PoisonIvy RAT used to extract data from chemical and defense firms

G

Guest

So this is what passes in the intelligence community as a Significant and Sustained Cyber Attack, one lone guy in china sending out a trojan horse program called Poison-Ivy to a couple of Windows users who are too stupid to not click the attachment. Perhaps he should have used LostDoor instead, from what I know that one actually spreads on a USB stick.
 
G

Guest

God forbid the intelligence community ever gain any.. Intelligence that is, if they did they would probably be screaming at the people providing them with Platinum SSL Certificates that they're paying in excess of $199.00 a year for - that do absolutely nothing, only today I was showing another security researcher just how badly broken SSL Certification actually is... But they are oblivious to just how badly it's actually broken because they lack the intelligence to understand it!
 
G

Guest

Lets just take a wild stab in the dark here, which anti-virus firm where these firms that have all supposedly been hacked into relying upon for there protection? Would it be the same anti-virus firm selling them VeriSign Security Certificates for in excess of $199.00 a year per license per desktop?!
 

Technolust

TS Rookie
Heres something for VeriSign and the intelligence community to put in their pipe and smoke.

Certification path for "www.symantec.com"
Subject: OID.1.3.6.1.4.1.311.60.2.1.3=US,OID.1.3.6.1.4.1.311.60.2.1.2=Delaware,OID.2.5.4.15=Private Organization,serialNumber=2158113,C=US,postalCode=94043,ST=California,L=Mountain View,OID.2.5.4.9=350 Ellis Street,O=Symantec Corporation,OU=IT Security,CN=www.symantec.com
Issuer: C=US,O="VeriSign, Inc.",OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL SGC CA
Validity: from 16/08/11 00:00:00 UTC to 15/08/12 23:59:59 UTC
-----BEGIN CERTIFICATE-----

Long story short, I can steal and re-sign your security certificates and then re-issue them to who ever I want because the authenticity part designed by its creator was in his own words a hand-wave!

-----END CERTIFICATE-----
 

Technolust

TS Rookie
Thats what I call NEWS.. Not listening to how some old chinese guy sent loads of dumb asses a trojan that they then **double-clicked**
 

aj_the_kidd

TS Rookie
Mindwraith said:
so america is developing chemicals for use by the military? that's comforting........
Most of the time the military buys goods off public and private companies rather then making it in-house, it cost less to buy then to own and produce themselves

Back on topic, i know of a couple of very intelligent people that are shockingly technologically inept, its actually quite mind boogling
 
G

Guest

Err.... Do you even know how public-private keys work at all? If not, please don't scare the public. And please go ahead and reissue the cert, and see if any browser would just accept it.
 

Burty117

TechSpot Chancellor
aj_the_kidd said:
i know of a couple of very intelligent people that are shockingly technologically inept, its actually quite mind boogling
+1 on that, I know someone who can speak several different lauguages, got A+ in everything at school and she really does know alot, however, put out a laptop in front of her and she might as well just dribble on it. She struggles to tell the difference between the "Internet" and "Internet Explorer" Or the concept of a different browser. Installing a program is pretty much impossible and anything other than facebook is pretty much a no go.
 

Greg S

TS Evangelist
Mindwraith said:
so america is developing chemicals for use by the military? that's comforting........
Chemicals could mean a lubricant for gears or something, who ever said what their for. Thermal paste is a chemical, and a very useful one too.

I know most people will probably say the chemicals aren't being made for safe uses. As if every other country isn't doing the same thing...