User topics

Article topics

Log in Sign up

Windows Registry-infecting malware has no files, survives reboots

Researchers have detailed a rare form of Windows malware that maintains infection on machines and steals data without installing files. The malware resides in the computer registry only and is therefore not easy to detect. It code reaches machines through a malicious Microsoft Word document before creating a hidden encoded …

COMMENTS

Post your comment

House rules Send corrections

Add to 'My topics'

Page:

1
2
3
Next →

Monday 4th August 2014 08:11 GMT Pascal Monett

"a tool Microsoft uses to hide its source code from being copied"

So, the registry is finally unveiled to be the ultimate tool in the virus writer's arsenal.

Well done, Microsoft. You alone, of all the OS vendors, have thrust this abomination of an excuse on its end users in replacement of the trusty .ini file, and now we get to see it's ultimate defilement.

Maybe we can hope to get back to text file configuration now ? I mean, apart from DRM, copyright enforcement and embedding our OS configuration with endless amounts of hidden keys that can be used for God only knows what, there's nothing the registry does that an .ini file could not do, right ?

So, can we finally declare the registry to be a security liability and get rid of it ?

Nah, won't ever happen.

Good luck with those AV tools !

115 25 Reply
1. This post has been deleted by its author
  1. Monday 4th August 2014 08:43 GMT david 63
    
    Re: "a tool Microsoft uses to hide its source code from being copied"
    
    "Are you seriously suggesting all databases can be replaced with text files?"
    
    No one said that.
    
    But I'm suggesting the registry could. It's a list of parameters. Show me anything that needs relational integrity or any other database type feature.
    
    It's always been a buttpain. It doesn't get cleaned up properly unless you use 3rd party tools so it bloats.
    
    And the fact that running code from it is even allowed is a serious enough flaw that it should be deprecated, locked from further use and left to die.
    
    102 10 Reply
    1. Monday 4th August 2014 09:41 GMT heyrick
      
      Re: "a tool Microsoft uses to hide its source code from being copied"
      
      "It doesn't get cleaned up properly unless you use 3rd party tools so it bloats." - my experience is to just let it bloat. Registry tidying tools seem to break a lot more than they fix.
      
      31 2 Reply
      1. Monday 4th August 2014 12:42 GMT John Tserkezis
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        "Registry tidying tools seem to break a lot more than they fix."
        
        My favorite are the massive speed increases that are claimed.
        
        5 0 Reply
      2. Tuesday 5th August 2014 11:47 GMT JeffyPoooh
        
        "Registry tidying tools seem to break a lot more than they fix."
        
        I've not yet had any problems with CCleaner; perhaps I'm holding it wrong.
        
        It would seem to me that if there's something lurking in the Registry, a utility such as CCleaner would easily find it and fix it. Trivial.
        
        1 3 Reply
        
        Wednesday 6th August 2014 00:04 GMT AlbertH
        
        Re: "Registry tidying tools seem to break a lot more than they fix."
        
        "It would seem to me that if there's something lurking in the Registry, a utility such as CCleaner would easily find it and fix it. Trivial."
        
        Sadly, no. Besides - do you really want the innermost workings of your "Operating System" exposed to third-party software?
        
        0 1 Reply
    2. Monday 4th August 2014 09:55 GMT mikejs
      
      Re: "a tool Microsoft uses to hide its source code from being copied"
      
      "But I'm suggesting the registry could."
      
      Devil's advocate...
      
      The registry has many shortcomings, but the basic idea is sound. Some things that would be difficult or impossible to do with plain files;
      
      * Permissions (read/write/modify) on a per-value basis.
      
      * Ability to push changes to users or machines on a per-value basis without worrying about changing other values by overwriting an entire file, or having to deal with merging changes to an existing file.
      
      * User/machine setting separation, with the user settings able to move with the user between machines as a single, trivially synchronised file.
      
      These are things you miss a great deal when trying to deal with roaming users on non-windows platforms.
      
      18 9 Reply
      1. Monday 4th August 2014 10:03 GMT Anonymous Coward
        
        Re: @mikejs
        
        "The registry has many shortcomings, but the basic idea is sound."
        
        Exactly! The problem is not the idea of a manageable & secureable configuration tool with a proper editor for all applications, it is the cluster-fsck of a system it ended up when it was allowed to become a general dumping ground for all sorts of crap and most of it with UUID type labels.
        
        36 4 Reply
      2. Monday 4th August 2014 10:37 GMT John Robson
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        I'll grant you merge issues - but the user/machine separation is handled just find in *nix world.
        
        /etc contains the machine defaults
        
        Your home dir contains your preferences, which may override the machine defaults
        
        Parameters set at run time override both...
        
        33 2 Reply
      3. Monday 4th August 2014 10:50 GMT Maventi
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        There are some good concepts with the registry but I can't help but find it a bloated mess that's grown fairly organically since Windows 95. It's far from logical, especially when things are buried under layers of obscure UUIDs.
        
        "Ability to push changes to users or machines on a per-value basis without worrying about changing other values by overwriting an entire file, or having to deal with merging changes to an existing file."
        
        Like configuration directories, often found in Debian and its derivatives? These are such a breeze to work with. Text files are particularly brilliant if things go wrong as they don't have to be mounted in order to check them - there's a lot to be said for simplicity sometimes.
        
        "User/machine setting separation, with the user settings able to move with the user between machines as a single, trivially synchronised file."
        
        While not a single file, 'ix home directories do this reasonably well. In most cases I've found it creates much less headache than in Windows (e.g. restoring personal data and configuration on a reinstalled machine), but both are far from perfect. Sure sounds good in theory though!
        
        24 1 Reply
      4. Monday 4th August 2014 15:16 GMT Tom 13
        
        Re: Devil's advocate...
        
        Word had user preference files before Windows was even thought of. They worked amazingly well.
        
        If you truly have roaming users, not only their data but their apps should be sitting on the server. Since the app is sitting on the server, there should be no need to synchronize to the machine.
        
        At the most basic level, permissions are a text file. Obfuscating that fact only increases the typical false sense of security. And in this case it looks like the cure is worse than the disease.
        
        6 1 Reply
      5. Tuesday 5th August 2014 00:28 GMT oldcoder
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        "* Permissions (read/write/modify) on a per-value basis." trivial. UNIX has done that for 40 years.
        
        "* Ability to push changes to users..." also trivial. changing a single value can't alter any other files. And if you put multiple values in a single file then you are idiots. Use LDAP for one. cfengine for another, there are a number of alternatives.
        
        "* User/machine setting separation, with the user settings able to move with the user between machines as a single, trivially synchronised file." Relatively trivial. It has been done on UNIX systems for at least 20 years. NIS originally, LDAP currently. Or if you want cfengine or other tools that are available.
        
        3 2 Reply
        
        Tuesday 5th August 2014 05:46 GMT david 12
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        I'm not sure I'm following you:
        
        >UNIX has done that for 40 years.
        
        Unix has had record locking for 40 years? The database primitives were only on the internal versions of Unix, not on the publicly released versions. Which is why open source used text files instead of databases.
        
        >Use LDAP for one
        
        Your LDAP store has a seperate file for every attribute?
        
        >with the user settings able to move with the user between machines ... relatively trivial
        
        NIS is an effective solution for trivial problems. And 20 years ago, it wasn't even that.
        
        0 2 Reply
      6. Tuesday 5th August 2014 01:04 GMT Denarius
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        @ mikejs
        
        Move user configs ? YP/NIS properly set up could have a fully portable user environment It had some non text config though. Nothing like the thousands of lines of registry that make Windows such a hell to run regedit on. Unfortunately for we config file lovers, commercial unices have fallen in love with the XML database monster. Only a matter of time before linux becomes as bloated and obscure in its config.
        
        1 0 Reply
    3. Monday 4th August 2014 15:11 GMT Tom 13
      
      Re: It doesn't get cleaned up properly...
      
      You almost had that one. In fact, if I could remove the last to periods of the ellipses it would be correct.
      
      Even third party tools don't really clean it up. Like MS, they have no better knowledge of all the crapware out there. They might do a better job than MS does at making informed guesses, but with all the crap that gets laid down in a modern MS installation and the wide dispersal of that crap, you just can't know it all and clean it up. Yes, using one is 9 times more likely to help than hurt, but it still isn't perfect.
      
      2 0 Reply
    4. Tuesday 5th August 2014 13:09 GMT Anonymous Coward
      
      Re: "a tool Microsoft uses to hide its source code from being copied"
      
      Of course yes, the *nix alternative of an endless amount of different config files, in locations of variable consistency, using formatting and structures sometimes similar, sometimes very different to each other, is most definitely the BETTER way to run something as sophisticated as a modern operating system and application stack.
      
      2 3 Reply
      1. Wednesday 6th August 2014 10:31 GMT Maventi
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        "...alternative of an endless amount of different config... ..in locations of variable consistency, using formatting and structures sometimes similar, sometimes very different to each other..."
        
        One could be forgiven for thinking you were describing the Windows registry! I agree that in the various 'nixes that various settings can be inconsistent between applications and such, but I certainly wouldn't be holding up the registry as a shining example of how to do it better. Heck, if it were that good, .Net applications wouldn't be so obsessed with XML files for a start.
        
        0 0 Reply
  2. Monday 4th August 2014 09:25 GMT Anonymous Coward
    
    Re: "a tool Microsoft uses to hide its source code from being copied"
    
    "It's a database. Are you seriously suggesting all databases can be replaced with text files?"
    
    Quite - databases are a far more scalable and sensible way of storing configuration informatino than flat text files.
    
    "But I'm suggesting the registry could."
    
    That would be a massive step backwards.
    
    "And the fact that running code from it is even allowed is a serious enough flaw that it should be deprecated, locked from further use and left to die."
    
    It doesnt run code from the registry. The registry entries are passed to Javascript as a process start up command.
    
    10 43 Reply
    1. Monday 4th August 2014 10:16 GMT Roo
      
      Re: "a tool Microsoft uses to hide its source code from being copied"
      
      "Quite - databases are a far more scalable and sensible way of storing configuration informatino than flat text files."
      
      How is the registry (which looks a lot like a directory tree) more "scalable" than a filesystem ? File systems have been capable of storing petabytes and running at Gigabytes/sec for over 15 years now, surely that should be enough for a bit of config...
      
      FWIW one justification for the registry was that it could provide transactional consistency for the configuration data - which is nice in principle, but in practice I have not noticed a measurable improvement over the file model, YMMV.
      
      "It doesnt run code from the registry. The registry entries are passed to Javascript as a process start up command."
      
      Those two sentences are mutually exclusive.
      
      30 6 Reply
      1. Monday 4th August 2014 11:32 GMT Anonymous Coward
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        "How is the registry (which looks a lot like a directory tree) more "scalable" than a filesystem ? File systems have been capable of storing petabytes and running at Gigabytes/sec for over 15 years now, surely that should be enough for a bit of config...
        
        The would be because the Registry (basically a Btrieve database) can locate and update data many times faster than you can via parsing a flat file - regardless of what file system the text file is stored on.
        
        The scalability advantage is even greater in dsitributed environments - where a single record can be located and updated / changed / added far faster and with less parsing and across mutliple systems than with scanning the contents of flat text files.
        
        There are a number of other scalability and feature advantages such as inbuilt ACLs / Auditing on an per item / key basis, transactional integrity including commit and rollback, etc. etc.
        
        5 13 Reply
        
        Monday 4th August 2014 12:44 GMT Roo
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        "The would be because the Registry (basically a Btrieve database) can locate and update data many times faster than you can via parsing a flat file - regardless of what file system the text file is stored on."
        
        There is nothing stopping people from storing raw binary into a flat file if they wish to.
        
        Some software uses both human readable and binary formats, using tools to convert from the human readable to machine readable format, so the human readable config only has to be parsed once. The parsing can also be done offline so there is no runtime penalty as well...
        
        The *only* time I've found config parsing to be a serious bottleneck/problem is when XML is involved, and again people are free to choose something other than XML (and in my opinion they *should* choose anything but XML :P).
        
        9 1 Reply
        
        Monday 4th August 2014 15:22 GMT Tom 13
        
        Re: faster than you can via parsing a flat file -
        
        The only reason you need the speed of a Btrieve database to update the Registry is because it is a monolithic flat file in the first place. Put the program configuration in text files in the individual program directories where they belong and it's not a problem any more. Yes, Windows would keep a ini file of the installed programs so you'd know where to look for them at install. But the only time the configuration files should be accessed is during install anyway.
        
        9 2 Reply
        
        Tuesday 5th August 2014 00:33 GMT oldcoder
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        Obviously you have never worked with text files.
        
        They are faster than you think. Especially when you realize they only need to be read once by the application. So any minor delay is not worth the problems the registry causes.
        
        4 0 Reply
      2. Monday 4th August 2014 12:33 GMT heyrick
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        "How is the registry (which looks a lot like a directory tree) more "scalable" than a filesystem ?"
        
        LFAU? I wouldn't appreciate losing gigabytes of storage to handle a few tens of megabytes, maybe a hundred megabytes, of configuration data.
        
        0 6 Reply
        
        Monday 4th August 2014 13:28 GMT Roo
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        "LFAU? I wouldn't appreciate losing gigabytes of storage to handle a few tens of megabytes, maybe a hundred megabytes, of configuration data."
        
        It appears that you are asserting that the registry is a good option because file systems are shit at handling small files... There are file systems that pack (multiple) small files into larger allocation units (eg: FFS), so it's technically possible to be space efficient with lots of small files...
        
        Small files have always existed, and they will continue to exist, it's up to you whether you wish to suffer the cost imposed by a vendor's inadequate file system design.
        
        11 1 Reply
        
        Tuesday 5th August 2014 01:41 GMT heyrick
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        "It appears that you are asserting that the registry is a good option because file systems are shit at handling small files..."
        
        Nope, that's your assertion. I'm just trying to imagine what would happen to the file system of a regular Windows PC if it had to deal with its configuration as a billion tiny files instead of the big hulking mess that the registry is. Neither option seems satisfactory, but since Windows is extremely limited in what it understands as a file system, the registry is probably the better option there, for now at least. This doesn't mean it is a good option, and great file systems on other platforms are not particularly relevant if they're on other platforms and not where they're needed...
        
        0 4 Reply
        
        Tuesday 5th August 2014 04:06 GMT DryBones
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        " I'm just trying to imagine what would happen to the file system of a regular Windows PC if it had to deal with its configuration as a billion tiny files instead of the big hulking mess that the registry is."
        
        Hmm. I rather think it'd read the configuration for the program when (if) it loads it up, like any sane person would do. The individual files are a million times smaller than the registry, so it's a doddle.
        
        The Windows Registry is rather like memorizing the entire contents of your library instead of just looking at the table of contents for the book you want when you pick it up.
        
        6 0 Reply
        
        Tuesday 5th August 2014 11:45 GMT Roo
        
        Re: "a tool Microsoft uses to hide its source code from being copied"
        
        "This doesn't mean it is a good option, and great file systems on other platforms are not particularly relevant if they're on other platforms and not where they're needed..."
        
        Interestingly Wikipedia reckons that NTFS currently supports tail-packing like FFS. If MS have done the job properly you won't have to worry about small files munching all your "LFAU"s while you sleep. That's one less excuse for the Registry's existence.
        
        0 0 Reply
    2. Monday 4th August 2014 12:42 GMT Anonymous Bullard
      
      Re: "a tool Microsoft uses to hide its source code from being copied"
      
      databases are a far more scalable and sensible way of storing configuration informatino than flat text files
      
      "scalable"? Are we now writing applications that have over 1 million configuration parameters?
      
      If you think the registry is great, then you're a troll.
      
      19 9 Reply
    3. Monday 4th August 2014 14:27 GMT Mike Pellatt
      
      Re: "a tool Microsoft uses to hide its source code from being copied"
      
      It doesnt run code from the registry. The registry entries are passed to Javascript as a process start up command.
      
      And that's functionally different from "running code from the registry" precisely how ??
      
      9 0 Reply
  3. Monday 4th August 2014 10:56 GMT Steve Todd
    
    Re: "a tool Microsoft uses to hide its source code from being copied" @Def
    
    Microsoft certainly are saying that.
    
    In DOT.NET they brought back an improved version of the INI file in the form of the .CONFIG file. It's an XML file, normally with the same name as the EXE it relates to. You can use them to store public and private configuration data just like the registry, but with less chance of a clash.
    
    4 1 Reply
    1. Monday 4th August 2014 16:51 GMT Anonymous Coward
      
      Re: "a tool Microsoft uses to hide its source code from being copied" @Def
      
      @Steve Todd: "Microsoft certainly are saying that"
      
      How exactly does this work to prevent source code from being copied?
      
      0 0 Reply
    2. Tuesday 5th August 2014 05:32 GMT david 12
      
      Re: "a tool Microsoft uses to hide its source code from being copied" @Def
      
      >In DOT.NET they brought back an improved version of the INI file
      
      Perhaps they might have brought it back, if it had ever gone away. MS continued to use INI files for applications where it made sense: the important thing that changed was that the Windows API that accessed INI files was captured and pointed at the registry.
      
      0 0 Reply
  4. Monday 4th August 2014 17:37 GMT tom dial
    
    Re: "a tool Microsoft uses to hide its source code from being copied"
    
    The relevant question is whether THIS database can be replaced by text files, and the answer is "yes it can."
    
    5 1 Reply
  5. Monday 4th August 2014 18:35 GMT channel extended
    
    Re: "a tool Microsoft uses to hide its source code from being copied"
    
    yes at their base ALL ini databases are text.
    
    0 0 Reply
  6. Monday 4th August 2014 21:53 GMT Scroticus Canis
    
    Re: "It's a database" ¿Que?
    
    The Windose registry is a database? LMFAO. Such great data integrity and resilience. Oh well some people think Access is a db too.
    
    Feeling even more validated as a Fanbooi after this little malware gem.
    
    2 1 Reply
    1. Wednesday 6th August 2014 14:03 GMT Anonymous Coward
      
      Re: "It's a database" ¿Que?
      
      > The Windose registry is a database?
      
      Yes it is. A database is defined as "a structured set of data held in a computer, especially one that is accessible in various ways."
      
      Your .ini files are also databases, so are XML files, most of the stuff under /etc (and their per-user counterparts when applicable), and so on.
      
      I have no idea what a "Fanbooi" is, but if you use a computer system of any description, your user preferences and configuration data will be stored in a structured way, i.e., in a database of some type or another.
      
      0 1 Reply
  7. Tuesday 5th August 2014 00:22 GMT oldcoder
    
    Re: "a tool Microsoft uses to hide its source code from being copied"
    
    Not a very good database...
    
    And according to all the XML enthusiasts, yes it could be replaced with text files.
    
    and based on the fact that it is a key->value database, YES it could be replaced. If nothing else,a directory using a file name for a key and the contents of the file for the value.
    
    Oh right - just like UNIX systems have used for 40 years.
    
    9 0 Reply
  8. This post has been deleted by its author
  9. Tuesday 5th August 2014 11:44 GMT JeffyPoooh
    
    Re: "a tool Microsoft uses to hide its source code from being copied"
    
    Data is data. There's nothing magical about "data bases". Back in the day, we wrote our own more-advanced data structures using simpler elements provided by whatever language you might be using. It should be trivial to write a utility to convert a database into a text file and back again. This is Data Structures 101, very basic.
    
    1 0 Reply
2. Monday 4th August 2014 08:29 GMT lansalot
  
  Re: "a tool Microsoft uses to hide its source code from being copied"
  
  For those that missed it in the article....
  
  "To prevent attacks like this, anti-virus solutions have to either catch the initial Word document before it is executed (if there is one), preferably before it reached the customer's email inbox."
  
  9 0 Reply
  1. Monday 4th August 2014 09:26 GMT Anonymous Coward
    
    Re: "a tool Microsoft uses to hide its source code from being copied"
    
    ""To prevent attacks like this, anti-virus solutions have to either catch the initial Word document before it is executed (if there is one), preferably before it reached the customer's email inbox.""
    
    Or scan the Registry - which many AV tools can do anyway.
    
    7 9 Reply
    1. Tuesday 5th August 2014 23:46 GMT AlbertH
      
      Re: "a tool Microsoft uses to hide its source code from being copied"
      
      Or scan the Registry - which many AV tools can do anyway.
      
      Errrr.... No. There is deliberate obsfuscation in the Registry in an effort to conceal some of the inner workings of this sorry excuse for an Operating System. There are no AV Tools that can decrypt the Registry to a sufficient extent to be able to find (and eliminate) the malicious code. Furthermore - who'd want some AV software altering the contents of the most vulnerable parts of the "Operating System"?
      
      Incidentally, this isn't really new - there was credit-card detail stealing software that was hiding itself in the Windows 98 Registry. It was just kept quiet because it showed just how useless the AV Software actually is.....
      
      1 2 Reply
  2. Monday 4th August 2014 13:58 GMT MrDamage
    
    For those that missed it in the article....
    
    While it is true that an AV solution should catch the infected file before it executes it's payload, the questions that need to be asked are;
    
    "Why does Microsoft still insist on the failed concept of security through obscurity?"
    
    "Why the fuck is it possible for a word processing document to reach that deeply into the registry and affect those changes?"
    
    21 0 Reply
    1. Monday 4th August 2014 20:28 GMT Ken Hagan
      
      Re: For those that missed it in the article....
      
      "Why the fuck is it possible for a word processing document to reach that deeply into the registry and affect those changes?"
      
      Because the luser in question has loaded that document from their admin account, like everything else that they do. Sane Windows users will probably find that they are immune because the malware authors didn't bother to include a privilege escalation attack in the WORD payload.
      
      3 1 Reply
  3. Monday 4th August 2014 20:17 GMT Ken Hagan
    
    Re: "a tool Microsoft uses to hide its source code from being copied"
    
    Yeah, dunno what the blazes the reference to source code was for and it seems pretty obvious to me that an AV tool could scan the registry as easily as the file system, but why let obvious facts stand in the way of a good piece of scaremongering.
    
    AV tools have been lagging actual malware for ages now. The AV business is a giant scam. Windows is pretty secure if you aren't a dick and use the same account protections that UNIX users have practised for decades.
    
    Oh, and I gather there's a film at 11.
    
    2 1 Reply
3. Monday 4th August 2014 10:27 GMT Steve Graham
  
  Re: "a tool Microsoft uses to hide its source code from being copied"
  
  Not "alone", really. For example, the Gnome infrastructure in Linux is based on a binary "registry" which needs specific tools to access it.
  
  I think human-readable configuration files (even XML) are always a better and more resilient approach.
  
  20 3 Reply
  1. Monday 4th August 2014 11:34 GMT Anonymous Coward
    
    Re: "a tool Microsoft uses to hide its source code from being copied"
    
    I think human-readable configuration files (even XML) are always a better and more resilient approach.
    
    Certainly flat text files are LESS resilent than a database with transaction logging and commit / rollback like the Registry. Better in that they can be sometimes human readable maybe. Inferior in pretty much any other respect.
    
    1 13 Reply
    1. Monday 4th August 2014 20:25 GMT Ken Hagan
      
      Re: "a tool Microsoft uses to hide its source code from being copied"
      
      "Certainly flat text files are LESS resilent than a database with transaction logging and commit / rollback like the Registry. Better in that they can be sometimes human readable maybe. Inferior in pretty much any other respect."
      
      /etc on UNIX systems is often kept under some kind of revision control system.
      
      A similar system could be written for the registry, but I'm not aware of one.
      
      Registry hives can be mounted on other systems if you want to read or recover them offline.
      
      The registry's pre-parsed content is more efficient than plain text, but harder to include comments.
      
      But GUIDs everywhere are just plain evil.
      
      6 0 Reply

Page:

1
2
3
Next →

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Other stories you might like

Tough luck, bosses, AI is coming for your job, too

Algorithms as PHBs – who wouldn't want that?

AI + ML 5 Apr 2024 | 38

US House approves FISA renewal – warrantless surveillance and all

Infosec in brief PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more

Security 15 Apr 2024 | 11

Boffins deem Google DeepMind's material discoveries rather shallow

Web titan rejects criticisms, insists AI-found compounds are legit

AI + ML 11 Apr 2024 | 21

Head of Israeli cyber spy unit exposed ... by his own privacy mistake

Infosec in brief Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns

Security 8 Apr 2024 | 19

It's 2024 and Intel silicon is still haunted by data-spilling Spectre

Go, go InSpectre Gadget

Research 10 Apr 2024 | 23

MIT breakthrough means there's no material too weird for 3D printing

Thanks to sensors and math, machines can 'learn' to adapt to new mediums

OSes 15 Apr 2024 | 18

96% of US hospital websites share visitor info with Meta, Google, data brokers

Could have been worse – last time researchers checked it was 98.6%

Research 11 Apr 2024 | 13

CHIPS Act hangover sees most US science agency budgets cut for 2024

2025 unlikely to see more money flow as Congress turns off the tap

Public Sector 10 Apr 2024 | 16

ZenHammer comes down on AMD Zen 2 and 3 systems

Updated Boffins demonstrate Rowhammer memory meddling on AMD DDR4 hardware

Software 25 Mar 2024 | 9

Microsoft confirms memory leak in March Windows Server security update

Infosec in brief ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns

Security 25 Mar 2024 | 11

Truck-to-truck worm could infect – and disrupt – entire US commercial fleet

The device that makes it possible is required in all American big rigs, and has poor security

Security 22 Mar 2024 | 74

ChatGPT side-channel attack has easy fix: Token obfuscation

Infosec in brief Also: Roblox-themed infostealer on the prowl, telco insider pleads guilty to swapping SIMs, and some crit vulns

Security 18 Mar 2024 | 2

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2024