nanog mailing list archives
Re: Any computer, anywhere?
From: /dev/ph0b0s <phobos () panopticism net>
Date: Sun, 8 Dec 2013 06:11:18 -0500
On 12/08, Warren Bailey wrote:
http://m.washingtonpost.com/business/technology/2013/12/06/352ba174-5397-11e3-9e2c-e1d01116fd98_story.html Noticed this tonight.. Not saying the WP is always on target, but what software could be installed via a browser on any computer to gather all of that data? And how would it be done without the OS speaking up about it? Far fetched.. Or do the Firefox / chrome guys have some 'splainin to do?
My first thought as I read the article Friday evening was that they were attempting to exploit a vulnerability in a popular application (first guess: Adobe Flash) in order to execute arbitrary code -- at which point they have full control of the victim's PC and can do (or install) whatever they want. "A software update to a program the surveillance software was planning to target, meanwhile, raised fears of a malfunction, forcing the FBI to refashion its malicious software before sending it to Mo’s computer." However, the article also states that: "Federal magistrate Judge Kathleen M. Tafoya approved the FBI’s search warrant request on Dec. 11, 2012, ..." "The surveillance software was sent across the Internet on Dec. 14, 2012 ..." December 11, 2012 fell on a Tuesday. More specifically, it fell on the second Tuesday of the month, a.k.a. "Patch Tuesday". Perhaps it was a vulnerability in Microsoft Windows itself, then, that they were attempting to exploit? Six of the seven vulnerabilities fixed that month "could allow remote code execution". Internet Explorer and Microsoft Office were among the affected software, according to http://technet.microsoft.com/en-us/security/bulletin/ms12-dec. "... but the FBI’s program didn’t function properly, ..." Oops. /p
Current thread:
- Re: Any computer, anywhere?, (continued)
- Re: Any computer, anywhere? Tammy Firefly (Dec 08)
- Re: Any computer, anywhere? Michael Brown (Dec 08)
- Message not available
- Empty messages (was Re: Any computer, anywhere?) Larry Sheldon (Dec 08)
- Re: Empty messages (was Re: Any computer, anywhere?) ML (Dec 08)
- Re: Empty messages (was Re: Any computer, anywhere?) Jon Sands (Dec 08)
- Re: Empty messages (was Re: Any computer, anywhere?) Jorge Amodio (Dec 08)
- Re: Empty messages (was Re: Any computer, anywhere?) Michael Brown (Dec 08)
- Re: Empty messages (was Re: Any computer, anywhere?) Michael Brown (Dec 08)
- Re: Any computer, anywhere? Tammy Firefly (Dec 08)
- Re: Any computer, anywhere? David Hiers (Dec 08)