Oh look, another security issue!

Post #250,407 by tuberculosis 3/31/06 6:11:11 PM Reply	Oh look, another security issue! [link\|http://www.businessweek.com/magazine/content/06_15/b3979068.htm?campaign_id=rss_magzn\|http://www.businessw...aign_id=rss_magzn] But the real shock came when Pickett decided to test another bug by infecting his own PC with it. Out slithered a program that promptly installed itself deep inside his computer. There it became virtually immune to detection from the basic antivirus software that scans for dangerous code. The bug -- known as a "Trojan," which in turn was hidden inside a "rootkit" -- was designed to activate whenever a Web surfer typed in a user name or password for bank accounts or Web sites for dating, social networking, or e-mail. Pickett went to a bank site and entered fictitious log-in information. Right before his eyes, those data were sent streaming back to Russia, joining the IDs of thousands of real victims. His reaction: "absolute horror." This nasty bit of code, appropriately named "the Hearse" by Pickett's employer, Sana Security Inc. in San Mateo, Calif., is threatening to raise the stakes in the spy-vs.-spy war over cybercrime. That's because the average computer security program sifts for known worms and viruses on PCs. But rootkits cloak data-stealing code so that it can hide in the deepest guts of Windows software without showing up in task lists as an active program. Criminals, having greatly expanded their knowledge of Windows' inner workings, are flocking to this new tool. --------- Do you really need another reason to dump the dog? [link\|http://www.blackbagops.net\|Black Bag Operations Log] [link\|http://www.objectiveclips.com\|Artificial Intelligence] [link\|http://www.badpage.info/seaside/html\|Scrutinizer]
Post #250,419 by Steve Lowe 3/31/06 6:27:58 PM Reply	I don't But my employers still won't. -- Steve [link\|http://www.ubuntulinux.org\|Ubuntu]
Post #250,496 by Ashton 4/1/06 12:38:43 AM Reply	Now There's 'prescience' - - check date APRIL 10, 2006 NEWS: ANALYSIS & COMMENTARY etc. OK OK - S'pose that's the date on the dead-tree version. Well.. there's SysInternals' Rootkitrevealer, etc. ..compare raw registry vs 'displayed'-after-massage- 'registry', but as Messrs. Russinovich & Cogswell observe within: it's possible to conceive a Rootkitrevealer-outwitter too.. but (he explains), at least that won't be trivial to do. The more I delve into this morass and especially -in detail- into the Out-of-Box ABSURD config of XP for the target audience (neighbor's and now.. same parasite temporarily on my 'new' 3-yo hp notebook) - the main question I hear echoing inside the jelloware is - *Where Are the Class-Action Lawsuits?* CA has the "Song-Beverly Act" aka the Lemon Law, but it is applicable in the sense: that it codifies and expands upon the idea of "Merchantability and Fitness for the Intended Purpose" (of any purchase.) Liability? - 'oem': THAT's who The Beast will put the onus upon. Yet, last I heard: there are ndas which prohibit making sane config changes in the bundle. Nevertheless, scripts! Could be a part of their Restore disks; that is what OEM-status should permit: Beast's customers are mainly the OEMs. Their customers are .. us. Fix the blame: that would be the dance. If 'we' collectively sue - then, if The Beast has prohibited / via nda / protecting the customer ?? -- should be a clear path to apportioning damages. BUT - Only IF SOMEONE HAS THE BALLS TO SUE. Else it's all moot. It's a monopoly; "buy something Else" would seem to be an effete defense against the unconscionable. Well, in a Republic, so-to-speak So then, how many rootkits must proliferate before it is obvious, even to a Repo, that: Beast customers are being sold bogus goods? 10K? 1M? would 5M do it? All in a 2-week period, say.. All that dead hardware - 'part of the Consequential-loss suffered', in the eyes of a non-techno court. Maybe. No idea where *nix would fit into an obviously convoluted Battle of Billionaires in full-spin: I suspect all unwashed lose in the end, but the choreography should beat Murican Idol or CNN. Could 2006 be The Year of Comeuppance?? How many Judges have had a BSOD/vermin wipe out a few days' work? Give 'em a website to report-in..

Welcome to IWETHEY!