Forgot your password?

Close
typodupeerror

Comment: Re:can someone please explain (Score 3, Insightful) 229

by bolek_b (#40985911) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload
If I remember correctly, Stuxnet targeted Windows machines in the first step too. There it infected developer tools and the damage-causing payload did get compiled into programs for those SCADA systems of certain importance. So Windows systems might not have any obvious importance at all, but they play a role of the weakest link surprisingly well.

Comment: Re:Another aspect of this mystery (Score 2) 229

by bolek_b (#40985667) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload

As an evil virus author, I would add another twist: make the plain-text part of the virus install the font (we know it does so). Few moments later, from within the encrypted code, uninstall the font (we have no clues what that code actually does).

Unsuspecting folks would devise infection detectors, which will give nice "false negatives".

Comment: Re:Another aspect of this mystery (Score 2) 229

by bolek_b (#40985261) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload

Pity. I was hoping that this would be a clever part of systemic offensive. Like forcing laser printer to release deadly toner fumes by downloading evil curves of this font. Or making its kerning so bad that the users would collapse with severe headaches.

Judging from the infection vector (i.e. USB sticks), I suspect that the targets are off-line, or at least heavily firewalled. Mind you, the target is most probably some military facility, likely in Iran. I don't think navigating to a non-white-listed web page wouldn't raise alarm, from the virus author's point of view an unnecessary complication.

Comment: Another aspect of this mystery (Score 2) 229

by bolek_b (#40984893) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload
By the way, TFA says that the virus even installs some font. This unusual step confuses me quite a lot. Is it for some kind of "exposed but not obvious" document watermarking. Or is it preparation for some future infection vector? Questions :-(

Does somebody know whether there is that font ("Palida Narrow") available?

Comment: Re:can someone please explain (Score 5, Interesting) 229

by bolek_b (#40984767) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload

One of my guesses is that both the PATH element and the Program Files item are linked to a single application. That way, as long as the application is installed, the payload would be decryptable. The name check suggests that the application is some in-house project, probably not publicly released.

But maybe the "trigger" is an application in certain environment. Then the Program File would determine application presence. Then the expected item of PATH could refer to some network share, mapped disk, e.g. T:\Repository\bin. Such combination would be pretty unique and therefore an ideal "trigger", IMHO.

Comment: Re:can someone please explain (Score 5, Informative) 229

by bolek_b (#40984307) Attached to: Researchers Seek Help Cracking Gauss Mystery Payload
The trick in this case is that the key is already available at the targeted machine - the virus tries to combine various pairs of %PATH% paths and names from %PROGRAMFILES% and if some combination has an expected checksum, that's the key. To make cryptanalysis a bit more difficult, it seems that the second part of the key is not in plain ASCII. Therefore the "key distribution problem" is nicely solved - if the code runs on targeted system, the key will be easily generated. On any other machine you won't obtain any information about the key.
The Courts

Halo 3 Criticized In Murder Conviction 839

Posted by Soulskill
from the master-chief-charged-as-an-accessory dept.
oldwindways writes "An Ohio teen was found guilty of murdering his mother and shooting his father in the head after they took away his copy of Halo 3. One has to wonder if this is going to have any effect on the games industry. Clearly, the AP thought they could stir up something controversial by asking the IP owner for a statement: 'Microsoft, which owns the intellectual property for the game, declined to comment beyond a statement saying: "We are aware of the situation and it is a tragic case."' I suppose the good news is they did not accept his insanity plea, so no one can claim that Halo 3 drove him insane. Even so, I don't think anything good can come out of this for gamers." Unfortunately, it seems somebody can claim that the game was a contributing factor; the judge who presided over this case said he believes that the 17-year-old defendant "had no idea at the time he hatched this plot that if he killed his parents, they would be dead forever." GamePolitics has further details from the judge's statement. It doesn't help that the boy's lawyers used video game addiction as a defense.

Comment: Simple answer to luggage problems... (Score 1) 85

by bolek_b (#23685245) Attached to: International Field Engineer Travel Tips?
After much research regarding gear for my trips, I came across Eagle Creek stuff, and as for me, they are the best. My beloved Switchback has already suffered plenty of abuse and it still holds together. Not to mention their No Matter What Damage Repair Policy...

I really recommend them, the gear they offer is worth checking! (Now if they made some armored luggage for my camera, I would be really happy.)

Security

Engineers Make Good Terrorists? 467

Posted by Zonk
from the what's-wrong-with-an-engineering-degree dept.
An anonymous reader writes "Engineers' focus and attention to details, along with their perceived lack of social skills, make them ideal targets to be recruited as terrorists, according to EETimes. Planning skills make engineers good 'field operatives' was written up by Raphael Perl, who heads the Action against Terrorism Unit of Organization for Security and Cooperation in Europe. He offers that 'Engineers ideally make excellent strategic planners, and they make excellent field operatives. They think differently from how other people think.' That may sound like a stereotype, but Perl claims that 'because of those traits, terrorist groups actively recruit engineers.' He says that Al-Qaeda has widely acknowledged that a significant number of the group's top leadership had engineering backgrounds." This is the second time in just a few months that engineers have been likened to terrorists.
The Internet

RoadRunner Intercepting Domain Typos 337

Posted by kdawson
from the following-in-the-footsteps-of-netsol dept.
shaunco writes "Sometime around midnight on February 26th (at least for the SoCal users), TimeWarner's RoadRunner service started intercepting failed DNS requests, redirecting them to RoadRunner's own search and advertising platform. To see if this has been enabled in your area, try visiting {some random string}.com in your Web browser. This feature subverts user preferences set within browsers, which allow the user to select which search engine receives their typos and invalid domains. RoadRunner users can disable this function — or they can just use OpenDNS. Here is an example RoadRunner results page.
Government

House Bill Won't Criminalize Free Wi-Fi Operators 540

Posted by kdawson
from the what-were-they-thinking dept.
Velcroman98 sends word of a bill that passed the US House of Representatives by a lopsided vote of 409 to 2. It would require everyone who runs an open Wi-Fi connection to report illegal images, including "obscene" cartoons and drawings, or be fined up to $300,000. The Securing Adolescents From Exploitation-Online (SAFE) Act was rushed through the House without any hearings or committee votes, and the version that passed on a voice vote reportedly differs substantially from the last publicly available version. CNET reports that sentiment in favor of such a bill is strong in the Senate as well. Update: 12/07 06:22 GMT by Z : As clarified in an Ars writeup, this summary is a bit off-base. The bill doesn't require WiFi owners to police anything, merely 'stiffening the penalties' for those who make no effort to report obvious child pornography.
User Journal

Journal: Thermophobia 6

Journal by superyooser

Global climate change -- it doesn't bother me. What does bother me, being a "Global Warming denier," is the sudden MADNESS that has stricken deeply into the nation and the world over the last few months. I am truly amazed by the phenomenon. Amazed that the mainstream has become mesmerized by it, entangled in the unscientific propaganda. And amazed at the speed at which it has spread.

Q: Why was Stonehenge abandoned? A: It wasn't IBM compatible.

Close