SoylentNews is people
SoylentNews
Security researchers at FireEye / Mandiant [say] "We identified the presence of a financially-motivated threat group that we track as FIN1, whose activity at the organisation dated back several years."
[...] "FIN1 used this malware to access the victim environment and steal cardholder data. The group, which may be located in Russia, is known for stealing data that is easily monetised from financial services organisations such as banks, credit unions, ATM operations, and financial transaction processing and financial business services companies."
[...] The malware's installation location also means it will persist even after re-installing the operating system, widely considered the most effective way to eradicate malware.
Can we all agree that updating firmware should require the movement of a physical jumper?
(Score: 2) by hemocyanin on Tuesday December 08 2015, @11:48PM
Gewg suggests a jumper (a dip switch would be fine too) that would require manual intentional activation in order to make a firmware change. You say that won't help, and suggest instead:
So, are you a PHB? Gewg's solution was an actual solution in that a person has to consciously and intentionally do something to allow a change to a machine's firmware. Yes, you could trick a few people to do this, but people who have trouble finding the "on" button are going to have a hell of a time opening up the computer case and finding a bank of dip switches inconveniently wedged under the power supply, and the savvy ones will be immediately appalled at the notion that some piece of software has to monkey with firmware. Gewg's idea would make this kind of malware infection so much harder. Your students would just be pissed off about it after they got infected.