Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere OK you CAN take down onion addresses (121 comments)

but no one wants to do that. Doing it would mean to be responsible for subsequent takedowns, and what is seen as illegal in one country may be the opposite in another country, and you would need to establish a system for takedown, which can be misused for censorship.

yesterday
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:You conceded my point on rogue DNS @ least (121 comments)

To bring this back to the original topic: you know what a command and control is? I hope so. My posts only have covered the time the malware already was installed on the device. Not before. Of course you won't get the virus when you click a link "download here" which leads into nothingness. And yes, you are true, single ips are easier to fight than dns entries in remote countries, spread over the world. I just said that IPs cannot be blocked by a host file, and I say that it makes no sense to give a DNS server a DNS entry, which would have to be resolved first using a dns server, but the only one available needs a dns lookup before working, and so on and so on.

The only cause that justifies this /. story is that this malware was the first ransomware that used an onion address for C&C, not just only "tor alone". It would gain almost no advantage when it then exited the tor network again through an exit node. It would still have needed some DNS entry somewhere. onion addresses are almost impossible to take down.

Please explain: what are hardcodes?

TOR isn't slow anymore. try it. today. then come back and tell me your opinion about the speed of tor but don't yell tor *is* slow while not having tried it recently (you may yell tor *was* slow though).

yesterday
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Block rogue DNS servers via hosts (121 comments)

Blocking ips using a hosts file... I'm sorry but I don't know of any way of doing this.
Even it it were possible, there tor uses no "rogue DNS" servers, and not using any DNS directly, the DNS is tunneled to the exit relay which then invokes the DNS request. Any block by any firewall or ISP DNS fails here -- not just DNS request blocks like the hosts files, but also IP level blocks. This is what TOR was invented for.

yesterday
top

Snowden Seeks To Develop Anti-Surveillance Technologies

NotInHere Re:soviet era crypto (127 comments)

As long as it's not the latest curve, privacy preserving crypto can be written by NSA itself, and still be secure for you. SELinux was written by NSA, and I don't have a problem using it. Your security model shouldn't rely on the party your software came from. It should rely on the software itself, idependent reviews, and, if you can't afford your own review, the many-eyes-principle (which has chilling effects).
The russians could only say "this is too secure, design something that can be broken more easily".

yesterday
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Hosts override ANY DNS (even local)... apk (121 comments)

That might be true if the application is using the OS provided network stack, e.g. with DnsQuery. However AFAIK nothing prevents an application to bring its own DNS stack which queries external DNS, ignoring the host file. Does the OS block outgoing requests on port 53?
And, as I've said before, the DNS in TOR doesn't use the OS provided DNS. It uses its own one.
Blocking the C&C perhaps stops communication to the hq, but that doesn't help when the virus is written to first encrypt the HDD and then wait for further commands from C&C.

yesterday
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Angler PC malware? (121 comments)

The ldpreload attack is not a problem of the compositor, but the configuration of apparmor or SELinux:
http://mupuf.org/blog/2014/02/...
http://blog.siphos.be/2011/04/...
The transparent window attack doesn't work, does it? It seems that it is possible to make a transparent window, but then I doubt the events will be passed on onto the below applications. The keylogger would need to fake user input, which isn't possible AFAIK.

yesterday
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Angler PC malware? (121 comments)

I haven't reviewed the source code for every single application and update I install. Nor have my distro's packagers. And the software is compiled on some server I don't know, and the server is a single point of failure.
But still I trust this model more as randomly installing blobs from various websites.
When I randomly install software from my package repo no ads pop up from the taskbar, and I don't see CPU constantly at 100%. Don't have tried it for randomly downloading windows software from the internet.

2 days ago
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Correct me *IF* I am wrong, but... apk (121 comments)

The C&C Servers are what is communicated back against (as well as serving up exploits payloads etc. @ times also & IF they don't? Blocking out the payloads servers does the job... which hosts CAN do) - IF/WHEN I block that, should it NOT be disabled for communication, even via TOR?

blocking C&C can at least stop the bad guys from integrating your computer into a botnet. correct me if I'm wrong, but hosts only changes the host file? The host file blocks a website only when the OS' DNS is used, but tor has its own DNS, not even using the usual DNS port, but tunneling everything through a https-like connection.

* Fill me in...

(As far as "porting" it to Linux? I've thought about it... wouldn't be hard - & I WISH Borland didn't KILL Kylix (was Delphi for Linux for the most part) - however - there IS FreePascal & it's "Lazarus" IDE, which is VERY CLOSE to the Delphi IDE, & from what I understand, an ALMOST clone of its compiler commandset too! Thus, it IS, doable...)

APK

P.S.=> See - I guess I don't *fully* understand TOR (as I don't use it myself, tried it once - TOO damned slow, just like anonymous proxies are, same idea iirc for the most part afaik - correct me IF I am wrong/off here too... I can stand to learn by it as I *admit* I do NOT "know it all" & can learn as much as the next guy since this field changes so fast & dynamically)

... apk

The first time I've tried tor it was also very slow, but after some years I've tried again and now its usually fast enough even for videos. Sometimes (seldom) a relay is slow, then wait 10 minutes or choose another circuit.

2 days ago
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:They're using embedded resources... apk (121 comments)

I guess your host file program is very superior (it uses 64 bit, that is very future-proof) and so on and so on, but even *if* the C&C servers were known, they could only be defeated if your host program were installed on the tor exit relays. As I guess most run linux, you should port your host program to linux, and encourage its installation on the tor mailing list. Tor doesn't use "normal" DNS -- it uses its own which is routed through the tor network also. The exit relays do the DNS request for you. Otherwise it would be too simple to trace the traffic from the DNS usage.

2 days ago
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Angler PC malware? (121 comments)

No, not at all. What you are referring to is that X server doesn't need uid 0 to run. But still there is, amongst others, the problem that every x application can keylog you: http://hamsterbaum.de/index.ph...
And taking screenshots from the whole screen or faking user input (also for the whole screen) is also possible for every X application.

2 days ago
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Angler PC malware? (121 comments)

And desktop linux is unfortunately less secure than windows to 0day attacks. I hope wayland fixes this through isolation and privilege separation.

2 days ago
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

NotInHere Re:Angler PC malware? (121 comments)

Most linux distros have software repositories, and when you only use them (no ppas) to install stuff, you are on the safe side. Windows store only includes metro apps. The lack of a proper software repository mechanism is nothing else than an invitation from microsoft to surf the web for software and download it from there. Another part of this problem is dice, which agrees to display "download here" ads on sourceforge, and google, which doesn't want to disable the "download here" ads.

Dice and Google make money from being used to spread malware, and tor is blamed for routing C&C? This is just stupid.
Of course, i've read this, but somehow their efforts were in vain, as I've tried today and got a "free trial windows drivers download now" ad on the vlc download page.

2 days ago
top

Meet LibreOffice Volunteer Robinson Tryon (Video)

NotInHere Re:If you can't figure out your web site's font is (26 comments)

Beta has them too. Instead of symols for the buttons I get hex codes, the default replacement in firefox when the font has no symbol for that char.

4 days ago
top

Your Personal Data Is On Your Phone -- In the Form of Bacteria

NotInHere Re:I don't have a phone (21 comments)

I suppose phones are forbidden in jails, so... As long as you are in jail...

about a week ago
top

Google's Project Zero Aims To Find Exploits Before Attackers Do

NotInHere Re:Legality? (62 comments)

Getting elite people and good publicity sound like good reasons for me. Their business doesn't rely on lock-in as heavily as microsoft's, they need publicity.

about a week ago
top

Led By Nest, 'Thread' Might Be Most Promising IoT Initiative Yet

NotInHere Re:OK (79 comments)

privacy extensions only rotate the local host part of the address, the subnet prefix (which is unique but neither static nor regularly changing for your router box) stays untouched. my post was about the subnet prefix. It would be great for the providers to assign a static one and a dynamic one.

about a week ago
top

Led By Nest, 'Thread' Might Be Most Promising IoT Initiative Yet

NotInHere Re:OK (79 comments)

It is going away when:
1.(
a) one guy implements it in open source (likely) and it has the neccessary features (less likely) and usability (least likely), and which will get popular (rather unlikely)
OR
b) people become less greedy and companies get popular which get money by selling the devices and not the data or ads on the devices.
)
AND
2. Internet providers assign static ipv6 subnets (perhaps additionally to the dynamic privacy-friendly ones) (hey they could use this for lock-in: change your provider, change your bookmarks)

It took a long time since cyanogenmod came out, and even CM isn't fully respecting the user in its default setup, and CM still lacks some drivers.

about a week ago
top

Seat Detects When You're Drowsy, Can Control Your Car

NotInHere Re:Defibrillator also? (106 comments)

Yeah, but as its sponsored by google nest, you will get ads for the last thing you googled for while being shocked. And if you took the facebook sponsored seat, your insurance knows you have an heart attack even before it is over.

about a week ago

Submissions

top

India forged Google SSL certificates

NotInHere NotInHere writes  |  about two weeks ago

NotInHere (3654617) writes "As Google writes on its Online Security Blog, the National Informatics Centre of India (NIC) used its intermediate CA certificate issued by Indian CCA, to issue several unauthorized certificates for Google domains, allowing to do Man in the middle attacks. Possible impact however is limited, as, according to Google, the root certificates for the CA were only installed on Windows, which Firefox doesn't use, and for the Chrom{e,ium} browser, the CA for important Google domains is pinned to the Google CA.
According to its website, the NIC CA has suspended certificate issuance, and according to Google, its root certificates were revoked by Indian CCA."
top

Are the hard-to-exploit bugs in LZO compression algorithm a hype?

NotInHere NotInHere writes  |  about three weeks ago

NotInHere (3654617) writes "In 1996, Markus F. X. J. Oberhumer wrote an implementation of the Lempel–Ziv compression, which is used in various places like the linux kernel, libav, openVPN, or the Curiosity rover. As security researchers have found out, the code contained integer overflow and buffer overrun vulnerabilities, in the part of the code that was responsible to process not compressed parts of the data. Those vulnerabilities are however very hard to exploit, and their scope is dependent on the actual implementation.
According to Oberhumer, the problem only affects 32 bit systems. "I personally do not know about any client program that actually is affected", Oberhumer sais, calling the news about the possible security issue a media hype."
top

Mozilla launches student coding program "Winter of Security"

NotInHere NotInHere writes  |  about 2 months ago

NotInHere (3654617) writes "Mozilla has introduced a new program, called MWoS or "Mozilla Winter of Security", to involve university students into security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to activlely cooperate and to give the students a credit for their work. From TFA:

MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves."

Link to Original Source

Journals

NotInHere has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...