Re: črypto is finished... and it's about time × (also: 'Balrog' malnet, firsthand view)

Natanael natanael.l at gmail.com
Tue Jun 16 09:54:10 PDT 2015


On Tue, Jun 16, 2015 at 5:26 PM, Sean Lynch <seanl at literati.org> wrote:

> Lots of words, very few details. Fonts getting a "bit pixellated"? Are you
> kidding me?
>
http://www.pcworld.com/article/2921092/gpu-malware-can-also-affect-windows-pcs-possibly-macs.html
There's an endless number of ways that malware that don't follow any neat
process isolation model with clean usage of API:s can cause what would be
experienced as glitches. Hiding executables in GPU memory assigned to fonts
can do that. And yes, that's 100% possible.


> Packages "piggybacking on other packages"? This is all very imprecise
> language for someone who is attempting to convince us that something very
> grave is going on. And as usual, not a single hex dump of a single packet.
> Not of any of the packets supposedly spewing out of their supposedly
> disabled Ethernet port, not out of their supposedly disabled wifi card, not
> of one of these supposedly piggybacked packages.
>

They might not want to show examples of the injection attacks in order to
not reveal how they're detecting the traffic. Look up NSA's Turmoil and
Quantum Insert.


> I'm not saying these capabilities don't exist; I'm sure they do. I'm not
> even saying the author is lying or stupid.
>
First of all, it is written mostly for a non-technical audience.

Second, you're a bit stuck on the high-level models of computers here,
you're not considering how the effects of binary level tampering and code
exploits and altering RAM and even firmware for persistence attacks (
http://www.wired.com/2015/02/nsa-firmware-hacking/) might manifest
themselves. To somebody who thought he really did secure his systems well,
the signs that well obscured malware will show will make it look like your
computer has ghosts.


> Even assuming some of these claims are true, not asking for more evidence
> robs us of the ability to defend ourselves. Running off to build f2f
> networks is fun and all, but it's not going to do a lick of good if we have
> no idea what we're up against beyond some vague descriptions, especially
> when you consider that the capabilities of our adversaries go well beyond
> the technological. There is such a thing as technological security that's
> "too good", when you've spent all your time defending against technological
> attacks only to succomb to, as others on this thread have pointed out, a
> rubber hose.


One problem is that the attacks change too fast. Holding off until they
change it themselves can allow you to detect even more of their activity
than anybody would if you told the world right away. Otherwise they'll
instantly stop the particular attacks you detected and switch to something
else. At best one could release details of how to analyze your old offline
backups for signs of infections.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3897 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150616/65469041/attachment-0002.txt>


More information about the cypherpunks mailing list