2014-01-30

#mac #osx #rtfm #badBIOS #NSA stuccomontana

9: news.cyb/sec/#mac #osx #rtfm #badBIOS #NSA stuccomontana:
intro:
. when NSA conceals a computer vulnerability
(one that can take possession of your computer
and make it do the bidding of the internet)
there is nothing magical about this situation
that would prevent criminal elements
from also exploiting these backdoors .
. NSA knows the cat is out of the bag;
that's why they set up the Snowden leak:
NSA knows they need to get our permission now
rather than use our computer vulnerabilities
because the criminals now know too much
about the backdoors NSA needs for surveillance .

. the following is someone claiming to show
an NSA leak documenting the #badBIOS malware
that has been plaguing Dragos Ruiu .
 
Chaos's Communicatons Congress`talk #5713
Jacob Appelbaum `To Protect and Infect part#2:
 the militarization of the internet:
the pdf,  and vid:
0:40:00:
. according to Jacob, Dragos (the #badBIOS victim)
is no longer on speaking terms with Jacob;
because it seems the powers that be
used Dragos's connection to Jacob
as the excuse for plaguing Dragos with #badBIOS .
. usa military authorities took Jacob's cell phone
and after that, according to Dragos,
all of Dragos computers became compromised
[ cell to cell to usb to computer infections ? ]
. Jacob claims to be showing us leaked documents
revealing that the NSA has the abilities
that would be needed for implementing #badBIOS:
. stuccoMontana provides persistence for
malware implants that will survive an
upgrade or replacement of the OS
including physical replacing of the router's cf card
the implant needing persistence is Validator;
the vector of attack is the
modification of the target's BIOS.
. the modification will execute
the stuccomontana implant
at the end of its native SMM handler .
(System Mgt Mode) [ known to hide rootkits ]
0:46:26:
IrateMonk provides software app persistence
on desktop and laptop computers
by implanting the hard drive firmware
to gain execution throught MBR substitution
(master boot record).
. through remote access or interdiction,
UnitedRake, or StraitBazzare
are used in conjunction with SlickerVicar
to upload the hard drive firmware
onto the target machine to implant IrateMonk
and its payload (the implant installer),
...
... [one of the exploits] works on
Windows, Linux, FreeBSD and Solaris
when the drive is formatted as
FAT32, NTFS, EXT2, EXT3, OR UFS 1.0 [not mac os x]
. through remote access or interdiction,
Arkstream is used to reflash on a target machine
in order to implant Swap
and its payload (the implant installer).
.
. "interdiction" includes supply chain poisoning:
they find a way to modify your hardware
either by intercepting your packages
or breaking into your house .
. these and other doc's have been posted on
the German publication Der Spiegel .