?

Log in

No account? Create an account
entries friends calendar profile my webpage Previous Previous Next Next
This is a discussion of the process used to reverse-engineer a… - Tina Marie's Ramblings
Red hair and black leather, my favorite colour scheme...
skywhisperer
skywhisperer
This is a discussion of the process used to reverse-engineer a rootkit that bypassed SSL to steal personal data, which lived in the wild for 54 days before being detected. It's probably going to be absolutely fascinating if you're a geek, and utterly incomprehensible if you're not:

http://www.secureworks.com/research/threats/gozi/

And while I'm at it: I've been getting these in my email for a while, but I didn't realize they were publically released: http://eval.symantec.com/mktginfo/enterprise/white_papers/ent-whitepaper_internet_security_threat_report_xi_03_2007.en-us.pdf. Yeah, there's some marketing hype there, but the numbers and trendings are fascinating.

Tags:
Current Mood: creative creative

8 comments or Leave a comment
Comments
grahamwest From: grahamwest Date: March 22nd, 2007 09:07 pm (UTC) (Link)
Very interesting and rather scary. It reads like something out of Neuromancer. I guess the future really has arrived (or worse, it's been here for a good while and I've only just found out).

That Windows has an API to let third party applications wiretap the network stream in-the-clear for HTTPS traffic blows my mind. What possible purpose can that serve?
skywhisperer From: skywhisperer Date: March 22nd, 2007 09:41 pm (UTC) (Link)
Microsoft is not known for being a company with a proactive interest in security.

But this is certainly the most terrifying threat I've seen to date. The only real solution is not to get infected - it's certainly easy enough to not allow web browsers to download things, but nothing else out there would have stopped this. I'm amazed it hasn't gotten more press.

BTW, my Wii friended your Wii last night.
grahamwest From: grahamwest Date: March 22nd, 2007 10:06 pm (UTC) (Link)
I noticed, and sent you a Mii.
skywhisperer From: skywhisperer Date: March 22nd, 2007 10:24 pm (UTC) (Link)
Cool! I'll send us over tonight. Any favorite games so far?
grahamwest From: grahamwest Date: March 22nd, 2007 10:53 pm (UTC) (Link)
Excite Truck is a lot of fun, enough depth but the emphasis is all on fun. Monkey Ball's good, but it's more of the same if you've played that game in the past. I have Zelda and Warioware but haven't tried them yet.

What about you?
skywhisperer From: skywhisperer Date: March 22nd, 2007 11:40 pm (UTC) (Link)
We have Zelda, WarioWare, Sonic, and the Raving Rabbits game. I haven't played Sonic or Zelda, but I've watched them. WarioWare seems like it'll be a lot of fun with a group of people. The rabbits are frustrating me, but every time I play I manage to get past one more mini-game. I'm not sure if I'll give up in frustration before I finish it, though.
alioth1 From: alioth1 Date: March 24th, 2007 05:23 pm (UTC) (Link)
You may be interested to know that the threat isn't even new. Internet explorer threats (or rather Internet Exploiter, as I prefer to call it) that allow this sort of thing to go on have been a running problem for at least four years. I had a massive bust-up with the guy who runs corporate security over one of these exploits - he was convinced it was absolutely no threat, and dismissed a proof-of-concept by one security software vendor as a 'sales pitch' (and it was childishly easy to exploit too - less than five lines of VBA code and you had pwned the client machine. Any barely competent teenage skript kiddie could easily have written a script to fetch every document on your PC).

I had to escalate it to the head information security officer with a very long essay detailing exactly how an attack would happen - written in plain English because the information security officer at the time wasn't all that computer literate. I managed to persuade him that yes, updating the intrusion detection system software to look for this exploit was a Good Thing To Do as well as patching IE.

Fortunately, I'm immune to this stuff. I run a minority browser on an even more minority platform, on yet a more minority CPU architecture!
skywhisperer From: skywhisperer Date: March 25th, 2007 02:18 am (UTC) (Link)
I'd not heard of it before. At least, I'd not heard of a version that could bypass SSL. Makes sense that you could by hooking winsock, though.
8 comments or Leave a comment