FireEye calls Shim-anigans: Bank-raiding hackers switch tactics A group of money-grabbing cybercrooks have switched up their tactics in a pretty interesting way, we're told. Buckle up and let us explain. FIN7, whose stock in trade is targeting financial institutions through phishing emails, previously relied on a malicious Windows service to plant the Carbanak backdoor on targeted systems …
So yet another example of a fatuous O/S design element .. API hooking .. is exploitable.
It's sad for the PC world that professional software developers weren't involved in designing Windows and that IBM lost out to Microsoft in the NT vs OS/2 fight.
It's noteworthy that 'legacy' mainframe systems never contained such ridiculous architectures, leastwise not when I was working on them a couple of decades ago.
I've heard of secure programs, which are mathematically proven as such. I assume this is done by awesome boffins who are able to execute/validate every possible code path and input variation to check for unintended behaviour.
It would be a mammoth task, but surely it's do-able to write an operating system that cannot be broken. Fine, the applications can be broken/crashed/intercepted whatever - but cant we have an OS that can demonstrably separate applications so they cannot interfere with one another? A browser can access the internet, send data to a printer - but those are separate applications and that action cannot result in new code being executed by the machine..... can't we? argh!
Dynamic code execution (macros/javascript) must happen within the confines of the parent application permissions, get killed when it does, and can't go off and install a persistent keylogger in the firmware.
A change occurred in an applications code due to some data input? Hmm, that doesn't seem right as the user hadn't initiated an update for that application > quarantine and alert user (obviously this could only happen with hardware compromise, like rowhammer)
What's that? Your app re-writes its own code as part of normal operations? Not in this world mate, jog on.
************************
Wakes up from dream
The core concept of a Von Neumann architecture computer is the ability to use the same memory for code and data and the OS simply looks at a user program as data that it can point to with a program counter. The alternative Harvard architecture machines are ever decreasing as today they are being phased out of GPUs which leaves them only in FPGA and some odd hacks of chip cards.
Multics which preceded Unix had shared libraries and dynamic linking. The ability to easily insert shim code in Unix dates back to its the early days of the shared library ld.so and the evil LD_LIBRARY_PATH variable which showed up in early versions of the portable C compiler which dates to the mid 1970s. There isn't anything that says you have to use ld.so but your compiler would prefer it add it in.
Bugger it all,let's go back to the abacus and bullion as currency,it can't be any more insecure than the mess that so called "experts" have managed to foist on the world..
We might even get a useful side effect in that we might get stock markets back to doing and working as they were meant to in the first place..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
