Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Tuesday February 17 2015, @11:54AM   Printer-friendly
from the nothing-to-hide dept.

Dan Goodin of Ars Technica writes about a newly-discovered hacking platform recently revealed by Kaspersky.

They are labeling the operators 'Equation Group,' and multiple zero-day exploits in the malware kit appear to be related to those which were used by Stuxnet to hack Iran's Natanz nuclear facility in 2010. It is by far the most advanced malware ever discovered, going so far as to flash malicious firmware on the hard disks of no fewer than 12 vendors. Much of the malware was distributed through usual channels such as Java vulnerabilities or ad networks, but it was even found on CDs which were mailed to attendees of a conference in Houston in 2009 which were intercepted and modified to deliver the malicious payload.

The sophistication of the operations and the malware itself leave little doubt that Equation Group is is a state-sponsored organization. The scariest part of it might be that the operation is over 14 years old and unfortunately, much of the malware is yet to be reverse-engineered. Kaspersky has been reaching out to white hats for further assistance in determining the nature and capabilities of the software.

Related Stories

Kaspersky Group Believes it is Exposing NSA Cyber-Espionage Attempts 29 comments

Three stories have been received which describes Kaspersky's malware analysis and their findings. Perhaps of equal interest is that all three reports suggest that the malware may be linked to the NSA. One also notes CDs sent through the USPS (United States Postal Service) seem to have been intercepted and replaced with modified CDs. I'll let you draw your own conclusions and I look forward to the ensuing discussion.

The Newly-Discovered "Equation Group" Deemed World's Top Hackers

Kaspersky declined to publicly name the country behind the spying campaign, but Wired points some possible NSA connections:

Although the researchers have no solid evidence that the NSA is behind the tools and decline to make any attribution to that effect, there is circumstantial evidence that points to this conclusion. A keyword—GROK—found in a keylogger component appears in an NSA spy tool catalog leaked to journalists in 2013. The 53-page document details—with pictures, diagrams and secret codenames—an array of complex devices and capabilities available to intelligence operatives. The capabilities of several tools in the catalog identified by the codenames UNITEDRAKE, STRAITBAZZARE, VALIDATOR and SLICKERVICAR appear to match the tools Kaspersky found. These codenames don’t appear in the components from the Equation Group, but Kaspersky did find “UR” in EquationDrug, suggesting a possible connection to UNITEDRAKE (United Rake). Kaspersky also found other codenames in the components that aren’t in the NSA catalog but share the same naming conventions—they include SKYHOOKCHOW, STEALTHFIGHTER, DRINKPARSLEY, STRAITACID, LUTEUSOBSTOS, STRAITSHOOTER, and DESERTWINTER.

[More after the break.]

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Justin Case on Tuesday February 17 2015, @12:06PM

    by Justin Case (4239) on Tuesday February 17 2015, @12:06PM (#146072) Journal

    I'm afraid we're rapidly reaching (past?) the point where the default assumption has to be: if you work for the government, you're a criminal.

    • (Score: 5, Insightful) by goody on Tuesday February 17 2015, @01:57PM

      by goody (2135) on Tuesday February 17 2015, @01:57PM (#146108)

      It would be a foolish assumption. Of the tens of thousands of government employees of any particular country, just how many realistically could be involved in this sort of activity? 0.001%? It's a bit of a stretch to say if you work for the government you're a criminal. For every one of these so-called criminals there's undoubtedly a few thousand employees who perform mundane tasks like open mail and stamp forms all day or provide vital services that you depend on.

      • (Score: 5, Touché) by morgauxo on Tuesday February 17 2015, @02:40PM

        by morgauxo (2082) on Tuesday February 17 2015, @02:40PM (#146121)

        "just how many realistically could be involved in this sort of activity"

        I guess that depends on where you set the bar for 'involved'. Do you work some sort of supporting roll for a government which does this? Then to a degree (perhaps very small) you are involved. Actually.. do you even have to work for them? Do you pay taxes? Do you vote? If yes to either than by some meaning of 'involved' you ARE involved!

        Have a nice day you black hatted criminal!

        • (Score: 2, Insightful) by Anonymous Coward on Tuesday February 17 2015, @03:25PM

          by Anonymous Coward on Tuesday February 17 2015, @03:25PM (#146150)

          Do you read SoylentNews? Then you are generating traffic and thus income for internet providers who pay taxes. I leave the conclusion as exercise to the reader.

          • (Score: 1, Redundant) by halcyon1234 on Tuesday February 17 2015, @06:39PM

            by halcyon1234 (1082) on Tuesday February 17 2015, @06:39PM (#146233)

            Do you read SoylentNews? Then you are generating traffic and thus income for internet providers who pay taxes. I leave the conclusion as exercise to the reader.

            Sorry, but I don't take orders from fucking filthy criminals like you... you SoylentNews reading shitstain.

            --
            Original Submission [thedailywtf.com]
        • (Score: 4, Insightful) by Thexalon on Tuesday February 17 2015, @04:24PM

          by Thexalon (636) on Tuesday February 17 2015, @04:24PM (#146169)

          I guess that depends on where you set the bar for 'involved'.

          I'd say, at minimum, to be involved in a crime you must:
          1. Be aware that it is happening.
          2. If you are obligated to report that it is happening, fail to do so (unless you are coerced into remaining silent e.g. by threats to your life or family).
          3. If you are not obligated to report that it is happening, take some sort of action that supports the criminal undertaking (again, unless you are coerced into that action).

          For example, I'd consider it extremely unlikely that the vast majority of people who work for the Department of Agriculture had anything to do with this crime, and thus should be held blameless for it. And those involved solely because they pay their taxes or vote are absolved either by not knowing about it (almost everybody) or being coerced into it because the IRS can take your stuff at gunpoint if you don't pay your taxes (everybody else).

          --
          The only thing that stops a bad guy with a compiler is a good guy with a compiler.
          • (Score: 3, Funny) by DECbot on Tuesday February 17 2015, @06:37PM

            by DECbot (832) on Tuesday February 17 2015, @06:37PM (#146231) Journal

            I see where this is going....

            I'd say, at minimum, to be involved in a crime you must:
            1. Be aware that it is happening.
            2. If you are obligated to report that it is happening, fail to do so (unless you are coerced into remaining silent e.g. by threats to your life or family).
            3. If you are not obligated to report that it is happening, take some sort of action that supports the criminal undertaking (again, unless you are coerced into that action).
            4. ???
            5. Profit!

            --
            cats~$ sudo chown -R us /home/base
          • (Score: 3, Insightful) by Nobuddy on Tuesday February 17 2015, @07:29PM

            by Nobuddy (1626) on Tuesday February 17 2015, @07:29PM (#146263)

            Reporting the government's criminal activity is a crime.

          • (Score: 1) by art guerrilla on Wednesday February 18 2015, @01:23AM

            by art guerrilla (3082) on Wednesday February 18 2015, @01:23AM (#146375)

            "1. Be aware that it is happening."

            uh oh, that has several bad, bad, bad results:
            1. so, as long as the eee-vil is distributed enough so that each participant has only a teeny, tiny piece of (ambiguous?) eee-vil to do, then everything is jake ? ? ? no, i don't think so...
            2. so, as long as the eee-vil is buried deep enough, covered up enough, or otherwise goes unnoticed, then we are cool ? ? ? no, i don't think so...

            also, i guess it is hardly unexpected, but the original poster who make the flippant and hyperbolic comment OBVIOUSLY not meant to be taken TECHNICALLY seriously, has spawned a bunch of 'but what about a file clerk sorting form 12Q-stroke-Z-dash-49's, are they eee-vil ? ? ?' well, i don't know, maybe form 12Q-stroke-Z-dash-49 is the form which gets you on the extra-judicial ASSASSINATION list, but they don't know that... are they still 'doing eee-vil' ? ? ? (see above)

            i think the larger point they were making (AND i feel is getting to the point of validity), is EVERYONE working in the gummint becomes guilty by association of furthering a vast kriminal enterprise (AKA Empire)... i mean, people who are nobodies in real organized crime/mafia scenarios are 'just as guilty' as those who do the actual hits, isn't that how the 'law'' treats them ? ? ? why shouldn't ALL gummint employees be subject to that same line of thinking: they are KNOWINGLY associating with a vast kriminal konspiracy, so it doesn't matter if they are delivering coffee and donuts for them, they are 'just as guilty', richtig ? ? ?

      • (Score: 2) by Hairyfeet on Tuesday February 17 2015, @04:32PM

        by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Tuesday February 17 2015, @04:32PM (#146170) Journal

        Uhhhh...not trying to Godwin but isn't that the same argument used by the Germans after the war?

        --
        ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
        • (Score: 2) by goody on Tuesday February 17 2015, @05:22PM

          by goody (2135) on Tuesday February 17 2015, @05:22PM (#146194)

          Yea, and Hitler wore pants and so does the President, so the US government is full of Nazis.

          • (Score: 0) by Anonymous Coward on Tuesday February 17 2015, @06:34PM

            by Anonymous Coward on Tuesday February 17 2015, @06:34PM (#146229)

            Only if the pants are brown.

          • (Score: 2) by halcyon1234 on Tuesday February 17 2015, @06:40PM

            by halcyon1234 (1082) on Tuesday February 17 2015, @06:40PM (#146235)

            Yea, and Hitler wore pants and so does the President, so the US government is full of Nazis.

            Well then, maybe you shouldn't be so uptight about electing a woman president.

            --
            Original Submission [thedailywtf.com]
          • (Score: 2) by Hairyfeet on Tuesday February 17 2015, @08:46PM

            by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Tuesday February 17 2015, @08:46PM (#146292) Journal

            You can try to hand wave it away but try reading it again...

            "Of the tens of thousands of government employees of any particular country, just how many realistically could be involved in this sort of activity? 0.001%? It's a bit of a stretch to say if you work for the government you're a criminal. For every one of these so-called criminals there's undoubtedly a few thousand employees who perform mundane tasks like open mail and stamp forms all day"

            Now are you REALLY gonna try to sit here and argue that isn't ringing ANY bells?

            --
            ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
            • (Score: 2) by goody on Wednesday February 18 2015, @12:16AM

              by goody (2135) on Wednesday February 18 2015, @12:16AM (#146353)

              I'm arguing that it's rather inane to claim anyone who works for the government is a criminal, regardless of whatever far-reaching connections you're attempting to make. If you think you can prove that it's reasonable to assume everyone working for the government is a criminal like the OP, have at it.

      • (Score: 1, Insightful) by Anonymous Coward on Tuesday February 17 2015, @05:29PM

        by Anonymous Coward on Tuesday February 17 2015, @05:29PM (#146197)

        Turn this around: let's say that you're just opening mail and stamping forms for a criminal organization, or you're just the driver for the big honcho...
        Will the powers that be consider you as 'involved'? Will they file charges against you?
        I am all for reciprocal diplomacy: if you will fuck me over in this way, I too can fuck you over in the same way.

    • (Score: 2, Interesting) by Stuntbutt on Tuesday February 17 2015, @03:02PM

      by Stuntbutt (662) on Tuesday February 17 2015, @03:02PM (#146137)

      " I don't trust my government, I don't trust the people who work for my government, and I believe that the evidence suggests that it's irrational to offer such trust."
      https://www.popehat.com/2013/08/20/faced-with-the-security-state-groklaw-opts-out/ [popehat.com]

    • (Score: 3, Insightful) by bradley13 on Tuesday February 17 2015, @05:16PM

      by bradley13 (3053) on Tuesday February 17 2015, @05:16PM (#146187) Homepage Journal

      Too many people think of government as some sort of independent, objective entity. It isn't. Government is comprised of people, and most people are out for themselves. Perhaps the majority just want to do a halfway decent job and go home at the end of the day. Some small minority is corrupt; those people will abuse government power for their own ends.

      In a nutshell: government should not be trusted any more than any other large organization. Indeed, because government has so much power, and hence offers more opportunity for abuse and corruption, we should really trust it less than other organizations.

      --
      Everyone is somebody else's weirdo.
      • (Score: 1) by t-3 on Tuesday February 17 2015, @06:49PM

        by t-3 (4907) on Tuesday February 17 2015, @06:49PM (#146245)

        Have you ever worked a job with easy access to other people's money or things? If you have, you should know that the majority are corrupt and to expect otherwise is idiotic and infantile idealism. Capitalism breeds corruption by making inequality an essential part of life.

    • (Score: 2) by hoochiecoochieman on Tuesday February 17 2015, @06:17PM

      by hoochiecoochieman (4158) on Tuesday February 17 2015, @06:17PM (#146222)

      How is this piece of shit modded +5 Insightful? Was Soylent News invaded by 10 year old Republicans?

  • (Score: 3, Funny) by Anonymous Coward on Tuesday February 17 2015, @12:26PM

    by Anonymous Coward on Tuesday February 17 2015, @12:26PM (#146074)

    Did they do this to the 1541 firmware of the C64 era?
    Cause all my secrets are on floppies.

    • (Score: 2) by WizardFusion on Tuesday February 17 2015, @12:29PM

      by WizardFusion (498) Subscriber Badge on Tuesday February 17 2015, @12:29PM (#146076) Journal

      I might still have one of those somewhere

      • (Score: 2) by FatPhil on Tuesday February 17 2015, @01:14PM

        by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Tuesday February 17 2015, @01:14PM (#146096) Homepage
        I visited my parents earlier this year - I noticed they still have 4 whole boxes full of 8" (72KB) CPM floppies which are mine. I took a box of the most interesting ones (e.g. Microsoft Basic Compiler, one I use a lot in nerdy photoshoots) when I left England, I'd forgotten that they were keeping all the others for me, I had presumed they were binned.
        --
        Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
        • (Score: 0) by Anonymous Coward on Tuesday February 17 2015, @02:47PM

          by Anonymous Coward on Tuesday February 17 2015, @02:47PM (#146125)

          Dude. 77 x 26 x 128 = 250K, not 72K.

          • (Score: 0) by Anonymous Coward on Wednesday February 18 2015, @12:05AM

            by Anonymous Coward on Wednesday February 18 2015, @12:05AM (#146351)

            The abbreviation for 1000 (kilo) is a lowercase k.
            International System of Units#Prefixes [wikipedia.org]

            -- gewg_

            • (Score: 0) by Anonymous Coward on Wednesday February 18 2015, @11:12AM

              by Anonymous Coward on Wednesday February 18 2015, @11:12AM (#146479)

              However, 77 × 26 × 128 = 256256 = 250.25 × 1024 = 256.256 × 1000. Since rounding 250.25 gives 250, while rounding 256.256 gives 256, clearly the prefix "K" was not meant to denote 1000 but 1024. And using a lowercase k for 1024 is wrong.

      • (Score: 3, Touché) by DNied on Tuesday February 17 2015, @02:05PM

        by DNied (3409) on Tuesday February 17 2015, @02:05PM (#146110)

        I might still have one of those somewhere

        You mean secrets? I doubt it.

      • (Score: 2) by The Archon V2.0 on Tuesday February 17 2015, @10:17PM

        by The Archon V2.0 (3887) on Tuesday February 17 2015, @10:17PM (#146319)

        There's an MSD SD-2 in my apartment right now. DUAL 5 1/4 floppies, biznitch.

  • (Score: 5, Informative) by c0lo on Tuesday February 17 2015, @12:37PM

    by c0lo (156) Subscriber Badge on Tuesday February 17 2015, @12:37PM (#146078) Journal

    Original Kaspersky Lab report (PDF - 44 pages) [securelist.com]

    ZDNET [zdnet.com]: "On Monday at the Kaspersky Labs Security Analyst Summit, the firm unveiled research concerning the existence of a cyberattack team dubbed The Equation Group. The group, which Kaspersky Lab Global Research and Analysis Team (GReAT) members dub the "ancestor" of Stuxnet and Flame operators, has been in operation dating back to 2001 and possibly as early as 1996."

    Wired [wired.com]: "The new platforms, which appear to have been developed in succession with each one surpassing the previous in sophistication, can give the attackers complete and persistent control of infected systems for years, allowing them to siphon data and monitor activities while using complex encryption schemes and other sophisticated methods to avoid detection. The platforms also include an innovative module, the likes of which Kaspersky has never seen before, that re-flashes or reprograms a hard drive’s firmware with malicious code to turn the computer into a slave of the attackers."

    Business insider citing Reuters [businessinsider.com]: "SAN FRANCISCO (Reuters) – The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers, according to cyber researchers and former operatives."

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 3, Funny) by Nerdfest on Tuesday February 17 2015, @02:09PM

      by Nerdfest (80) on Tuesday February 17 2015, @02:09PM (#146113)

      A coincidence, I'm sure.

    • (Score: 5, Interesting) by Nerdfest on Tuesday February 17 2015, @03:08PM

      by Nerdfest (80) on Tuesday February 17 2015, @03:08PM (#146140)

      I'd like to see the hard drive manufacturers release an open source tool that will allow one to flash, view, and compare firmware on their devices. First one to do this gets my business. I'm guessing non-US governments would be big fans as well.

      • (Score: 4, Insightful) by halcyon1234 on Tuesday February 17 2015, @06:43PM

        by halcyon1234 (1082) on Tuesday February 17 2015, @06:43PM (#146240)

        I'd like to see the hard drive manufacturers release an open source tool that will allow one to flash, view, and compare firmware on their devices. First one to do this gets my business. I'm guessing non-US governments would be big fans as well.

        Plus an external, physical switch that airgaps the mechanism that writes the firmware.

        --
        Original Submission [thedailywtf.com]
  • (Score: 4, Interesting) by Kilo110 on Tuesday February 17 2015, @12:51PM

    by Kilo110 (2853) Subscriber Badge on Tuesday February 17 2015, @12:51PM (#146084)

    I got the same feeling while reading this as when I originally read the snowden leaks. It's not a good feeling.

    How does one even guard against this kind of stuff? I imagine stopping use of Windows is a good first step. But what then?

    • (Score: 5, Informative) by pkrasimirov on Tuesday February 17 2015, @12:58PM

      by pkrasimirov (3358) Subscriber Badge on Tuesday February 17 2015, @12:58PM (#146087)

      And then you get hit by Intel AMT [wikipedia.org]. Linux won't help on that.

      • (Score: 3, Informative) by Anonymous Coward on Tuesday February 17 2015, @01:06PM

        by Anonymous Coward on Tuesday February 17 2015, @01:06PM (#146093)

        Also, if your hard drive is infected (and possibly already was before you got it), it will get control before you even decide what operating system to run. It can deliver arbitrary code to be run before the actual boot code. For example a blue pill. [wikipedia.org]

    • (Score: 2) by c0lo on Tuesday February 17 2015, @12:59PM

      by c0lo (156) Subscriber Badge on Tuesday February 17 2015, @12:59PM (#146088) Journal

      How does one even guard against this kind of stuff?

      Elementary, my dear Watson, use either:

      1. a pocket calculator; or
      2. a NSA computer
      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 0) by Anonymous Coward on Tuesday February 17 2015, @04:56PM

        by Anonymous Coward on Tuesday February 17 2015, @04:56PM (#146177)

        Youll need to develope a HDD firewall.

    • (Score: 3, Interesting) by epitaxial on Tuesday February 17 2015, @02:56PM

      by epitaxial (3165) on Tuesday February 17 2015, @02:56PM (#146129)

      If you're that scared then try running non x86 hardware. Use an old UltraSparc with OpenBSD or an IBM Power desktop or Itanium running OpenVMS. At that point they'd have to write software unique to your configuration. Or go back to Smith Corona like the Russians.

    • (Score: 2) by Freeman on Tuesday February 17 2015, @05:28PM

      by Freeman (732) on Tuesday February 17 2015, @05:28PM (#146196) Journal

      Use one computer on the Internet. Keep another computer off the Network. Air Gap = Somewhat More Secure. At the least they don't have 24/7 access to your "secure" stuff. You can keep your computer up-to-date with Anti-Virus Updates and other Updates by Burning the Files to CD/DVD/Blu-Ray Disc. Sure, there could be "Ways" to get something off the computer that isn't connected to the Network, but most of those would require you to be a Specific Target. You're probably screwed no matter what, if you are a specific target and you have no idea they are coming.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
  • (Score: 5, Insightful) by Anonymous Coward on Tuesday February 17 2015, @12:55PM

    by Anonymous Coward on Tuesday February 17 2015, @12:55PM (#146085)

    The most worrying aspect of this is: I'm not even surprised.

  • (Score: 2, Insightful) by Anonymous Coward on Tuesday February 17 2015, @01:10PM

    by Anonymous Coward on Tuesday February 17 2015, @01:10PM (#146094)

    why would anyone in their right mind do such a thing? what kind of person do you have to be, to actually implement such a program...
    and think that its a good thing?! gawd, it makes me sooo maaaad.

    In case it wasnt clear - the american leadership is made out of same shit the soviet leadership was made of.
    Bunch of stupid,unwilling to learn, devious alcoholized meatballs that only know and want to play power games... the permanently scared fascists.

    In my opinion, its a cultural thing.
    From my expirience, pretty much everyone dislikes the managers and rich.
    For we all know, that they got to their positions by being obnoxious BASTARDS, by screwing the meek and general unethical behaviour.
    So why do you, as a society, glorify the most unethical of the social groups and then act all surprised, when they fuck everybody else over, for some illusory advantage on a battlefield that exists largely in their heads?!
    Noo, you give them all opportunities to live and reproduce. And this is the consequence of allowing fucked up extremist ideology (manifest destiny) to colonize the discourse in upper echelons of the civilian society.

    Other people, aren't really people to them. For if they were, they wouldn't be doing this.

    • (Score: 2) by Kilo110 on Tuesday February 17 2015, @01:15PM

      by Kilo110 (2853) Subscriber Badge on Tuesday February 17 2015, @01:15PM (#146097)

      "why would anyone in their right mind do such a thing? what kind of person do you have to be, to actually implement such a program..."

      Those too short sighted to see the abuse potential and/or too overconfident in their own abilities to "control it"

      Both will be proven wrong in time, but by then it'll be too late. I take solace that I'll likely be dead by the time the worst of it happens.

  • (Score: 2) by kaszz on Tuesday February 17 2015, @02:35PM

    by kaszz (4211) on Tuesday February 17 2015, @02:35PM (#146118) Journal

    that the operation is over 14 years old

    Coincides sharply with the 2001 September 11 events. Kind of leaves a trail..

    Seems the answer is to isolate the processing unit from storage units and other units that may mess around through non-firewalled channels. Any more explicit ideas?

    • (Score: 3, Touché) by CoolHand on Tuesday February 17 2015, @02:43PM

      by CoolHand (438) on Tuesday February 17 2015, @02:43PM (#146123) Journal

      ...so you're saying it's Al-Queda, right? right? :)

      --
      Anyone who is capable of getting themselves made President should on no account be allowed to do the job-Douglas Adams
      • (Score: 2) by Freeman on Tuesday February 17 2015, @05:33PM

        by Freeman (732) on Tuesday February 17 2015, @05:33PM (#146203) Journal

        No, he's saying it's the Government. 'cause you know they were the ones who actually blew up the Pentagon, etc... /SARCASM

        --
        Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
  • (Score: 5, Insightful) by francois.barbier on Tuesday February 17 2015, @04:17PM

    by francois.barbier (651) on Tuesday February 17 2015, @04:17PM (#146167)

    ... that we know about!!!

    • (Score: 0) by Anonymous Coward on Tuesday February 17 2015, @06:37PM

      by Anonymous Coward on Tuesday February 17 2015, @06:37PM (#146232)

      If we don't know about it, it obviously wasn't uncovered.

    • (Score: 2) by halcyon1234 on Tuesday February 17 2015, @06:44PM

      by halcyon1234 (1082) on Tuesday February 17 2015, @06:44PM (#146241)

      ... that we know about!!!

      At least SOME people still get to have secrets.

      --
      Original Submission [thedailywtf.com]
    • (Score: 3) by hash14 on Tuesday February 17 2015, @11:08PM

      by hash14 (1102) on Tuesday February 17 2015, @11:08PM (#146341)

      Isn't that what 'ever Uncovered' implies? Barring of course, for example, a pedantic case where an operation was uncovered and then the uncoverer(s) conveniently disappear before the cat gets out of the bag....

  • (Score: 1, Informative) by Anonymous Coward on Tuesday February 17 2015, @05:03PM

    by Anonymous Coward on Tuesday February 17 2015, @05:03PM (#146180)

    Looking at the name of the file looks like it might be sd cards PXE and compact flash.

  • (Score: 0) by Anonymous Coward on Tuesday February 17 2015, @08:51PM

    by Anonymous Coward on Tuesday February 17 2015, @08:51PM (#146295)

    Seems to be happening more often of late. http://i.imgur.com/pzTl0j1.png%22%20alt=%22Commercial%20Photography%22%3E%3C/a%3E [imgur.com]

    • (Score: 0) by Anonymous Coward on Tuesday February 17 2015, @10:06PM

      by Anonymous Coward on Tuesday February 17 2015, @10:06PM (#146315)

      That seems to be because the site is loading http://stats.soylentnews.org/piwik/piwik.php?idsite=1 [soylentnews.org] from a non-https URL. Assuming the soylentnews.org HTTPS private key hasn't been leaked, that soylentnews.org isn't using a vulnerable TLS implementation, and RSA hasn't been cracked, your HTTPS connection is still secure. Only that single-pixel image is loaded insecurely - so an MITM attacker could, for example, replace it with goatse and get your HTTP cookies (but not cookies restricted to HTTPS).

  • (Score: 0) by Anonymous Coward on Tuesday February 17 2015, @09:07PM

    by Anonymous Coward on Tuesday February 17 2015, @09:07PM (#146299)