
It's a genuine threat
I clicked on a photo of the Prime Minister and my nephew lost his mortgage, my benefits were cut and the Bank of England was scammed out of £65 billion.
XKCD is coming back to London on November the 7th.
Internet snoops have been caught concealing spyware in an old Windows logo in an attack on governments in the Middle East. The Witchetty gang used steganography to stash backdoor Windows malware – dubbed Backdoor.Stegmap – in the bitmap image. "Although rarely used by attackers, if successfully executed, steganography can be …
I was a Linux Fanboy when I was 50. Twenty years later. Still a Linux FANBOY. The best part is my penguin logo is just an image. Nothing else.
Make sure to set your /etc/hosts.deny to ALL ; paranoid
You will have a lot less difficulty. That is a courtesy message for the uninformed. Happy Sunday. It is a lovely day so far.
-> trusted hosts such as GitHub
Since when is GitHub a trusted host? Perhaps the author of the article has a different definition to me. Trusted to me means somebody or something that I know or I trust. The next level down is somebody who I know and trust says that such a thing is trustworthy - a chain of trust. But GitHub? It is a web site where people submit code. Are we now supposed to trust something just because it is on GitHub?
I know what the author is getting at - GitHub is well known. But that does not automatically make it trustworthy. NPM was considered trustworthy by many, and look what happened. Anyone who just automatically trusts GitHub and therefore anything on it needs a lesson or two.
It's not about personal trust, as nobody was sent to GitHub to retrieve this file. Any person who trusts any file they get from GitHub has a very bad security posture. It's about what sites set off alarms, get blocked, or even get flagged as unusual on automatic filters. Most sites don't have GitHub in their filters of suspicious domains. There are probably other sites where uploading an image is possible and won't be blocked automatically by the traditional filter lists.
I knew a guy in the PRE-Internet age who claimed that JPEG files could contain anything, even code. We all granted the possibility but thought it would take much deliberate perversion to get that code executed. 27 years later, that day is here?
He also said Flash-ROM BIOS could contain malware.
Pro Tip : To protect against this threat, peel all stickers containing the logo off your laptop in order to stop the spyware "diffusing" into your system. Likewise, never insert a dvd with the logo on it into a drive. If you see the logo on screen at startup, your machine has been infected, and it is highly likely that it will send your personal data back to snoops such as Microsoft without your knowledge or consent.
The best place to hide something is in plain sight. Some TLA that suspects there could be a file containing stealthed data might have a blind spot when it comes to the graphic for the OS's startup splash screen. I'm going to file this.
As an aside, I have a couple of books that describe hiding places that can be created around the home that are lots of fun. Some are too well known, but might still be good if you are just hiding a bit of cash and a common burglar is unlikely to have the time or knowledge to find it. Some are known to TLA's so if that's your worry, better keep working on it. Some are truly brilliant and their design leads to other methods that are possible now using powerful neo magnets that weren't around when the books were written. I've seen a couple online that use hardware from Ikea that's been developed to not look like a nut, screw or bolt. You'd have to thoroughly destroy something to get at the insides if you didn't know where to look for the hidden fastener.
I do hope the intelligence agencies are keeping up with the fight. Perhaps a lovely malware script shop for wannabe hackers. Except the scripts redirects a DNS lookup to the agencies server and sends back the IP of a perfectly legit looking site for the oinks to fiddle with, yet it's just a mock-up of the real thing.
While they are busy turning off incubators at the local special care baby unit, or launching nuclear missiles, the local police are just minutes away from kicking their door in and dragging them off to spend a long time as an unwilling sex worker in a max security prison.