Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
Security

'Process Doppelganging' Attack Bypasses Most Security Products, Works On All Windows Versions (bleepingcomputer.com) 126

Posted by BeauHD from the nobody-is-safe dept.
An anonymous reader quotes a report from Bleeping Computer: Yesterday, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelganging." This new attack works on all Windows versions and researchers say it bypasses most of today's major security products. Process Doppelganging is somewhat similar to another technique called "Process Hollowing," but with a twist, as it utilizes the Windows mechanism of NTFS Transactions.

"The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine," Tal Liberman & Eugene Kogan, the two enSilo researchers who discovered the attack told Bleeping Computer. "Very similar to process hollowing but with a novel twist. The challenge is doing it without using suspicious process and memory operations such as SuspendProcess, NtUnmapViewOfSection. In order to achieve this goal we leverage NTFS transactions. We overwrite a legitimate file in the context of a transaction. We then create a section from the modified file (in the context of the transaction) and create a process out of it. It appears that scanning the file while it's in transaction is not possible by the vendors we checked so far (some even hang) and since we rollback the transaction, our activity leaves no trace behind." The good news is that "there are a lot of technical challenges" in making Process Doppelganging work, and attackers need to know "a lot of undocumented details on process creation." The bad news is that the attack "cannot be patched since it exploits fundamental features and the core design of the process loading mechanism in Windows." More research on the attack will be published on the Black Hat website in the following days.

Comment Awful summary - NSF is funding research projects (Score 2) 140

by JohnM4 (#52702119) Attached to: Has The NSF Automated Coding with ExCAPE?
The NSF isn't developing anything. The NSF has created a program that funds large scale research grants to universities. In this case, the grant is to a collaboration of several large universities to explore ways to meet this goal. If you click through the article and then to the page about the project, including the universities involved in the collaboration (MIT, Cornell, Michigan, UPenn, etc...), you can see actual useful information: https://excape.cis.upenn.edu/i...

Comment List of Sotware Engineering Books (Score 1) 178

by JohnM4 (#52204893) Attached to: Ask Slashdot: What Books Should An Aspiring Coder Read?
Software engineering books to bring your technical skills to the next level:
  • The Pragmatic Programmer: From Journeyman to Master by Andrew Hunt and David Thomas
  • Clean Code: A Handbook of Agile Software Craftsmanship by Robert C. Martin
  • The Clean Coder: A Code of Conduct for Professional Programmers by Robert C. Martin
  • Code Complete: A Practical Handbook of Software Construction 2nd edition, by Steve McConnell
  • The Mythical Man-Month: Essays on Software Engineering, Anniversary Edition (2nd Edition) by Frederick P. Brooks

Learn some soft skills to bring your career to the next level:

  • How NASA Builds Teams: Mission Critical Soft Skills for Scientists, Engineers, and Project Teams by Charles J. Pellerin
  • Soft Skills: The software developer's life manual by John Sonmez
  • People Skills: How to Assert Yourself, Listen to Others, and Resolve Conflicts by Robert Bolton
  • The Hard Truth About Soft Skills by Peggy Klaus
Technology

The Real-Life Dangers of Augmented Reality 52

Posted by samzenpus from the clear-line-of-sight dept.
Tekla Perry writes: Today's augmented reality devices have yet to go through extensive tests of their impact on their wearers' health and safety. But by looking at existing research involving visual and motor impairments, two Kaiser Permanente researchers find they can draw conclusions about the promise and perils of augmented reality, and point to ways wearable developers can make these devices safer. The researchers write: "Peripheral vision is more important than you might think, because it provides a wealth of information about speed and distance from objects. Central vision, despite the great detail it offers, gives you only a rough estimate of movement toward or away from you, based on changes in size or in the parallax angle between your eyes. But objects moving within your peripheral vision stimulate photoreceptors from the center of the retina to the edge, providing much better information about the speed of motion. Your brain detects objects in your peripheral field and evaluates if and how they (or you) are moving. Interfering with this process can cause you to misjudge relative motion and could cause you to stumble; it might even get you hit by a car one day."

Comment Re:Try some Assistive Technology (Score 1) 100

by JohnM4 (#49258553) Attached to: Ask Slashdot: Mouse/Pointer For a Person With Poor Motor Control

^^^ mod this up. Good summary.

I've worked extensively with Camera Mouse (http://www.cameramouse.org/) and a few other technologies.

- Voice recognition such as Dragon works very well and can be used to to do some mouse pointing and other interaction tasks in addition to regular dictation.
- In addition to trackballs they make accessible joysticks that have large "kush" balls on the top that let you use more gross motor functions.
- All sorts of accessible keyboards or button pads can be used with a variety of software.

Comment Boston College - EagleEyes Project (Score 1) 552

by JohnM4 (#47077219) Attached to: Ask Slashdot: Communication With Locked-in Syndrome Patient?

Check out the Eagle Eyes project at Boston College. They have over 10 years experience working with people with severe communication impairments.
http://www.bc.edu/schools/csom...

The system is available through Opportunity Foundation of America:
http://opportunityfoundationof...

If the person can move their head, they may be able to use the Camera Mouse: http://www.cameramouse.org/ (Free download)

Comment Absurd position by the government (Score 1, Interesting) 81

by JohnM4 (#46797895) Attached to: Preventative Treatment For Heartbleed On Healthcare.gov
This is completely absurd. They have to know right away whether or not their website logins were vulnerable (that is, were they running OpenSSL with the bug) or whether they were running other versions of SSL without heartbleed. It's a black and white situation. There's no gray middle ground.

Comment Second amendment protects all others (Score 1) 1633

by JohnM4 (#46770159) Attached to: Retired SCOTUS Justice Wants To 'Fix' the Second Amendment
When the constitution was written, the only forms of long distance communication involved horses and either yelling or writing on paper. The founders could not have foreseen things like a telephone or even the internet. The danger posed by mass communication and instant spread of ideas is too strong to overlook. Things like "twitter revolutions" and "cyberbulling" and "anonymous slashdot comments" are a danger to society. Therefore, the first amendment should be rewritten to specifically include only communications spread orally or written by horseback. If you take away the second amendment, there is *nothing* preventing the above from happening. The second amendment protects all of the other amendments. Even though we live in a modern and peaceful society today, there is nothing that guarantees this will continue in the long run. Civilizations rise and fall - almost always due to the failure of centralized power. Weakened and dependent populations survive only based on centralized power - when it falls so do the people. Strong, independent, and empowered people survive *despite* the failure of centralized power.
Linux Business

Why Valve Wants To Port Games To Linux: Because Windows 8 Is a Catastrophe 880

Posted by timothy from the goodness-of-their-hearts dept.
An anonymous reader writes "Gabe Newell wants to support Linux because he think Windows 8 is a catastrophe for everyone in PC space. He wants to move away from a closed ecosystem of Microsoft Windows 8. He recently made a rare appearance at Casual Connect, an annual videogame conference in Seattle. From the allthingsd article: 'The big problem that is holding back Linux is games. People don't realize how critical games are in driving consumer purchasing behavior. We want to make it as easy as possible for the 2,500 games on Steam to run on Linux as well. It's a hedging strategy. I think Windows 8 is a catastrophe for everyone in the PC space. I think we'll lose some of the top-tier PC/OEMs, who will exit the market. I think margins will be destroyed for a bunch of people. If that's true, then it will be good to have alternatives to hedge against that eventuality.' Some Linux users think that this is a win-win situation for Linux users as it will brings good game titles on the Linux system that haven't been there and it will protect steam business model from both Apple and Microsoft."

Comment Re:Story Understates Boston College Gaffe (Score 1) 168

by JohnM4 (#35678576) Attached to: Boston College Says Using WiFi Is a Sign of Infringement
The complete sentence continues "others may share illegal material through your router, giving the appearance that you are the guilty party." You cannot take the part of a sentence before a semicolon and ignore the rest that qualifies the situation and then call the whole thing "flat-out, inexcusably, wrong." If others share illegal material through your router, that in fact would be an example of copyright infringement. Your interpretation is "flat-out, inexcusably, wrong."

Slashdot Top Deals

Forty two.

Close