Never leave us, app appers LUDDITE AC guy.

I don't know man, I quite enjoy automated conversion from high-level source code to low-level object code. If using a compiler makes me a "code money", so be it.

Security fixes are great, but the lack of mitigations present in newer versions of Windows make it more vulnerable in comparison.

Attention.

While that's mostly true, I do have some Atmel based boards designed by companies that manufacture knockoffs. I've also got some FGPA and CPLD dev boards as well, and have seen ARM stuff.

Wow, thats worse then normal four me. Were is mind? Maybe over their.

Glad to here this is happening. My Arduino Diecimila lead to my first misadventure into the hardware world, and I still have it as a keepsake. Seeing the community fracture was sad, and it made many question whether open source hardware was feasible.

Why wouldn't they? At a minimum, modern governments have an obligation to protect their constituents from espionage, and in some cases that means using software exploitation to gain the upper hand. Of course, such powers can be abused, but all to often we choose to ignore their necessity.

If you actually had a chance, you wouldn't be talking about it here.

Winning the arms race like that is going to be tough. A more general solution would be thorough, targeted instrumentation to better assess any file IO operations performed. It should be easy enough to fingerprint Office and use the data to monitor for anomalous file activity.

Well, it depends largely on context. The question isn't always, "what does this malware do?" A lot of the time it's, "is this malware?" In the former case, sure, the appearance of innocuousness is going to evoke even more curiosity, and something like this will be little more than a speed bump. But in the latter case (which is by far the more common scenario), simple anti-forensics can prove very effective in evading detection.

Think about it, if you've got a backlog of hundreds or even thousands of questionable files, how much time can you really commit to each one? Reversing all of them is probably out of the question. Most samples will get the regular treatment: fire up a fresh VM with some instrumentation, run the sample, and check for artifacts indicative of malicious behavior. Depending on the sophistication of the tooling, such artifacts may or may not be discovered. Considering the extremely low cost of implementation (probably a few lines to enumerate doc files), this was a good call on part of the attackers--a few minutes of work for a chance at flying under the radar for a bit longer.

That said, there are plenty of open source tools available to dump VBA macros from Office documents, so the cost isn't exactly on par with reversing something like object code, but I still think the attackers made the right call here.

Actually, the summary explicitly states that the purpose of this malware's behavior is to thwart human analysts testing in a fresh environment. It's not the most impressive technique, but it is a cheap way to increase the defender's costs, given the potentially high price of reverse engineering.

Hopefully this one doesn't get taken out by a drone. https://www.youtube.com/watch?...

You must be a member of the tolerant left.

If it's a live system, permission has not been granted, and a similar test environment cannot be setup, then I Ignore it, and if at all possible, I avoid using the vulnerable system in question. Bear in mind I say this as someone that does vulnerability research for a living. I'm not a fan of the extant legislation, but if that's what society wants from me, that's what it's going to get. I refuse to risk my freedom for a bunch of assholes that don't want my help, and I've plenty of paying customers that aren't complete idiots, so my attention is better spent on them.

Maybe someday the pols will get their shit together and the problem will work itself out, but I have little faith at this point.