Article 43

 

Microsoft And Windows

Wednesday, April 17, 2024

Still Looking For Reasons To Keep Away From Windows? Part 24

image: microsoft vista
 
China is now flexing its post-Olympic power with an aggressive new cyberespionage campaign, targeting government, military and civilians with equal force. If you use Windows, the Chinese Communist Party to knows how to hack into your laptop. If you have friends and associates in China, they’re reading your e-mails.
- Bad Moon Rising Part 44, September 2011
 
As it scrambled to compete in the internet world, the once-dominant tech company cut tens of thousands of U.S. workers, hitting its most senior employees hardest and flouting rules against age bias.
- Cutting Old Heads At IBM, March 2018
 
The United States has collectively decided that certain industries, like ELECTRONICS, are not worth keeping. Other industries, like MEATPACKING and chicken-processing, are worth keeping, but only if theyre staffed by a new proletariat IMMIGRANTS who labor for low hourly wages and without benefits or union representation. And now we’re being told that other industries like steel, coal, textiles, and auto parts can survive only to the extent that middle-class stakeholders choose to become INSECURE INDUSTRIAL WORKERS.
- Is Globaliation Over, September 1922
 
India has been one of the LEADING OUTSOURCING DESTINATIONS due to low costs, 24/7 service, a highly-experienced workforce, a vast talent pool, and continuous support from the government.
- Outsourcing Big Tech, July 2022
 
I’m pretty sure that as telco manufacturers and phone companies REPLACE their Nobel Prize winning SCIENTISTS and HIGHLY-SKILLED WORK FORCE with temporary day laborers, outsource operations and development to politcal adversaries and countries with HORRIBLE LIVING CONDITIONS...raises the possibility that America’s phone system may be easier to penetrate tomorrow, than getting through an opened door today.
- The Athens Affair, 2007
 
In the early days of the internet, before we realized everything we do, can - and probably will be - tracked, analyzed, stored and shared - internet companies would send us a CD that included a BRANDED version of a web browser, with a unique USER-AGENT STRING - making it easy to track ones web surfing way back then… For web crawling here, I invite BING, and a few others in… Yeah, I know it’s Microsoft.  But I figure they ALREADY KNOW more than we can possibly imagine.
- The Web Crawler Problem, 2024
 

---

Microsoft is ‘ground zero’ for foreign state-sponsored hackers, executive says
“It’s very difficult to defend against,” a top Microsoft executive for security said of state-sponsored hackers

By Laura Bratton
Quartz
April 15, 2024

A top Microsoft executive said in a new interview that the tech giant is “ground zero” for foreign government-backed hackers.

"They’re incredibly good at collecting data over time, gathering and gathering more and more momentum and then figuring out how to keep parlaying that into more and more success,” Charlie Bell, Microsoft’s executive vice president of security, told Bloomberg of state-sponsored hackers in AN INTERVIEW PUBLISHED MONDAY. “It’s very difficult to defend against.”

Microsoft launched a security initiative called the SECURE FUTURE INITIATIVE in November following a number of cybersecurity breaches with ties to foreign governments. Last May, HACKERS BACKED BY CHINA BROKE INTO CUSTOMERS’ EMAILS. Then in the summer of 2023, Russia-linked group Anonymous Sudan STOLE 30 MILLION CUSTOMERS’ DATA.

Even after the launch of Microsoft’s initiative, a Russia-backed actor called MIDNIGHT BLIZZARD ATTACKED OTS EMPLOYEES’ EMAIL ACCOUNTS - including those of executives = in January. A SCATHING REPORT FROM THE U/S. CYBER SAFETY REVIEW BOARD (CSRB) earlier this month said a cascade of security failuresӔ was to blame for the January breach.

The CSRB said in its report that Microsoft’s “security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.”

Bloomberg’s report highlighted how Microsoft has implemented its security revamp thus far. Its removed 1.7 million ғidentities linked to old accounts and more than 700,000 out-of-date apps, and itԒs further enforcing multi-factor authentication for over 1 million accounts. The company is also taking steps to make it harder for hackers to steal Microsoft employees IDs.

Still, an independent cyber security expert interviewed by Bloomberg said the actions taken by Bloomberg aren’t enough to fix its fundamentally “inadequate” system. Microsoft did not immediately respond to Quartz’s request for comment.

SOURCE

Posted by Elvis on 04/17/24 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Monday, May 29, 2023

The Worst Computer Nightmares - Hardware Hacks

image: computer code
 
“The most striking aspect of this report is that this UEFI implant seems to have been used in the wild since the end of 2016 - long before UEFI attacks started being publicly described,” Kaspersky researchers wrote. “This discovery begs a final question: If this is what the attackers were using back then, what are they using today?”
- Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us

---

Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw
BlackLotus represents a major milestone in the continuing evolution of UEFI bootkits.

By Dan Goodin
ArsTechnica
March 6, 2023

Researchers on Wednesday announced a major cybersecurity find - the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.

Dubbed BlackLotus, the malware is whats known as a UEFI bootkit. These sophisticated pieces of malware target the UEFI - short for UNIFIED EXTENSIBLE FIRMWARE INTERFACE - the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right. Its located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch. Previously discovered bootkits such as COSMICSTRAND, MOSIACREGRESSOR, and MOONBOUNCE work by targeting the UEFI firmware stored in the flash storage chip. Others, including BlackLotus, target the software stored in the EFI SYSTEM PARTITION.

Because the UEFI is the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. These traits make the UEFI the perfect place to launch malware. When successful, UEFI bootkits disable OS security mechanisms and ensure that a computer remains infected with stealthy malware that runs at the kernel mode or user mode, even after the operating system is reinstalled or a hard drive is replaced.

As appealing as it is to threat actors to install NEARLY INVISIBLE malware that has kernel-level access, there are a few formidable hurdles standing in their way. One is the requirement that they first hack the device and gain administrator system rights, either by exploiting one or more vulnerabilities in the OS or apps or by tricking a user into installing trojanized software. Only after this high bar is cleared can the threat actor attempt an installation of the bootkit.

SOURCE

---

New Hardware Vulnerability Discovered in Intel Processors

Anonymous Hackers
May 28, 2023

In a significant development that has sent shockwaves through the technology industry, a new hardware vulnerability has been discovered in Intel processors. This vulnerability has raised concerns about the security and privacy of millions of computer systems worldwide.

The flaw, dubbed “SpectraStrike,” was first identified by a team of security researchers at a leading cybersecurity firm. SpectraStrike is said to affect a wide range of Intel processors, including both consumer-grade and enterprise-level chips. This vulnerability allows malicious actors to exploit the speculative execution feature of Intel processors, potentially leading to unauthorized access to sensitive information.

Speculative execution is a performance optimization technique used by modern processors, including Intel’s, to predict and execute future instructions. However, SpectraStrike takes advantage of flaws in the implementation of this feature, allowing hackers to bypass security measures and access data that should be protected.

The exact scope and impact of this vulnerability are still being investigated, but initial findings indicate that it could potentially expose sensitive data such as passwords, encryption keys, and personal information. Cybersecurity experts warn that this could have severe implications for individuals, businesses, and even government agencies relying on Intel processors. Intel has acknowledged the existence of the SpectraStrike vulnerability and is actively working to develop and release security patches and firmware updates to mitigate the risk. The company has urged all affected users to keep their systems up to date and apply the necessary updates as soon as they become available.

Meanwhile, organizations across various sectors are closely monitoring the situation and taking necessary precautions to safeguard their systems. The cybersecurity community has mobilized efforts to analyze and understand the vulnerability further, working towards developing additional security measures to protect vulnerable systems.

This latest hardware vulnerability in Intel processors comes on the heels of previous incidents, such as Meltdown and Spectre, which exposed similar flaws in computer hardware. The SpectraStrike vulnerability highlights the ongoing challenge faced by the technology industry to stay ahead of increasingly sophisticated cyber threats.

As the investigation unfolds, it is crucial for individuals and organizations to remain vigilant and follow recommended security practices. This includes regularly updating software, using strong and unique passwords, and implementing multi-factor authentication where possible.

The implications of the SpectraStrike vulnerability are far-reaching, with potential repercussions for global cybersecurity. It serves as a reminder that constant vigilance and proactive measures are essential to protect sensitive information in an ever-evolving digital landscape. Further updates on the SpectraStrike vulnerability and mitigation efforts will be provided as new information becomes available. Stay tuned for the latest developments on this critical issue.

SOURCE

Posted by Elvis on 05/29/23 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Wednesday, May 17, 2023

Still Looking For Reasons To Keep Away From Windows? Part 23

image: snooping pc
 
Google has clarified its email scanning practices in a terms of service update, informing users that incoming and outgoing emails are analysed by automated software.
- Gmail Snooping, 2014

---

Microsoft is scanning the inside of password-protected zip files for malware
If you think a password prevents scanning in the cloud, think again.

By Dan Goodin
ARS Technica
May 16, 2023

Microsoft cloud services are scanning for malware by peeking inside users’ zip files, even when they’re protected by a password, several users reported on Mastodon on Monday.

Compressing file contents into archived zip files has long been a tactic threat actors use to conceal malware spreading through email or downloads. Eventually, some threat actors adapted by protecting their malicious zip files with a password the end user must type when converting the file back to its original form. Microsoft is one-upping this move by attempting to bypass password protection in zip files and, when successful, scanning them for malicious code.

While analysis of password-protected files in Microsoft cloud environments is well-known to some people, it came as a surprise to Andrew Brandt. The security researcher has long archived malware inside password-protected zip files before exchanging them with other researchers through SharePoint. On Monday, he took to Mastodon to report that the Microsoft collaboration tool had recently flagged a zip file, which had been protected with the password “infected.”

“While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples,” BRANDT WROTE. “The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs.”

Fellow researcher Kevin Beaumont joined the discussion to say that Microsoft has multiple methods for scanning the contents of password-protected zip files and uses them not just on files stored in SharePoint but all its 365 cloud services. One way is to extract any possible passwords from the bodies of an email or the name of the file itself. Another is by testing the file to see if its protected with one of the passwords contained in a list.

“If you mail yourself something and type something like ‘ZIP password is Soph0s’, ZIP up EICAR and ZIP password it with Soph0s, it’ll find (the) password, extract and find (and feed MS detection),” he wrote.

Brandt said that last year Microsoft’s OneDrive started backing up malicious files he had stored in one of his Windows folders after creating an exception (i.e., allow listing) in his endpoint security tools. He later discovered that once the files made their way to OneDrive, they were wiped off of his laptop hard drive and detected as malware in his OneDrive account.

“I lost the whole bunch,” he said.

Brandt then started archiving malicious files in zip files protected with the password “infected.” Up until last week, he said, SharePoint didn’t flag the files. Now it is.

Microsoft representatives acknowledged receipt of an email asking about the practices of bypassing password protection of files stored in its cloud services. The company didn’t follow up with an answer.

A Google representative said the company doesn’t scan password-protected zip files, though Gmail does flag them when users receive such a file. My work account managed by Google Workspace also prevented me from sending a password-protected zip file.

The practice illustrates the fine line online services often walk when attempting to protect end users from common threats while also respecting privacy. As Brandt notes, actively cracking a password-protected zip file feels invasive. At the same time, this practice almost surely has prevented large numbers of users from falling prey to social engineering attacks attempting to infect their computers.

One other thing readers should remember: password-protected zip files provide minimal assurance that content inside the archives can’t be read. As Beaumont noted, ZipCrypto, the default means for encrypting zip files in Windows, is TRIVIAL TO OVERRIDE. A more dependable way is to use an AES-256 encryptor built into many archive programs when creating 7z files.

SOURCE

Posted by Elvis on 05/17/23 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Thursday, April 22, 2021

Legalized Hacking 2

pc-eye.jpg image: all seeing pc border=0

Judge Rules FBI Can Hack Into Exchange Servers

By Trevor Collins
Security Simplified
April 21, 2021

For the last few months, we have seen Exchange Servers fall to vulnerabilities from the HAFNIUN attacks. Even after Microsoft released patches for the serious flaws, we continue to see attacks on Exchange Servers and hear of more Exchange Servers becoming compromised. This shouldnt be news as many publications including our own have covered these vulnerabilities extensively. Additionally, Microsoft released their patches over a month ago. Yet in a recent report the FBI has found many compromised Exchange servers that still have various threat actor’s webshells installed.

Last week though, THE FBI took it a step further. In a court-approved action, the FBI identified compromised servers, connected to the servers through the webshell, and removed the malicious webshell left behind by the original threat actors. We can easily criticize the administrators who have allowed their exchange servers to stay compromised for so long, but it doesn’t excuse the FBI from connecting into these exchange servers. They don’t need individual warrants to connect to these devices according to the previously SEALED COURT DOCUMENT. This gives precedent for the FBI to access any server and make changes on these servers with just a blanket warrant. I see this as a clear violation of property rights. One could argue that the FBI helped fix the server, but property rights don’t have a stipulation that the government can access your property if they intend to help you. For example, if somebody put graffiti on the side of a business, the FBI does not have the right to cover over the graffiti without the owner’s permission.

Administrators choose their software based on the features and security it provides. A Microsoft Exchange Server and the host operating system protects the server from any unauthorized change.  When we buy the software, we expect that only authorized users can make changes on the servers and unauthorized users cannot. This creates a requirement for explicit permission for access. If you must bypass the normal expected route to make changes on the Exchange Server, then you do not have explicit permission to make these changes from the owner. The FBI has performed similar attacks in the past with the Coreflood botnet. This time though, it looks like they connected directly into the Exchange Server to delete the webshell where in comparison they removed Coreflood by sending a command to delete itself from the command and control infrastructure they had previously taken over.

Ultimately the court did not agree with me and gave an excessively wide warrant to the FBI. They could have asked for a warrant to identify the owners of the servers, but they didnt do this as far as we know. We have no way of knowing exactly how the FBI did this or what IP addresses they used.

The good news is, you can protect yourself from this happening to you by keeping your infrastructure secure in the first place. Protect your servers by ensuring they are updated. More importantly though, the FBI shouldn’t access servers they don’t own and haven’t actually committed a crime.

SOURCE

Posted by Elvis on 04/22/21 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Tuesday, June 04, 2019

Still Looking For Reasons To Keep Away From Windows? Part 22

badwindows.jpg

Russia’s Would-Be Windows Replacement Gets a Security Upgrade

By Patrick Tucker
Defense One
May 28, 2019

For sensitive communications, the Russian government aims to replace the ubiquitous Microsoft operating system with a bespoke flavor of Linux, a sign of the country’s growing IT independence.

For the first time, Russia has granted its highest security rating to a domestically developed operating system deeming ASTRA LINUX suitable for communications of “special importance” across the military and the rest of the government. The designation clears the way for Russian intelligence and military workers who had been using Microsoft products on office computers to use Astra Linux instead.

There is hope that the domestic OS [operating system] will be able to replace the Microsoft product. “Of course, this is good news for the Russian market,” said German Klimenko, former IT advisor to Russian President Vladimir Putin and chairman of the board of Russia’s Digital Economy Development Fund, a venture capital fund run by the government. Klimenko spoke to the Russian newspaper Izvestia on Friday.

Although Russian officials used Windows for secure communications, they heavily modified the software and subjected Windows-equipped PCs to lengthy and rigorous security checks before putting the computers in use. The testing and analysis was to satisfy concerns that vulnerabilities in MICROSOFT OPERATING SYSTEMS could be patched to prevent hacking from countries like the United States. Such evaluations could take three years, according to the newspaper.

A variant of the popular Linux open-source operating system, Astra Linux has been developed over the past decade by Scientific/Manufacturing Enterprise Rusbitech. In January 2018, the Russian Ministry of Defense said it intended to switch to Astra Linux as soon as it met the necessary security standards. Before that, the software had been on some automated control systems, such as the kind sometimes found on air defense systems and some airborne computer systems.

It’s another example of Russia’s self-imposed IT exile, along with the efforts to disconnect the country from the global Internet by 2021 and to create its own domain name service.

“The Russian government doesn’t trust systems developed by foreign companies to handle sensitive data, due to fears of espionage through those systems,"” said Justin Sherman, Cybersecurity Policy Fellow at New America. Using domestically produced technologies to manage sensitive data is just another component of the Kremlin’s broader interest in exercising more autonomy over the digital machines and communications within its borders.

Sam Bendett, research analyst with the “Center for Naval Analyses” International Affairs Group, said, One of the main sticking points for the Russian government was the fact that imported operating systems had vulnerabilities and back doors that Moscow thought could be exploited by international intelligence agencies. This is essentially Russia ensuring its cybersecurity against potential intrusions.

It’s unsurprising that Moscow distrusts Microsoft software, given that Russian-developed malware, like the NotPetya virus used against energy targets in Ukraine, exploits vulnerabilities in Windows.

Sherman says that while the Russian government may find Astra Linux a suitable substitute for Windows, its not a serious competitor anyplace else. There’s no particular reason for others to use this bespoke variant of Linux. Also suspicion of Russian software has been rising internationally. The country’s most successful and recognized software company, Kaspersky, can no longer sell its wares to the U.S. government. Last May, the cybersecurity firm opened a “transparency lab” in Switzerland in an attempt to assuage jittery European customers.

“If this operating system were to be marketed outside of Russia, the prospects likely aren’t great,” Sherman said. Astra Linux doesn’t exactly have worldwide foothold compared to the systems its replacing within Russia, and this is only compounded by the fact that just as the Russian government has security concerns about software made in other countries - Other countries may very well have security concerns about using software made in Russia and endorsed by the Russian government.

But, says Bendett, a potential client list for Russian software does exist outside of Russia, just as there is for Russian anti-aircraft systems. “There is a growing list of nations that will probably want to have its main government and military systems run on an OS from a nation more friendly to their interest like Syria.. or other countries where Russia is seeking to make inroads. So the possibility for export definitely exists.”

SOURCE

Posted by Elvis on 06/04/19 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home
Page 1 of 10 pages  1 2 3 >  Last »

Statistics

Total page hits 13233760
Page rendered in 0.9251 seconds
41 queries executed
Debug mode is off
Total Entries: 3645
Total Comments: 341
Most Recent Entry: 06/16/2024 08:48 am
Most Recent Comment on: 06/14/2023 06:21 pm
Total Logged in members: 0
Total guests: 11
Total anonymous users: 0
The most visitors ever was 588 on 01/11/2023 03:46 pm


Email Us

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

How interseting...Einstein tapped into the future. Edison tapped into the future. Anglo did also, yet world is still not convinced.

Search


Advanced Search

Sections

Calendar

June 2024
S M T W T F S
           1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

Most recent entries

Must Read

RSS Feeds

BBC News

ARS Technica

External Links

Elvis Favorites

BLS and FRED Pages

Reference

Other Links

All Posts

Archives

RSS


Creative Commons License


Support Bloggers' Rights