f.haeder.net

Search

Items tagged with: backdoor

«There is a weird belief amongst policy makers that hacking an encryption system's key management system is fundamentally different than hacking the system's encryption algorithm. The difference is only technical; the effect is the same. Both are ways of weakening encryption.»
G7 Comes Out in Favor of Encryption Backdoors - Schneier on Security
#security #crypto #policy #backdoor #escrow
 
James #Comey Offers Up Half-Assed Apology For Being Such An Asshole About #Encryption https://www.techdirt.com/articles/20190417/17523242031/james-comey-offers-up-half-assed-apology-being-such-asshole-about-encryption.shtml #fbi #backdoor
 
Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem....
#Malicious #backdoor #bootstrap-sass #Ruby #SECURITY #COMPUTER #TECHNOLOGY #RCE
 
Nach fünf Jahren unter dem Radar: Spionage-Malware "TajMahal" aufgetaucht #APT #AdvancedPersistentThreat #Backdoor #Kaspersky #KasperskyLab #Malware #Spionage #Spionage-Tool #TajMahal
 

ASUS Confirms It Was Used to Install Backdoors on Its Customers' Computers


A press release released by ASUS this morning confirms Motherboard’s reporting.

https://motherboard.vice.com/en_us/article/bjqez4/asus-confirms-it-was-used-to-install-backdoors-on-its-customers-computers

#asus #computer #backdoor #security
 

ASUS Confirms It Was Used to Install Backdoors on Its Customers' Computers


A press release released by ASUS this morning confirms Motherboard’s reporting.

https://motherboard.vice.com/en_us/article/bjqez4/asus-confirms-it-was-used-to-install-backdoors-on-its-customers-computers

#asus #computer #backdoor #security
 
Sicherheitslücke: Huawei-Treiber verwendet gleiche Technik wie NSA #Huawei #Backdoor #Datensicherheit #Malware #NSA #PC #ShadowBroker #Sicherheitslücke #Windows #Microsoft
 
Image/photoanonymiss wrote the following post Mon, 25 Mar 2019 20:40:04 +0300

Hackers Hijacked #ASUS #Software Updates to Install Backdoors on Thousands of Computers


source: https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
The researchers estimate half a million #Windows machines received the malicious #backdoor through the ASUS #update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional #malware on those machines.
...
This is not the first time attackers have used trusted software updates to infect systems.
...
The attackers used two different ASUS digital certificates to sign their malware. The first expired in mid-2018, so the attackers then switched to a second legitimate ASUS #certificate to sign their malware after this.

Trust nobody and certificates are useless without #security.

#fail #warning #cybercrime #news #economy #computer #wtf
- #Hackers #Hijacked #Updates #Install #Backdoors #Computers
 
#cia #vault7 #backdoor #wikileaks #surveillance
 

Hackers Hijacked #ASUS #Software Updates to Install Backdoors on Thousands of Computers


source: https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
The researchers estimate half a million #Windows machines received the malicious #backdoor through the ASUS #update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional #malware on those machines.
...
This is not the first time attackers have used trusted software updates to infect systems.
...
The attackers used two different ASUS digital certificates to sign their malware. The first expired in mid-2018, so the attackers then switched to a second legitimate ASUS #certificate to sign their malware after this.

Trust nobody and certificates are useless without #security.

#fail #warning #cybercrime #news #economy #computer #wtf
 

The Supreme #Backdoor Factory


source: https://dfir.it/blog/2019/02/26/the-supreme-backdoor-factory/
I started with #VirusTotal hunting capabilities - the search returned a set of binaries belonging to the same malware family: Eimea Lite App. The functionality and supported commands of this malware seems to be closely tied with previously discussed FEimea Portable App. The main difference is that while FEimea Portable App is written in Java, the Eimea Lite App comes in the form of compiled binaries for both #Windows and #Linux operating systems. Each observed instance of Eimea Lite App was built into the LAME encoder tool, likely in order to thwart #detection.
...
Overall there were 305 backdoored ELF binaries in nine #GitHub repositories belonging to Andrew Dunkins.
#Malware #security #internet #analysis #News #Software #virus #cybercrime #hack
 
NSA-Tool Ghidra: Tolles Tool, seltsamer Fehler #ReverseEngineering #Backdoor #Malware #NSA #Nist #Applikationen
 
Die US-Behörde für Cybersicherheit will TLS 1.3 verpflichtend einführen; die europäische ETSI hingegen wirbt für ihren Hintertür-Standard eTLS.

https://www.heise.de/newsticker/meldung/Europaeische-Standards-Organisation-warnt-USA-vor-TLS-1-3-4324155.html
#eu #crypt #backdoor
 

Europäische Standards-Organisation warnt USA vor TLS 1.3

Die US-Behörde für Cybersicherheit will TLS 1.3 verpflichtend einführen; die europäische ETSI hingegen wirbt für ihren Hintertür-Standard eTLS.
#USA #EU #cybersicherheit #TLS13 #standard #hintertür #backdoor #ETSI #eTLS #europa
 
#australia has given grounds for shunning software developers who are Australian. #freesw #security #backdoor #fiveeyes
 

Is #Huawei a friend or foe in the battle for 5G dominance?


source: https://www.theguardian.com/technology/2019/feb/03/huawei-friend-or-foe-global-5g-dominance
However, while the #intelligence agencies may harbour concerns about the robustness of Huawei’s #software, the centre has never found #evidence of the fabled “backdoors” that would allow #China to penetrate the #UK’s telecoms networks.
#gchq #security #surveillance #news #backdoor #mobile #network #5g #technology #trade
 
What I've seen missing from prominent cryptographers in discussion of the GHCQ's recent #backdoor proposal is the mention of how such a thing is less effective against free/libre software systems. The proposal involves adding a "ghost" user to E2E-encrypted conversations, which requires that the client silently encrypt to a third party. Such an antifeature couldn't just be committed to the project---it'd be too risky, since anyone could potentially find it.

Of course, there's still the issue of trusting binary distributions unless their builds are reproducible, and users who blindly download binaries without verifying signatures are also at risk. This emphasizes the importance of reproducible builds: a malicious actor isn't likely to commit code in plain view of the world; rather, they'll probably just distribute a modified binary and be dishonest about the corresponding source code.
 
Later posts Earlier posts