Saturday, September 23, 2017

[22.09.2017] В Совете Безопасности ООН почтили память офицера Петрова, предотвратившего ядерную войну

Госсекретарь США Рекс Тиллерсон в ходе заседания Совета Безопасности ООН, посвященного нераспространению ядерного оружия, почтил память советского офицера Станислава Петрова, который в 1983 году во время дежурства на командном пункте "Серпухов-15" предотвратил ядерную войну...

"На этой неделе мир узнал, что из жизни ушел малоизвестный, но очень важный в истории холодной войны человек. Его звали Станислав Петров, и его иногда называют "человеком, который спас мир", - сказал Тиллерсон. Компьютер на военном пункте, где дежурил Петров, подал сигнал, что запущена ядерная ракета со стороны США, он должен был позвонить командованию и сообщить об этом, но Петров предположил, что система допустила ошибку, и он, к счастью, оказался прав насчет ложной тревоги, продолжил госсекретарь.

"Вместо того чтобы уведомить командиров о подготовке немедленной ядерной контратаки, он позвонил в штаб армии и сообщил о неисправности системы", - отметил Тиллерсон. "Этот эпизод показывает, насколько высок фактор риска в отношении ядерного оружия, особенно в тех случаях, когда решения о его применении доверяются зачастую ненадежным технологиям или ошибочным человеческим суждениям", - заключил глава Госдепа.

Ниже есть продолжение.

в возрасте 77-ми лет скончался один из главных героев холодной войны, человек, предотвративший мировую ядерную катастрофу, подполковник Советской армии Станислав Петров...[Он] скончался 19 мая 2017 года в Подмосковье. СМИ сообщили о его смерти только в сентябре...

Станислав Петров по праву считается одним из главных героев холодной войны. В 1983 году подполковник был оперативным дежурным командного пункта "Серпухов-15", именно тогда на его плечи легло решение, определившее будущее мира. 26 сентября на компьютер поступила информация о якобы запущенных баллистических ракетах со стороны США, офицер был обязан сообщить руководству и получить приказ об ответном атомном ударе. Но он не стал торопить события.

Сомнения Петрова были вызваны тем, что датчики определили запуск ракет из одного и того же места. Однако, согласно инструкции, американцы начали бы атаку с нескольких баз. В результате офицер принял решение и заявил о сбое в системе.

И действительно, после разбирательств удалось установить, что баллистические ракеты оказались не более чем светом солнечных лучей, ошибочно принятых советской техникой за ядерное оружие.

После инцидента Станислав Петров не получил обещанного ордена, вместо этого его ждали лишь выговор от начальства и жизнь на более чем скромную пенсию в подмосковном Фрязино.

Инцидент в Серпухове-15 был государственной тайной до 1993 года, о том дежурстве ничего не знала даже жена Петрова. Сейчас это событие считается одним из главных и символических эпизодов холодной войны наряду с визитом в СССР американской школьницы Саманты Смит в 1983 году или первыми переговорами генсека КПСС Михаила Горбачева и президента США Рональда Рейгана в 1985–1986 годах.

...В 2006 году в штаб-квартире ООН в Нью-Йорке Петров получил награду общественной организации "Ассоциация граждан мира" с гравировкой "Человеку, который предотвратил ядерную войну". В 2012 году в германском Баден-Бадене Петров был удостоен премии немецких СМИ... В 2013 году в ФРГ ему была вручена "Дрезденская премия за предотвращение конфликтов и насилия"...
http://txt.newsru.com/world/22sep2017/petrov.html
http://9tv.co.il/news/2017/09/19/248194.html

WildTrig85: The true role of the circular functions (English)



See also:
WildTrig86: Understanding uniform motion: are radians really necessary? (cont., second part)

The CCleaner Malware Fiasco Targeted at Least 18 Specific Tech Firms (English)

See also:
Warning: CCleaner Hacked to Distribute Malware; Over 2.3 Million Users Infected

Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 18 tech firms.

Ниже есть продолжение.

Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. It wound up installed on more than 700,000 computers. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected.

On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 18 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they'd compromised within the company's network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.

"When we found this initially, we knew it had infected a lot of companies," says Williams. "Now we know this was being used as a dragnet to target these [companies] worldwide...to get footholds in companies that have valuable things to steal, including Cisco unfortunately."
A Wide Net

Cisco says it obtained a digital copy of the hackers' command-and-control server from an unnamed source involved in the CCleaner investigation. The server contained a database of every backdoored computer that had "phoned home" to the hackers' machine between September 12 and 16. That included over 700,000 PCs, just as Avast has said in the days since it first revealed its CCleaner debacle. (Initially the company put the number much higher, at 2.27 million.) But the database also showed a list of specific domains onto which the hackers sought to install their secondary malware payload, as well as which ones received that second infection.

The secondary payload targeted 18 companies in all, but Williams notes that some companies had more than one computer compromised, and some had none. He declined to say which of the targets had in fact been breached, but Cisco says it's alerted all the affected companies to the attack.

Williams also notes the target list Cisco found likely isn't comprehensive; it appears to have been "trimmed," he says. It may have included evidence of other targets, successfully breached or not, that the hackers had sought to infect with their secondary payload earlier in the month-long period when the corrupted version of CCleaner was being distributed. "It’s very likely they modified this through the monthlong campaign, and it’s almost certain that they changed the list around as they progressed and probably targeted even more companies," says Williams.

In an update post Thursday morning, Avast backed Cisco's findings, and confirmed that eight of the 18 known target companies had been breached by the hackers. But it also wrote that the total number of victim firms "was likely at least in the order of hundreds."

That target list presents a new wrinkle in the unfolding analysis of the CCleaner attack, one that shifts it from what might have otherwise been a run-of-the-mill mass cybercrime scheme to a potentially state-sponsored spying operation that cast a wide net, and then filtered it for specific tech-industry victims. Cisco and security firm Kaspersky have both pointed out that the malware element in the tainted version of CCleaner shares some code with a sophisticated hacking group known as Group 72, or Axiom, which security firm Novetta named a Chinese government operation in 2015.

Cisco concedes that code reuse alone doesn't represent a definitive link between the CCleaner attack and Axiom, not to mention China. But it also notes that one configuration file on the attackers' server was set for China's time zone—while still acknowledging that's not enough for attribution.
Supply Chain Woes

For any company that may have had computers running the corrupted version of CCleaner on their network, Cisco warns that its findings mean merely deleting that application is no guarantee the CCleaner backdoor wasn't used to plant a secondary piece of malware on their network, one with its own, still-active command and control server. Instead, the researchers recommend that anyone affected fully restore their machines from backup versions prior to the installation of Avast's tainted security program. "If you didn’t restore your system from backup, you’re at high risk of not having cleaned this up," Williams says.

The exact dimensions of the CCleaner attack will likely continue to be redrawn, as analysis continues. But it already represents another serious example in the string of software supply-chain attacks that have recently rocked the internet. Two months earlier, hackers hijacked the update mechanism of the Ukrainian accounting software MeDoc to deliver a destructive piece of software known as NotPetya, causing massive damage to companies in Ukraine as well as in Europe and the United States. In that case, as in the CCleaner attack, victims installed seemingly legitimate software from a small but trusted company, only to find that it had been silently corrupted, deeply infecting their IT systems.

In the days following the NotPetya attack, many in the security research community shifted their assessment of the attack from a criminal ransomware outbreak to something more insidious, targeted, and created by nation-state hackers. Now, it seems that the mystery surrounding the CCleaner attack may be moving in that same, disturbing direction.

Updated 9/21/2017 11:15am with a comment from Avast.

Correction 9/21/2017 1:08pm to change the number of total companies targeted to 18. While Cisco had initially reported 20, that number had counted some different domains of companies separately.
https://www.wired.com/story/ccleaner-malware-targeted-tech-firms

Warning: CCleaner Hacked to Distribute Malware; Over 2.3 Million Users Infected (English)

Форматирование не сохранено. Заметка полностью.

See also:
The CCleaner Malware Fiasco Targeted at Least 18 Specific Tech Firms


If you have downloaded or updated CCleaner application on your computer between August 15 and September 12 of this year from its official website, then pay attention—your computer has been compromised.

CCleaner is a popular application with over 2 billion downloads, created by Piriform and recently acquired by Avast, that allows users to clean up their system to optimize and enhance performance.

Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month.

Ниже есть продолжение.

This incident is yet another example of supply chain attack. Earlier this year, update servers of a Ukrainian company called MeDoc were also compromised in the same way to distribute the Petya ransomware, which wreaked havoc worldwide.

Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware.

Detected on 13 September, the malicious version of CCleaner contains a multi-stage malware payload that steals data from infected computers and sends it to attacker's remote command-and-control servers.

Moreover, the unknown hackers signed the malicious installation executable (v5.33) using a valid digital signature issued to Piriform by Symantec and used Domain Generation Algorithm (DGA), so that if attackers' server went down, the DGA could generate new domains to receive and send stolen information.

"All of the collected information was encrypted and encoded by base64 with a custom alphabet," says Paul Yung, V.P. of Products at Piriform. "The encoded information was subsequently submitted to an external IP address 216.126.x.x (this address was hardcoded in the payload, and we have intentionally masked its last two octets here) via a HTTPS POST request."


The malicious software was programmed to collect a large number of user data, including:

Computer name
List of installed software, including Windows updates
List of all running processes
IP and MAC addresses
Additional information like whether the process is running with admin privileges and whether it is a 64-bit system.


How to Remove Malware From Your PC

According to the Talos researchers, around 5 million people download CCleaner (or Crap Cleaner) each week, which indicates that more than 20 Million people could have been infected with the malicious version the app.

"The impact of this attack could be severe given the extremely high number of systems possibly affected. CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week," Talos said.

However, Piriform estimated that up to 3 percent of its users (up to 2.27 million people) were affected by the malicious installation.

Affected users are strongly recommended to update their CCleaner software to version 5.34 or higher, in order to protect their computers from being compromised. The latest version is available for download here.
http://thehackernews.com/2017/09/ccleaner-hacked-malware.html