2199 posts • joined Monday 31st May 2010 16:59 GMT
Re: privilege escalation?!
I wish I had a definative answer for you. I am 98% certain the initial attack was delivered through java in the browser to a non-administrative user. Then what? What does it execute? Is it using a java-native escalation, or some other exploit? How the hell did that bit of fail break out of its sandbox?
Then it ate itself. To me, this is the biggest indication that there was an unknown zero-day being used. The author of that malware did not want to initial payload to be examined by security companies. There are holes in the logs; I only even know that Jars appeared and dissapeared because I had a completely separate app on debug for a completely different reason. (Trying to debug something inovlving Office 365.) It caught the logs thrown by MSE before it was anhiliated (and all of it's logs, browser history etc) with it.
Something crawled in through Java. Then it ate itself, the anti-virus packages, the logs and installed new friends. The user was not running as admin. So I don't really care if it used a native flaw in Java to escalate privs enough to do that, or if it cascaded other flaws once the userspace code had been delivered. Java was the initial vecotr, and windows cracked like an egg after that.
Re: "have no idea what the initial vector was"
The user was not runnign as admin. Their antivirus was up to date. Their browsers were up to date. Their browser extentions were minimalistic. Jars showed up and then dissapeared; shortly thereafter the system was pwned.
If you have a different attack vector for that, I am all ears.
Re: ...for those running as root
sudo passwd root
Enter a pssword
Now you can log in to the GUI. What's so hard about that?
Re: ...for those running as root
Set a root password. Then you can log into the GUI as root.
Re: @ Trevor_Pott
If you are calling me a Linux fanboy, I'm going to ask you to back that statement up with some sort of evidence. For the record, these are the following things I am a "fanboy" of (in rough order):
1) My wife, close friends and selected coworkers.
2) Ninite.com (Just. Frakking. Works.)
3) Cyanogenmod (My phone. MINE.)
4) A significant chunk of The Register's writers, current and departed (I miss Sarah.)
5) Ars Technica's Nobel Intent (Science, bitches!)
6) Evidence-based legislation (Science, bitches!)
7) Mars Rovers (Science, bitches!)
8) Intel networking (Just. Frakking. Works.)
9) Jose Barreto (Awesome guy working for Microsoft's storage team.)
10) Classic Shell (I want my goddamned up button back!)
My definition of "fanboy" means I give those individuals, people, products and concepts on this list "the benefit of the doubt." It means I will accept at face value what is presented. I will trust what they have to say without the need for significant deep dives; this trust has been earned over time.
By nature however, I am a cynical person. I do the research, I question everything. So if you are suggesting that "Linux is the most compromised X on the planet" and that "anyone who believes otherwise is a Linux fanboy," I am going to call you on it. That goes against every scrap of evidence I have; prove your accusation.
Linux is not the most compromised webserver, despite being the most dominant. Various web APPLICATIONS (frequently, but not exclusively run on Linux) are vulnerable as hell...but these web apps lead to compromise on Windows as well as Linux. The actual underlying technology is significantly less assailable than the competition; shocking considering the many issues surrounding Linux governance and implementation.
So...prove it. Prove that Windows is "more secure" for the same tasks running the same apps. Especially when both are properly configured and hardened for a production environment. Prove also that those who disagree are "Linux fanboys," instead of people who have different - possibly more accurate - information than you are working from.
...you can prove that, can't you?
I remember something about that. ;)
Re: The only use for java these days
Disables fine in Chrome and Firefox. Even when "disabled" in IE, the thing still can be called. How that works, well...comments, Microsoft? I'd love to hear the explanation.
Re: ...for those running as root
Do you have any idea how many Ubuntu users I catch runnign as root? It gives me a sad.
Given the complex web of how things are run in Windows, who knows what happened to allow infection? The user running this was not an administrator on the local PC. How then did this get the kinds of privs nessecary to install a rootkit? Browser glitch? Did it pop up a "run escalated" box? (Users says no, but...they're a user...)
I have no idea how something crawling through Java could install a rootkit on a non-administrative user. And yet, it did. So is this something that uses multiple vulnerabilities in multiple products, or is there a whole new zero-day at work here that we just don't know about?
I'm open to thoughts on this.
Re: even Microsoft Security Essentials can find and kill most variants
Try it in practice. You'll sing a different tune. MSE cannot kill a single rootkit under active development. It can eliminate very old rootkits. Anything actively maintained will go through MSE like a hot knife through butter. It won't even see them, let alone be able to defang them.
FFS man, don't come in here and spread propaganda; we're actually trying to help people cope with real world issues here. This is not the time or the place for you pro Microsoft crap; especially when so much of it is half truths wrapped in outright lies. The lack of context in everything you’ve ever written in the comments section of The Register is appalling.
Please astroturf elsewhere.
Re: Lets not just blame java here
Richto; who is paying you and how much? The amount of utterly bullshit FUD you spread about Linux is amazing. Honestly though, which company foots the bill? I'm really curious.
Re: even Microsoft Security Essentials can find and kill most variants
Oh? Do tell. It is an actively versioned bit of malware, so it is a moving target for everyone. But in my experience, is MSE can kill it, it isn't all that relevant. MSE cannot however kill rootkits like Zeroaccess. They are a threat.
Sirefef will be isolated by and contained by MSE unless we're talking about the very latest greatest variant. It won't get a chance to download buddies. Unfortunately, whatever the primary vector was murdered MSE before installing Sirefef.
Nope. I blame Java for lettine the bastard in the door and giving it escalted privs on an account not running as administrator. The facr that once in, the sattelite infections played merry hob with a Windows system is just par for the course. Protect the edges if you know that the center is soft and chewy. Nothing I can do about windows; but I can uninstall the inefection vector...Java.
Re: The only use for java these days
Um...what? OSX is actively under attack using these vulns...as is Ubuntu for those running as root...
How many PCs do you know of that you buy at the local electronics store come preconfigured for PXE boot? Not a large enterprise; systems are not configured for image-based dissemination. Main office has only 11 people! Everything is on the other end of wet-noodle VPN. Nah; these folks use Best-Buy specials and the previous admin left such a mess that two months later I'm still picking up pieces.
At this point, it wouldn't be an "image" either. It would be a clean install. And there is a lot of CFO-only software to get off that thing...
The user was not a member of the administrators group on the local PC; unless one of the infections in question altered permissions post-infection...
Re: What we have here is a serious lack of comprehension...
Up to date Java...that's the thing...
Re: 12 steps
If only it were that simple, and the people who pay money for things didn't have say in their own environments...eh?
Re: At least there's the day rate.
This is the first thing in years I've seen simply waltz right on by MSE. It was actually Avast that caught the initial one. (Befor it was crippled, and MSE annihilated.)
Re: Why blame Java at all?
I can know the attack vector without knowing the name of the attacker. I don't have a clue what the initial Bad Thing was. I do know they were malicious. Jar files that set off the alarms. The browsers were up to date. No flash was installed. Moments after detection, the jars dissapeared. So did Microsoft Security Essentials, Avast and a large chunk of all thee browser histories. It looked to me like someone using a java exploit that didn't want a security researcher decompiling the attack vector.
I crawled all over the thing for three days. I was hoping for an awesome new browser zero day. Alas, "Java is still broken" is not much of a story. But I was able to get the "this is how you fix it" info out to people, in case they got hit. That was really my goal.
Not all of us are so lucky as to have full imaging gear and pre-vetted application stacks. This is a new client of mine; small, most IT descisions still taken directly by CEO, call for help as they need it. Remote cleaning was a priority. If it happened to me, it might happen to someone else in a similar position; worth the time then to write up.
Agreed; that's a next-week project; for when I have physical access. For right now, this works over Teamviewer, and everything I can throw at it comes back clean.
Reading comprehension fail.
"Hating or loving a logical construction such as a programming language is irrational, illogical and otherwise nonsensical. As a human being with an emotional reaction to the world around me, it is increasingly unavoidable."
"It is possible to code Java applications that are excellent. The ubiquity of the language as a primary educational tool has unfortunately made these the exception rather than the rule. So I hate Java; not because there's anything inherently wrong with the language, but because of a decade's worth of people who still haven't figured out how to use it as designed."
Like so many others, you have completely failed to actually read the article. I explicitly state that technology is a logical construct for which it is irrational to "hate." I also explicitly state that java [i]can[/i] be used for good. I also – the article is right there, go read for yourself – explicitly state that my negative reaction to java is an irrational emotional reaction brought about by the totality of the extended universe of issues that surround it.
The article is not about “how terrible Java is.” Java is a tool. The article is about how “horrible abuse of this tool by our entire industry has meant that it is a significantly larger frustration – and even liability, from a security perspective! – than the marginal benefits it provides.
Bonus points for skimming through so fast that you assume the only Java I ever coded was the crap I had to do in my first year of university. The anecdote explains why I left university seeking something better. Is followed up immediately thereafter by a description of how that was a bad plan and I ended up developing applications anyways. Those applications include Java, which I am still forced to use to this day.
Perhaps you need to detach your personal sense of self worth form the language you program in. There is no need for a tribal reaction; criticism of Java) or the wider Java ecosystem) is not criticism of you. If the sub editor’s title, or the opening sentence of the article [i]which is immediately followed by an open admission of trolling commenttards for fun[/i] sets you up emotionally to skim through an article with a blinding rage, there are problems. If you skim so you can quickly get to the comments section and core dump some hatred, there are all sorts of questions about how you define yourself personally and professionally that need to be asked.
If you cannot acknowledge the issues surrounding your choice of language, why should anyone trust you as a developer? You need to know about – and acknowledge – the problems before you can adapt to and overcome them. Tribalism regarding technology is an indication of inadequate understanding of the role of that technology.
Re: Thank you for this.
The problem isn't the hammer. The problem is that we told an entire generation "all you need is a hammer" and they actually believed it. Now ****ing everything has hammer marks where other tools should have gone, and nothing quite works the way it should.
Re: Goodbye mouse button
My experience with the client in question says that right clicking on nearly every element in the UI works just fine.
I didn't want to be a "sysadmin" myself. I wanted to "make comptuers talk to eachother, and get them to do things in a coordinated fashion." (I later discovered that what I wanted to do with build beowulf clusters; sadly, I do not build beowulf clusters for a living.)
The rest just sort of...happened...
Not despising corporations is hard for me. There is an innate distrust that I hold against people who are financially motivate to screw me over and take all my money.
That said, I have an SII, a Samsung Netbook and who only knows what else from them...
I never said Python was the best; I lack the diversity of experience to reliably choose a "best" language. Of the dozen or so that I, personally code in - including Java - Python is the one I enjoy coding in. Mostly because I enjoy the diversity of use cases for the code. It compiles - so I don't need an interpreter - and yet I can also use it as web scripts, shell scripts, etc.
It is a simple language that is easy to learn, code in a maintainable fashion and addresses all of the use cases I run across on a regular basis.
It isn't "the best," but it is my favourite.
"You will spend you life coding scripts and apps in two dozen languages, but also dealing with whinging users" is not how anyone sells the career of systems administration. Why would a fresh-out-of-high-school kid with no experience in systems administration know that beforehand? After all, it's derided as "digital janitors" and nothing more. Taking care of hardware and operating systems. "Simple, easy, unworthy of real effort." Sounded fun to an 18 year old; make money during the day, do real work as a hobby!
Re: "Java was my first experience of object-oriented programming"
You poor bastard!
Re: Your argument's flaw
Don't think "staying on at University" solves this; plenty of folks don't include the VM binaries with the application, still use applets or otherwise commit unpardonable sins. When I have to ship working Java code, these are not sins I commit...and I didn't finish University. It isn't the education; it's the asshat behind the keyboard.
Them folks with them fancy duh-grees still can't code for shit. The ability to pay attention to security, usability, lifecycle and maintenance isn't something that is easily taught. It's wrapped up in the deeper neuroses of "being able to think about people other than oneself." If you can't tear yourself away from the mitror for a moment, you never get time to think about the poor bastards that have to use your code.
Java amplifies douchebagitis because it's a secruity nightmare wrapped in a versioning problem.
I can code in Java just fine, thank you. I never did get the chance to stop doing so. Next?
Re: I beg to differ
I need to don some passive aggressive here.
To all the whigners bellyaching about my tearing the language up, how many of you read past the first sentance? Did I or did I not explain that hating a logical construct such as a language is irrational, that I recognise this, but hate the damned thing anyways? It is supposed to demonstrate that association of something inanimate or conceptual with a group of people you dislike can in fact cause the irrational response of hating the inanimate object (or concept.)
Which is a metaphor for every IT flamewar ever.
And I do hate Java. Not because the language is shite - it isn't...it's a language FFS - but because the end result of "Java" has been nothing but pain for over a decade. So instead of taking away "zomfgwtf he insulted the sacred!!!!", maybe folks should focuse on why I chose to do so. The lesson to be learned lies therein. :)
Re: Thank you for this.
Mama said "one idea per article." And the answer is Python.
Samsung is growing on me. As a company, I find them less offensive than some...and increasingly I find myself buying their widgets. Then they go ahead and do something like this.
Well, I'll be.
MIght there be a consumer electronics company worth not actively despising after all?
I am tempted to downvote you on principle. Your post implies that Oracle has in the past cared about Java or its user base. Or for that matter that Oracle may have at some point during its existance cared about the user base of any of its technologies.
I have yet to be exposed to evidence of this. Even third or fourth hand. Does anyone know a guy who knew a guy that Oracle cared about? Anyone?
Re: Careful with your evolution mumbo jumbo.
Actually, you'd be completely wrong. All extant members of homo sapiens sapiens (the only subspecies of the only remaining species (homo sapiens) from genus homo) can trace their lineage to mitochondrial eve and y chromosome adam.
Mitochondrial eve - contrary to the biblical reference in her name - was not the only woman of her time. She was however the most "fit:" all extant humans are her descendants; no lineages survived from any of her contemporaries. Similarly, Y chromosome Adam - far from the only man of his day - was simply the most fit. Adam lived about 142,000 years ago, and we are all his descendants.
It is generally considered that this occurred before the “out of Africa” migration. Once out of Africa both European and Asian Cro Magnons interbred with other hominids. Europeans with Neanderthals and Asians with both Neanderthals and Denisovans. There is no evidence of gene transfer between Neanderthals or Denisovans to the Cro Magnons living in Africa at the time. (Though with modern intermixing this is becoming less and less relevant.)
So there are exceptionally small genetic deviations between the three primary populations of humans based on horizontal gene transfer between the three extant human subspecies shortly after the “out of Africa” migration, however it did not affect either our mitochondrial or Y chromosome lineages. (Which is to say, the genes are pretty dilute in today’s populations!)
You can always attempt to prove that you are a separate species. Go to https://www.23andme.com/ and get your DNA sequenced. If you are a separate subspecies (or if your mitochondrial DNA or Y chromosome differs from the rest of humanity) then I promise you, the geneticists will be all over you like white on rice. Until then, suppositions of subspeciation within humanity have no basis in fact. They are as erroneous as the bullshit Aryan race theories espoused by certain madmen, and potentially as dangerous.
There is simply no evidence whatsoever to support subspeciation within the only extant lineage of humans.
Re: Careful with your evolution mumbo jumbo.
Since all of genus homo is classified as hominidae (great apes), then it stands to reason that all of our antecedents up to (and perhaps slightly predating) the last common ancestor would also be considered “apes”.
All hominidae (including all members of genus homo) share certain physiological traits in common that differentiate us from other primates (and lemurs, to whom we are also closely related.) Homo is most closely related to pan (chimps and bonobos,) with gorilla and pongo (orangutans) rounding out the extant species.
Now, if you wanted to get into a debate about the inclusion of hylobatidae (gibbons) in “apes” then you are some good company. The current consensus is that “great apes” be restricted to true hominids; a distinction which excludes hylobatidae.
So yes, we did in fact evolve from apes. Which makes perfect sense, considering that genus homo are in fact still quite definitively apes.
But “we evolved from monkeys” is a trickier one. Where do you draw the line on “monkeys?” Simiiformes (which would be where you’d find the last common ancestor of all monkeys and apes) breaks down into platyrrhini (new world monkeys) and catarrhini. Catarrhini contains both cercopithecoidea (old world monkeys) and hominoidea (apes).
Although it is common to group all monkeys together as if they were a homogenous genetic lineage, there are in fact two very distinct groups. Catarrhini are as differentiated from platyrrhini as platyrrhini are from lemurs. Indeed: new world monkeys show a remarkable genetic differentiation, giving rise to several major families; something that neither catarrhini nor homonoidea seems to have managed.
But we are apes. There isn’t a lot of wiggle room here. We just haven’t diversified enough to be something “special, unique and different” yet. We area a separate species, but not yet a separate family, let alone superfamily!
So I’d ditch the whole “evolved from monkeys” thing altogether. “Monkeys” is meaningless. But you’ll not escape that we evolved from apes. My dad was an ape. So was yours. I’m an ape sir, and you are too.
Re: Choose conferences or events with real techies.
Sage advice. On my junket I was lucky to meet with the actual techies. My understanding is that both VMWorld and Build are like this. I wonder which others qualify?
Re: remind me what "freedom of speech" is
As a matter of fact, it is a world ideal. Defined in the United Nations Declaration of Human Rights. Signed by the overwhelming majority of nations in the world, it defines your rights as a human being, regardless of the government you live under. These are fundamental rights that are innate to being human, not rights "granted" by a government.
It is our duty as citizens the world over to uphold and defend these rights. It is through our collective defense of these rights against all who would attempt to suppress them – governments, corporations and individuals – that we as a species give these rights their meaning.
This isn’t a “Utopian Ideal.” This is the legacy – and duty – passed onto us by our forefathers. If we wish to remain free, to free others and to see our descendants enjoy freedom then we must indeed remain eternally vigilant. The rule of governments – and their laws, lawmakers and so forth – are granted by the governed. The rights outlined in the UDHR belong to every human being, no matter what any tin pot dictator – elected or not – chooses to say on the matter.
I am willing to die, if necessary, defending the above. What kind of person are you – how self important and entitled must you be – that you would not be? What must you believe that you would tell someone – anyone – that they are aught but chattle, granted rights as a whim, to be retracted just as effortlessly?
If that is what you truly espouse sir, then I think you are a terrible human being who is actively engaged in attempts to undermine one of the only great things our species has ever achieved…even if you are only doing through speech.
As a fundamental human right, however, I would still defend your right to air your opinion. No matter how contemptible I believe it to be.
Re: .reg, .vulture, .lohan
$185,000 across 6.6 million readers is ~$0.028 per reader.
So where's the kickstarter for .reg?
Re: This is not an article...
As the article says, *I* bought the beer. I am not a shill...but I am unreservedly, unashamedly a Ninite fanboy. I hate most software. I am getting to the point of hating computers in general. I distrust corporations - the larger they are, the more cynicism is triggered - and I am beginning to believe that almost everone in tech has an angle.
But I like Ninite. It is simple. It does what it says on the tin. It saves me time. If you - or the rest of the vicious interbitts waaambulance community - has some sort of problem with that...cope.
Every now and again, something is actually A Good Thing in tech.
Re: Trevor, would a new pair of
Adding a little bit of hardware to compensate for defects in the sensory apparatus can make the system more accurate. Unfortunately both the sensor design and the underlying system can only be corrected for so much.
"MED-V is designed to only serve as a temporary solution for remediation. The end game should be the modernization or replacement of the application(s) in question."
The question I have is this: if I have to buy replacement software - or recode the software I have - why would or should the replacement software be locked into the Microsoft ecosystem one more time? If I must do this - because Microsoft are withdrawing support for the platform I use - then why wouldn't I simply invest my money in standards-compliant software? HTML 5, JAVA or so forth?
If it must be a native app, why not code it for Linux? That way I can deliver as an "App-V" style X11 solution to any desktop I want (using any client operating system I want) without lock-in or licensing issues.
In sort: if you force us out of the locked-down ecosystem you yourself created, who among us should be mad enough to lock ourselves in to the garden one more time?
Honestly curious how that logic works...