back to article NSA code backported, crims cuffed, leaky AWS S3 buckets, and more

Here's a roundup of this week's security news, beyond what we've already covered, to kickstart your weekend. You dirty RAT Scumbags could, once upon a time, buy a remote access trojan called Luminosity Link for about $40, and get a piece of malware that, when installed on victims' PCs, would spy on their activities, disable …

Anonymous Coward

I'm Guessing...

“The sale and deployment of this hacking tool were uncovered following a single arrest and the subsequent forensic examination of the computer," said Detective Inspector Ed Heath, head of the UK's South West Regional Cyber Crime Unit.

South West? I'm guessing Marcus Hutchins.

We seem to be hanging him out to dry for everything else, it's what happens when you make those in Government look even more stupid than they already are.

5
0
Silver badge

Crime and unniceness: Totally mainstream

But why are Shutterstock images so bad?

0
0
Silver badge

Re: Crime and unniceness: Totally mainstream

I won't have a word said against Shutterstock.

3
0
Anonymous Coward

Re: Crime and unniceness: Totally mainstream

My favourite had to be the ink-dealer:

https://pbs.twimg.com/media/DIEZ5R8WAAAqyiV.jpg

2
0
Black Helicopters

Pentration testing vs "espionage"

So why aren't the US authorities pursuing Upguard with the same enthusiasm that they pursued McKinnon and Love?

Find weaknesses, get sample data to prove the point and embarrass the data owners into fixing things - without malice. Apart from the target (state vs. commercial), is there really any difference?

9
0
Anonymous Coward

Re: Pentration testing vs "espionage"

...because they will be 'donating' to the US government.

1
0
Terminator

Re: Pentration testing vs "espionage"

> So why aren't the US authorities pursuing Upguard

Step on a dog's toe, and it will run away howling. Step on a bear's toe, and it will rip your face off...

A small company usually can't afford to blindly lash out, and they might even be grateful they only got caught by some marauding pen tester instead of some greedy and unforgiving criminal.

Governments on the other hand are arrogant, and have a policy of not tolerating contrariness of any kind: "If you're not with us you're against us, and if you're against us we'll crush you".

7
0
Silver badge

Re: Pentration testing vs "espionage"

Step on a dog's toe, and it will run away howling

Depends very much on the dog and what it has to protect..

0
0
Silver badge

"... we at El Reg never provide positive coverage in exchange for freebies."

Heck, you'll even post negative coverages for free!

Of course a pint or six does help the conversational ebb and flow...

8
0
Silver badge

Re: "... we at El Reg never provide positive coverage in exchange for freebies."

Except with Apple. For some reason it doesn't work with Apple.

7
0
Silver badge

Re: "... we at El Reg never provide positive coverage in exchange for freebies."

I take it you missed Dabbsy's review of the iPhone X.

4
0
Silver badge
Facepalm

Voting rolls computers hacked by Putin and his pals

"Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, said that he Russians had actually got into voting rolls computers before the 2016 election."

What's 'voting rolls computers' doing connected to the Internet that can be so easily hacked. Manfra should thank Putins pals for pointing this out.

5
0
Anonymous Coward

Re: Voting rolls computers hacked by Putin and his pals

Not sure they are connected to the Internet (I could be wrong...)

However, they are sufficiently insecure as to allow walk up “voters” to mess with them.

I know it ruins the ‘evil nasty hackers in foreign countries messing with US elections” but ithe flaws have only been known about for 20-odd years...

0
0
Silver badge

Re: Voting rolls computers hacked by Putin and his pals

"Voting rolls computers" and electronic voting machines are entirely different things. The first maintains records of who is eligible to vote, their address, ward and precinct, usually their declared political party affiliation (if any) and often records of their participation in prior elections; these systems do not have a record of anyone's election choices. This generally is public record information and is used to prepare listings for use in conducting elections. The systems often are connected to the internet both to facilitate making the public records available and sometimes for use in validating voter identification at election locations.

The second are machines used to record votes, anonymously, usually with large touch screens and headsets for use by visually impaired voters. They usually, maybe always, are not connected to the internet or any other communication facility. Typically, all their openings are locked during election operation and usually covered by a plastic or paper seals that cannot be removed without destroying them, as hacking normally would require. Other, fairly extensive manual controls also act to make hacking difficult. These machines are imperfect, and arguably should be discarded in favor of old fashioned paper ballots marked the voters using a hand held writing instrument. They are, however, rather more secure and tamper proof than many reports would suggest.

0
0
Silver badge

Russians had actually got into voting rolls computers before the 2016 election

Two points.

First, somewhere between most and nearly all* voter registration information maintained by US states is publicly available to political parties, candidates, and others for a copying fee. The most important question is whether the hackers gained power to change any of the information, which could have disrupted voting activity to some degree by either allowing illegal voting or preventing legal voting. Either would be bad, but apparently no such alteration occurred.

Second, there is little, if anything here that was not reported a year or more ago. My recollection at the time was that a number of states discounted, pushed back, or ignored DHS notifications given them before the election. Indeed, the NBC News article linked here refers back to an NBC News report in September, 2016. DHS pushed back before Obama left office and declared election management to be critical infrastructure - and some states continued to resist US government intervention aimed at preventing foreign government intervention. It is not clear why this is news again now ecept that some of the states may well have done little and there is another electon less than a year off.

* Election operations are a state government function. What is collected, maintained, and publicly available about voters varies by state.

2
1
Anonymous Coward

Meh

Hilariously so many people are defending Microsoft Windows 10 going no it's not spying on everything you do... Just wait till they roll it out across all branches of Government where it's used exclusively.

Then try a search for Destroy Windows 10 Spying, That's where all those Open Source Guru's and Programmers hang out to share code. Then once you've downloaded DWS Lite.exe and clicked it, you tell me what its doing and disabling? Scotch mist is it?

So sick and tired of reading Biased articles defending a company that has even been found to be lying again and again about it's own engineers back-dooring and weakening it's own product and yes I draw that tid bit of information from FACT not Fiction. I've had the pleasure of reading the Nunes Memo and the Fusion GPS dossier both of which are available online for free. In the Memo released to congress it highlights that it was Seth Rich who hacked the DNC with a USB stick, OMG not RUSSIA!

Then he was assassinated by the CIA and an MS13 criminal hit team and Russia was Blamed very publicly on Purpose to sway public opinion in favor of the American security services.

Anyone with half a brain can instantly tell it's all garbage, in order to hack the DNC you would have to identify the internal intranet IP address from the billions in the online world, something that regretfully any programmer will inform you is physically impossible.

Whats next, more mass killings and mass shootings to sway public opinion that your Law Enforcement professionals need more power and are not the corrupt criminals we all know them to be?

1
0
Silver badge
Facepalm

Remote access scumbag trojan called luminosity

"Scumbags could, once upon a time, buy a .. piece of malware that, when installed on victims' PCs, would spy on their activities"

Entrepreneurs could, once upon a time, buy a .. piece of malware that, when installed on Windows PCs, would spy on their activities ..

1
0
Anonymous Coward

Re: Remote access scumbag trojan called luminosity

Shouldn't that read Scumbags could, once upon a time, buy a product called "Windows" with back-doored encryption called Heartbleed with weakened and back-doored Bit-Locker encryption and a Key-Logger like access to record all you key strokes until loads of Open Source programmers stepped into the Fray screaming, "an just what the hell do you think your doing?"

We all knew the death of "Microsoft" was going to be Messy and it is, its terribly ugly & messy!"

On the one hand you've got a product that's free and cares about your privacy and on the other we've got Microsoft & Android, that don't seem to give a crap about either unless it's punctuated with lots of $CASH$

0
0
Anonymous Coward

The Open Hilarity

People kicking off about apples Open Boot Firmware being Openly distributed - Apple takes the majority of its product source code from Open Source - 95% of it's code base comes from Open Source so no reason for Alarm there.

Microsoft where the Outfit that Punched OpenSSL full of holes for and on behalf of the FBI when they served the maintainers with a DND - "do not disclose" Microsoft is the outfit openly putting spyware in your machine - proclaiming it doesn't do that!

Redhat implanting System-D in every Linux distribution with half the Open Source programmers around the world refusing to touch it!

Android - is just an extension of Microsoft inside Open Source in the most invasive and abusive way imaginable.

ANSI-C is the "American National Standards Institute" of C written by Brian Kernigan and Dennis Ritchie, are these guys openly accusing Dennis Ritchie and Brian Kernighan of being Kremlin Spies because they kicked back when they tried to backdoor the C library and plant a bug in the ASN.1 Compiler telling the Spooks to go do one?

The Intel CEO - caught with implanting a backdoor in his own chips with vCore and vPro then selling off all his stock options because he wanted to buy a faster Boat?

You couldn't make half this stuff up, but reading about it is surreal....

The real criminal here is Microsoft, not apple, not google, but Microsoft, they're sitting there going "oh that CEIP - Customer Experience Improvement Program, yeah that's a bit invasive we're getting rid of it next Developers update!" trying to placate everybody - They're not doing it out of the kindness of there heart I can assure you.. They're doing it because in March the EU Law comes into effect forbidding them from doing it in the first place. Looking forwards to reading all about that when it comes into effect and looking forwards to watching more of these guys go to Jail where they bloody well belong.

0
0

check images...

Oh... you meant cheque. :)

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018