Massive, sophisticated "Inception - Cloud Atlas" malware infects Windows and Android but can't explo

24

Comments

  • Reply 21 of 75
    Quote:

    Originally Posted by lightknight View Post

     
    Quote:
    Originally Posted by TechLover View Post

     

     

     

    1.)  Don't be a diplomat.  And 2.) Don't click on random links in your email and text messages.

     

    Seems simple enough to me.


    "Don't be a diplomat" seems like a bizarre piece of advice.

     

    The part about clicking random links, however, I couldn't agree more. After the years of phishing attacks we've endured, why does it still happen?!

    Shouldn't evolution have caused the apparition of a new gene of "doesn't click on random links" in people?


    "Don't be a diplomat" is simply a cheeky way of saying you have a 0.00037133333% chance of getting hit by this using my revised numbers of 1,114,000 diplomats divided by 3 billion (combined, I am guessing there are around 3 billion smartphones and Windows machines in the world).

     

    Some people it seems will always click the link as if a food pellet or dose of cocaine is going to pop out.  It's truly remarkable.

     

    I listened to a podcast the other day and the guest used to be hacker who was doing phishing years ago.  I was astonished.  He said that back in the days of AOL he would get a 10% response to phishing emails that said please change your password, etc.  10%!!!!  That's insanely high for even a legitimate email campaign.

  • Reply 22 of 75
    Quote:
    Originally Posted by TechLover View Post

     

    Good thing a normal person, whatever platform they are on, doesn't have to worry about this. 

     

    1.) Its narrowly focused at diplomats.  2.) This is a phishing attack so the user has to be an idiot and actively click on a link in their email or text message.

     

    How many diplomats could there possibly be in the world? 38,000?  There are 193 countries in the UN, so lets say there is one diplomat for every other country (there isn't).  That would be 37,249.  So lets round up to 38,000 if every single diplomat on the planet was infected.

     

    38,000 may seem like a lot, but it's not when there are billions and billions of smart phones and Windows machines out there.

     

    So to avoid this it's pretty simple.  1.)  Don't be a diplomat.  And 2.) Don't click on random links in your email and text messages.

     

    Regardless, DED is not going to pass up any opportunity to trash everything not Apple.  Be afraid says Daniel, be verrrrrrry afraid.




    The diplomatic corps doesn't just include ambassadors. It includes any number of secretaries, staffers, translators. If you include all the people working in an embassy, it also includes a lot of CIA, DEA, and MILINT staff. I'd guess the US diplomatic corps alone easily dwarfs the 38,000 number, and maybe by an order of magnitude.

  • Reply 23 of 75
    tlevier wrote: »
    Random Question:

      First of all, I love my iPhone and the thought that it's pretty solid with the encryption and locking.  Meaning, that if I don't unlock it, no one else will.  It's great that Apple even promotes this and states that they can't unlock it either.  So here's my question - I've installed profiles/certificates from my corporation and downloaded Mobile Iron so that I can receive my corporate email on my personal iPhone.  Does this in any way weaken my device security?  If my corporation was under attack, or Mobile Iron, etc... would that open me up to problems or could those aspects be leveraged to get to the rest of my iPhone?

    Only if your company is like Sony and keeps spreadsheets of the company server of everyone's passwords in an unencrypted, unhashed form with the file names clearly describing that the files are lists of passwords and what kinds of passwords.

    This attack comes at a time when Windows may have been gearing up to blunt the IBM/Apple push to take over the enterprise/government business. I read this story with an unanswered question ringing in my head... Why was there no mention of KNOX and Samsung's claim to having some kind of special security???
  • Reply 24 of 75
    Quote:

    Originally Posted by Corrections View Post

     

    If you don't like a spade being called a spade, maybe you should read "news" that tickles your ears somewhere else.  


    No thanks. I will read what ever I want, where ever I want, and respond to things when ever I feel like it.  

     

    I admit it when I am wrong and try to see things from all angles.  I tend to call out DED because he's so overly passionate about trashing the competition.  There is nothing wrong that.

     

    If that bothers you, well that is your problem not mine. 

     

    That being said, thank you for the additional info.  It would have been nice if it was included in the original article.

  • Reply 25 of 75
    rob53rob53 Posts: 3,289member
    Quote:

    Originally Posted by sflocal View Post

     

    Well, the link to the posted seems to have been taken down.  Me think maybe them prominently including iOS there when it really should never have been might have been a bit too much for them?  I was gonna write the author a blunt email about his click-bait tactics.




    Still there, http://arstechnica.com/security/2014/12/nation-backed-malware-targets-diplomats-iphones-androids-and-pcs/ Not on front page but link works.

  • Reply 26 of 75
    Let's play guess-the-author. The more elaborate and convoluted a headline, the better the chances that it's a DED article. If the headline is doing contortions and gymnastics you can be assured that you're about to click on something penned by Mr. DED.
  • Reply 27 of 75
    robmrobm Posts: 1,068member
    ddawson100 wrote: »

    And, your point being, what exactly ?
  • Reply 28 of 75
    In related news: Tonight's news only mentions that Apple iOS devices can be compromised...and (in whispering voice)...but only those that are jailbroken can be completely compromised.
  • Reply 29 of 75
    Quote:

    Originally Posted by TechLover View Post

     

    I tend to call out DED because (...)


    FYI...Corrections is DED, DED is Corrections

  • Reply 30 of 75
    Quote:

    Originally Posted by Dickprinter View Post

     

    FYI...Corrections is DED, DED is Corrections




    He has several aliases. DED, Corrections & Prince McLean are his most well-known ones.

  • Reply 31 of 75
    Quote:



    Originally Posted by Corrections View Post

     




    Quote:
    Originally Posted by Dickprinter View Post

     
    Quote:
    Originally Posted by TechLover View Post

     

    I tend to call out DED because (...)


    FYI...Corrections is DED, DED is Corrections




    Quote:
    Originally Posted by Lord Amhran View Post

     
    Quote:
    Originally Posted by Dickprinter View Post

     

    FYI...Corrections is DED, DED is Corrections




    He has several aliases. DED, Corrections & Prince McLean are his most well-known ones.

     


    Wait a second.  For real?  Corrections is DED?  How would you know?  

     

    I have only been coming here for about a year on and off.  So the two of you would know better than me.

     

    I find that idea extremely funny, entertaining, and also a bit sad and depressing.  If true, I would feel bad for DED that he would even feel the need to do that.  The guy should be able to write his hit pieces with confidence, and then reply in the forums as the author if he chooses to. 

     

    What I mean is, what self respecting journalist doesn't use their penned name from the article in the comments section as well?  I can't think of a single decent website that I visit where the writers do that.  Maybe I am just not paying close enough attention. 

     

    So I am skeptical to your claims that DED is Corrections, but I have been wrong plenty of times.

  • Reply 32 of 75
    Originally Posted by TechLover View Post

    Wait a second.  For real?  Corrections is DED?  How would you know?  

     

    He said so.

     

    Originally Posted by Corrections View Post

    Do you think there's some value in registering your lack of respect for every article I write? What comment of value have you contributed recently? Why do you waste your life firing off mean spirited snipes of zero value or insight?



    The article isn't about an iPad appearing in a film. It's about the intersection of art and technology.



    As an aside, it also mentions iOS 6 anachronistically appearing onscreen in the "future" and the fact that HTC's primary prime time celebrity endorsement actually uses an iPhone.

  • Reply 33 of 75
    Quote:
    Originally Posted by Tallest Skil View Post

     
    Originally Posted by TechLover View Post
    Wait a second.  For real?  Corrections is DED?  How would you know?  

     

    He said so.

     

    Originally Posted by Corrections View Post

    Do you think there's some value in registering your lack of respect for every article I write? What comment of value have you contributed recently? Why do you waste your life firing off mean spirited snipes of zero value or insight?



    The article isn't about an iPad appearing in a film. It's about the intersection of art and technology.



    As an aside, it also mentions iOS 6 anachronistically appearing onscreen in the "future" and the fact that HTC's primary prime time celebrity endorsement actually uses an iPhone.



    Well thanks Tallest Skil, you would likely know better than just about anybody here.   

     

    Chalk another one in the "I was wrong" column!  Won't be the last time.

     

    Also probably won't be the last time I piss and moan about a DED article ;)

  • Reply 34 of 75
    Quote:

    Originally Posted by TechLover View Post

     

    Wait a second.  For real?  Corrections is DED?  How would you know?  

     

    So I am skeptical to your claims that DED is Corrections, but I have been wrong plenty of times.


    Glad you can admit when you're wrong. That is a lost quality nowadays.

     

    Quote:

    Originally Posted by Tallest Skil View Post

     

     

    He said so.

     


    Plus, who else would so vehemently defend every word in an AI article if it wasn't the author doing it? There are fanboys and there are fanboys; DED/Corrections takes it to the next level. Not saying it's a bad thing, just saying. I enjoy every one of his articles that don't read like he's making a mountain out of a molehill…..which, thankfully, are far and few in between. I'd venture to say that only around 10% of his articles are in my "ad nauseam" category. The remaining 90% are extremely enlightening, very well researched and are very educational, IMO.

  • Reply 35 of 75
    droidftwdroidftw Posts: 1,009member
    Quote:

    Originally Posted by TechLover View Post

     

    Wait a second.  For real?  Corrections is DED?  How would you know?  

     

    I have only been coming here for about a year on and off.  So the two of you would know better than me.

     

    I find that idea extremely funny, entertaining, and also a bit sad and depressing.  If true, I would feel bad for DED that he would even feel the need to do that.  The guy should be able to write his hit pieces with confidence, and then reply in the forums as the author if he chooses to. 

     

    What I mean is, what self respecting journalist doesn't use their penned name from the article in the comments section as well?  I can't think of a single decent website that I visit where the writers do that.  Maybe I am just not paying close enough attention. 

     

    So I am skeptical to your claims that DED is Corrections, but I have been wrong plenty of times.


     

    DED is definitely Corrections.  It can get confusing as he'll refer to himself in the third person to fool newer people, but every now and then he outs himself in his posts.  Then again, it doesn't take long to notice the hostile writing style from both.  DED/Corrections/Prince McClean is not a happy person on the Internet.  Hopefully he has more joy in his personal life.

  • Reply 36 of 75
    boredumbboredumb Posts: 1,418member
    Quote:

    Originally Posted by sflocal View Post

     

    Well, the link to the posted seems to have been taken down.  Me think maybe them prominently including iOS there when it really should never have been might have been a bit too much for them?  I was gonna write the author a blunt email about his click-bait tactics.


    http://arstechnica.com/security/2014/12/nation-backed-malware-targets-diplomats-iphones-androids-and-pcs/

     

    I just used it... (shrug)...or isn't that what you were referring to?  I used their staff directory, though.

  • Reply 37 of 75
    Quote:

    Originally Posted by Dickprinter View Post

     

    Glad you can admit when you're wrong. That is a lost quality nowadays.

    _________

     

    DED/Corrections takes it to the next level. Not saying it's a bad thing, just saying.


    Yeah I never have a problem admitting fault, being wrong, etc.  

     

    I would rather be wrong and change my thinking and absorb new valid information than fight tooth and nail to be "right". 

     

    Changing gears. Good on DED!  We are not paid to be here, in fact its free.  Which makes us the product right?  We are HIS product.

     

    So I understand what DED is doing.  Clicks baby clicks!  Pay those bills!  Serve those ads!  

     

    He knows what side his bread is buttered on.  And that butter is called Google Ads, or ads from lord knows where.  I shudder to think what this site looks like without Ghostery and AdBlock Plus enabled.  I wouldn't know and never will.

     

    So at the end of the day, DED writes a piece.  I click, and read, and then bitch about it.  And the world doesn't come to a screeching halt on it's axis and usually I learn something new in the process.

     

    I guess I would prefer he uses his pen name in the comments as well.  But it's not a deal breaker.

     

    ....Not sure where I was going with all of that, its getting late.  

     

    Namaste.

  • Reply 38 of 75
    Quote:

    Originally Posted by TomMcIn View Post



    The subtitle says Most iOS malware requires a jailbreak

    implying there is iOS malware that infects normal iOS devices.



    Name some.



    There are some, but again, the caveat here is that they all require some tedious workarounds. 

     

    For example, there was a case of a 3rd party iPhone charger which could infect an iOS device when you plug in the cable. However, it requires you to buy said charger from this very specific manufacturer, so the potential for misuse was very low. 

     

    http://arstechnica.com/security/2013/07/trusting-iphones-plugged-into-bogus-chargers-get-a-dose-of-malware/

     

    It's also theoretically possible with enterprise-signed malware. 

     

    http://www.marblesecurity.com/2014/12/05/marble-security-labs-report-enterprises-remain-vulnerable-to-ios-malware-vectors-despite-apples-responses/

     

    But as you can see, it's nowhere as "straightforward" as downloading malware straight from some seedy 3rd party app store, running it and having the app wreck havoc on your system. Even if the malware somehow found its way onto your phone, the silo'ed nature of iOS would prevent it would accessing other apps anyways, which already limits how much harm can be done in the first place. 

     

    This is what irritates me - articles like this making iOS sound way more vulnerable than it actually is, all in the interest of clickbait. 

  • Reply 39 of 75
    Quote:
    Originally Posted by DroidFTW View Post

     
    Quote:
    Originally Posted by TechLover View Post

     

    Wait a second.  For real?  Corrections is DED?  How would you know?  

     

    I have only been coming here for about a year on and off.  So the two of you would know better than me.

     

    I find that idea extremely funny, entertaining, and also a bit sad and depressing.  If true, I would feel bad for DED that he would even feel the need to do that.  The guy should be able to write his hit pieces with confidence, and then reply in the forums as the author if he chooses to. 

     

    What I mean is, what self respecting journalist doesn't use their penned name from the article in the comments section as well?  I can't think of a single decent website that I visit where the writers do that.  Maybe I am just not paying close enough attention. 

     

    So I am skeptical to your claims that DED is Corrections, but I have been wrong plenty of times.


     

    DED is definitely Corrections.  It can get confusing as he'll refer to himself in the third person to fool newer people, but every now and then he outs himself in his posts.  Then again, it doesn't take long to notice the hostile writing style from both.  DED/Corrections/Prince McClean is not a happy person on the Internet.  Hopefully he has more joy in his personal life.


    So I am definitely not DED and/or Corrections and can't speak to the fact if he is a happy person or not.  

     

    That being said the guy seems very upset about everything not Apple.  I could be wrong (nothing new) but he mostly seems to be upset about Google first and foremost, and then Samsung, and then Microsoft being a distant third.

     

    Like I just said above in a post, Google seems to be paying his bills around here, along with other ads from lord knows where, which are no different than Google ads when push comes to shove.

     

    So if anything DED should be a happy and grateful person, that he can have a voice deriding everything Google does, while essentially Google (and whoever else tracks and sells our data) pays his bills to write here.

     

    Again I don't know DED, but I would be happy as a clam and laughing all the way to the bank if I were him.  Take that Google ad money!

  • Reply 40 of 75
    Quote:

    Originally Posted by abazigal View Post

     

    This is what irritates me - articles like this making iOS sound way more vulnerable than it actually is, all in the interest of clickbait. 


    Clickbait = ads = you are the product.

     

    If its free you are being tracked, advertised to and you are the product.  

     

    Right?

Sign In or Register to comment.