8 thoughts on “The Latest Russian Malware”

    1. The problem is vendors don’t want customers opening their boxen. Thus all firmware switches have gone “soft”. In many cases with a little hardware knowledge and a soldering iron this can also be fixed.

      No one says you *have* to have UEFI, but there aren’t any modern motherboards that don’t use it.

  1. No one in their right mind would run Windows in an Internet connected environment and expect it to be secure. That goes with any computer & OS for that matter. Remember shellshock. The unknown *knowns*. You must subnet and air-gap. In fact, it *is* possible to run other network protocols other than IP. Also media exchange (read USB sticks) are also prohibited and made physically impossible to use. In most cases, sorry but not sorry, that means no laptops with WiFi and working USB ports are connectable. The Wen Ho Lee episode is an incredible story of endurance of one individual hand copying between machines. Whether you believe him or not, he had to work hard at it, to do what he did.

  2. — PSA —

    There were discovered last year two new methods of attack thanks to modern CPU design that allow side channel attacks against memory protection due to exploits on speculative execution. These were known collectively as Meltdown and Spectre

    See: https://www.kb.cert.org/vuls/id/584653

    The reason I mention them (again) here is that although Meltdown has been been mitigated by OS patches on both Linux and Windows (at a performance cost regrettably) Spectre requires a microcode fix to the CPU chip, which means a BIOS update. Spectre had no *known* (unknown knowns) exploits at the time of its discovery. But that was a year ago. If you are concerned enough to care, check your computer manufacturers’ website for a potential BIOS fix. BIOS updates are not for the feint of heart as if they are done wrong or get interrupted because you took a panic attack and tried to stop it midway (oftentimes these updates seem to have hung when in fact they are doing exactly what they were supposed to until you interfered), it can and likely will “brick” your system.
    Meaning on the next power cycle you get the *black* screen of death then and forevermore. Also meaning in most cases you will need to buy another unless you know how to flash a BIOS using either SMBUS or JTAG, assuming your motherboard even supports it. If you have no clue to what I just wrote, it means you’ll have to buy a new box (or at least a motherboard) and restore from backup. The only reason I mention it is because of the required manual BIOS intervention needed to fix it, means most systems are vulnerable to Spectre and will likely remain so during their lifetime as most people are not going to take the risk of a BIOS update and OS vendors cannot supply automated fixes because of the uniqueness of vendor BIOSes That’s why the BIOS exploit remains the hacker pot of gold at the end of the rainbow (books).

    – End Of PSA –

Comments are closed.