Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - NSA linked to hard drive firmware hacking across 12 major manufacturers->

Submitted by Anonymous Coward
An anonymous reader writes "Russian security researchers have published a report [http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage] detailing the insertion of data-stealing software into the firmware of hard drives from over a dozen major manufacturers. The report, from Kaspersky Labs, connects the organisation behind it — which it has dubbed 'The equation Group' — with the National Security Agency, due to common variants in the hard drive malware and Stuxnet, the NSA-driven cyberattack initiative which was used to attack a uranium refinement facility in Iran. The 'Fanny worm' propagated by the firmware hack is used to breach air-gapped networks via infected USB sticks, relaying retrieved information back to command-and-control centers. Reuters claims to have had the allegations confirmed by two ex-NSA employees."
Link to Original Source

Comment: Re:Not seeing the issue here (Score 2, Informative) 209

by Le Marteau (#48647999) Attached to: Judge: It's OK For Cops To Create Fake Instagram Accounts

> And then the public defender you're assigned because you can't afford a decent lawyer

Hold on just a second. There are many fine public defenders who happen to be far better than just "decent". They will not, however, be able to dedicate much time to your case. THAT is the issue with many PD's. Not that they suck or are not "decent" but that they are over worked.

Comment: Re:Not seeing the issue here (Score 4, Insightful) 209

by Le Marteau (#48647923) Attached to: Judge: It's OK For Cops To Create Fake Instagram Accounts

> I'm fine with (cops lying to people)

If you or I lie to a cop, we can get charged with obstruction of justice. If they lie to us, they can get a commonadation.

And you're "fine" with that.

Some days it's easier to be a misanthrope than others. This is one of those days. Fuck you.

Comment: Re:Sandbox before browsing (Score 4, Informative) 83

by Le Marteau (#48623891) Attached to: Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware

> I'm running a browser in a VM... What malware?

Your faith in the security of VM sandboxes is misplaced.

It is trivial to write a program which can detect if it is in a VM. And then, attack the hypervisor and escape the protected environment. As virtualization has become more common, such malware has gone from academic exercises to real-world exploits.

http://www.symantec.com/avcent...

My favorite line:

Finally, the most interesting attack that malicious code can perform against a virtual machine emulator is to escape from its protected environment.

With virtualization becoming more and more common

The sooner you make your first 5000 mistakes, the sooner you will be able to correct them. -- Nicolaides

Working...