4 results back to index
Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro
3D printing, 4chan, active measures, address space layout randomization, air gap, Airbnb, Alan Turing: On Computable Numbers, with an Application to the Entscheidungsproblem, availability heuristic, Bernie Sanders, bitcoin, blockchain, borderless world, Brian Krebs, business logic, call centre, carbon tax, Cass Sunstein, cellular automata, cloud computing, cognitive dissonance, commoditize, Compatible Time-Sharing System, Computing Machinery and Intelligence, coronavirus, COVID-19, CRISPR, cryptocurrency, cyber-physical system, Daniel Kahneman / Amos Tversky, Debian, Dennis Ritchie, disinformation, Donald Trump, double helix, Dr. Strangelove, dumpster diving, Edward Snowden, en.wikipedia.org, Evgeny Morozov, evil maid attack, facts on the ground, false flag, feminist movement, Gabriella Coleman, gig economy, Hacker News, independent contractor, information security, Internet Archive, Internet of things, invisible hand, John Markoff, John von Neumann, Julian Assange, Ken Thompson, Larry Ellison, Laura Poitras, Linda problem, loss aversion, macro virus, Marc Andreessen, Mark Zuckerberg, Menlo Park, meta-analysis, Minecraft, Morris worm, Multics, PalmPilot, Paul Graham, pirate software, pre–internet, QWERTY keyboard, Ralph Nader, RAND corporation, ransomware, Reflections on Trusting Trust, Richard Stallman, Richard Thaler, Ronald Reagan, Satoshi Nakamoto, security theater, Shoshana Zuboff, side hustle, Silicon Valley, Skype, SoftBank, SQL injection, Steve Ballmer, Steve Jobs, Steven Levy, Stuxnet, supply-chain attack, surveillance capitalism, systems thinking, TaskRabbit, tech billionaire, tech worker, technological solutionism, the Cathedral and the Bazaar, the new new thing, the payments system, Turing machine, Turing test, Unsafe at Any Speed, vertical integration, Von Neumann architecture, Wargames Reagan, WarGames: Global Thermonuclear War, Wayback Machine, web application, WikiLeaks, winner-take-all economy, young professional, zero day, éminence grise
And releasing a “harmless” macro virus such as Winword.Concept is irresponsible. Gordon faulted universities for their lack of leadership. She especially disapproved of programming classes using virus code in homework assignments. This behavior legitimates hazardous upcode. “Whether we like it or not, our own actions and words communicate to the next generation what is acceptable socially, ethically, and legally and what is not. By our actions, or lack thereof, today, we ourselves are creating the virus writers of tomorrow.” Melissa, ILOVEYOU The first major macro virus to exploit Microsoft Word’s internet capabilities was Melissa, named after a Miami stripper whom David Lee Smith, a thirty-year-old virus author from northern New Jersey, knew.
…
antivirus protection wasn’t very useful: As Vesselin Bontchev argued, users don’t run one another’s macros, so it made little sense to let users run untrusted macros. Macro viruses declined rapidly when Microsoft switched the default to executing only digitally signed macros: Vesselin Bontchev, “The Real Reason for the Decline of the Macro Virus,” Virus Bulletin, January 1, 2006, https://www.virusbulletin.com/virusbulletin/2006/01/real-reason-decline-macro-virus/. repeatedly executed the virus: Nick FitzGerald, “Throwback Thursday: When Love Came to Town,” Virus Bulletin, ed. Martijn Grooten, June 2000, www.virusbulletin.com/virusbulletin/2015/05/throwback-thursday-when-love-came-town-june-2000.
…
When a user clicked on a Word document, Word automatically ran any macros embedded in the document. Thus, when a user opened a file infected with Winword.Concept, Word would execute the virus. The virus did only one thing: it appended a copy of itself to Word’s File Save As function. Anytime the user saved a file, Word would inject Winword.Concept into the document it was saving. The macro virus also contained a payload, but the payload was harmless. It simply contained a remark saying “That’s enough to prove my point”—the point being how easy it is to use macros to create viral malware. Word Basic’s utility was also its vulnerability. By allowing users to create miniprograms that can copy files, it allowed users to create miniprograms that can copy themselves.
Microsoft Office Outlook 2010 QuickSteps by Malestrom
centre right, Firefox, functional programming, macro virus, mail merge, New Journalism
Click OK twice to close the Trust Center and Outlook Options dialog boxes. viruses can be implanted in macros. This is a common 5 way for viruses to be spread. Outlook’s macro security simply disables macros that are not from secure or trusted sources, thus reducing the likelihood of getting a macro virus. By default, Outlook disables macros that are unsigned and warns you about signed 6 macros. You can change those settings if you wish. 1. Click File and click Options. In the Outlook Options dialog box that appears, click Trust Center, and then click Trust Center Settings. 2. In the Trust Center dialog box, click Macro 7 Settings in the left column. 3.
…
In the Outlook Options dialog box that appears, click 10 Add-Ins. A list of installed add-ins will appear, as shown in Figure 8-13. 184 184 Microsoft Office Outlook 2010 PC QuickSteps Getting to QuickSteps Know Your PCManaging Files and Folders 1 2 CAUTION Keep in mind that Outlook only helps reduce the likelihood of a macro virus; it is not a full antivirus 3 program. You should install and use antivirus software on your computer. Visit www.mcafee.com or www.symantec .com to learn more about antivirus programs. 4 5 6 Figure 8-12: It is unlikely that you will want to encrypt and/or digitally sign all your mail, but you may want to encrypt individual messages in the e-mail message window. 2.
Secrets and Lies: Digital Security in a Networked World by Bruce Schneier
Ayatollah Khomeini, barriers to entry, Bletchley Park, business process, butterfly effect, cashless society, Columbine, defense in depth, double entry bookkeeping, drop ship, fault tolerance, game design, IFF: identification friend or foe, information security, John Gilmore, John von Neumann, knapsack problem, macro virus, Mary Meeker, MITM: man-in-the-middle, moral panic, Morris worm, Multics, multilevel marketing, mutually assured destruction, PalmPilot, pez dispenser, pirate software, profit motive, Richard Feynman, risk tolerance, Russell Brand, Silicon Valley, Simon Singh, slashdot, statistical model, Steve Ballmer, Steven Levy, systems thinking, the payments system, Timothy McVeigh, Y2K, Yogi Berra
These are written in scripting languages and infect data files rather than programs. Many word processors, spreadsheets, and database programs have scripting languages. These scripts, sometimes called macros, are used to automate tasks and are stored with the data. People have written viruses using these scripting languages. The first Microsoft Word macro virus, “Concept,” was first observed in the wild in 1995; they existed in the Emacs text editor as early as 1992. These viruses can spread much more quickly than the others can, because people exchange data more often than they exchange programs. And as e-mail, collaboration, and file transfer software become easier to use, they will spread even faster.
…
Companies release them within days of learning of a new virus. And as long as viruses propagate slowly, this is good enough. Most antivirus software automatically updates itself once a month. Until 1999, that was good enough. E-mail propagation changed everything. The year 1999 gave us the Melissa Microsoft Word macro virus and the Worm.ExploreZip worm, and 2000 gave us the ILOVEYOU worm and its dozens of variants, but there are many others. This type of malware arrives via e-mail and uses automatic e-mail features in software to replicate itself across the network. They mail themselves to people known to the infected host, enticing the recipients to open or run them.
…
There’s an easy implementation in Windows: A malicious macro could simply watch for PGP’s “open file” dialog, see what file Alice is about to sign, and copy its own file to that filename, then restore the old file afterward. Word’s macro language can do this, so it could easily be a payload for a Word macro virus. And that’s just one example. The Trojan horse could sign both documents and transmit the embarrassing signature at some opportune time. Or it could just steal Alice’s private key. Nothing here is difficult; the programming is easy. In any case, if we are successful we could have possession of a damaging document, signed by Alice.
The Art of UNIX Programming by Eric S. Raymond
A Pattern Language, Albert Einstein, Apple Newton, barriers to entry, bioinformatics, Boeing 747, Clayton Christensen, combinatorial explosion, commoditize, Compatible Time-Sharing System, correlation coefficient, David Brooks, Debian, Dennis Ritchie, domain-specific language, don't repeat yourself, Donald Knuth, end-to-end encryption, Everything should be made as simple as possible, facts on the ground, finite state, Free Software Foundation, general-purpose programming language, George Santayana, history of Unix, Innovator's Dilemma, job automation, Ken Thompson, Larry Wall, level 1 cache, machine readable, macro virus, Multics, MVC pattern, Neal Stephenson, no silver bullet, OSI model, pattern recognition, Paul Graham, peer-to-peer, premature optimization, pre–internet, publish or perish, revision control, RFC: Request For Comment, Richard Stallman, Robert Metcalfe, Steven Levy, the Cathedral and the Bazaar, transaction costs, Turing complete, Valgrind, wage slave, web application
The strength of an operating system's internal boundaries is not merely an abstract issue of design: It has important practical consequences for the security of the system. To design the perfect anti-Unix, discard or bypass memory management so that a runaway process can crash, subvert, or corrupt any running program. Have weak or nonexistent privilege groups, so users can readily alter each others' files and the system's critical data (e.g., a macro virus, having seized control of your word processor, can format your hard drive). And trust large volumes of code, like the entire shell and GUI, so that any bug or successful attack on that code becomes a threat to the entire system. File Attributes and Record Structures Unix files have neither record structure nor attributes.
…
Microsoft Word macro viruses show how this sort of thing can become actively dangerous, a security hole that costs billions of dollars in downtime and lost productivity annually. It is instructive to note that despite the existence of at least twenty million Unix users worldwide[95] there has never been any Unix equivalent of Windows's frequent macro-virus outbreaks. There are a number of reasons for this, including the fundamentally better security design of Unix; but at least one is the fact that Unix mail agents do not default to executing live content in any document that the user views.[96] If there is any way that your application's users might end up running programs from untrusted sources, risky features of your application minilanguage might end up having to be suppressed.
Protocol: how control exists after decentralization by Alexander R. Galloway
Ada Lovelace, airport security, Alvin Toffler, Berlin Wall, bioinformatics, Bretton Woods, Charles Babbage, computer age, Computer Lib, Craig Reynolds: boids flock, Dennis Ritchie, digital nomad, discovery of DNA, disinformation, Donald Davies, double helix, Douglas Engelbart, Douglas Engelbart, easy for humans, difficult for computers, Fall of the Berlin Wall, Free Software Foundation, Grace Hopper, Hacker Ethic, Hans Moravec, informal economy, John Conway, John Markoff, John Perry Barlow, Ken Thompson, Kevin Kelly, Kickstarter, late capitalism, Lewis Mumford, linear programming, macro virus, Marshall McLuhan, means of production, Menlo Park, moral panic, mutually assured destruction, Norbert Wiener, old-boy network, OSI model, packet switching, Panopticon Jeremy Bentham, phenotype, post-industrial society, profit motive, QWERTY keyboard, RAND corporation, Ray Kurzweil, Reflections on Trusting Trust, RFC: Request For Comment, Richard Stallman, semantic web, SETI@home, stem cell, Steve Crocker, Steven Levy, Stewart Brand, Ted Nelson, telerobotics, The future is already here, the market place, theory of mind, urban planning, Vannevar Bush, Whole Earth Review, working poor, Yochai Benkler
Tactical Media 183 Morris should go to prison, and, as the magazine testified, “most of those who said ‘Yes’ to the prison question added something like, ‘only a minimum security prison—you know, like the Watergate people vacationed at.’”29 Thus while not unnoticed, Morris’s worm was characterized as a mistake, not an overt criminal act. Likewise his punishment was relatively lenient for someone convicted of such a massive infraction. Ten years later, in 1999, after what was characterized as the largest Internet manhunt ever, a New Jersey resident named David Smith was prosecuted for creating Melissa, a macro virus that spreads using the Microsoft Outlook and Word programs. It reportedly infected over 100,000 computers worldwide and caused $80 million in damage (as assessed by the number of hours computer administrators took to clean up the virus). While Melissa was generally admitted to have been more of a nuisance than a real threat, Smith was treated as a hard criminal rather than a blundering geek.