2015-02-17 10:54 GMT+01:00 Robert Sebastian Gerus ar@bash.org.pl:
http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20...
Hmm, w sumie nihil novi.
Z artykułu:
Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily. "There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.
Ktoś tu chyba kompletnie nie odrobił pracy domowej, chociażby: http://spritesmods.com/?art=hddhack
Also, do ogłupienia AV wystarczy obszar serwisowy: http://www.recover.co.il/SA-cover/SA-cover.pdf
Dnia wtorek, 17 lutego 2015 10:54:34 Robert Sebastian Gerus pisze:
http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20 150216
Moar info: https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pd... http://ars.to/1EdOXWo
Oslo, z PDFa:
"Interestingly, the so-called Q constant usage is a bit different in the reference code.
Inside the Equation group malware, the encryption library uses a subtract operation with the constant 0x61C88647. In most publicly available RC5/6 code, this constant is usually stored as 0x9E3779B9, which is basically -0x61C88647. Since an addition is faster on certain hardware than a subtraction, it makes sense to store the constant in its negative form and adding it instead of subtracting."
Mają rozmach, skurwysyny.
-
Robert Sebastian Gerus -
rysiek -
Łukasz Dudka