Computing | Software and Hardware

Advances in the investigation of the physical universe we live in.
User avatar
Nonc Hilaire
Posts: 6168
Joined: Sat Dec 17, 2011 1:28 am

Vault 7

Post by Nonc Hilaire »

Would some of you software types care to comment on the specific exploits, etc. which were revealed?

Process hollowing seems interesting, but I don't understand it.
“Christ has no body now but yours. Yours are the eyes through which he looks with compassion on this world. Yours are the feet with which he walks among His people to do good. Yours are the hands through which he blesses His creation.”

Teresa of Ávila
User avatar
Parodite
Posts: 5638
Joined: Sun Jan 01, 2012 9:43 pm

Re: Vault 7

Post by Parodite »

Nonc Hilaire wrote:Would some of you software types care to comment on the specific exploits, etc. which were revealed?

Process hollowing seems interesting, but I don't understand it.
From the Vault:
Process Hollowing
Overview

Process Hollowing involves starting a benign process (such as Internet Explorer) using Windows' CreateProcess, with a specific flag set to create the process in a suspended mode. At this point, the component removes the benign process' code from the suspended process, injects its own malicious code, and resumes the process. PSPs may only do an initial scan when the process is created (even though it's suspended at the start) and won't notice the code replacement. Also, dynamic analysis tools such as Procmon will only log/show that a benign process was created.
Can't tell, just that a security patch seems necessary. :)
Deep down I'm very superficial
User avatar
Nonc Hilaire
Posts: 6168
Joined: Sat Dec 17, 2011 1:28 am

Re: Vault 7

Post by Nonc Hilaire »

Parodite wrote:
Nonc Hilaire wrote:Would some of you software types care to comment on the specific exploits, etc. which were revealed?

Process hollowing seems interesting, but I don't understand it.
From the Vault:
Process Hollowing
Overview

Process Hollowing involves starting a benign process (such as Internet Explorer) using Windows' CreateProcess, with a specific flag set to create the process in a suspended mode. At this point, the component removes the benign process' code from the suspended process, injects its own malicious code, and resumes the process. PSPs may only do an initial scan when the process is created (even though it's suspended at the start) and won't notice the code replacement. Also, dynamic analysis tools such as Procmon will only log/show that a benign process was created.
Can't tell, just that a security patch seems necessary. :)
I took one FORTRAN course forty years ago and fiddled with Paradox and db3 databases for a while. My understanding is quite limited. That overview does not compute, Will Robinson.

I need f'rintance level explanations.
“Christ has no body now but yours. Yours are the eyes through which he looks with compassion on this world. Yours are the feet with which he walks among His people to do good. Yours are the hands through which he blesses His creation.”

Teresa of Ávila
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: Computing | Software and Hardware

Post by Zack Morris »

Exploits are highly specific to the particular software being targeted. It's hard to give any concrete explanation without understanding exactly what is being exploited. Process hollowing is certainly not a general vector of attack like, say, buffer overruns, but rather something specific to Windows. The description given omits the important part: how malicious code is injected. I'm not familiar with Windows OS internals but all that was said here is that:

1. When a process is launched, process monitors and virus scanners will scan its code to determine whether there is any recognizable malware. Apparently, once the process is cleared, it is allowed to continue running.
2. This "exploit" creates a process but starts it in a suspended state, so that no code is executed. It is just loaded into memory and then immediately paused.
3. Process monitoring tools will see this action and scan the code, finding it to be clear.
4. Malicious code is then injected and the process is unpaused. At this point, it apparently will not be re-scanned and the change will go undetected. Process monitoring tools have no way of knowing that a parent process (the one that spawned Internet Explorer in this case) are writing to its memory.

Now, how one gains control of the computer to spawn a process in the first place is another question entirely.
User avatar
Parodite
Posts: 5638
Joined: Sun Jan 01, 2012 9:43 pm

Re: Computing | Software and Hardware

Post by Parodite »

Just wonder if it is really that hard to make devices that can not be hacked. But I'm not enough tech savvy. Here 2 1/2 cents though:

Ingredients:

1. A computer that only has a rom memory and a ram memory. So it is not possible to change any code. No new software, updates or viruses can change the system.
2. Encryption/decryption engine firewall on rom in modem/router so nothing enters or leaves the modem/router unencrypted (256/512)
3. Only one master password needed, stored on a piece of paper.
4. All hardware components vulnerable to pre-installed lavender like USB sticks and ports, keyboards..verified safe tech.

hmm.. way too simple I'm sure.
Deep down I'm very superficial
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: Computing | Software and Hardware

Post by Zack Morris »

Parodite wrote:Just wonder if it is really that hard to make devices that can not be hacked.
It is effectively impossible.
1. A computer that only has a rom memory and a ram memory. So it is not possible to change any code. No new software, updates or viruses can change the system.
That would make it unusable. And what if you accidentally have a bug in your ROM that can be exploited? Now, if you want to build a device for yourself and one or two other people to securely communicate with, sure. It's a classic case of security through obscurity. What will likely keep you safe is avoiding drawing attention in the first place. This solution does not scale to millions or billions of users, though.
2. Encryption/decryption engine firewall on rom in modem/router so nothing enters or leaves the modem/router unencrypted (256/512)
3. Only one master password needed, stored on a piece of paper.
All the government has to do is get its hands on one device, reverse engineer the hardware, and then everyone is compromised without even knowing it.
noddy
Posts: 11318
Joined: Tue Dec 13, 2011 3:09 pm

Re: Computing | Software and Hardware

Post by noddy »

yeh, a computer without a network connection or the millions and millions of lines of unverifiable code which provide drivers and support for all the useful data types isnt much of a computer.

some of us could amuse ourselves with an oldschool console/text type thing on a bare metal operating system with 100% audited code but i suspect it might not be very popular :)
ultracrepidarian
User avatar
Parodite
Posts: 5638
Joined: Sun Jan 01, 2012 9:43 pm

Re: Computing | Software and Hardware

Post by Parodite »

I find the impossible unacceptable :) So before reality kicks in, some hypotheticals.

A device with its OS and apps and drivers and whatnot.. all in roms. Rams of course to run them. Created data can be stored encrypted by default. Meaning that when a device a switched off, it has a factory reset, right?

The only vulnerability then is in the ram environment. Surely a trojan, virus whatever can sneak into ram(s) and do things you don't want them to do. But all legit code and processes can I'm sure also be fingerprinted with a veri passport of sorts. Hypothetically, only verified code can be allowed to run and in a way that makes it impossible for unverified code to enter the work place. Maybe something like wireshark border patrol, I'm not a techwiz.

OS and other updates can be delivered on a rom device. Even the content of these roms can also be encrypted, no? Encrypted where only the user who has the password is able to decrypt, unlock the rom.

I assume that most vulnerabilities occur because code can be stored and changed the devices and where data and processes run unencrypted. I see no technical problems to cut out these major vulnerabilities. As long as code that is stored on your device cannot be changed..what remains is keeping out unwanted code running in the workplace when the system is switched on. Assuming that the total of those processes is indeed very complex with millions of lines of interdependent code does not need to be of great worry, when on process level they are all verisigned with a passport and are checked at the border before they enter the workplace. After entry, together they can be as complex as they need to be.
Deep down I'm very superficial
noddy
Posts: 11318
Joined: Tue Dec 13, 2011 3:09 pm

Re: Computing | Software and Hardware

Post by noddy »

Parodite wrote:
A device with its OS and apps and drivers and whatnot.. all in roms. Rams of course to run them. Created data can be stored encrypted by default. Meaning that when a device a switched off, it has a factory reset, right?
we used to run some of our highly vulnerable servers like that in the old days - minimal freebsd install of audited apps on a read only boot disk.

it works for a minimal headless server machine, which is also known as useless.
Parodite wrote:
The only vulnerability then is in the ram environment. Surely a trojan, virus whatever can sneak into ram(s) and do things you don't want them to do. But all legit code and processes can I'm sure also be fingerprinted with a veri passport of sorts. Hypothetically, only verified code can be allowed to run and in a way that makes it impossible for unverified code to enter the work place. Maybe something like wireshark border patrol, I'm not a techwiz.

OS and other updates can be delivered on a rom device. Even the content of these roms can also be encrypted, no? Encrypted where only the user who has the password is able to decrypt, unlock the rom.

I assume that most vulnerabilities occur because code can be stored and changed the devices and where data and processes run unencrypted. I see no technical problems to cut out these major vulnerabilities. As long as code that is stored on your device cannot be changed..what remains is keeping out unwanted code running in the workplace when the system is switched on. Assuming that the total of those processes is indeed very complex with millions of lines of interdependent code does not need to be of great worry, when on process level they are all verisigned with a passport and are checked at the border before they enter the workplace. After entry, together they can be as complex as they need to be.

the difference between what the government gets from a hacked device and the standard device is actually quite small, your assumption is somewhat wrong, so lets get the basics out of the way first.

* windows 10, android and apple ios all synchronise against the cloud so you have a seamless experience across devices, this involves sending lots of your things to their servers for government perusal
* your telco/internet provider is recording all sites you visit and and potentially much of the meta data and data involved in those connections.
* all the latest operating systems have "ai agents" and these cannot be turned off - they constantly listen and record everything you do for unknown reasons and porpoises.
* without special care and below the radar software all your chats happen through centralised servers which record everything anyway

now thats out of the way, you cant just be so blase about trusting all the subsystems and drivers which come on these machines outside the original vendors distribution, none of this can be trusted and having manufacturers insert spyware on the core distro has happened with both windows and android.

encyrption is only as good as the chain of trust on the key, which can be changed at distribution level as easily as the apps themselves and a simple interaction with the notification system or other core daemons can bypass most of it.

we keep ending up at a minimalist device running an operating system with no features, which has nothing except blind trust on the original hardware vendor and cant be bugfixed or updated.

vaguely possible but commerically unviable beyond the market of guys already handrolling their own bare metal operating systems on audited hardware...

which brings us to the hardware ! all the modern application SOC's have embedded devices with hidden firmware builtin, many of these have network access and noone of it can be audited.
ultracrepidarian
User avatar
Nonc Hilaire
Posts: 6168
Joined: Sat Dec 17, 2011 1:28 am

Re: Computing | Software and Hardware

Post by Nonc Hilaire »

I think there may be a new market for 8088 based units with acoustic coupler modems connected by copper phone lines.
“Christ has no body now but yours. Yours are the eyes through which he looks with compassion on this world. Yours are the feet with which he walks among His people to do good. Yours are the hands through which he blesses His creation.”

Teresa of Ávila
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: Computing | Software and Hardware

Post by Zack Morris »

Parodite wrote:I find the impossible unacceptable :) So before reality kicks in, some hypotheticals.

A device with its OS and apps and drivers and whatnot.. all in roms. Rams of course to run them. Created data can be stored encrypted by default. Meaning that when a device a switched off, it has a factory reset, right?
Encrypted? How? Where is the key going to come from?
The only vulnerability then is in the ram environment. Surely a trojan, virus whatever can sneak into ram(s) and do things you don't want them to do. But all legit code and processes can I'm sure also be fingerprinted with a veri passport of sorts. Hypothetically, only verified code can be allowed to run and in a way that makes it impossible for unverified code to enter the work place. Maybe something like wireshark border patrol, I'm not a techwiz.
How will you ensure only verified code can be run in RAM? An exploit is going to work by injecting some sort of malicious code in what the OS thinks is just data. Of course this requires a vulnerability to be exploited but with any non-trivial OS, you can almost bet there will be one.
OS and other updates can be delivered on a rom device. Even the content of these roms can also be encrypted, no? Encrypted where only the user who has the password is able to decrypt, unlock the rom.
So the ROMs will have to be signed by a single encryption key? Well, all the spy agency has to do is get the key and now everyone is compromised. :)
I assume that most vulnerabilities occur because code can be stored and changed the devices and where data and processes run unencrypted.
Not necessarily. There are all kinds of vulnerabilities that can be exploited to intercept communications, including man-in-the-middle attacks. But even if you cannot store malicious code permanently on the device, you can install code in RAM that persists for as long as the device is powered on, provided a suitable vulnerability exists in the OS.
what remains is keeping out unwanted code running in the workplace when the system is switched on.
The whole point of an exploit is that the OS will not "know" about it. For example, consider the classic buffer overflow attack. How would your method prevent this?
Assuming that the total of those processes is indeed very complex with millions of lines of interdependent code does not need to be of great worry, when on process level they are all verisigned with a passport and are checked at the border before they enter the workplace. After entry, together they can be as complex as they need to be.
You can sign code all you want. Microsoft even signs device drivers. That doesn't say anything about the presence of vulnerabilities. And as the complexity increases, so too does the likelihood that a fatal vulnerability exists.
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: Computing | Software and Hardware

Post by Zack Morris »

noddy wrote: which brings us to the hardware ! all the modern application SOC's have embedded devices with hidden firmware builtin, many of these have network access and noone of it can be audited.
This is a very good point.

Parodite: examples of something similar (not 100% but close) to what you are proposing are game consoles. There is a strong desire on the part of game console vendors (Sony, Microsoft, Nintendo) to prevent unauthorized code from being run. This includes legitimate games marked for sale in a different global region. Virtually all of them have been cracked at some point.
User avatar
Nonc Hilaire
Posts: 6168
Joined: Sat Dec 17, 2011 1:28 am

Re: Computing | Software and Hardware

Post by Nonc Hilaire »

Annotated list of CIA hacking tools in Vault7 yr0

https://wikileaks.org/ciav7p1/cms/page_524313.html
“Christ has no body now but yours. Yours are the eyes through which he looks with compassion on this world. Yours are the feet with which he walks among His people to do good. Yours are the hands through which he blesses His creation.”

Teresa of Ávila
User avatar
Heracleum Persicum
Posts: 11567
Joined: Sat Dec 22, 2012 7:38 pm

Re: Computing | Software and Hardware

Post by Heracleum Persicum »

.

U.S. indicts Russian spies, hackers over massive Yahoo hack


Two Russian spies and two criminal hackers will be charged in the 2014 Yahoo attack, the Washington Post earlier reported, citing unnamed officials. The officers of the FSB, Russia’s Federal Security Service and a successor to the KGB, were identified as Dmitry Dokuchaev and his superior, Igor Sushchin, according to the paper.

Alexsey Belan, who is on the list of most-wanted cyber criminals, and Karim Baratov, who was born in Kazakhstan but has Canadian citizenship, were also to be named in the indictment, the Post reported.


Why they can not hack Google but Yahoo mail ?

Reason is, Yahoo mail probably left some backdoors open for NSA or others .. and .. criminals entered by that back door

Yahoo should be sued


.
noddy
Posts: 11318
Joined: Tue Dec 13, 2011 3:09 pm

Re: Computing | Software and Hardware

Post by noddy »

Nonc Hilaire wrote:Annotated list of CIA hacking tools in Vault7 yr0

https://wikileaks.org/ciav7p1/cms/page_524313.html

neat.

if i could be arsed id seperate them into those that requires physical access versus those that can be applied over the network, but a quick glance says a few in each group.
ultracrepidarian
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Computing | Software and Hardware

Post by Typhoon »

IEEE Spectrum | Move Over Spintronics, Here Comes Magnonics to the Rescue of Electronics
“Basically, spintronics still requires electric currents but usually restricts these currents to consisting only of spin-up or spin-down electrons, thus providing an additional degree of freedom to process or encode information,” explains Fischer. “However, magnonics can operate without any electric currents by only relying on the propagation of spin waves in a magnetic material as a carrier of information.”

This ability leads to some pretty clear advantages for magnonics, according to Fischer. Since it avoids electric currents, losses such as Joule heating can be drastically reduced. Also, spin waves can feature wavelengths in the nanometer-range and feature gigahertz frequencies, which allows for downscaling of devices and high-clock frequencies.
This is interesting. Would be revolutionary if it could be miniaturized.

Not directly related to the above, but I recall decades ago there was a lot of research done on "magnetic bubbles" as a means of storing information.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Computing | Software and Hardware

Post by Typhoon »

The Spectator | The Great Online Advertising Swindle
This system is boring, clever, complicated, automated and opaque all at once. Hardly anyone fully understands how it all fits together, including the advertisers who are paying for it, and regulators who, as far as I can tell, are struggling to get to grips with it. This is a perfect cocktail for online fraudsters who have – of course – rustled up some ingenuous scams. One recent magazine article presented nine types of digital ad fraud, such as cookie stuffing, impression fraud, and domain spoofing. Some website owners create sophisticated proxies which fire meaningless bot traffic at a site to artificially boost their numbers and lure advertisers in. Others ‘stack’ adverts which have no chance of being seen – hiding ads under ads under ads, so although they are running, no-one sees them. A couple of years back one bunch of Russian criminals built thousands of websites, generated a truckload of fake views and clicks via half a million ‘users’ (who were in fact bots) and managed to scoop up roughly £2.3m ($3m) a day in adverts, even though the whole thing was smoke and mirrors. This outright fraud doesn’t even include gentle exaggeration that goes on all the time, such as social media companies generously measuring levels of engagement on their sites.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Heracleum Persicum
Posts: 11567
Joined: Sat Dec 22, 2012 7:38 pm

Re: Computing | Software and Hardware

Post by Heracleum Persicum »

.


شایگان خردپیر

Shaygan was a member of the Executive Leadership Committee of Verizon, and eventually the head of Technology for the company.

Shaygan helped transform Verizon from a phone company to a telecommunications powerhouse.

He was instrumental among other things in revamping the largest network in the US from a “copper based”, legacy telephony infrastructure to a high-speed fiber-to-the-home multi-media network called FiOS with associated first-of-a-kind applications such as interactive TV, visual voicemail, 4G/LTE wireless applications, merging of the computer & telephony hardware & apps. Shaygan then joined Barclays Bank in the UK, where he eventually became the global Chief Operating Officer of the bank and a member of Barclays Group Executive Committee, embarking to transform the bank for the 21st Century; a noticeable part of the current innovations in financial services was set by Barclays earlier this decade, such as “mobile money”, instant customer servicing via secure clouds, big data & AI analytics applied to both individual and institutional banking. In recent years, Shaygan moved back to high tech in Silicon Valley, becoming CEOs of Juniper Networks and Coriant, respectively.

Shaygan received his B.A., M.S. and Ph.D. from Cornell University, with his doctorate thesis being on autonomous control of robots and vehicles with a focus on “obstacle avoidance.” He is on a number of company boards, served on advisory board of United States National Institute of Standards & Technology (NIST), was elected to the global CIO Hall of Fame, and awarded the Ellis Island Medal of Honor. He lives in Silicon Valley with his wife Leela, and has two children, Tara and Shaya.


Shaygan Kheradpir, PhD, Chief Operations and Technology Officer, Barclays speaks at the 2013 Meridian Global Leadership Summit


MOa9xjiEk54


.
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Computing | Software and Hardware

Post by Typhoon »

Belgium telegraph service ends after 150 years
Surprisingly, the Belgian telegram outlasted more modern communication methods. AOL Instant Messenger, for instance, was put to sleep earlier this month. Other electronic communication staples are on life support. The fax machine might as well be dead. And more than half of U.S. households now don’t have a landline (you know, the one that’s connected by thousands of miles of telephone wires, which are those strange things along the road that birds like to sit on).
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
noddy
Posts: 11318
Joined: Tue Dec 13, 2011 3:09 pm

Re: Computing | Software and Hardware

Post by noddy »

https://arstechnica.com/gadgets/2018/01 ... ity-flaws/

the separation of user space from kernel space is not as separate as once believed - which means crappy javascript in a webbrowser can theoretically access the rest of your computer.

oh dear.
ultracrepidarian
User avatar
Heracleum Persicum
Posts: 11567
Joined: Sat Dec 22, 2012 7:38 pm

Re: Computing | Software and Hardware

Post by Heracleum Persicum »

noddy wrote:.

https://arstechnica.com/gadgets/2018/01 ... ity-flaws/

the separation of user space from kernel space is not as separate as once believed - which means crappy javascript in a webbrowser can theoretically access the rest of your computer.

oh dear.

.


Intel says processor bug isn’t unique to its chips

“Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”
.
noddy
Posts: 11318
Joined: Tue Dec 13, 2011 3:09 pm

Re: Computing | Software and Hardware

Post by noddy »

intel is being a bit cheeky because currently its only them that has the problem in a real world exploit.

its theoretically possible on ARM and maybe AMD however the same team that proved it worked on intel could not make it work on those other platforms.

so current status is - yehnah
ultracrepidarian
noddy
Posts: 11318
Joined: Tue Dec 13, 2011 3:09 pm

Re: Computing | Software and Hardware

Post by noddy »

IOT loonery updatium.

the ESP32 has been out for a while now but the software and documentation support is starting to match its potential as a real game changer.

dual core 200mhz 32 bit processor with wifi and bluetooth (multiple flavours) and available for less than $5 USA as a module or $10 as a complete system with power supply and pins broken out.

disposable gadgets that can report back on wifi, configured with bluetoof and be powered by local harvesting/solar are now braindead easy.
ultracrepidarian
Post Reply