Re: Cybercriminals and open source exploit code
Ask yourself if any of your devices, beit an addon graphics card, HD, bios/uefi, can have its firmware updated?
If it can, then ask yourself if the typical default option in UEFI to allow virtualisation would make it possible to run virtual malware loaded via a shim in the UEFI, before the main OS.
I suspect Kasperksy may not have found the treasure chest, just a gold coin.
Even the NSA's TENS can update your bios/uefi and other malware if its connect to the net.
So you think by setting a user and/or admin password for your bios/uefi means your system is secure?
Once that password has been put in, can you update your bios/uefi from the OS?
Do device manufacturers and rebranders provide any software to validate their firmware?
Can you update the firmware of your addon graphics cards without having to short some jumper pins?
Can you update the firmware of your hard disk like a Samsung Evo SSD without having to short some jumper pins?
http://www.wired.com/2015/03/researchers-uncover-way-hack-bios-undermine-secure-operating-systems/
Sometimes your only clue you have been hacked is to watch the network lights and the hard disk lights when your machine boots up.
EG. If you switch on your PC and before it displays the bios/UEFI screen, you see a flurry of disk light activity, chances are your Bios/UEFI has a shim inserted, a simple couple lines of assembler, which directs your Bios/UEFI to another address which might be on your hard drive, or in your graphics card.
As these firmware chips always have space for future updates, its never detected. Has anyone checked the source code of their favourite Pen Testing distro and know what its doing?
So many people trust what they buy or download, they offload their responsibilities.
Who knows that BT & TalkTalk stream their TV & Film services over IPv6?
Simple test if you have one of these services, watch something online and then download something massive like a Linux distro from your computer over IPv4. Your IPv4 download will come down at max speed, provided your firewall allows IPv6.
Spot the anomalies and you cant spot the spooks, but they also play their games over decades, as it starts with your school reports and medical records, if not your parents or relatives if they weren't socially compliant and docile!
Tarred with the same brush springs to mind, in the name of Defence.
Who said Signal Intelligence was just hacking computers? Everybody is known to the spooks, its just they cant predict when someone loses it. Lets face it, most people cant even predict when they will lose it, so is it any surprise that the US is building a wall, and clamping down on illegals? Peoples education and upbringing can create cognitive dissonance which usually generates a lot of anger. Some Middle Eastern countries are not up to speed with the way the Western society works, as we see in German with young girls being groped in swimming pools as one example.
Resource Burn, its a valid technique when hacking, and lets face it, I know of no pen tester or AV coder who knows all the code in the software they rely on, hell none of you even know the code in your firmware.
Is it any wonder, millions of systems around the world are already pwned?
The important question everyone should be asking is, is it right that the Govt spies on you, using a variety of centralised databases and other methods from the day you are born though?
They are killing off the intelligent one's who can spot these things, which makes them no better than the terrorists, pedo's, rapists, drug dealers, killers or any other human action which has been made a crime because no one has a say over the laws you are born unto!