TechSpot

PoisonIvy RAT used to extract data from chemical and defense firms

By Shawn Knight
Oct 31, 2011
Post New Reply
  1. Symantec Corp has revealed that a coordinated cyber attack targeted at least 48 chemical and defense companies in the US, Bangladesh and the UK. The source of the attack has…

    Read the whole story
     
  2. TomSEA

    TomSEA TechSpot Chancellor Posts: 2,371   +406

    So where's China's obligatory and standard, "it wasn't us" comment?
     
  3. So this is what passes in the intelligence community as a Significant and Sustained Cyber Attack, one lone guy in china sending out a trojan horse program called Poison-Ivy to a couple of Windows users who are too stupid to not click the attachment. Perhaps he should have used LostDoor instead, from what I know that one actually spreads on a USB stick.
     
  4. God forbid the intelligence community ever gain any.. Intelligence that is, if they did they would probably be screaming at the people providing them with Platinum SSL Certificates that they're paying in excess of $199.00 a year for - that do absolutely nothing, only today I was showing another security researcher just how badly broken SSL Certification actually is... But they are oblivious to just how badly it's actually broken because they lack the intelligence to understand it!
     
  5. Mindwraith

    Mindwraith TS Enthusiast Posts: 186

    so america is developing chemicals for use by the military? that's comforting........
     
  6. Lets just take a wild stab in the dark here, which anti-virus firm where these firms that have all supposedly been hacked into relying upon for there protection? Would it be the same anti-virus firm selling them VeriSign Security Certificates for in excess of $199.00 a year per license per desktop?!
     
  7. Technolust

    Technolust TS Rookie

    Heres something for VeriSign and the intelligence community to put in their pipe and smoke.

    Certification path for "www.symantec.com"
    Subject: OID.1.3.6.1.4.1.311.60.2.1.3=US,OID.1.3.6.1.4.1.311.60.2.1.2=Delaware,OID.2.5.4.15=Private Organization,serialNumber=2158113,C=US,postalCode=94043,ST=California,L=Mountain View,OID.2.5.4.9=350 Ellis Street,O=Symantec Corporation,OU=IT Security,CN=www.symantec.com
    Issuer: C=US,O="VeriSign, Inc.",OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL SGC CA
    Validity: from 16/08/11 00:00:00 UTC to 15/08/12 23:59:59 UTC
    -----BEGIN CERTIFICATE-----

    Long story short, I can steal and re-sign your security certificates and then re-issue them to who ever I want because the authenticity part designed by its creator was in his own words a hand-wave!

    -----END CERTIFICATE-----
     
  8. Technolust

    Technolust TS Rookie

    [​IMG]

    Even GeoTrust is Trust less!
     
  9. Technolust

    Technolust TS Rookie

    Thats what I call NEWS.. Not listening to how some old chinese guy sent loads of dumb asses a trojan that they then **double-clicked**
     
  10. aj_the_kidd

    aj_the_kidd TS Rookie Posts: 555

    Most of the time the military buys goods off public and private companies rather then making it in-house, it cost less to buy then to own and produce themselves

    Back on topic, i know of a couple of very intelligent people that are shockingly technologically inept, its actually quite mind boogling
     
  11. Technolust

    Technolust TS Rookie

    I know people like that, I've met a quite a few.
     
     
  12. Zilpha

    Zilpha TS Enthusiast Posts: 349

    Laugh. out. loud.

    That's really all I have to say about that.
     
  13. Err.... Do you even know how public-private keys work at all? If not, please don't scare the public. And please go ahead and reissue the cert, and see if any browser would just accept it.
     
  14. Burty117

    Burty117 TechSpot Chancellor Posts: 2,524   +324

    +1 on that, I know someone who can speak several different lauguages, got A+ in everything at school and she really does know alot, however, put out a laptop in front of her and she might as well just dribble on it. She struggles to tell the difference between the "Internet" and "Internet Explorer" Or the concept of a different browser. Installing a program is pretty much impossible and anything other than facebook is pretty much a no go.
     
  15. Win7Dev

    Win7Dev TS Booster Posts: 375   +43

    Chemicals could mean a lubricant for gears or something, who ever said what their for. Thermal paste is a chemical, and a very useful one too.

    I know most people will probably say the chemicals aren't being made for safe uses. As if every other country isn't doing the same thing...
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.