignored the Million Mask March event from its coverage. Wondering what ./ers think of this event and of any of you are participating.

Submission + - Million Mask March - Marching on the United States Capital Building

Submitted by DrStoooopid on Tuesday November 05, 2013 @01:39PM

DrStoooopid writes: A group of protesters wearing Guy Fawks masked are marching on the capital building in Washington D.C. and being broadcast via Livestream.

http://new.livestream.com/JamesFromTheInternet/events/2318191?logged_in=1383672134

Submission + - Nobody Seems To Notice and Nobody Seems To Care (slexy.org)

Submitted by Anonymous Coward on Tuesday November 05, 2013 @11:27AM

An anonymous reader writes: ** PLEASE COPY AND SHARE THIS ARTICLE **
** ESPECIALLY ON THE #BADBIOS — BADBIOS — bad bios — DISCUSSION WHICH MAY HAVE STATE ACTORS SAYING IT IS BUNK **

Nobody Seems To Notice and Nobody Seems To Care â" Government & Stealth Malware

"In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use â" which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even thenâ¦ you won't notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you wouldn't notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

[3] http://www.stallman.org/

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

##

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

There's thermal attacks against cpus and temp, also:

ENF (google it)

A treat (ENF Collector in Java):

sourceforge dot net fwdslash projects fwdslash nfienfcollector

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

When is the last time you:

Audited your sound card for malware?
Audited your graphics card for malware?
Audited your network card for malware?

Google for:

* AGP and PCI rootkit(s)
* Network card rootkit(s)
* BIOS/CMOS rootkit(s)

Our modern PC hardware is capable of much more than many can imagine.

Do you:

Know your router's firmware may easily be replaced on a hacker's whim?
Shield all cables against leakage and attacks
Still use an old CRT monitor and beg for TEMPEST attacks?
Use TEMPEST resistant fonts in all of your applications including your OS?
Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?
Use your PC on the grid and expose yourself to possible keypress attacks?
Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?
Search out informative papers on these subjects and educate your friends and family about these attacks?
Contact antimalware companies and urge them to protect against many or all these attacks?

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either don't need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

#

I'm more concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

Some have begun with BIOS security:

http://www.biosbits.org/

Some BIOS has write protection in its configuration, a lot of newer computers don't.

#

"Disconnect your PC from the internet and don't add anything you didn't create yourself. It worked for the NOC list machine in Mission Impossible"

The room/structure was likely heavily shielded, whereas most civvies don't shield their house and computer rooms. There is more than meets the eye to modern hardware.

Google:

subversion hack:
tagmeme(dot)com/subhack/

UPDATE on tagmeme domain — 11/2013 — You'll have to use Archive.org to recover and view pages and files from the tagmeme domain as it has been abandoned and the content removed.

network card rootkits and trojans
pci rootkits
packet radio
xmit "fm fingerprinting" software
"specific emitter identification"
forums(dot)qrz(dot)com

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

Unless your computer room is shielded properly, the computers may still be attacked and used, I've personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didn't find it all.

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

#
eof"

Submission + - Start Mining the Social Web with iPython Notebook

Submitted by Anonymous Coward on Friday October 25, 2013 @02:15PM

An anonymous reader writes: Ideally you want to get directly to working code when you're learning a new subject. With the latest edition of Mining the Social Web, Matthew Russell worked with folks at O'Reilly to release the first chapter in iPython Notebook format: "If you've been following this project at all, you already know that there's a turn-key virtual machine that provides all of the sample code from the book in a convenient and interactive IPython Notebook format, so that you can get right to business without so much fuss around Python configuration management and Python development tools. With most of that foundation in place, I then began wondering why the entire text of the book couldn’t be offered in that same convenient format."

Submission + - Activist Tweets Former NSA Chief's 'Off Record' Phone Call (thinkprogress.org)

Submitted by i_want_you_to_throw_ on Friday October 25, 2013 @09:35AM

i_want_you_to_throw_ writes: Riding on the Acela express train between New York and Washington, DC, Hayden had the bad luck of sitting near entrepreneur and former MoveOn.org director Tom Matzzie. “Former NSA spy boss Michael Hayden on Acela behind me blabbing ‘on background as a former senior admin official’,” Matzzie wrote on his Twitter account. “Sounds defensive.” For the next twenty minutes, Mattzie continued to livetweet Hayden’s conversations slamming the Obama administration, all the while insisting that he be referred to only on background.

Comment You go Huawei! (Score 1) 2

by monkeyFuzz on Friday October 18, 2013 @04:38PM (#45169433) Attached to: Huawei Using NSA Scandal to Turn Tables on Accusations of Spying

This should be fun!

Submission + - Huawei Using NSA Scandal to Turn Tables on Accusations of Spying (slashdot.org) 2

Submitted by Nerval's Lobster on Friday October 18, 2013 @04:23PM

Nerval's Lobster writes: Huawei Technologies, the Chinese telecom giant banned from selling to U.S. government agencies due to its alleged ties to Chinese intelligence services, is trying to turn the tables on its accusers by offering itself as a safe haven for customers concerned that the NSA has compromised their own IT vendors. “We have never been asked to provide access to our technology, or provide any data or information on any citizen or organization to any Government, or their agencies,” Huawei Deputy Chairman Ken Hu said in the introduction to a 52-page white paper on cybersecurity published Oct. 18. Huawei was banned from selling to U.S. government entities and faced barriers to civilian sales following a 2012 report from the U.S. House of Representatives that concluded Huawei’s management had not been forthcoming enough to convince committee members to disregard charges it had given Chinese intelligence services backdoors into its secure systems and allowed Chinese intelligence agents to pose as Huawei employees. But the company promises to create test centers where governments and customers can test its products and inspect its services as part of an “open, transparent and sincere” approach to questions about its alleged ties, according to a statement in the white paper from Huawei CEO Ren Zhengfei. Can Huawei actually gain more customers by playing off the Snowden scandal?

Comment Impressive technology but what value does it add? (Score 1) 1

by monkeyFuzz on Friday October 18, 2013 @03:27PM (#45168447) Attached to: Barbarians at the Gateways

The article provides a nice primer for the novice to the HFT domain. While the technical considerations are all very impressive I fail to understand how HFT actually adds value to society. If anything, flash crashes and other evils of HFT suggest to me the whole practice ought to be done away with. Sure there's lots of "economic activity" generated by buying and selling mind boggling amounts of assets in the blink of an eye but what use is it? Seems like the whole business is yet another leech sucking out money from the market without necessarily providing any useful in return (e.g. liquidity) that matters to all the other participants. The only thing that seems to have been perfected is the application of technology to do so incredibly efficiently.

Submission + - US Should Cancel Plutonium Plant

Submitted by Hugh Pickens DOT Com on Friday October 18, 2013 @12:43PM

Hugh Pickens DOT Com writes: Rachel Oswald reports that the Union of Concerned Scientists, an independent science advocacy organization, says that the United States should cancel plans to build a multi-billion dollar plutonium research facility in New Mexico and criticizes Obama administration plans for nuclear facilities and weapons, arguing the plans to build new fissile-material handling plants are unnecessarily ambitious given the expected future downward trajectory of the US nuclear arsenal. The proposed Chemistry and Metallurgy Research Replacement plant (CMRR) building at Los Alamos would replace a Cold War-era site at a cost of $6 billion. It is intended to assist in ensuring new and existing plutonium pits are in working order absent a return by the country to nuclear-weapons testing. The 81-page UCS report, "Making Smart Security Choices," (PDF) says if the United States carries out limited reductions of its nuclear arsenal over the next-quarter century — as President Obama has said he would like to do — current facilities at Los Alamos can produce sufficient plutonium cores to maintain the warhead stockpile. The CMRR complex is designed to have the capacity to produce between 50 and 80 plutonium pits annually even though no more than 50 cores are needed yearly and Los Alamos currently has that production capability, says report co-author Lisbeth Gronlund. The idea that you would need to produce up to 80 [cores] is not warranted," says Gronlund. “We think it’s time just to cancel the whole thing.

Submission + - Barbarians at the Gateways (acm.org) 1

Submitted by CowboyRobot on Friday October 18, 2013 @10:30AM

CowboyRobot writes: Former high-frequency trader Jacob Loveless gives an in-depth description of the math and technology involved in HFT. FTA: "The first step in HFT is to place the systems where the exchanges are. Light passing through fiber takes 49 microseconds to travel 10,000 meters, and that's all the time available in many cases. In New York, there are at least six data centers you need to collocate in to be competitive in equities. In other assets (foreign exchange, for example), you need only one or two in New York, but you also need one in London and probably one in Chicago. The problem of collocation seems straightforward: 1. Contact data center. 2. Negotiate contract. 3. Profit. The details, however, are where the first systems problem arises. The real estate is extremely expensive, and the cost of power is an ever-crushing force on the bottom line. A 17.3-kilowatt cabinet will run $14,000 per month. Assuming a modest HFT draw of 750 watts per server, 17 kilowatts can be taken by 23 servers. It's also important to ensure you get the right collocation. In many markets, the length of the cable within the same building is a competitive advantage. Some facilities such as the Mahwah, New Jersey, NYSE (New York Stock Exchange) data center have rolls of fiber so that every cage has exactly the same length of fiber running to the exchange cages."

Slashdot Top Deals