19.11.20: cyb/sec/how to avoid malware on flash drives:
co.quora:
. any computer is prone to infections from
visiting malware-infected websites or pdf's;
most usb peripherals contain firmware
that can be infected with malware,
so that a website can infect computer firmware;
then it can infect your flash drive firmware
which can then infect other computers.
Showing posts with label rootkit. Show all posts
Showing posts with label rootkit. Show all posts
2019-11-25
2015-03-29
Defense sees cloud computing as insecure
news.cyb/sec/Defense sees cloud computing as insecure:
3.17: 3.29: summary:
. I'm interested in cloud computing primarily because
that is promoted by Google's Chrome OS platform;
however, what makes that platform most secure
is not so much that it relies on cloud computing,
but because it strictly controls the firmware
and this avoids advanced persistent malware .
. the usa's DoD (Dept of Defense) is moving to cloud computing
(saving money by outsourcing to private industry
instead of using DoD's own servers)
but they are not putting all their data there;
because, some of it is too sensitive .
. what they are hoping for
is that they can get private industry
to set up their servers on DoD property,
where physical access to the servers
can be monitored by the DoD .
. another issue is that top secret communications
are done on a network that is separate from
the public's internet .
3.17: 3.29: summary:
. I'm interested in cloud computing primarily because
that is promoted by Google's Chrome OS platform;
however, what makes that platform most secure
is not so much that it relies on cloud computing,
but because it strictly controls the firmware
and this avoids advanced persistent malware .
. the usa's DoD (Dept of Defense) is moving to cloud computing
(saving money by outsourcing to private industry
instead of using DoD's own servers)
but they are not putting all their data there;
because, some of it is too sensitive .
. what they are hoping for
is that they can get private industry
to set up their servers on DoD property,
where physical access to the servers
can be monitored by the DoD .
. another issue is that top secret communications
are done on a network that is separate from
the public's internet .
2013-11-30
#badBIOS @dragosr vs Mac, Linux and PC
4: cyb/sec/#badBIOS/
30: summary:
. malware that spreads via usb devices
can infect other usb devices,
and the problem is not the os;
it is the hardware and usb standards
which expose the os to malware infection .
. Dragos Ruiu talks about a mac infection
which sounds like the one I got;
it prevented me from reinstalling the os;
and it started infecting my chromebook,
but the chrome os was able to clean it up .
. my 2005 ubuntu laptop was not so lucky .
. a laptop in my future that will likely do well
is one running the xen hypervisor,
hardened with the Qubes OS .
(see #Qubes #Xen vs Dragos Ruiu's #badBIOS).
30: summary:
. malware that spreads via usb devices
can infect other usb devices,
and the problem is not the os;
it is the hardware and usb standards
which expose the os to malware infection .
. Dragos Ruiu talks about a mac infection
which sounds like the one I got;
it prevented me from reinstalling the os;
and it started infecting my chromebook,
but the chrome os was able to clean it up .
. my 2005 ubuntu laptop was not so lucky .
. a laptop in my future that will likely do well
is one running the xen hypervisor,
hardened with the Qubes OS .
(see #Qubes #Xen vs Dragos Ruiu's #badBIOS).
#Qubes #Xen vs Dragos Ruiu's #badBIOS
6: co.cyb/sec/qubes/Xen vs Dragos Ruiu's #badBIOS:
me to qubes-devel 5:41am:
me to qubes-devel 5:41am:
. reading about the #badBIOS infection,
blog.erratasec.com/2013/10/badbios-features-explained.html
I was surprised to learn that all computing accessories
(mouse, trackpad, hub, keyboard, and of course
flash drives) could have a software-programmable firmware
and this could be infected with malware that could spread
to your next computer if attached to dom0 .
. I was also concerned that a new flash drive malware
-- Dragos Ruiu's #badBIOS --
could infect a next machine without even being mounted;
is this a new threat that xen has yet to adapt to?
Subscribe to:
Posts (Atom)