And here news (the presentation and the link to research work inside) that unique features of programming style filter even into compiled code. Though this subject also is rather highly specialized, I see in it something bigger: perhaps in the near future the picture will finally lose relevance on the right. Not because all will monitor all, and thanks to the behavioural analysis — the user can be identified how it vzamodeystvut with the website, the application or something else the same as the programmer — how that writes a code. Here by the way Apple purchased the startup specializing in the analysis of human emotions just yesterday. Generally, the 2016th year begins interestingly. And we continue supervision. The previous series are available here.
Such non-standard approach can be compared to loading and the Microsoft Office installation for operation of vulnerability in is as follows: in general, not the most effective method. But features of the partner program organized by the Trojan's authors are interesting. For 25% of revenue (given Bitcoin purse — the only thing that is required at registration) decided to go on a slippery track of cyberracketing provide the configured Trojan in whom it is possible to set independently even the redemption sum. Results of work ostlezhivatsya in the console (naturally, through Tor). Well, such interesting example of business of c2c — from the criminal to the criminal. In more detail about it (on the example of Brazil) — here.
And here what the user sees as a result. Farther everything usually: the requirement of the redemption, raising of rates through certain time, an opportunity to decrypt one file on test, and this process it is automated. As it usually happens, to decrypt files because of vulnerabilities in algorithm it will not turn out — each separate document is ciphered by the key. Only confiscation of the managing server by law enforcement agencies with the subsequent analysis of contents as it happened in a case to CoinVault will help.
Zerodium pays up to 100 thousand dollars for the Adobe Flash exploit
About the Zerodium company we already wrote — last year it declared a record award in 3 million dollars for an effective exploit for iOS. A key word here — effective, that is allowing to crack the device far off, without involvement of the owner by methods of any social engineering. In November the company declared that the winner (one of expected three) is found, but that was specifically found — we do not learn, because of specifics of this broker. The company uses the found holes for resale doubtful from all directions to government institutions — for maintaining the corresponding sort of operational activity.
The desire of Zerodium to leave the decent sum is caused by changes in the Adobe Flash code. On December 21 the Adobe company declared implementation of the Heap Isolation technology, and it, in turn, made impossible some attacks like use-after-free. In other words, Flash (if you, of course, updated it) became much safer. The background of this innovation is interesting — Adobe in the blog speaks about implementation of a new measure thanks to interaction and exchange of experience with Microsoft and Google Project Zero (earlier this group submitted recommendations about improvement of security of Flash). Interesting and positive example of interaction of experts from the different companies.
And, apparently, rather effective that "dark side" decided to fork up. By the way, last summer Adobe declared own bug bounty program which, however, does not provide money payments. And typical payments which vendors promise researchers almost never reach the six-digit sums declared by Zerodium and the similar companies. The difference between them is also that process of search and publication of bugs on the party of good is usually open and transparent, and here that as well as to whom pays Zerodium — is not known. The actual sums can be be quite lower. So, introduction of financial interest to process of search of bugs changes nothing — the researcher needs still to decide on questions, so to speak, ethically - the criminal plan.
David Chaum — the theorist, famous in narrow circles, in the field of data encryption, network anonymity and electronic currencies. Famous and dear participant of community, he developed an information protection subject in a network when the network was not yet — one of its main works on saving of anonymity in mail correspondence is published (PDF) in 1981. On January 6 in the Wired log article about new development of Chaum — the PrivaTegrity system appeared. The system allows to communicate in a network completely anonymously, more effectively and more safely, than in the existing Tor networks and I2P. Technical details were not disclosed (they are not also on Chaum's website), but for rough debate in community it was and it is not necessary.
Feature of system is the algorithm allowing to deprive of anonymity of one of participants. According to Chaum to give a possibility of control over communications to one structure or the state it is really unsafe, and distribution of responsibility between nine "administrators" can solve a problem. This advice to nine can expose the potential malefactor, only in case of acceptance of an unanimous solution (it is supposed, probably, that participants of council will be able to agree only in case of some explicit crime). Anyway, it means what in superprotected (we will assume) to system by default there is a backdoor. By this disputable part of the project observers were not slow to be trampled. For example so:
Chaum's initiative, thus is an attempt to reach compromise between desire of normal users to remain anonymous and desire of law enforcement agencies (and societies in general) not to give to criminals, terrorists and other declassed elements an impregnable communication channel. Opinion of opponents: any initially mortgaged vulnerability of algorithm will be operated sooner or later. It is impossible to give access to one and to hope that more nobody will receive it. Chaum began to be accused of a political connivance at all to state structures (you see Christopher Sogoyan's quote above) — when most of cryptographers tries to prove to the state that backdoors — it is bad, one of pillars theorists gives to the state strong argument pro.
It would be interesting to look at technical details of system (if they in general are opened ever after such "warm welcome"). Meanwhile on Chaum's website it is possible to contemplate a fine picture: the certain 25 experts who wished to remain unknown allegedly approved the concept. Generally, the interesting metamorphosis continues to happen to cryptography — remaining a subject especially technical, it purchases considerable political weight. And in the future security of our data will be defined, perhaps, not by(with) technologies (with them and without Chaum everything is normal), and how the state, society, all interested persons are shorter, among themselves will agree.
What else occurred:
Interesting vulnerability in the Blackphone protected smartphone — it is possible to get data access through the communication module which, as we know, in any phone has the highest priority, represents the state in the state and contains what the hell.
Found vulnerability in system of house signaling Comcast in states. The signal from penetration sensors (2,4 GHz) was very simple to be muffled — a glushilka or (naturally!) hats from a foil, and the system reacts to such actions slowly or in any way. The quote from the representative of Comcast: "Our signaling system uses the same front lines conforming to industry standards of technology as at other providers of similar solutions". Ugu.
Holland does not approve backdoors in encryption systems. And not somebody, and Minister of Justice!
Found a bug which can be used for MiTM-attack in the XMPP client of Cisco. Reason: an opportunity to force to transfer the client given by clear text, but not within the session protected by the TLS protocol.
Rezidenten, strikes. COM-and EXE files, MBR winchester. Files are surprised standardly. MBR is infected at start of the infected file, continuation of a virus and MBR sector remain, since the address 0/0/2 (track/head/sector).
Memory catches when loading from the infected disk. Then the virus affects only files. Intercepts int21h, contains the lines "Anthrax", "Damage, Inc".
The quote according to the book "Computer Viruses in MS-DOS" of Evgeny Kaspersky. 1992. Page 105.
Disclaimer: This column reflects only private opinion of her author. It can match a position of the Kaspersky Lab company, and can not match. Here as will carry.
This article is a translation of the original post at habrahabr.ru/post/274703/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: email@example.com.
We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.