If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
NSA hid spying software in hard drive firmware, report says
http://www.cbc.ca/news/technology/ns...says-1.2959252
The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives. That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations. Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. |
#2
|
|||
|
|||
NSA hid spying software in hard drive firmware, report says
Yousuf Khan wrote
http://www.cbc.ca/news/technology/ns...says-1.2959252 The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, There aren't any other top manufacturers anymore. giving the agency the means to eavesdrop on the majority of the world's computers, Not if those systems can't communicate with anything. according to cyber researchers and former operatives. According to spivs and con men flogging software, actually. That long-sought and closely guarded ability Wota ****ing ******... was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker Who might just have a vested interest in making claims about what the NSA gets up to. that has exposed a series of Western cyberespionage operations. Pigs arse they have. Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, Is this where we're all sposed to swoon or sumfin ? with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. Easy to claim... The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. Odd that they are flogging something that claims to find stuff like that. |
#3
|
|||
|
|||
NSA hid spying software in hard drive firmware, report says
On 17/02/2015 2:04 PM, Rod Speed wrote:
Yousuf Khan wrote http://www.cbc.ca/news/technology/ns...says-1.2959252 The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, There aren't any other top manufacturers anymore. It probably just doesn't include hard drive manufacturers anymore, it probably now also includes SSD manufacturers. Storage in general. giving the agency the means to eavesdrop on the majority of the world's computers, Not if those systems can't communicate with anything. Communications is not the only way to spy on somebody. You could also intercept these computers physically, and take their storage out. If you've used any hardware-based encryption schemes on these drives, then an NSA backdoor might weaken the encryption scheme to something that's less random. So you can say then you should use software-based encryption instead, but of course, without this knowledge how would you even know how to decide which is the more secure method to use. In some cases, even the software based ones are severely compromised. Another possibility is that some storage media have a secure hardware erase feature. If a backdoor were put in, perhaps these secure erases aren't erases at all? according to cyber researchers and former operatives. According to spivs and con men flogging software, actually. That long-sought and closely guarded ability Wota ****ing ******... was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker Who might just have a vested interest in making claims about what the NSA gets up to. In this day and age, it really isn't tenable to maintain a non-skeptical view about the NSA's activities. Everything that was thought to be tin-hat conspiracy theories about the NSA have turned out to be true. You're burying your head in the sand if you don't believe it. As for these specific researchers, sure they may have a vested interest, but this can be easily checked by other researchers. Peer review. that has exposed a series of Western cyberespionage operations. Pigs arse they have. Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, Is this where we're all sposed to swoon or sumfin ? with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. Easy to claim... Also the least useful of their claims. It really doesn't matter where they are found, it's more likely they are found everywhere. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. Odd that they are flogging something that claims to find stuff like that. Well, I'm sure there isn't much of a market selling security software to Islamist organizations. But the fact that nuclear institutions were targeted is already well proven: look up Stuxnet. Yousuf Khan |
#4
|
|||
|
|||
NSA hid spying software in hard drive firmware, report says
Yousuf Khan wrote
Rod Speed wrote Yousuf Khan wrote http://www.cbc.ca/news/technology/ns...says-1.2959252 The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, There aren't any other top manufacturers anymore. It probably just doesn't include hard drive manufacturers anymore, it probably now also includes SSD manufacturers. Storage in general. giving the agency the means to eavesdrop on the majority of the world's computers, Not if those systems can't communicate with anything. Communications is not the only way to spy on somebody. But it is the only way to get hold of the information that you have collected by eavesdropping on a particular computer. You could also intercept these computers physically, and take their storage out. If you are going to do that, there isn't any point in eavesdropping using something you have installed on a particular hard drive. If you've used any hardware-based encryption schemes on these drives, then an NSA backdoor might weaken the encryption scheme to something that's less random. If you don’t like that risk it is completely trivial to use your own software based encryption scheme that can not possibly have been compromised like that. And to use more than one layer of that so that even if there does turn out to be a flaw in one of them its still secure. So you can say then you should use software-based encryption instead, but of course, without this knowledge how would you even know how to decide which is the more secure method to use. Its completely trivial to research that. In some cases, even the software based ones are severely compromised. They can't be if you do your own. Another possibility is that some storage media have a secure hardware erase feature. If a backdoor were put in, perhaps these secure erases aren't erases at all? Trivially avoidable by physically destroying the device instead. And hard drives are now so cheap that that is very affordable. according to cyber researchers and former operatives. According to spivs and con men flogging software, actually. That long-sought and closely guarded ability Wota ****ing ******... was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker Who might just have a vested interest in making claims about what the NSA gets up to. In this day and age, it really isn't tenable to maintain a non-skeptical view about the NSA's activities. Everything that was thought to be tin-hat conspiracy theories about the NSA have turned out to be true. Nope, not on the question of whether they can actually see anything they want to. There is no way to see anything on a system which does not communicate and completely trivial to see if anyone has ever had any physical access to it. You're burying your head in the sand if you don't believe it. In fact the classic one time pad is MUCH more useful than it was in the past essentially because you don’t even have the problem of moving it from the source to the destination when you use it to encrypt what you don’t want anyone else to see. As for these specific researchers, sure they may have a vested interest, No may have about it, of course they do. but this can be easily checked by other researchers. Peer review. Not even possible when they don’t specify the detail of what they claim to have discovered, like that claim at the top about what the NSA has installed on hard drives so that anyone can see if any of their drives have that on them. That was done with Sony's root kit, but when it hasn’t been done with that claim about what the NSA is doing, it clearly isn't happening or they would have spelt out how to check if its happened or not. that has exposed a series of Western cyberespionage operations. Pigs arse they have. Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, Is this where we're all sposed to swoon or sumfin ? with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. Easy to claim... Also the least useful of their claims. It really doesn't matter where they are found, it's more likely they are found everywhere. Its much more likely they are lying thru their teeth and that the NSA has done nothing of the sort with the hard drives we actually own. And even if they had done, who cares ? The most they can get hold of on any of my systems is some detail about what bank accounts I have and the govt knows all that anyway. They will also be able to see what I have said in usenet etc, but that is trivially available using groups.google etc anyway. They will also be able to see my ebay, amazon and aliexpress transactions, but all those operations have all that detail anyway. They will also be able to see what I choose to read etc. So what ? I couldn’t care less. If I do ever decide to murder someone I will make sure that I physically destroy anything that I use in the planning and execution of that and only use stuff that I have obtained at garage/yard sales years ago to do it too. And wont be silly enough to have a cellphone with me when I do it either. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. Odd that they are flogging something that claims to find stuff like that. Well, I'm sure there isn't much of a market selling security software to Islamist organizations. But the fact that nuclear institutions were targeted is already well proven: look up Stuxnet. I don’t care, I don’t run one. |
#5
|
|||
|
|||
NSA hid spying software in hard drive firmware, report says
On 21/02/2015 1:38 PM, Rod Speed wrote:
Yousuf Khan wrote Rod Speed wrote giving the agency the means to eavesdrop on the majority of the world's computers, Not if those systems can't communicate with anything. Communications is not the only way to spy on somebody. But it is the only way to get hold of the information that you have collected by eavesdropping on a particular computer. You could also intercept these computers physically, and take their storage out. If you are going to do that, there isn't any point in eavesdropping using something you have installed on a particular hard drive. You're going to have get off your one-tracked mind about spying being only about eavesdropping. Spying can also be about good old fashioned physically stealing data. Steal the computer, clone the data off of the drive quickly, then put the system back in place before anyone notices it was missing. The NSA itself probably wouldn't be doing these activities, but the NSA also provides tools to its sister spy organizations, like the FBI or CIA, both of which can do these sort of activities. Also if it's remote eavesdropping that you're interested in, then who's to say that they can't simply combine a bunch of tools together? You break the security on the drive with your firmware exploits, and then you use another piece of compromised equipment that can broadcast the data off of it, such as the Ethernet, Wi-Fi, or Bluetooth controllers which might also have backdoors in them. I've even seen a story where they embedded a secret broadcast feature right inside a run-of-the-mill USB cable! But as I said, it's not just about communications eavesdropping here. If you've used any hardware-based encryption schemes on these drives, then an NSA backdoor might weaken the encryption scheme to something that's less random. If you don’t like that risk it is completely trivial to use your own software based encryption scheme that can not possibly have been compromised like that. And to use more than one layer of that so that even if there does turn out to be a flaw in one of them its still secure. So you can say then you should use software-based encryption instead, but of course, without this knowledge how would you even know how to decide which is the more secure method to use. Its completely trivial to research that. Oh, is it really? Where? On the Internet? So some guy on a blog says some software is secure, that's all you need? Show me a trustable source. In some cases, even the software based ones are severely compromised. They can't be if you do your own. If people could do their own, then they wouldn't need to buy software. Another possibility is that some storage media have a secure hardware erase feature. If a backdoor were put in, perhaps these secure erases aren't erases at all? Trivially avoidable by physically destroying the device instead. That's only if you suspect that you're going to be spied on. No one is going to destroy their own data preemptively, without a good reason. And hard drives are now so cheap that that is very affordable. I have no idea why this is relevant to anything. In this day and age, it really isn't tenable to maintain a non-skeptical view about the NSA's activities. Everything that was thought to be tin-hat conspiracy theories about the NSA have turned out to be true. Nope, not on the question of whether they can actually see anything they want to. Go ahead, keep your head buried in the sand. There is no way to see anything on a system which does not communicate and completely trivial to see if anyone has ever had any physical access to it. Tell me how it's trivial to figure out if someone has had physical access to your system? Remember these are spies trained for these sort of things, and who know how to cover their tracks. As for these specific researchers, sure they may have a vested interest, No may have about it, of course they do. but this can be easily checked by other researchers. Peer review. Not even possible when they don’t specify the detail of what they claim to have discovered, like that claim at the top about what the NSA has installed on hard drives so that anyone can see if any of their drives have that on them. We don't know what their specific evidence is based on a mainstream press article about it. But they have likely provided their peers with the necessary information. Its much more likely they are lying thru their teeth and that the NSA has done nothing of the sort with the hard drives we actually own. Head, sand: meet Rod. snip rest Yousuf Khan |
#6
|
|||
|
|||
NSA hid spying software in hard drive firmware, report says
Yousuf Khan wrote
Rod Speed wrote Yousuf Khan wrote Rod Speed wrote giving the agency the means to eavesdrop on the majority of the world's computers, Not if those systems can't communicate with anything. Communications is not the only way to spy on somebody. But it is the only way to get hold of the information that you have collected by eavesdropping on a particular computer. You could also intercept these computers physically, and take their storage out. If you are going to do that, there isn't any point in eavesdropping using something you have installed on a particular hard drive. You're going to have get off your one-tracked mind about spying being only about eavesdropping. Never said it was. I JUST pointed out that however you collect the information, there has to be some way to get that collected information to those who want that collected information and so its trivially easy to ensure that they can't get hold of it. Spying can also be about good old fashioned physically stealing data. But its trivially easy to ensure that whatever they steal is of absolutely no use whatever to them, and its also trivially easy to ensure that you will always knows if someone has stolen anything. Steal the computer, clone the data off of the drive quickly, then put the system back in place before anyone notices it was missing. Its trivially easy to ensure that any physical break in will always be detected. And even easier to ensure that nothing they clone will be any use at all to them. The NSA itself probably wouldn't be doing these activities, but the NSA also provides tools to its sister spy organizations, like the FBI or CIA, both of which can do these sort of activities. And trivially easy to ensure that they will be detected doing that. Also if it's remote eavesdropping that you're interested in, then who's to say that they can't simply combine a bunch of tools together? No use at all to anyone if you adequately encrypt anything that matters. You break the security on the drive with your firmware exploits, Not even possible if you have your own security as well as what the drive comes with. and then you use another piece of compromised equipment that can broadcast the data off of it, such as the Ethernet, Wi-Fi, or Bluetooth controllers which might also have backdoors in them. Useless when whatever they can broadcast will be of no use to them. I've even seen a story where they embedded a secret broadcast feature right inside a run-of-the-mill USB cable! Useless when whatever they can broadcast will be of no use to them. But as I said, it's not just about communications eavesdropping here. And as I said, that is even easier to protect. If you've used any hardware-based encryption schemes on these drives, then an NSA backdoor might weaken the encryption scheme to something that's less random. If you don’t like that risk it is completely trivial to use your own software based encryption scheme that can not possibly have been compromised like that. And to use more than one layer of that so that even if there does turn out to be a flaw in one of them its still secure. So you can say then you should use software-based encryption instead, but of course, without this knowledge how would you even know how to decide which is the more secure method to use. Its completely trivial to research that. Oh, is it really? Yep. Where? Same place you research anything. On the Internet? So some guy on a blog says some software is secure, that's all you need? Show me a trustable source. Trivially easy to TEST any claims made. In some cases, even the software based ones are severely compromised. They can't be if you do your own. If people could do their own, then they wouldn't need to buy software. Some choose to buy it when its no big deal if it is compromised. I choose to use what I have bought to secure my net banking details. If that does get compromised, it’s just a nuisance because I choose to put the funds that matter only with banks that guarantee that I will never lose my money even if the world financial system implodes. I have a completely separate system with a completely separate FI that guarantees that whatever happens with my card, I will never lose any of my money. And I only keep a relatively small amount of cash there so even if that guarantee turns out to not be delivered, its just a very minor nuisance and something to blog about etc. Another possibility is that some storage media have a secure hardware erase feature. If a backdoor were put in, perhaps these secure erases aren't erases at all? Trivially avoidable by physically destroying the device instead. That's only if you suspect that you're going to be spied on. Nope, its also available if you are quite sure you aren't going to be spied on but are paranoid enough to ensure that even if some rouge spy has ****ed up and has targeted you in error that there is still nothing you can lose. No one is going to destroy their own data preemptively, without a good reason. But if the device dies, some are cautious enough to physically destroy the device even if there is nothing on the device except their banking transaction history and stuff like that and they want to eliminate any possibility of identity theft etc. I have just been communicating with someone who is so mindlessly paranoid that he refuses to ever buy anything in Apple's app store because of the trivial risk that he may be identified when doing that. He's too stupid to use a gift card and spends hours insisting on finding free apps instead of spending $2 on what will do what he wants to do. And hard drives are now so cheap that that is very affordable. I have no idea why this is relevant to anything. Its obviously relevant to how much it costs to destroy that hard drive instead of claiming on the warranty if it does die. In this day and age, it really isn't tenable to maintain a non-skeptical view about the NSA's activities. Everything that was thought to be tin-hat conspiracy theories about the NSA have turned out to be true. Nope, not on the question of whether they can actually see anything they want to. Go ahead, keep your head buried in the sand. Not even possible for them to see anything they want to, particularly with a system that never communicates with anything and which is completely secured using a one time pad system. There is no way to see anything on a system which does not communicate and completely trivial to see if anyone has ever had any physical access to it. Tell me how it's trivial to figure out if someone has had physical access to your system? By ensuring that there is always a full record of every movement inside your house. Even you can implement something like that. Remember these are spies trained for these sort of things, and who know how to cover their tracks. Not even possible with physical access. As for these specific researchers, sure they may have a vested interest, No may have about it, of course they do. but this can be easily checked by other researchers. Peer review. Not even possible when they don’t specify the detail of what they claim to have discovered, like that claim at the top about what the NSA has installed on hard drives so that anyone can see if any of their drives have that on them. We don't know what their specific evidence is based on a mainstream press article about it. But they have likely provided their peers with the necessary information. They aren't that stupid, because that inevitably risks that leaking via someone like Manning or Snowdon. Its much more likely they are lying thru their teeth and that the NSA has done nothing of the sort with the hard drives we actually own. Head, sand: meet Rod. Even you should be able to do better than that pathetic effort. Obviously not. snip rest Taint gunna go away just because you snip it. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Anyone with a Seagate Barracuda 7200.11 - 500gb Hard Drive needs to check the firmware for a update. | William | Asus Motherboards | 4 | February 28th 09 10:13 AM |
Upgrade Report [Hardware Tips: Plan for Your Big Hard Drive - 05/10/2005] | Ablang | Storage (alternative) | 0 | May 13th 05 06:43 AM |
hard drive firmware | Pat | General Hardware | 0 | September 3rd 04 11:58 PM |
Upgrade Report [Hardware Tips: Get the Right Hard Drive - 05/11/2004] | Ablang | General | 0 | May 16th 04 03:17 AM |