Comment The long term damage will be enormous (Score 4, Insightful) 330
As soon as software catches up and makes it practical, the rest of the world is going to dump the US cloud forever.
As soon as software catches up and makes it practical, the rest of the world is going to dump the US cloud forever.
Sourceforge is garbage now.
If you don't want to be discovered with Bluetooth, don't leave your devices in discoverable mode!
Cryptome notes this document is claimed to be a hoax by a Hacker News user.
Trademark?
It is a fact that the largest US defense contractors had *thousands* of workstations and servers backdoored for *years* before anyone wised up to it. These are networks managed by professionals who really do take security seriously.
I don't think it's unreasonable to believe that tons of machines are trojaned prior to sale.
I have file system 0day. Be sure to dd the content to that flash drive and dd it back off!
There's no reason to use an asymmetric algorithm.
It's like tripwire, except it works on code in memory. It has an online database where hashes of known code are stored in various sizes... so the client will hash 4k and ask the server if this is known. If so, move on we know what it is. If not, split it into 2 blocks of 2k. Can we positively identify that? Anything not identified continues to be split into smaller and smaller pieces.
The software understands how processes are laid out so it's not going to hash your user data as that can't possibly provide a useful result.
The idea is that we need to be able to ask, "Is this really Microsoft Word 2010 patchlevel X running on my system? Has it been modified in anyway, even via hotpatching memory? If so, show me exactly where it has been modified so I can focus my analysis on that"
When you visit the site in Firefox for some reason it just tries to download something. I didn't try with other browsers. That's why I said use IE. Visit in IE and you see a little blurb about it with a couple different options for installing. It uses some Microsoft 1click installer framework... and yeah, this needs some serious release engineering work.
It's alpha code. It seems to work better on HyperV than VMWare too... In VMWare I have to close the target VM (run in background) in order to get it to work. Some kind of locking issue I guess.
Anyway, I think it's a really cool concept. I'm sure there will soon be a proper page put up to describe it, running on a standard port and everything.
Fair point, but it's not like getting something from port 80 or 443 really assures safety.
Like I said it's really alpha. I would not run it on any important VMs anyway.
Oh, and make sure you have
http://blockwatch.ioactive.com:8888/
It's pretty alpha, and you will need to use IE to install it. This tool compares software in memory against known signatures, allowing you to confirm what's running on the system is really what you think it is. It works with HyperV and VMWare.
It's free. Thanks IO Active!
Call the kernel to access files, sockets, etc.
Also unless the developer is super 31337 and likes to write everything I expect shares library calls too.
By watching calls to those interfaces we can figure out what it does.
As far as the US government is concerned nothing is sovereign but themselves.
Congrats Marty!
Today is a good day for information-gathering. Read someone else's mail file.