About 15 Percent of US Agencies Detected Kaspersky Software on Networks (reuters.com) 81
Dustin Volz, reporting for Reuters: About 15 percent of U.S. federal agencies have reported some trace of Moscow-based Kaspersky Lab software on their systems, a Department of Homeland Security (DHS) official told Congress on Tuesday. Jeanette Manfra, assistant secretary for cyber security at DHS, told a U.S. House of Representatives panel that 94 percent of agencies had responded to a directive ordering them to survey their networks to identify any use of Kaspersky Lab products and to remove them. But Manfra said DHS did "not currently have conclusive evidence" that any networks had been breached due to their use of Kaspersky Lab software. The administration of President Donald Trump ordered civilian U.S. agencies in September to remove Kaspersky Lab from their networks, amid worries the antivirus firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.
Re: (Score:2)
I think we can trust pre-ME and pre-PSP processors, maybe.
Another solution is building a system with older parts. Was there ever any security concerns with, say, VIA processors such as the C3?
VIA C3 problems: (Score:1)
Limited availability in Socket 370. Half speed FPU, not fixed until the C7. Single Core.
At this point in time, the best options are ARM SBCs and certain well designed network appliances without TrustZone support included/enabled. And ONLY as long as physical security is maintained at all times.
The real solution at this point would be taping out new processors and motherboard chipsets, then using those to produce new open hardware/'socialized' computing platforms. Depending on the legal issues, Super Socket
Re: (Score:2)
This, folks, is why the only processor you can truly trust is the Cyrix 6x86(tm). It's Born to Run.
Re: (Score:2)
I'm listening, but I'm not quite to the point of pulling out that old motherboard and buying a new CPU fan!
Re: (Score:1)
If you ever come across a piece of hardware that is sticky and smells like maple syrup, you can be assured it has not been hacked by Canada. We swear!
Re: (Score:2)
I think the only secure systems are old computers from the 16-bit and 32-bit era, something with the OS in ROM and thus cannot be modified.
Re: (Score:2)
Unsolder ROM, solder is new ROM.
There you go, hacked. It is what is rumoured to have been done with Cisco gear heading to countries the US wanted to spy on.
And now that modern CPUs from Intel are running MINIX to run the microcode, you simply no longer know what is happening.
Re: (Score:2)
That kind of shit probably did not happen in the Amiga and Atari ST era, though.
And if you want, nothing prevents you from removing the ROM (which was socketed at the time) and write the OS to a new blank chip.
Re: (Score:2)
I still have my Kaypro 4, and all these snow flakes complain about how heavy their laptop is today....
Re: kapersky is in ur base hacking ur d00ds (Score:3)
Not CPU, the chipset. (Score:2)
And now that modern CPUs from Intel are running MINIX to run the microcode, you simply no longer know what is happening.
Technically, Intel ME, (and IPMI) run on a separate core inside the chipset.
You can power off your CPU, lights-out management is still running (that's the whole point of the thing, so the IT department in your business can admin the desktops remotely without even needing to turn them on).
Admin vs. User. (Score:2)
You mean the separate ARM cpu (on each x86 machine) to administer any machines remotely is an improvement over Wakej-on-LAN?
For an admin? Yes it's definitely an improvement.
For an end-user? It's your worst nightmares slowly coming to life one after the other.
Wake-On-LAN have that capability too.
TL;DR: ME and IPMI enable an admin to remotely debug a machine that doesn't even want to turn on. It goes much beyond what WOL offers. It's more comparable to a network-enabled-KVM, and even goes a bit further (some kind of network-enabled-KVM that could even tap into the motherboard's DIP switches, back when those still existed).
For Wake-on-LAN to be useful:
- the ma
Anti-Russia hysterics are a mental disorder (Score:1)
Who actually believes this rabid anti-Russia crap?
http://www.zerohedge.com/news/2017-11-09/wikileaks-publishes-cia-hacking-tool-designed-impersonate-russias-kaspersky-lab
Are we living in the Red Scare again? Are we going to start burning Dostoyevsky books? Will we round up all the Siberian huskies and throw them in the furnace?
Review by Independent Party (Score:2)
Re: (Score:2)
That part is at least easy to figure out. If you review the code, and then compile it, it should be identical to the application that they supply. If it isn't, than you're not reviewing the same code that is being shipped, or your compiler isn't the same as their compiler.
Re:Review by Independent Party (Score:4, Interesting)
I can tell you've never tried this using a modern build system...
Let me fill you in on a nasty little secret, where the code may be exactly the same, the compiled and linked object may differ between builds due to time stamps and other things that may change between build runs. Yea, the compiler *may* actually generate the same object files, sometimes they don't...
Of course, this is NOT a universal rule, but as a rule of thumb is generally true. One build will not checksum the same as the next...
Re: Review by Independent Party (Score:2)
Re: (Score:2)
It doesn't matter that Debian is doing it.
If Kaspersky (or any proprietary shop) does not follow a similar scheme, their code audits mean very little. Kaspersky could start following a reproducible build process for the future, but it won't help us verify that their current code and executables are the same.
Re: (Score:3)
Disinformation. Nice try.
Re: Time to start using Karspersky (Score:1)
Before 2016: "CIA lied people died" "NSA is Big Brother and an apparatus of the state trustno1"
After 2016: "OMG trump criticized the intelligence community. WTF I believe everything the CIA and NSA says now"
Re: (Score:2)
https://en.wikipedia.org/wiki/... [wikipedia.org]
For all the code litter found by experts how much is the US rediscovering its own use of Honeycomb, Hive. From fake news to fake cyber code litter.
Re: (Score:2)
Maybe karspersky has become too effective at capturing and stop NSA's malware and spy tools.
Malware developers maintain updated versions of popular security suites, and they make sure their payloads are not detected prior to release. This is fairly well known.
Lone-wolf coders were doing this 10-20 years ago. I'm sure the global intelligence agencies can figure out how to spin up a bunch of VMs to test their tools.
Kaspersky is not special or notable in this regard.
Sensationalization (Score:1)
CIA impersonated Kaspersky? (Score:2)
http://www.securityweek.com/wi... [securityweek.com]
If we did a fair comparison of who has broken more 'trust', I wonder who would come out on top. I dont recall the last time the 'am I secure' landscape looked so uncertain.
I reject this anti-Kaspersky sentiment (Score:5, Insightful)
Sorry, but all evidence shown so far seems to indicate Kaspersky software works just fine, Not caused system compromises, AND
any case where Kaspersky "exposed" or "leaked" secret files were Kaspersky working like it's supposed to --- not Kaspersky violating any privacy expectations; you
just don't get to run "secret" potentially-malicious programs on desktop computers without the possibility of malware samples of your suspicious code going to the AV vendor for analysis.... I can accept that, and I think most people SHOULD accept that with zero objections.
Re: (Score:2)
What happens if they appoint a Special Council and then have to admit to the world that it is legal for government officials to encourage other governments to give to charity. What then?!
This is the stupidest sort of accusation; the sort that if true, only proves somebody did some good in the world by forcing bad people to give to charity.
There is no accusation in the accusation!
Re: (Score:2)
the computer code it uses for such spying
Like I said. Antivirus software detecting malicious binary software code payloads used for spying and doing exactly what it should do --- submit samples to HQ for analysis --- doesn't matter that the malware executables were confidential NSA materials.
Re:I reject this anti-Kaspersky sentiment (Score:4, Insightful)
From what I've read, this whole thing got started when an NSA contractor downloaded files to a personal computer that also had Kaspersky AV running. Kaspersky did its job and identified the malware the contractor was working on and sent the files away for analysis. There have been allegations that Kaspersky was scanning for files containing certain words, but I haven't seen any evidence of that put forward.
It might make sense for Federal computers not to run any software that hasn't been vetted, but what about the hardware the software is running on? Why do these agencies that don't trust Kaspersky trust their Chinese made computers and phones?
Re: (Score:2)
all evidence shown so far seems to indicate ... and I think most people SHOULD accept that with zero objections.
Idiot detected! See, that's me giving you the benefit of the doubt that you're not acting maliciously!
Re: (Score:2)
Sorry, but all evidence shown so far seems to indicate Kaspersky software works just fine, Not caused system compromises, AND
any case where Kaspersky "exposed" or "leaked" secret files were Kaspersky working like it's supposed to --- not Kaspersky violating any privacy expectations; you
just don't get to run "secret" potentially-malicious programs on desktop computers without the possibility of malware samples of your suspicious code going to the AV vendor for analysis.... I can accept that, and I think most people SHOULD accept that with zero objections.
Yep all a vast [arstechnica.com] liberal conspiracy with 0 evidence from other parties that Russian intelligence has [bloomberg.com] been using Kaspersky at all because Trump has an R next so any negative news must be by the democrats.
Re: (Score:2)
Sorry, but all evidence shown so far seems to indicate Kaspersky software works just fine, Not caused system compromises, AND
any case where Kaspersky "exposed" or "leaked" secret files were Kaspersky working like it's supposed to --- not Kaspersky violating any privacy expectations; you
just don't get to run "secret" potentially-malicious programs on desktop computers without the possibility of malware samples of your suspicious code going to the AV vendor for analysis.... I can accept that, and I think most people SHOULD accept that with zero objections.
Yep all a vast [arstechnica.com] liberal conspiracy with 0 evidence from other parties that Russian intelligence has [bloomberg.com] been using Kaspersky at all because Trump has an R next so any negative news must be by the democrats.
It is not like a foreign independent intelligence agency [nytimes.com] found any proof of this at all.
Re: (Score:2)
You can typically disable this functionality.
In fact, it is necessary to disable it in some regulated environments.
Re: (Score:1)
Re: (Score:1)
They also export a lot of unmarried women, and bitch plywood. "Baltic" birch is code for "imported" birch, it is mostly from Russia.
The also export a lot of vodka. The quality sucks, but casual drinkers assume it is just a "genuine" flavor, and not the result of any lack of QA.
They're also a world leader in vacuum amplifier tubes. China is starting to take over both the high end and low end market segments, but Russia is still the king of "tube amplifiers that sound like genuine Soviet amplifiers from the 1
have they removed all trace of Trump yet? (Score:2)
much more dangerous
AV software detections (Score:2)
Would you like to:
a) install additional AV software to help clean AV infection from your PC
b) quarantine other AV software
c) (not recommended) do nothing.
Re: (Score:2)
I'll take
D) install *nix and move security monitoring to the network
Re: (Score:2)
It is generally just you? What?
Re: (Score:2)
Re: (Score:2)
The actual problem that Americans would notice is that in the above usage it should be The USA. In both cases.
How can they tell it's Moscow-based Kaspersky Lab (Score:1)
How can they tell they're not detecting forged CIA digital certs [theregister.co.uk]. I figure Kaspersky is the only security company that hasn't been compromised by the US security apparatus.
Replace Krapersky (Score:2)
This goes against US interests in the WTO (Score:2)