Risky Business #205 -- Who's the real Shady RAT?
Fri, 08/05/2011 - 15:54
Topic Source:
On this week's show we're taking a look at the most devastating state sponsored planet melting, child eating APT the world has ever seen... according to Gizmodo it's the BIGGEST CYBER ATTACK IN HISTORY.
Ummm... actually no, it's a fairly unsophisticated botnet comprising of 70 targeted infections.
Fri, 08/05/2011 - 17:45
#2
Well it is wrong... as was
Well it is wrong... as was explained by Sean, the 70ish targets were the entire C&C...
I think this was some interesting work that got marketroided and overhyped by Vanity Fair.
Sat, 08/13/2011 - 03:28
#3
DEP "invented" by Open Source?
Like many many things in computer science, DEP is a decades old concept that is rediscovered and renamed in modern times and all the technorati think they have made a major discovery.
I only have one example handy. The Alpha architecture, defined in the late 80s has the following bits defined:
Fault-on-Execute
Fault-on-Read
Fault-on-Write.
I am sure older architectures implemented these as well.
Just wait, someone will soon "discover" that constants (incl byte-coded programs) can be loaded into memory that can be marked read-only and thus rendered unmodifiable by malware. They will then come up with a cute name and the technorati will hail the inventor and celebrate how much smarter modern computer scientists are than our ancestors.
As a aside, you might ask what use is Fault-on-Read? OpenVMS used this to protect page zero against all reads, writes and executes since many common programming errors involve inadvertent access to address zero. I worked on an early implementation of SAP R3 on OpenVMS. It got lots and lots of faults that angered the developers since other OSes (mostly UNIXes) did not fault. The errors were, of course, valid, but the developers hated having errors pointed out to them thus hated OpenVMS. Ignorance is bliss.
couldn't agree more ... I thought when I read the original article by mcAfee that all they have done is cherry-pick the list of infected IPs to garner the maximum amount of news impact ... could be wrong, but I wouldn't put it past them. And there was no detail regarding what, if anything, was taken by the hackers.