Security researcher Dragos Ruiu has been painstakingly untangling a weird, scary piece of malicious software that compromises the BIOS of the computers it attacks, allowing it to infect machines with different operating systems. He's dubbed it "badBIOS" and has seen it infect machines that aren't connected to the Internet. It appears that its initial vector may be a USB exploit, spreading by memory stick, but after that, it appears that it continues to communicate with other infected machines by ultrasonic networking through its hosts' mics and speakers (!). On Ars Technica, Dan Goodin has a deep dive into the strange, freaky world of badBIOS.
Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected machine that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when one of the machines had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.
With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.
"The airgapped machine is acting like it's connected to the Internet," he said. "Most of the problems we were having is we were slightly disabling bits of the components of the system. It would not let us disable some things. Things kept getting fixed automatically as soon as we tried to break them. It was weird."
Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps [Dan Goodin/Ars Technica]
Frontier is the bottom-rung of the top-tier of US ISPs, serving customers in 29 states. Despite enjoying monopoly control over its customers' online lives, and despite massive government handouts and a lackadaisical approach to maintenance, and despite out-and-out theft from customers, the company is filing for bankruptcy, having accumulated $16.3b in debt through mismanagement.
Bruce Schneier's Foreign Policy essay in 5G security argues that we're unduly focused on the possibility of Chinese manufacturers inserting backdoors or killswitches in 5G equipment, and not focused enough on intrinsic weakness in a badly defined, badly developed standard wherein "near-term corporate profits prevailed against broader social good."
Long before 4chan and other anything-goes forums existed, every major online community had a similar community: the Well had its "weird" forum, Usenet had alt.syntax.tactical (among others), and Something Awful had the "Fuck You and Die" forum, where people were funny, mean, obscene, and gross, sometimes all at once.
Whether you’re managing a political campaign or building a client base, there comes a time when you stop seeing people and start seeing numbers. This doesn’t happen suddenly. You shake hands, make calls, and build relationships. And then those relationships disappear into a database of donors or customers as your organization grows. People get brought […]
Learning to ride a bike is one of those quintessential childhood experiences that’s as rewarding as it is scary. Prep your precious babe for success by starting them early with the world’s lightest balance bike, the Brilrider FLIGHT. For the uninitiated, balance bikes are no-pedal bicycles that propel forward by pushing off the ground with […]
With so many advancements in modern society, you’d think we’d have moved beyond the butane lighter by now. A pressurized, flammable gas, butane fumes can irritate your eyes and skin, can elevate your heart rate, and even lead to cardiac arrest. And we did mention that whole highly pressurized and flammable part, right? While certainly […]