Weekly Edition
Return to the Security pageRecent Features
| |||||||||||||
Security quotes of the week
There are many remaining mysteries in the Gauss and Flame stories. For instance, how do people get infected with the malware? Or, what is the purpose of the uniquely named “Palida Narrow” font that Gauss installs?
-- Kaspersky
Lab asks for decryption help
Perhaps the most interesting mystery is Gauss’ encrypted warhead. Gauss contains a module named “Godel” that features an encrypted payload. The malware tries to decrypt this payload using several strings from the system and, upon success, executes it. Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload.
Starting next week, we will begin taking into account a new signal in our
rankings: the number of valid copyright removal notices we receive for any
given site. Sites with high numbers of removal notices may appear lower in
our results. This ranking change should help users find legitimate, quality
sources of content more easily—whether it’s a song previewed on NPR’s music
website, a TV show on Hulu or new music streamed from Spotify.
-- Google(Log in to post comments)
Security quotes of the week Posted Aug 16, 2012 7:40 UTC (Thu) by Seegras (subscriber, #20463) [Link]
> This ranking change should help users find legitimate, quality sources of
> content more easily
Yes, and of course gives some content-sellers the tools they need to get free and public domain content de-ranked.
This is NOT just targeted at illegal copies, this is a tool of war against competition of every kind.
Security quotes of the week Posted Aug 16, 2012 12:32 UTC (Thu) by hummassa (subscriber, #307) [Link]
The funny thing is that search neutrality is much similar to network neutrality (that GOOG loves so much). Well, the best scenario case is that people will migrate away from google... :-D
Security quotes of the week Posted Aug 16, 2012 15:45 UTC (Thu) by njwhite (subscriber, #51848) [Link]
> The funny thing is that search neutrality is much similar to network neutrality
Search neutrality is more complicated, though, as effective search is all about ranking, therefore all about prioritising some things over others. Now transparent (and tweakable) algorithms, presented in such a way as to be understandable, would be fantastic. But a difficult goal, not to mention difficult to reconcile with business models based on a "secret sauce".
Security quotes of the week Posted Aug 17, 2012 21:31 UTC (Fri) by dashesy (subscriber, #74652) [Link] It is some time I have migrated to DuckDuckGo, and rarely have to use !g. Still the funny thing is that now Google search's last page might have more interesting stuff.
Security quotes of the week Posted Aug 17, 2012 0:44 UTC (Fri) by vonbrand (subscriber, #4458) [Link] They are talking valid copyright takedown notices. I very much doubt Wikipedia, the FSF or other open content sites will get very many of those...
Security quotes of the week Posted Aug 17, 2012 11:23 UTC (Fri) by man_ls (subscriber, #15091) [Link] It is trivial to make Wikipedia the target of valid copyright takedown notices: copy some proprietary stuff on a random page from a shared IP, send the takedown notice.
Security quotes of the week Posted Aug 17, 2012 14:08 UTC (Fri) by mpr22 (subscriber, #60784) [Link] The chance of getting caught is non-zero. If you get caught, then none of the possible scenarios end well for you. If it isn't your material, then you don't have standing to issue a DMCA takedown in the first place and you are probably violating the copyright yourself. If it is your own material, then the following text found on the editing page of Wikipedia is of interest: By clicking the "Save Page" button, you agree to the Terms of Use, and you irrevocably agree to release your contribution under the CC-BY-SA 3.0 License and the GFDL. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license. Which is to say: If it's your material, then by posting it you gave Wikipedia a license. Hence, a DMCA takedown would not be valid unless you can show that Wikipedia's subsequent distribution of the material violates the terms under which you agreed to license it. There's also the matter that going straight to the "file a DMCA notice" step when dealing with Wikipedia makes you look like a jerk.
Security quotes of the week Posted Aug 20, 2012 20:19 UTC (Mon) by liljencrantz (guest, #28458) [Link]
That kind of viral licensing hasn't held up in court that I'm aware of.
Security quotes of the week Posted Aug 16, 2012 18:44 UTC (Thu) by tpo (subscriber, #25713) [Link]
> [...] number of valid copyright removal notices we receive for any given
> site. Sites with high numbers of removal notices may appear lower in our > results. [...]
Will Google also apply this to Youtube? Youtube should be among the top scorers wrt copyright complaints. If it won't, then would that omission represent a lead into an anti-trust case?
Security quotes of the week Posted Aug 17, 2012 9:10 UTC (Fri) by mpr22 (subscriber, #60784) [Link] I thought most people wanting to search for youtube videos went to youtube.com then used the search bar at the top of the youtube page.
Security quotes of the week Posted Aug 19, 2012 19:22 UTC (Sun) by mathstuf (subscriber, #69389) [Link]
They claim it won't, but YouTube has processes in place that go beyond the DMCA (Content ID) which doesn't factor in since they're not "takedown notices".
Security quotes of the week Posted Aug 23, 2012 10:38 UTC (Thu) by reddit (guest, #86331) [Link]
How can "decryption" be possibly hard?!?
I mean, just run it in an emulator or virtual machine, and wait until the payload is executed...
If you can't figure out when the payload is executed, modify the emulator to track which memory locations contain data that depends on the encrypted data (similar to how Valgrind propagates validity bits), and then stop the first time a jump is done to one of them.
If the problem is that they can't trigger execution of the payload because it uses a key computed from data only present on unknown target systems, then decryption is simply impossible if the malware is properly written (because they would need to reverse a strong cypher).
Security quotes of the week Posted Aug 23, 2012 11:58 UTC (Thu) by spender (subscriber, #23067) [Link]
Obviously, you answered your own question.
-Brad
Security quotes of the week Posted Aug 23, 2012 12:03 UTC (Thu) by ekj (guest, #1524) [Link]
Even then, not *impossible*, because the "data only present on unknown systems" is likely not random, thus you can guesstimate it in less time than brute-forcing the key.
Besides, it should be possible to see where it -attempts- to get the data (and fails), then investigate what is at that location for potential targets.
Security quotes of the week Posted Aug 23, 2012 12:39 UTC (Thu) by redden0t8 (guest, #72783) [Link]
Kaspersky has already done that - it's looking for a specific registry key. The problem is, they've tried every plausible value they can think of.
Assuming this payload is along the same lines as Stuxnet, I think the answer is pretty obvious: it's looking for a registry key associated with someone's specifically customized SCADA software. The key's probably in some non-English language and has never been seen outside the campus of the target.
Security quotes of the week Posted Aug 23, 2012 12:51 UTC (Thu) by ekj (guest, #1524) [Link]
That makes sense. Or the key could be the hash of some executable or something of that order, that the software checks to ensure the integrity of the file - if so that's equivalent to a random number (aslong as you don't have that specific file, I mean)
|
|||||||||||||