Stories
Slash Boxes
Comments

SoylentNews is people

Log In

Log In

Create Account  |  Retrieve Password


Site News

Join our Folding@Home team:
Main F@H site
Our team page


Funding Goal
For 6-month period:
2022-07-01 to 2022-12-31
(All amounts are estimated)
Base Goal:
$3500.00

Currently:
$438.92

12.5%

Covers transactions:
2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
(SPIDs: [1838..1866])
Last Update:
2022-10-05 14:04:11 UTC --fnord666

Support us: Subscribe Here
and buy SoylentNews Swag


We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

What was highest label on your first car speedometer?

  • 80 mph
  • 88 mph
  • 100 mph
  • 120 mph
  • 150 mph
  • it was in kph like civilized countries use you insensitive clod
  • Other (please specify in comments)

[ Results | Polls ]
Comments:48 | Votes:106

posted by Fnord666 on Saturday October 05 2019, @11:57PM   Printer-friendly
from the orbital-decay dept.

Submitted via IRC for chromas

Oceanography satellite ends 11-year mission – Spaceflight Now

A joint U.S.-European satellite mission that measured rising sea levels for 11 years is ending due to the deteriorating condition of the spacecraft’s power system, officials said Friday.

The Jason 2 satellite was designed to operate for three to five years, but it outlived its design life and continued collecting precise sea level measurements through the launch of a replacement spacecraft — Jason 3 — in January 2016.

During its 11-year mission, Jason 2 charted nearly 2 inches (5 centimeters) of global sea level rise, an observation scientists attribute to a rise in average global temperatures.

“Today we celebrate the end of this resoundingly successful international mission,” said Thomas Zurbuchen, associate administrator of the NASA science mission directorate. "Jason-2/OSTM has provided unique insight into ocean currents and sea level rise with tangible benefits to marine forecasting, meteorology and our understanding of climate change.”

Ground teams noticed signs of aging from the Jason 2 satellite in 2017, and officials ordered controllers at NOAA’s satellite operations center in Maryland to command the spacecraft to move out of its original 830-mile-high (1,336-kilometer) science orbit to a slightly lower altitude away from other operational missions.

Jason 2 also depleted excess propellant reserves in 2017, but the satellite continued collecting scientific data. The lower orbit meant Jason 2’s measurements of the same location on the ocean were less frequent, but the resolution of the data improved, allowing scientists to conduct marine gravity studies and map seafloor topography, officials said.

[...] Issues with Jason 2’s power system in recent weeks prompted mission managers to “passivate” the spacecraft and end the mission in order reduce the risk of the satellite becoming a source of space junk. Jason 2 ended scientific observations Oct. 1, and the satellite will be decommissioned Oct. 10, officials said in a statement.

“With the recent degradation of the spacecraft’s power system, mission partners decided to end the mission to decrease risks to other satellites and future altimetry missions, and to comply with French space law,” the mission partners said in a statement.


Original Submission

posted by Fnord666 on Saturday October 05 2019, @09:34PM   Printer-friendly
from the attention-to-detail dept.

Submitted via IRC for SoyCow9088

Discovery of Geost Botnet Made Possible by Attacker OpSec Fails

A series of operational security (OpSec) failures on the part of attackers enabled researchers to discover the Geost botnet.

In mid-2018, Virus Bulletin researchers Sebastian Garcia, María José Erquiaga and Anna Shirokova discovered Geost, one of the largest Android banking botnets known today, while analyzing another malware family called HtBot. The researchers found that HtBot converted victims into unwilling proxies that received traffic from the malware’s network and then sent it to the web. While analyzing that traffic, they observed someone logging into the command-and-control (C&C) panel of what was then a previously undocumented botnet.

[...] Garcia, Erquiaga and Shirokova learned all of this and more because several OpSec failures made it possible for the researchers to access a chat log of an underground team hired by Geost’s controllers. This log provided insight into the creation of Geost, the development of new features and the use of victims’ stolen data. In so doing, the log also revealed just how spectacularly the Geost botmasters had failed to secure their creation.

As the researchers explained in a blog post:

Maintaining a good OpSec is difficult both for security analysts and attackers trying to hide. The discovery of the Geost botnet was possible because of several OpSec mistakes, including the use of the HtBot illegal proxy network, not encrypting their command-and-control servers, re-using security services, trusting other attackers with less OpSec ,and [sic] not encrypting their chat sessions.


Original Submission

posted by Fnord666 on Saturday October 05 2019, @07:11PM   Printer-friendly
from the can't-see-where-you're-going dept.

Submitted via IRC for chromas

Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move

The Dutch National Cyber Security Centre (NCSC) explains how DNS-monitoring will get more difficult as modern encrypted DNS transport protocols are getting more popular in a fact sheet published this week.

The fact sheet's audience is represented by system or network admins and security officers who want to move to DNS over TLS (DoT) and DNS over HTTPS (DoH) DNS encryptions protocols that offer increased security and confidentiality.

Both DoH and DoT are designed to allow DNS resolution over encrypted HTTPS connections instead of using the currently common plain text DNS lookups.

Google and Mozilla are both running DoH trials for their browsers, with Chrome to upgrade to a provider's DoH server if it present on a pre-defined whitelist or to a shortlist of fallback providers (i.e., Cleanbrowsing, Cloudflare, DNS.SB, Google, OpenDNS, Quad9) if not.

By only upgrading the DNS resolution to DoH if the users' current DNS provider is supported, Google believes that the users' DNS resolution experience will stay the same.

Mozilla's DoH experiments have already been met with criticism from network admins and Linux distro maintainers after the decision to enable DoH by default and using Cloudflare's DoH server rather than a user's existing DNS provider.

Senior scalability engineer Kristian Köhntopp said that Mozilla is "about to break DNS" seeing that Cloudflare will be used for DNS resolution over the default server assigned by system administrators, leading to leaking visited website addresses inside corporate environments to Cloudflare.

Peter Hessler, an OpenBSD developer, tweeted at the time that OpenBSD disabled DoH in their Firefox package in the current releases and will also disabled it in future ones since "sending all DNS traffic to Cloudflare by default is not a good idea."


Original Submission

posted by Fnord666 on Saturday October 05 2019, @04:47PM   Printer-friendly
from the fake-news dept.

Arthur T Knackerbracket has found the following story:

Rights groups, tech companies, academics and journalists opposed the law, which they say threatens free speech.

A "fake news" law, decried by academics, activists and tech giants, has gone into effect in Singapore, despite warnings that the measures could be used to stifle dissent and free speech in the South East Asian island country.

The law, which was passed by Singapore's parliament in May but took effect on Wednesday, gives government ministers powers to order social media companies to put warnings next to posts authorities deem to be false, order some content to be removed and in some cases block websites deemed to be propagating false information contrary to "public interest".

In April, shortly before the bill passed, Prime Minister Lee Hsien Loong, said the legislation was an "essential part" of fighting fake news and hate speech. 

[...] Over 170 academics signed a letter saying the legislation had been fast-tracked without proper input from "key civil society actors."

The law is "likely to have a chilling effect on freedom of expression and academic freedom in Singapore", they said.


Original Submission

posted by Fnord666 on Saturday October 05 2019, @02:24PM   Printer-friendly
from the risk-versus-gain dept.

Arthur T Knackerbracket has found the following story:

The FBI is easing up a bit on its hardline stance against paying ransomware demands.

The Bureau has posted an updated version of the guidance it offers for companies on how to handle ransomware demands with a section discussing the option of paying the hackers to get data decrypted.

In short, the FBI still says that companies should not cave to hacker demands and pay to have their data unlocked, but the bureau acknowledges that paying is an option.

"Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals," the FBI's guidance reads.

"However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers."

[...] In other words; it's not advisable to pay ransomware demands, but you won't get in any trouble if you do.


Original Submission

posted by martyb on Saturday October 05 2019, @12:01PM   Printer-friendly
from the no-sign,-yet,-of-any-of-them-flying dept.

Pigs recorded using tools for the first time

On an October day in 2015, ecologist Meredith Root-Bernstein was watching a family of rare pigs at a Parisian zoo when something caught her eye.

One of the Visayan warty pigs—a critically endangered species native to the Philippines—picked up a piece of bark in its mouth and started digging with it, pushing the soil around. "I said, Whoa, that's pretty cool," says Root-Bernstein, a visiting researcher at the Musée de l'Homme in Paris and a National Geographic Explorer. "When I looked up tool use in pigs, there was nothing."

Intrigued, the scientist returned to the menagerie at the Jardin des Plantes frequently over the following months to try to observe the behavior again, to no avail. She hypothesized that what she'd seen was related to nest-building, which Visayans generally do every six months to prepare for the arrival of piglets. Sure enough, the next spring, a colleague returned to the warty pig enclosure and recorded three of the four animals using tools to complete their nest, an earthen pit filled with leaves. (Learn more about the Visayan and its rockstar mohawk.)

Though many wild species use tools, from chimpanzees to crows to dolphins, no one has reported the phenomenon in any pig, including the 17 wild pig species and domestic swine. This surprised Root-Bernstein, especially considering the Suidae family's well-known intelligence.

But because wild pigs are so little studied and, in most cases, either endangered or critically endangered, it may not be so unusual that such innovation has escaped human eyes, says Root-Bernstein, whose study appeared in September in the journal Mammalian Biology

[...] She says tool use is particularly fascinating to study because it's a trait shared with humans, as well as one that may highlight a common evolutionary history. "It brings us closer to animals," she says, "and helps us realize it's all connected."


Original Submission

posted by chromas on Saturday October 05 2019, @09:39AM   Printer-friendly
from the when-you-get-what-you-asked-for-only-to-learn-it-was-not-what-you-wanted dept.

Surprise! Copying Crummy Code from Stack Overflow Leads to Vulnerable GitHub Jobs:

In a research paper submitted to pre-print service ArXiv, six computer science boffins who hail from Shiraz University, Iran, Polytechnique Montreal University, Quebec, Canada, and Chamran University, Iran – Morteza Verdi, Ashkan Sami, Jafar Akhondali, Foutse Khomh, Gias Uddin, and Alireza Karami Motlagh – say that they looked at more than 72,000 C++ code snippets in 1,325 Stack Overflow posts and found 69 vulnerable snippets of 29 different types.

That's not a lot in absolute terms but those 69 vulnerable snippets show up in 2,589 GitHub projects. The researchers say they notified the authors of affected projects and some, but not all, chose to fix the flaws, which consist of known CWEs.

The paper, "An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples," is being reviewed for possible publication in the journal IEEE Transactions on Software Engineering.

[...]The research echoes an academic paper from 2017 that found 1,161 insecure code snippets posted on Stack Overflow had been copied and pasted into 1.3m Android applications available on Google Play.

The boffins relied on a Stack Overflow data set called SOTorrent data-set Version 2018-09-23. It covers posts from 2008 through 2018 and contains some duplicate code snippets.

The researchers chose to focus on C++ because it's popular, particularly for embedded, resource-constrained programs and large, distributed systems. Vulnerabilities in such systems, they contend, are likely to have a significant impact.

The most frequently found CWEs[1] were CWE-1006 (Bad Coding Practices, CWE-754 (Improper Check for Unusual or Exceptional Conditions), and CWE-20 (Improper Input Validation).

[...]the researchers developed a Chrome extension to help developers be more mindful of security when copying and pasting Stack Overflow code snippets. The extension checks copied code against the CWE database and throws up an alert if the snippet is flawed. Uddin said the plan is to release it when the paper is formally published.

[1] CWE: Common Weakness Enumeration

Do not deploy what you do not understand? Whodathunkit?


Original Submission

posted by martyb on Saturday October 05 2019, @07:07AM   Printer-friendly
from the Does-quick-always-have-to-be-dirty? dept.

The greatest evil visited on every complex project I have ever been under schedule pressure to ship is the: sleep X, while we wait for something else to finish. It's infinitely easier than actual signaling for readiness, and it _usually_ works fine... I guess Linux kernel devs do the same, nice that it's open source so that people with less schedule pressure are free to critique and improve it.

One of the contributions Google is working on for the upstream Linux kernel is a new "sanitizer". Over the years Google has worked on AddressSanitizer for finding memory corruption bugs, UndefinedBehaviorSanitizer for undefined behavior within code, and other sanitizers. The Linux kernel has been exposed to this as well as other open-source projects while their newest sanitizer is KCSAN and focused as a Kernel Concurrency Sanitizer.

The Kernel Concurrency Sanitizer (KCSAN) is focused on discovering data-race issues within the kernel code. This dynamic data-race detector is an alternative to the Kernel Thread Sanitizer.

In their testing just last month, in two days they found over 300 unique data race conditions within the mainline kernel.

Source: Google Is Uncovering Hundreds Of Race Conditions Within The Linux Kernel


Original Submission

posted by takyon on Saturday October 05 2019, @04:44AM   Printer-friendly
from the papers-please dept.

US Customs Officer Harasses Defense One Journalist at Dulles Airport

A passport screening official held a Defense One journalist's passport until he received an affirmative answer to this repeated question: "You write propaganda, right?"

The incident took place about 4 p.m. on Thursday at Dulles International Airport. News Editor Ben Watson was returning from an assignment in Denmark when he entered permanent resident reentry aisle No. 17 at Dulles. After the Customs and Border Protection official asked the usual question about undeclared fruit or meat, the interaction took an unusual and unsettling turn.

CBP officer, holding Watson's passport: "What do you do?"

Watson: "Journalism."

CBP officer: "So you write propaganda, right?"

Watson: "No."

CBP officer: "You're a journalist?"

Watson: "Yes."

CBP officer: "You write propaganda, right?"

Watson: "No. I am in journalism. Covering national security. And homeland security. And with many of the same skills I used in the U.S. Army as a public affairs officer. Some would argue that's propaganda."

[...] The CBP official's behavior appeared to violate the spirit, and possibly the letter, of DHS's internal Directive 0480.1, "Ethics/Standards of Conduct"; DHS Code of Conduct § 102-74.445; and possibly U.S. Customs and Border Protection Directive 51735-013A, "Standards of Conduct."

Also at The Hill, Newsweek, and The Washington Post.


Original Submission

posted by martyb on Saturday October 05 2019, @02:00AM   Printer-friendly
from the phreak-out! dept.

https://www.2600.com/content/message-our-readers

On Tuesday, October 8th, for the very first time ever, the new issue of 2600 will be released digitally in non-DRM PDF format. We know there are many of you who have been unable to secure copies of 2600 in recent years. With high distribution costs and a declining bookstore landscape, it's become much harder to publish a paper magazine and get it to all the places our readers are. This digital version can help solve that problem once and for all - and help restore the funding we need to survive.

We ask for your help in getting the word out (in addition to hopefully buying the issue when it's released). We know there are many thousands out there who no longer have bookstores that carry 2600 in their neighborhoods or who live in parts of the world where getting our publication has always been, at best, a challenge.

Please show your support and buy this issue which you can then enjoy forever - and let everyone know what we're doing. Because if this is a success, we will be able to invest more into the magazine (paper and digital) to make it even better, as well as support more projects like HOPE.

The address to get the new issue on Tuesday is store.2600.com/products/new-issue .

https://en.wikipedia.org/wiki/2600:_The_Hacker_Quarterly


Original Submission

posted by Fnord666 on Friday October 04 2019, @11:37PM   Printer-friendly
from the hopefully-it-doesn't-start-smoking-in-3-years dept.

Fifteen years ago this month, Professor Sir Andre Geim and Professor Sir Kostya Novoselov performed the first successful attempts at creating a synthetic monolayer of carbon atoms, a feat that would earn them a nobel prize 6 years later.

The European Union graphene flagship project has put out a release celebrating progress in the field. Which includes a list of products already on the market using graphene

It also makes some bold claims about the future of the tech

A host of applications for graphene are expected to hit the market 10 to 15 years from now. These are related to (opto)electronics, where graphene can deliver performances orders of magnitude higher than current technologies. The developments in this area could trigger the next-generation of (opto)electronic devices, bringing the 'more-than-Moore' devices to reality.


Original Submission

posted by Fnord666 on Friday October 04 2019, @09:59PM   Printer-friendly
from the picture-this dept.

NASA administrator Jim Bridenstine issued a statement seen as chiding SpaceX prior to the company's Starship update presentation:

Specifically, Bridenstine (or whoever fed him the statement) went out of his way to make it entirely one-sided in its focus on SpaceX. By all appearances, it would have never been posted if not for Elon Musk's plans to present on Starship. Bridenstine additionally notes that "Commercial Crew is years behind schedule" and indicates that "NASA expects to see the same level of enthusiasm focused on [its] investments".

Altogether, it's simply impossible to interpret it as anything less than Bridenstine scolding SpaceX – and SpaceX alone – for not falling to the floor, kissing NASA's feet, and pretending that Crew Dragon and Falcon 9 are the only things in existence. Absent from Bridenstine's criticism was NASA's other (and even more delay-complicit) Commercial Crew Partner, Boeing, who has yet to complete a pad abort or orbital flight test of its Starliner spacecraft. SpaceX completed Crew Dragon's pad abort in 2015 and completed a flawless orbital flight test in March 2019.

[...] [As] Musk noted in his relatively subtle September 28th responses to Bridenstine's implicitly derisive comment, something like 50-80% of the entirety of SpaceX's workforce and resources are focused on Crew Dragon, the Falcon 9 rockets that will launch it, or a combination of both. At present, Starship is – at most – a side project, even if its strategic importance to SpaceX is hard to exaggerate. The same is largely true for Starlink, SpaceX's ambitious internet satellite constellation program. It may be true that Starship will eventually make Crew and Cargo Dragon (as well as Falcon 9 and Falcon Heavy) wholly redundant, but that is likely years away and SpaceX will support NASA – as it is contractually required to – for as long as the space agency has vested interest in using Crew Dragon.

[...] It would be another two years before Congress began to seriously fund Commercial Crew at its requested levels, beginning in FY2016. In response to Bridenstine, former NASA deputy administrator Lori Garver noted that over the ~5 years Congress consistently withheld hundreds of millions of dollars of critical funds from Commercial Crew, NASA's SLS rocket and Orion spacecraft were just as consistently overfunded above and beyond their budget requests. From 2011 to 2016 alone, SLS and Orion programs requested $11B and received an incredible $16.3B (148%) from Congress, while Commercial Crew requested $5.8B and received $2.4B (41%).

Human contamination of Mars with Earth microbes may be a "moral catastrophe":

If SpaceX was serious about planetary protection, I would expect to see a policy on its website, or easily found by searching "SpaceX planetary protection". But that isn't the case. So while it is possible that it has a rigorous planetary protection plan in place behind the scenes, its public-facing content seems to suggest that pushing the boundaries of human exploration is more important than the consequences of that exploration.

Others are arguing in favor of deliberate contamination of Mars:

On our planet, microbes like Rhizobium (which converts atmospheric nitrogen to biological nitrogen that can be used by plants) help maintain the gases our atmosphere and drive our food webs. So the scientists suggest that before sending humans to Mars, we should send some microorganisms from Earth there first.

They describe this idea in an opinion paper [open, DOI: 10.1093/femsec/fiz127] [DX] published in the journal FEMS Microbiology Ecology.

"Life as we know it cannot exist without beneficial microorganisms," Jose Lopez, the lead author of the paper, said in a press release. "To survive on a barren (and as far as all voyages to date tell us) sterile planet, we will have to take beneficial microbes with us."

The Verge wonders how humans could be kept alive and well on a journey to Mars:

SpaceX CEO Elon Musk has now given four presentations about his company's Starship rocket, but all of those updates mostly focused on the vehicle's external stats. Musk has barely touched on the technologies needed to keep people alive and healthy while on Starship — technologies that need to be developed relatively soon if the spacecraft has any hope of carrying people to deep-space destinations like the Moon and Mars in the near future.

[...] Thanks to the long distance, astronauts won't get resupply missions for years, and they will have communication delays with Earth. Radiation exposure will become even more severe, and it's unclear how that will affect the human body. "It's extremely naive to think that we can send people to Mars within even the next decade," Dorit Donoviel, director for the Translational Research Institute for Space Health, which is partnered with NASA, tells The Verge. "Realistically, it's going to be at least 10 years or more before we feel comfortable doing that."

Musk has addressed life support and human health in his Starship talks before, but only briefly. In his most recent presentation, the SpaceX CEO was asked twice about the types of life support systems that Starship would use. "I don't think it's actually super hard to do that, relative to the spacecraft itself," Musk said. "The life support system is pretty straightforward."

I went to Mars and all I got was this lousy cancer!

Finally, a SpaceX fan has been arrested for trespassing at SpaceX's Boca Chica facility:

Passionate photographers will often edge as close as they can to their subjects to frame the perfect shot. But over the weekend, JB Wagoner — a California resident, Tesla electric-car owner, aspiring space-technology entrepreneur, and self-described "big fan" of SpaceX — was accused of getting too close to a muse of many spaceflight enthusiasts: Starhopper, a rocket ship at the aerospace company's private launch site in Boca Chica, Texas.

Within hours of photographing the six-story steel vehicle, Wagoner said, he found himself spending time behind bars. "I get arrested, I get taken to jail, and spent the night with seven other guys in a 12-by-16 concrete cell, sleeping on the floor," Wagoner told Business Insider.

SpaceX pressed charges, and the Cameron County Sheriff's Department filed them. They called Wagoner just as he was about to leave for the airport, and he voluntarily turned himself in. Wagoner was interviewed by the Department of Homeland Security, but no federal charges were filed. He has been charged with a criminal trespassing, a class B misdemeanor punishable by up to six months in jail and a $2,000 fine.


Original Submission

posted by martyb on Friday October 04 2019, @08:26PM   Printer-friendly
from the cat-in-the-hat dept.

https://www.cbc.ca/news/technology/sabre-toothed-cat-1.5305505

During the last ice age, huge cats bigger than an African lion prowled Alberta — including the fearsome beast commonly known as the "sabre-toothed tiger," a new study shows.

The proper name for the extinct predator with foot-long, serrated knife-like canines is Smilodon fatalis.

And up until the discovery of the fossil from Medicine Hat, Alta., the species had never been found further north than Idaho.

That's why a couple of small fossils caught Ashley Reynolds's eye as she was rummaging through the drawers at the Royal Ontario Museum in Toronto.

"What struck me is they were listed as being Smilodon from Alberta," recalled Reynolds, a PhD student in paleontology at the University of Toronto. "And I knew that Smilodon wasn't really considered to be a Canadian species."

[...] While Smilodon is often referred to colloquially as a "sabre-toothed tiger" — and popularized as such in The Flintstones and Ice Age — Reynolds said that's a misnomer, as sabre-toothed cats are just as closely related to housecats as tigers.

The bone found in Alberta is estimated to be 35,000 to 40,000 years old, from the Pleistocene epoch, before there were humans in the area.


Original Submission

posted by martyb on Friday October 04 2019, @06:49PM   Printer-friendly
from the we-don't-have-to-tell-you-we-cheated dept.

If You Owned the Samsung Galaxy S4, You're Entitled to Some Cold, Hard Cash

We never thought we'd be writing about the Samsung Galaxy S4 again — but Samsung has just settled a lawsuit over false benchmarks on the now six-year-old device. The lawsuit was settled for $13.4 million.

According to The Register, the lawsuit was first filed in November 2014 by Daniel Norcia, after it was found that Samsung was artificially inflating benchmark scores by introducing code that detected when benchmarks were running and then overclocking the Qualcomm Snapdragon 600 processor speed to 532MHz, instead of the 480MHz that the processor normally ran at.

Samsung never denied that it inflated benchmark scores, instead taking a different approach. The company argued that under California law, it was not "legally obliged" to disclose that the phone was set up to inflate scores. Instead, the company argued that only security issues and data breaches need to be disclosed to the public. The case made its way all the way up to the Supreme Court, and was set to go to trial before Samsung finally settled for $13.4 million.

As part of the settlement, Samsung has agreed not to inflate software that artificially increases benchmark tests — but interestingly, it only agreed to do so until 2024. Not only that, but the company is not required to admit any wrongdoing.

Source: https://www.digitaltrends.com/mobile/samsung-galaxy-s4-benchmark-inflation-settlement/


Original Submission

posted by janrinok on Friday October 04 2019, @05:11PM   Printer-friendly
from the now-that's-sneaky dept.

Kaspersky Warns of Encryption-Busting Reductor Malware:

Kaspersky says it has uncovered a new malware infection that is able to decode encrypted TLS traffic without the need to intercept or manipulate it.

Known as Reductor, the malware was spotted in April of this year[...].

"Besides typical RAT functions such as uploading, downloading and executing files, Reductor's authors put a lot of effort into manipulating digital certificates and marking outbound TLS traffic with unique host-related identifiers," Kaspersky explains.

[...] Rather than try to man-in-the middle traffic or steal keys, the Kaspersky team found that the Reductor malware works by infecting the browser (either Chrome or Firefox) itself.

"The solution that Reductor's developers found to mark TLS traffic is the most ingenious part," Kaspersky explained.

"They don't touch the network packets at all; instead developers analyzed the Firefox source code and Chrome binary code to patch the corresponding pseudo random number generation (PRNG) functions in the process's memory."

By compromising the random number generator, the malware's operators would know ahead of time how the traffic will be encrypted when the victim establishes a TLS connection, and have the ability to mark that traffic for later use. From there, the malware can easily decode the traffic and see what the transmitted data is, then send anything of interest back to the command server.

Because this data can be decoded, the attacker has no need to actually tamper with the traffic while it is in transit, and thus is able to function without alerting security tools or administrators that something is amiss.


Original Submission