Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

NSA Equation Group

[es] :: Security :: NSA Equation Group

[ Pregleda: 11061 | Odgovora: 11 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

bigvlada
bgd

Član broj: 41095
Poruke: 325
46.240.152.*



+94 Profil

icon NSA Equation Group19.02.2015. u 13:18 - pre 110 meseci
How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
"Equation Group" ran the most advanced hacking operation ever uncovered.

by Dan Goodin - Feb 16, 2015 8:00pm CET

CANCUN, Mexico — In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn't know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001. The CD, it seems, was tampered with on its way through the mail.

It wasn't the first time the operators—dubbed the "Equation Group" by researchers from Moscow-based Kaspersky Lab—had secretly intercepted a package in transit, booby-trapped its contents, and sent it to its intended destination. In 2002 or 2003, Equation Group members did something similar with an Oracle database installation CD in order to infect a different target with malware from the group's extensive library. (Kaspersky settled on the name Equation Group because of members' strong affinity for encryption algorithms, advanced obfuscation methods, and sophisticated techniques.)

Kaspersky researchers have documented 500 infections by Equation Group in at least 42 countries, with Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali topping the list. Because of a self-destruct mechanism built into the malware, the researchers suspect that this is just a tiny percentage of the total; the actual number of victims likely reaches into the tens of thousands.



http://arstechnica.com/securit...-years-and-were-found-at-last/

 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
...kabel-badenwuerttemberg.de.



+7169 Profil

icon Re: NSA Equation Group19.02.2015. u 14:16 - pre 110 meseci
Ono sto je meni fascinantno je da, recimo, jedan Iran koristi Wintel kutije sa USB portovima i pristupom Internetu za stvari za koje su debelo zainteresovani CIA, NSA, Mossad, vrlo verovatno i FSB i mnogi drugi.

Je*es mu mater, da sam ja zaduzen za nabavku te infrastrukture propisao bih embedded hardver bez USB portova, bez fizicke veze sa Internetom i najnizi moguci OS koji radi posao, air-gap C&C mreza (iskljucivo serijska komunikacija, minimalne kompleksnosti za prenosenje komandi i telemetriju) kompletno izolovana. Terminali za pristup Internetu (ako ima potrebe) u fizicki odvojenim prostorijama. Plus kompletno skeniranje ljudstva na ulazu / izlazu sa zabranom unosenja i iznosenja bilo kakvih elektronskih uredjaja osim uz autorizaciju i proveru od strane bar 2 agencije.

A ja nisam preterano pametan a ni kvalifikovan za taj posao.

Hajde donekle da razumem (ali samo donekle) da neka nemacka topionica koristi Siemens kutije, pa fasuju virus koji im urnise kompletnu pec (desilo se prosle godine) - kupili ljudi ono sto Siemens valja, veruju svom vendoru i ne postavljaju pitanja. Koliko god pogresno bilo, moze se razumeti u kontekstu da je u pitanju "regularan" posao sa IT ekipom koja nije bog zna sta, kao i u vecini firmi uostalom...

Ali ako ne kontrolises pec vec centrifugu za separaciju uranijuma i to tajno, pa jos imas Mossad na listi neprijatelja... sta reci :-)

DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
...kabel-badenwuerttemberg.de.



+7169 Profil

icon Re: NSA Equation Group19.02.2015. u 18:59 - pre 110 meseci
Zlo...

https://www.yahoo.com/tech/len...with-malware-111476606919.html

Citat:

Lenovo Has Been Selling Laptops with Malware Pre-Installed

Computer maker Lenovo has been shipping laptops prepackaged with malware that makes you more vulnerable to hackers — all for the sake of serving you advertisements.


Bilo bi lepo kada bi sada firme prestale da kupuju Lenovo robu. Ovakve stvari bi trebalo biti kaznjene potpunom propascu posla.
DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
...kabel-badenwuerttemberg.de.



+7169 Profil

icon Re: NSA Equation Group19.02.2015. u 19:35 - pre 110 meseci
Btw, ovo sa Lenovom je vrlo cupavo posto su na masine instalirali i njihov sigurnosni sertifikat sa kojim rade, prakticno, MITM napad HTTPS saobracaja.

Vise detalja: http://arstechnica.com/securit...that-breaks-https-connections/

Ali... jos nije gotovo, postaje gore...

Citat:

[Update: Rob Graham, CEO of security firm Errata Security, has cracked the cryptographic key encrypting the Superfish certificate. That means anyone can now use the private key to launch man-in-the-middle HTTPS attacks that won't be detected by machines that have the certificate installed. It took Graham just three hours to figure out that the password was "komodia" (minus the quotes). He told Ars the certificate works against Google even when an end-user is using Chrome. That confirms earlier statements that certificate pinning in the browser is not a defense against this attack (more about that below). Graham has a detailed explanation how he did it here.]


F*ckin neverovatno.

Ovo je prilicno veliki za*eb - prakticno je Lenovo kompletno uzurpirao sigurnost kupaca njihovog hardvera zarad uvaljivanja reklama.

Ovaj sertifikat mora biti opozvan sto pre, a Lenovo moraju biti kazneni od strane kupaca za ovaj necuven potez sa kojim samo moze da se poredi Sony-jeva distribucija rootkita na CD-ovima pre nekoliko godina.

Za zainteresovane, ovo su modeli koji stizu sa kompromitovanom sigurnoscu i malware-om:

Citat:

G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30]


DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

ventura

Član broj: 32
Poruke: 7781
*.dynamic.sbb.rs.



+6455 Profil

icon Re: NSA Equation Group19.02.2015. u 19:38 - pre 110 meseci
Ruku na srce tu nema X, T i W serija, odnosno poslovne korisnike je to zaobišlo.
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
...kabel-badenwuerttemberg.de.



+7169 Profil

icon Re: NSA Equation Group19.02.2015. u 19:43 - pre 110 meseci
Videcemo, ko zna sta jos uvaljuju - i ovome je trebalo vremena da se otkrije.

Ono sto je zanimljivo je sto se malware maskira kao druge firme, sto otvara mogucnost za tuzbu i od strane tih firmi, da ne pominjemo vrlo verovatno krsenje zakona o koji regulisu digitalne komunikacije vise zemalja.



Iskreno se nadam da ce ovo zavrsiti na sudu i boleti Lenovo sto je vise moguce.

Ovo je jos jedan jako dobar razlog da po kupovini laptopa kompletno instalirate OS od nule, i to sa ISO image-om od strane OS vendora, a ne od OEM-a kriminalaca.
DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
Prikačeni fajlovi
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
...kabel-badenwuerttemberg.de.



+7169 Profil

icon Re: NSA Equation Group19.02.2015. u 19:54 - pre 110 meseci
http://news.lenovo.com/article_display.cfm?article_id=1929

Citat:

We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns. But we know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software. We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first.


Malo su pozurili sa PR droidima, posto sad kada je procurela sifra za sertifikat on postaje prilicno dobar vektor za napade kao sto su prisluskivanje komunikacija korisnika sa bankama.

Mislim da vec cujem zvuk advokata u USA.

@edit, i EFF se oglasio:

https://www.eff.org/deeplinks/...ing-https-security-its-laptops

DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

ventura

Član broj: 32
Poruke: 7781
*.dynamic.sbb.rs.



+6455 Profil

icon Re: NSA Equation Group21.02.2015. u 00:05 - pre 110 meseci
Microsoft has updated Windows Defender to root out the Superfish adware
 
Odgovor na temu

Tyler Durden
Tyler Durden
Beograd

Član broj: 4312
Poruke: 3379
*.home.otenet.gr.



+1365 Profil

icon Re: NSA Equation Group21.02.2015. u 09:28 - pre 110 meseci
Kakvi smradovi. Ja imam hebeni Lenovo.

Sreća pa je low end model koji nije na listi :-D

A i došao je bez OS-a.
Beneath civilization's fragile crust, cold chaos churns...
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
...kabel-badenwuerttemberg.de.



+7169 Profil

icon Re: NSA Equation Group21.02.2015. u 20:43 - pre 110 meseci
Elephant in the room je ceo sistem "autoriteta od poverenja" sto se digitalnih potpisa.

Po instalaciji OS-a ili browser-a ti je po defaultu certificate store vec pun firmi iz drugih zemalja sa kojima nista u zivotu nemas. Ceo taj sistem je kula od karata gde se sve zasniva na poverenju "autoritetima" da su sertifikati izdati zaista tim licima za koja tvrde da su vlasnici. Na kraju se sve svodi na to da su sertifikati "od poverenja" stamparija love.

Lenovo je ceo taj sistem preskocio malware-om i za to treba da plate, ali iza svega toga ostaje kula od karata.

Sad sam bacio pogled samo na "root" autoritete na mom kompu. Ukupno ima 61 sertifikat. Ljudi a-priorno uzimaju za tacno da su sertifikati izdati od strane tih firmi zaista u posedstvu onih u imenu.

Evo primera laznih Google sertifikata "Made in France": https://nakedsecurity.sophos.c...or-its-domains-made-in-france/

Slican fijasko se desio i sa turskim "autoritetom".

Mislim da je samo pitanje vremena kad ce isplivati i neki drugi.
DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
...kabel-badenwuerttemberg.de.



+7169 Profil

icon Re: NSA Equation Group21.02.2015. u 20:59 - pre 110 meseci
Pocelo je.

http://news.thewindowsclub.com...superfish-consideration-71685/

Citat:

Class Action Lawsuit against Lenovo for bundling Superfish under consideration

A Class Action Lawsuit against Lenovo, for bundling Superfish malware on its PCs, appears to be under consideration. Lenovo, the Chinese multinational computer Technology Company lately has been in headlines for shipping the machines preloaded with an adware Superfish. The company has reportedly sold millions of such laptops and desktops since September 2014.

...

Hattis Law, the California law firm is investing the issue and the security researchers at the firm today identified that the adware coming preinstalled with Lenovo machines is highly dangerous and hijacks the encrypted browsing sessions and would allow the hackers to bypass the system’s web encryption.


Lenovo je kineska firma i njihov HQ je siguran od ovoga. Ali njihove cerke firme u USA nisu.

U Evropi ne postoji neki ekvivalent ovome, ali EU vlasti imaju mogucnosti da im ocepe kaznu.

DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

bigvlada
bgd

Član broj: 41095
Poruke: 325
46.240.158.*



+94 Profil

icon Re: NSA Equation Group22.02.2015. u 06:41 - pre 110 meseci
Kaspersky Q & A o Equation Group-u.

http://goo.gl/7yy23B

btw. kakve veze ima priča o Lenovu sa ovim?
 
Odgovor na temu

[es] :: Security :: NSA Equation Group

[ Pregleda: 11061 | Odgovora: 11 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.