Submitted via IRC for SoyCow2718
Most employees have some awareness about malware attacks. Many probably know that you should never open an executable file from a stranger or install a thumb drive found in the parking lot, for example. But videos, or links to videos, can deliver malware just like that executable or thumb drive. Do your employees know this too? And even if they do know it, will they be tricked into chasing malicious videos anyway?
Here's why it's time to start focusing on video malware.
[...] The video habit (or addiction) in our culture has paved the way for video malware — malicious code embedded into video files. Video malware is part of a larger trend toward more effective stealth in the delivery of malware. It's also the latest, and probably the most interesting, example of malicious steganography — the embedding of something secret inside some other medium. When the medium is an executable file, it's called stegware.
Malware has been embedded in still-image file formats, such as JPG, PNG and BMP formats, for years. Now, it appears that video malware is having a moment.
(Score: 2) by DannyB on Tuesday August 20 2019, @04:19PM (4 children)
The security model of ActiveX was that it required code singing. If someone did something bad, then where did they get their code singing certificate from?
Other than requiring code to be signed
sungthere was no security. It's just an executable ma'am.To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by Pino P on Thursday August 22 2019, @02:42PM (1 child)
Where is the hobbyist developer of a good-faith free software project supposed to get a code signing certificate? Is finding a corporate sponsor the preferred way?
(Score: 2) by DannyB on Thursday August 22 2019, @03:17PM
Just spend the $800 or thereabout to get the code signing certificate.
Obviously Microsoft did not think this through carefully. But that should be obvious by the fact that certificates and code signing do not make an actual security model.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by DutchUncle on Friday August 23 2019, @02:47PM (1 child)
>>>> code singing
After "literate programming" and "extreme programming" and "pair programming" and "agile programming", some good communal code singing sounds great. Maybe around a campfire.
(Score: 2) by DannyB on Friday August 23 2019, @03:45PM
A pyre to the passing of Microsoft. Who gaveth us ActiveX.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.