New code injection method exposes ALL versions of Windows to cyberattack

Discussion in 'Computers, Hardware, and Operating Systems' started by W0BTU, Oct 29, 2016.

ad: L-HROutlet
ad: l-rl
ad: abrind-2
ad: L-Geochron
ad: Left-2
ad: HRDLLC-2
ad: L-MFJ
ad: MessiPaoloni-1
ad: Left-3
  1. W0BTU

    W0BTU Ham Member QRZ Page

    "There is no fix."

    http://www.zdnet.com/article/code-injection-exposes-all-versions-of-windows-to-cyberattack/

    "...enSilo says this method is able to bypass current antivirus software, alongside all current endpoint infiltration prevention solutions.

    As AtomBombing utilizes underlying Windows mechanisms rather than relying on security flaws or broken code to exploit machines, there is no fix or patch available."​

    Another reason we're migrating to Lee-Nooks!
     
    W1GVT likes this.
  2. N3DT

    N3DT Ham Member QRZ Page

    The sky is falling.
     
  3. WA2CWA

    WA2CWA Ham Member QRZ Page

    Yep! Scary Stuff. I'm going to shut down all my machines and hide them in the closet. I'll just do Peek and Poke on the Commodore.

    [​IMG]
     
  4. KA0HCP

    KA0HCP XML Subscriber QRZ Page

    Not worried. The antivirus programs will just be modified to monitor the atom API's. Linux is only "safe" because it is such a small market and a small target for bad guys. The Apple lovers used to claim their OS was immune to viruses, until....they weren't.
     
    W0BTU likes this.
  5. W9FTV

    W9FTV Ham Member QRZ Page

    Shocking!
    But then, no OS is immune to those who'd do wrong; given enough time.
    Anyone who believes otherwise is sadly mistaken.
     
    W0BTU likes this.
  6. W9FTV

    W9FTV Ham Member QRZ Page

    IIRC and this was a long time ago, but there was a poke that caused irreparable damage to the subject Commie PET.
    The "Killer Poke"
    The PET-specific killer poke is connected to the architecture of that machine's video rasterizer circuits. In early PETs, writing a certain value to the memory address of a certain I/O register (POKE 59458,62[2]) made the machine able to display text on the screen much faster. When the PET range was revamped with updated hardware, it was discovered that performing the old trick on the new hardware led to strange behavior by the new video chip, which could possibly damage the PET's integrated CRT monitor.[3]

    Nothing is sacred! Nothing is safe! :p

    Even tubes suffer from bugs:
    In September 9, 1947, the Mark II computer at Harvard University (USA) broke down. Upon inspection, engineers diagnosed the cause – a moth had entered the machine, perhaps attracted by the light and heat, and had shorted out relay number 70 of Panel F. The technicians recorded the incident in their notebook with an entry at 15:45 in which they attached the bug to the page with adhesive tape and noted: “First actual case of bug found.”Today the sheet is kept at the National Museum of American History of the Smithsonian Institution in Washington.
     
  7. K7MEM

    K7MEM Ham Member QRZ Page

    In the same time frame as the Commodore 64 (early 80s), HP came out with the HP-41 calculator. Users found out that there was a way to access the operating system from the key pad and create "synthetic" instructions. That offering of the HP-41 was subsequently known as the "bug 1" machine. The next offering was fixed some of the problems, but the OS was still accessible and became known as the "bug 2" machine. When I bought one (HP-41CV), I received what was referred to as the "bug 3" machine. The "bug 3" machine fixed the issues that allowed you to access the OS directly from the key pad. However, an access program, generated on a "bug 1" machine could be used on a "bug 3" machine to generate the synthetic instructions.

    I used the synthetic instruction program to create a Morse code training program. The basic tones in the HP-41 were different frequencies, but were all the same duration. But with the synthetic instruction program you could make your own tones that varied in frequency and duration.

    The synthetic instruction program allowed you to create instructions that could crash the HP-41. I did it once. I had to remove all the batteries and let it sit for about 12 hours, before it would operate again. I still have that calculator but have upgraded to a newer version.
     
  8. N0TZU

    N0TZU Platinum Subscriber Platinum Subscriber QRZ Page

    Like the old saw about outrunning a bear, my OS doesn't have to be immune, it just has to be one step less vulnerable than the other OS!
     
    KU4X likes this.
  9. KA0HCP

    KA0HCP XML Subscriber QRZ Page

    The point is that just as Apple OS's weren't 'immune' neither is Linux. My Win10 is perfectly adequate until the antivirus folks and MS get a fix, considering my low threat usage patterns.

    As nice as some of Linux's features may be it is still a fiddly niche OS for specialists and hobbyist geeks that is not a direct replacement for MS OS's. *shrug*

    "What the world needs is a good $50 plug and play universal OS."
     
    Last edited: Oct 30, 2016
  10. N0TZU

    N0TZU Platinum Subscriber Platinum Subscriber QRZ Page

    Agreed.

    The best security is to be alert to phishing and other behavioral attacks, and to have multiple layers of hardware/software defenses.
     
    KA0HCP likes this.

Share This Page

ad: Radclub22-1