Stories
Slash Boxes
Comments

SoylentNews is people

Governments Deploying Malware

posted by janrinok on Friday February 28 2014, @10:30PM   Printer-friendly
from the It's-not-illegal-if-governments-do-it dept.

AnonTechie writes:

"A surprising number of governments are now deploying their own custom malware and the end result could be chaos for the rest of us, F-Secure's malware chief Mikko Hypponen told the TrustyCon ( https://www.trustycon.org/ ) conference in San Francisco on Thursday.

'Governments writing viruses: today we sort of take that for granted but 10 years ago that would have been science fiction,' he told the public conference. 'If someone had come to me ten years ago and told me that by 2014 it will be commonplace for democratic Western governments to write viruses and actively deploy them against other governments, even friendly governments, I would have thought it was a movie plot. But that's exactly where we are today.'

http://www.scmagazine.com/trustycon-malware-expert -mikko-hypponen-kicks-off-conference-on-trust/arti cle/336089/"

 
This discussion has been archived. No new comments can be posted.
Governments Deploying Malware | Log In/Create an Account | Top | 42 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by mrider on Friday February 28 2014, @11:53PM

    by mrider (3252) on Friday February 28 2014, @11:53PM (#8893)

    To all of you that keep replying that the vulnerability can be hiding inside the kernel - or whatever - you miss the point. Unless my box is remotely exploitable, how do you deliver the virus? I almost certainly don't have the same vulnerability vectors as you.

    --

    Doctor: "Do you hear voices?"

    Me: "Only when my bluetooth is charged."

  • (Score: 5, Informative) by HiThere on Saturday March 01 2014, @12:03AM

    by HiThere (866) Subscriber Badge on Saturday March 01 2014, @12:03AM (#8898) Journal

    Well, Flash is a crossplatform delivery vector, and it appears that HTML5 will also be one. So is Java. I'm not sure about JavaScript, but with a few extensions (common) it probably is.

    It's true that the item delivered will need to be configured to run under your system, but if you're on the web, you can probably be compromised. If not this year, then next year.

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.

    • (Score: 3, Interesting) by mrider on Saturday March 01 2014, @12:10AM

      by mrider (3252) on Saturday March 01 2014, @12:10AM (#8900)

      Well, Flash is a crossplatform delivery vector, and it appears that HTML5 will also be one.

      Noscript.

       

      So is Java.

      Not installed.

       

      I'm not sure about JavaScript, but with a few extensions (common) it probably is.

      Noscript.

       

      It's true that the item delivered will need to be configured to run under your system, but if you're on the web, you can probably be compromised. If not this year, then next year.

      Undoubtedly. But you see what I mean about how my computer isn't standard?

      --

      Doctor: "Do you hear voices?"

      Me: "Only when my bluetooth is charged."

      • (Score: 3, Insightful) by tibman on Saturday March 01 2014, @12:38AM

        by tibman (134) Subscriber Badge on Saturday March 01 2014, @12:38AM (#8911)

        I use noscript as well and run FF within a sandboxie container. In linux i just use FF and don't really care.

        What do you do when you want to buy something? Constantly run into problems because the site you are buying from is actually using 3rd party services. None of those are whitelisted and die horribly. Adding them to the whitelist causes data to be resent and could cause an error : /

        --
        SN won't survive on lurkers alone. Write comments.

        • (Score: 4, Informative) by SMI on Saturday March 01 2014, @06:22AM

          by SMI (333) on Saturday March 01 2014, @06:22AM (#8985)

          I use (among other things) NoScript and RequestPolicy [mozilla.org], and when I want to buy something, of course I make sure to be aware of what is being allowed (both temporarily and permanently) and what is being blocked. In other words, I buy things online all the time and haven't had any problems or double charges. If a person doesn't understand how to use a chainsaw, that isn't the chainsaw's fault.

          • (Score: 1) by tibman on Sunday March 02 2014, @08:33AM

            by tibman (134) Subscriber Badge on Sunday March 02 2014, @08:33AM (#9448)

            I'll take a look at RequestPolicy. You might also like https://www.eff.org/https-everywhere [eff.org]

            --
            SN won't survive on lurkers alone. Write comments.

            • (Score: 2) by SMI on Sunday March 02 2014, @08:40AM

              by SMI (333) on Sunday March 02 2014, @08:40AM (#9455)

              Thanks, I'm already [soylentnews.org] using it, though I do appreciate the advice anyway.

      • (Score: 5, Insightful) by Koen on Saturday March 01 2014, @01:06AM

        by Koen (427) on Saturday March 01 2014, @01:06AM (#8916)

        Conclusion: if anybody wants to attack us soylentils (and pipedotters, technocrats & comp.miscfits), NoScript would be the perfect virus vector.

        --
        /. refugees on Usenet: comp.misc [comp.misc]

        • (Score: 0) by Anonymous Coward on Saturday March 01 2014, @07:29AM

          by Anonymous Coward on Saturday March 01 2014, @07:29AM (#9009)

          +1 Insightful, kingdom for mod points, you know the schtick.

  • (Score: 1) by sjames on Saturday March 01 2014, @07:42AM

    by sjames (2882) on Saturday March 01 2014, @07:42AM (#9012) Journal

    You'll get it in the BIOS itself, fresh fropm the factory that REALLY doesn't want to be 'audited'.