tldr; memory malware, fuckfuckfuck worse then 0 day.
Newly published report by the Russian security firm Kaspersky Lab indicates that hackers are targeting banks, telecommunication companies, and government organizations in 40 countries, including the US, South America, Europe and Africa, with Fileless malware that resides solely in the memory of the compromised computers. Fileless malware was first discovered by the same security firm in 2014, has never been mainstream until now. Fileless malware is a piece of nasty software that does not copy any files or folder to the hard drive in order to get executed. Instead, payloads are directly injected into the memory of running processes, and the malware executes in the system's RAM. Since the malware runs in the memory, the memory acquisition becomes useless once the system gets rebooted, making it difficult for digital forensic experts to find the traces of the malware.
And thanks to NetFlix pushing Intel to make shit like SGX, it's only going to get worse
Nathan Jones
I still cannot believe the god-FUCKING-damn DRM was so fucking important they literally added a malware safe-space to Intel processors. Hope AMD won't implement it.
Luis Russell
What did you expect from jewtel?
John Sanchez
SGX is just Intel trying to bring x86 to feature parity with 90s Big Iron. They can't afford to lose the Cloud to SPARC and zArch.
Parker Sanchez
>Netflix No fucks given.
Zachary Sullivan
If there's no option to disable it in the BIOS, shit is going to get ugly.
Joshua Gray
>le troll face XDDDD You have to go back.
Anthony Murphy
Every pirate will start using AMD, problem solved.
Nathaniel Baker
Thats rage face and an old Sup Forums meme years ago you newfag fuck
Daniel Murphy
before the great reddit migration you trumpites would be shamed for being so new
Justin Wilson
>SPARC, zArch >relevant outside if autistic neckbeards on a khazakstani flute cleaning board
Ian Jackson
>option to disable DRM nice meme my dude
Aiden Morgan
You can disable the hardware feature and the (((DRM))) won't work, it will tell you to fuck off instead.
William Edwards
You don't get it, do you?
SGX == RAM not even a root-level user can see/modify.
NetFlix is doing it to hide the 4k streaming encryption keys.
But what happens when Malware starts to leverage this shit?
Caleb Wright
But it only affects certain CPUs. I doubt this will affect over 10% consumers or any business.
Logan Lee
>CPU instruction set extensions introduced >not included in every architecture to come after it
Have you even been paying attention to x86 cpu development the past 20 years?
Gabriel Parker
You can always switch to AMD or just use any of the current top-tier processors. It's not like processing power will be improved by much in future.
Charles Anderson
>not rotating your ram
Alexander Jones
AMD has this too
Oliver Garcia
it's there on every new Intel CPU... thanks to jewflix.
Charles Flores
Fuck. Then the only choice is not to upgrade.
Luke Sanchez
isn't this just meterpreter? it's been around a lot longer than 3 years
Josiah Williams
>99.9999% uptime, gone
Christopher Gomez
No, user. It's time to finally migrate to MIPS.
Aiden Rodriguez
That's a meme anyway. Only difference between 99.99 and 99.999 is a one minute in the boot times or something
Hudson Harris
There are better video sources than netflix. Why would anyone pirate from fuckibg streaming sites?
Hunter Clark
How is this bad you fuck? It's a secure element. It's meant to commit honorable seppuku before allowing anyone to read it. No different than a smartcard. The amount of security applications this enables is astounding
Jacob Ortiz
>memory malware So like not persistent in the slightest? What is the problem exactly?
Christopher Hernandez
>Fileless malware is a piece of nasty software that does not copy any files or folder to the hard drive in order to get executed. Instead, payloads are directly injected into the memory of running processes, and the malware executes in the system's RAM.
idk what's so amazing about it.
I wrote something like this (malware hooking into processes' .got section) some 15 years ago.
Jordan Mitchell
Bump
Daniel Fisher
if they manage to get the vaulted certificates that only 4 companies have to leverage SGX then yes it will be a cause for concern
Brody Howard
>Turn it on without actually learning how system got infected >Get infected again
Daniel White
download to-be-executed sections of malware, execute it, immediately overwrite with another program. Interlace downloads with other internet traffic. Infect and utilize multiple processes to download to the "active" area of the malware.
Welcome to computers - if someone is stupid enough to think it up, someone is smart to make it happen.
Julian Lee
because you cannot trust the combination of Intel and Microsoft
Carson Rodriguez
Is SGX on i7 6700k too?
Chase Torres
> you trumpites
Juan Davis
I forgot:
Henry Jackson
>It's a secure element. Until someone discovers a single fuckup and then it's all over, leaks big like the secure boot keys. Building this kind of stuff into the hardware is only a matter of time until someone gets through.
Jayden White
That's nothing compared to transforming malware that exists in GPUs, constantly re-encrypting itself to hide from all scans and nearly impossible to detect. Since the GPU typically has root access as a 'trusted' component across systems it can do anything from there and quietly pass it's information by infecting the LAN firmware and usually the router firmware too to break out of the firewall esp if JuniperOS or CISCO
Michael Brown
Quoted directly from Wikipedia:
"It was introduced in 2015 with the sixth generation Intel Core microprocessors based on theSkylakemicroarchitecture.
The introduction of SGX has a large impact on the security industry.[citation needed]It shifts how security is being achieved and lowers the attack surface area of projects. One example of SGX used in security was a demo application from wolfSSLusing it for cryptography algorithms. An additional example is Numecent using SGX to protect the DRM that is used to authorize application execution with their Cloudpaging application delivery products."
tl;dr yes.
Jace Ortiz
Fuck.
Jaxon Gutierrez
I'm ready
Christopher Diaz
first post best post
Wyatt Perez
For a moment I thought this is running in memory controller firmware, turns out it's ordinary malware. Nothing new.
Mason Anderson
well malware running in some firmware is also not new
Anthony Stewart
I'm waiting for malware running in car firmware It will happen soon
