Here are links to a few interesting articles I came across recently. They are about the continued deceptive (and ultimately self-defeating behavior) of large software and hardware companies.
Link 1: You say advertising, I say block that malware
The real reason online advertising is doomed and adblockers thrive? Its malware epidemic is unacknowledged, and out of control. The Forbes 30 Under 30 list came out this week and it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list. On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information. Or, as is popular worldwide with these malware “exploit kits,” lock up their hard drives in exchange for Bitcoin ransom. One researcher commented on Twitter that the situation was “ironic” — and while it’s certainly another variant of hackenfreude, ironic isn’t exactly the word I’d use to describe what happened.
Link 2: Get Windows 10′ Turns Itself On and Nags Win 7 and 8.1 Users Twice a Day
As you may recall, Microsoft has delivered KB3035583 as a ‘recommended update’ to users of Windows 7 and 8.1. What this update does is install GWX (“Get Windows 10”), a program which diagnoses the system to see if it is eligible for a free upgrade to Windows 10, and if so, asks the user if they would like to upgrade (though recently, the option to decline has been removed). Some users have gotten around this by editing Windows Registry values for “AllowOSUpgrade”, “DisableOSUpgrade”, “DisableGWX”, and “ReservationsAllowed” in order to disable the prompt altogether. This advice was endorsed by Microsoft on their support forums. According to a report by Woody Leonhard at InfoWorld, the newest version of the KB3035583 update includes a background process which scans the system’s Windows Registry twice a day to see if the values for the four aforementioned registry inputs were manually edited to disable the upgrade prompt. If they were, the process will alter the values, silently re-download the Windows 10 installation files (about 6 GB in total), and prompt the user to upgrade.
Link 3: Juniper drops NSA-developed code following new backdoor revelations
Juniper Networks, which last month made the startling announcement its NetScreen line of firewalls contained unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks, said it will remove a National Security Agency-developed function widely suspected of also containing a backdoor for eavesdropping. The networking company said in a blog post published Friday that it will ship product releases in the next six months that remove the Dual_EC_DRBG random number generator from NetScreen firewalls. Security researchers have known since 2007 that it contains a weakness that gives knowledgeable adversaries the ability to decrypt encrypted communications that rely on the function. Documents provided by former NSA subcontractor Edward Snowden showed the weakness could be exploited by the US spy agency, The New York Times reported in 2013
Link 4: Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears
Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company’s NetScreen line of firewalls, researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet. The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol. Researchers were able to unearth a hard-coded password of “FGTAbc11*xy+Qqz27” (not including the quotation marks) after reviewing this exploit code posted online on Saturday. On Tuesday, a researcher posted this screenshot purporting to show someone using the exploit to gain remote access to a server running Fortinet’s FortiOS software. Ralf-Philipp Weinmann, a security researcher who helped uncover the innerworkings of the Juniper backdoor, took to Twitter on Tuesday and repeatedly referred to the custom SSH authentication as a “backdoor.” In one specific post, he confirmed he was able to make it work as reported on older versions of Fortinet’s FortiOS.
What do you think? Comments?