Interesting Links: Jan 14, 2016

Here are links to a few interesting articles I came across recently. They are about the continued deceptive (and ultimately self-defeating behavior) of large software and hardware companies.

Link 1: You say advertising, I say block that malware

The real reason online advertising is doomed and adblockers thrive? Its malware epidemic is unacknowledged, and out of control. The Forbes 30 Under 30 list came out this week and it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list. On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information. Or, as is popular worldwide with these malware “exploit kits,” lock up their hard drives in exchange for Bitcoin ransom. One researcher commented on Twitter that the situation was “ironic” — and while it’s certainly another variant of hackenfreude, ironic isn’t exactly the word I’d use to describe what happened.

Link 2: Get Windows 10′ Turns Itself On and Nags Win 7 and 8.1 Users Twice a Day

As you may recall, Microsoft has delivered KB3035583 as a ‘recommended update’ to users of Windows 7 and 8.1. What this update does is install GWX (“Get Windows 10”), a program which diagnoses the system to see if it is eligible for a free upgrade to Windows 10, and if so, asks the user if they would like to upgrade (though recently, the option to decline has been removed). Some users have gotten around this by editing Windows Registry values for “AllowOSUpgrade”, “DisableOSUpgrade”, “DisableGWX”, and “ReservationsAllowed” in order to disable the prompt altogether. This advice was endorsed by Microsoft on their support forums. According to a report by Woody Leonhard at InfoWorld, the newest version of the KB3035583 update includes a background process which scans the system’s Windows Registry twice a day to see if the values for the four aforementioned registry inputs were manually edited to disable the upgrade prompt. If they were, the process will alter the values, silently re-download the Windows 10 installation files (about 6 GB in total), and prompt the user to upgrade.

Link 3: Juniper drops NSA-developed code following new backdoor revelations

Juniper Networks, which last month made the startling announcement its NetScreen line of firewalls contained unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks, said it will remove a National Security Agency-developed function widely suspected of also containing a backdoor for eavesdropping. The networking company said in a blog post published Friday that it will ship product releases in the next six months that remove the Dual_EC_DRBG random number generator from NetScreen firewalls. Security researchers have known since 2007 that it contains a weakness that gives knowledgeable adversaries the ability to decrypt encrypted communications that rely on the function. Documents provided by former NSA subcontractor Edward Snowden showed the weakness could be exploited by the US spy agency, The New York Times reported in 2013

Link 4: Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears

Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company’s NetScreen line of firewalls, researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet. The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol. Researchers were able to unearth a hard-coded password of “FGTAbc11*xy+Qqz27” (not including the quotation marks) after reviewing this exploit code posted online on Saturday. On Tuesday, a researcher posted this screenshot purporting to show someone using the exploit to gain remote access to a server running Fortinet’s FortiOS software. Ralf-Philipp Weinmann, a security researcher who helped uncover the innerworkings of the Juniper backdoor, took to Twitter on Tuesday and repeatedly referred to the custom SSH authentication as a “backdoor.” In one specific post, he confirmed he was able to make it work as reported on older versions of Fortinet’s FortiOS.

What do you think? Comments?

  1. hans
    January 15, 2016 at 11:30 am

    Link1 – Correct.
    The browser has become the biggest possible threat to my system, since I stopped being a silly Pirate and get my games on GOG and Steam or just do the odd MMO,
    Using Firefox and after installing AdBlock+, noScript and, for good measure, uBlock addons, this threat is virtually nullified.
    Using Chrome is basically like surfing on a NSA virtual desktop, so avoiding that like Hell solves the problems in link3&4.

    Corollary to Link 1 – also avoid ALL background virus scanners.
    After properly caging & USING your browser you just don´t need them and they are basically snake oil:
    The latest virus is always unknown, the heuristic scans drives you bonkers til you switch it off and the program itself is INCREDIBLY prone to backdoor attacks, thus actually a security liability.
    To feel good I still have the portable version of ClamWin on my RAM drive. I run it maybe once a month or so, if that.

    Link 2 – it´s not that dramatic.
    Just use the so far up to date script here: https://voat.co/v/technology/comments/459263
    and disable Win7 automatic updates. Also don´t just run the crap on patchday without checking first. If necessary wait till the nerds have found something suspicious.
    It´s more work but that´s life in the developing NWO Internetz. Though honestly, I think M$ have given up on WinX.
    They got enough sheep to sell their data, so it´s probably marginally profitable by now.

    Link 3&4 – Jup!
    Hint: the NSA has backdoors everywhere and if they can use them, so can the hackers and criminals (is there a difference betwix the 3 ?), heck even the script kiddies.
    Solution, don´t use WLAN, NEVER connect to the Internetz directly and by now I´m seriously considering getting myself a Linux based DIY router.
    Google it, kits can be found even on Amazon nowadays.

  2. P Ray
    January 16, 2016 at 6:46 am

    Just LOL at Juniper, students of computer science are told that if they want a future in networks, they need to know how to configure those routers.

    Of course, the (tenured, government-propaganda advocating) academics tell them that …
    somewhat related:

    Every university in NZ has at least 1 intelligence officer posted there,
    so that “suspicious student queries or research can be screened”.

    So much for “freedom of speech, enquiry and association”.

  3. January 17, 2016 at 2:21 pm


    Very true, LOL.

  4. neoconned
    January 17, 2016 at 3:44 pm

    Stop using Windows, and much of this problem goes away.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: