Hacker Claiming He Can Exploit Windows Update

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Status
Not open for further replies.
[citation][nom]amk-aka-phantom[/nom]Suppose he does (more likely, though, that I'll win a US-only lottery draw, lol) - I'll have a fresh fully functional install within two or three hours... if he manages to cause any harm.[/citation]
Um, some viruses infect the motherboard BIOS, graphics card BIOS and even peripherals like mice and keyboards. Can you imagine having to reformat several times not knowing where they come from each time you boot your computer? You physically yank the Ethernet cable and you're STILL infected.

I've been using Arch Linux as my main OS for almost two years now. Not ONCE did it die after an system-wide update. And this is a rolling release distribution, mind you. Meaning everything is fresh from the bakery! In case something does go wrong I can always chroot from a Live USB stick. I know how, I've done it before. Had to reinstall Windows XP once and that biatch replaced the GRUB2 master boot record. Honestly, it wasn't that difficult to fix it. Someone else might have pooped their pants (probably myself included when I was younger and still used Winamp and Y!M).

Anyway. Antiviruses. Last year or so, the hosts of the "Security Now" podcast talked about McAfee issuing an update which saw "svchost.exe" as a virus, quarantined it, and left some 40.000 business with unbootable PCs. Cool, huh? This was the top-tier "business" class antivirus suite too. The expensive one. http://www.zdnet.com/blog/bott/defective-mcafee-update-causes-worldwide-meltdown-of-xp-pcs/2003
 
PS: I would've done it first (and probably change the wallpaper to Rick Astley + the appropriate boot/shutdown sounds to a few million users or so) instead of bragging about it and giving M$ a chance to fix it.
 


That is SUCH BS. You can't infect mice or keyboards! :lol: And BIOS/VBIOS/boot sector viruses are non-existent nowadays. THAT is what I mean by scary virus tales... Linux users are by far the worst when it comes to that.

EDIT: You're surprised that WinXP wiped GRUB? I've fixed that particular problem many, many times... it's more annoying when NT loader breaks and trolls you with "HAL.DLL is missing" error - at least GRUB is easy to reinstall...

Lay off the topic of updates, I was joking 😀 AFAIK, only Ubuntu does that, thanks to Canonical.

See? You yourself confirmed that antiviruses can be damn stupid. Actually, I had one that kept deleting my Notepad.exe. So I brought Notepad.exe from another machine - wiped again! Okay, so I got curious, quickly installed XP in a VM and pulled Notepad.exe out of there... deleted once it got onto the machine. It wasn't infected, of course, just the antivirus was screwing around again.
 
[citation][nom]amk-aka-phantom[/nom]That is SUCH BS. You can't infect mice or keyboards! And BIOS/VBIOS/boot sector viruses are non-existent nowadays. THAT is what I mean by scary virus tales...[/citation]
You'd be surprised how much information those chips can hold. All it needs is a few lines of code that can (virtually) tap the backspace key once in a while to annoy the shіt out of you or maybe something even more evil, like looking for recurring phrases (which are usually usernames and passwords). Since most passwords are shown as " ****** ", all it has to do it replace one of them (in the final 6 characters so it doesn't show up in the username, because you'll obviously notice it then). 😀 You'll never log into anything again, I PROMISE YOU. It will take a good amount of time to figure it out, and you'll have to replace the keyboard.

Oh, and BIOS manufacturers intentionally leave more free space in case they need to issue an update. So it can hold even more complex code.
 


Dude, that's bat$h!t insane. Stop.
 
I hope he tries something. I'd like to see his "smart, sharp, dangerous, powerful, etc. huh?" ass wiggle out of Deathlord Ballmer's deathgrip.
 
[citation][nom]wiinippongamer[/nom]Some malware is coded such as when you scan, it will not detect it, once it's infected no AV will do anything to save you, only way would be scanning with an external machine with a different OS, so you might indeed have a bunch of malware in your system right now[/citation]

that is called a root kit. it is very likely you will never get one of those. even back in the days of kazaa i never got one, and i did do third party scans.

[citation][nom]amk-aka-phantom[/nom]Well, in this case antivirus wouldn't help anyway, right? And since I'm not annoyed by anything, even if there IS malware on this machine, I couldn't care less, it's blazing fast... faster than ever, in fact.@all of you who accuse me of needing attention: Lol, cool story... except that you forgot that we're in News Comments section and it's for opinions. My opinion gives you butthurt? Goal achieved, then, but don't be such pathetic whiners[/citation]

i have to agree with you. you really have to pick your battles.

i know i get viruses, spyware and the like, but they are so minor that i dont even bother with scanning my computer. 9 times out of 10 for me, if my computer is going slow, or crapping up, its the gpu drivers (currently they are screwing up a program of mine, acdsee) or its my harddrive that is dieing again.

im behind a firewall, with no active scanning of anything, and no anti virus at all. last time i had an anitvirus, it caused blue screens of death and computer would no longer boot. in my experience, antiviuses mess my computer up more than fix it.

its also in my experience, that if you EVER completely kill your computer due to viruses (never proven it happened, these were in 98 machines going on a year and a half with no format, i cant be completely sure the problem) its better to get a second hdd, install windows on that, and leave the second hdd on the computer, viruses cant run unless you execute them, at least in the way that im discribeing.

basicly, dont download everything you see, and you will not realistically have anything to worry about.
 


Thank you. There's still hope in this world.



Fear denies faith.
 
Please, that dude is lame. The second they found out the certificates were hacked, I garuantee they were revoked. Now they are useless, just like this hacker's claims are.
 

It seems a little ironic that you'd mention totally obscure/uncertain/unlikely threats like viruses infecting mice and keyboards and not worry about Arch Linux's blatant lack of package signing. 😛 (An Arch system actually could be compromised relatively easily during a system update if its package mirror was hacked - no certificates or private keys would need to be stolen, and the user wouldn't have to do anything wrong other than update his system. Most major Linux distros do not share this vulnerability, however.)
 
I'd rather have an antivirus(kasperskey at lease) and be able to interact with the world than have no antivirus and be limited and paranoid.
To its his own.

As for the hacker, he is a cracker and not a hacker...
 


That's the point, I'm not limited. You don't need to be paranoid if you know what you're doing. In fact, having an antivirus IS paranoia.
 
[citation][nom]amk-aka-phantom[/nom]That is SUCH BS. You can't infect mice or keyboards! And BIOS/VBIOS/boot sector viruses are non-existent nowadays. THAT is what I mean by scary virus tales... Linux users are by far the worst when it comes to that.EDIT: You're surprised that WinXP wiped GRUB? I've fixed that particular problem many, many times... it's more annoying when NT loader breaks and trolls you with "HAL.DLL is missing" error - at least GRUB is easy to reinstall...Lay off the topic of updates, I was joking AFAIK, only Ubuntu does that, thanks to Canonical.See? You yourself confirmed that antiviruses can be damn stupid. Actually, I had one that kept deleting my Notepad.exe. So I brought Notepad.exe from another machine - wiped again! Okay, so I got curious, quickly installed XP in a VM and pulled Notepad.exe out of there... deleted once it got onto the machine. It wasn't infected, of course, just the antivirus was screwing around again.[/citation]
Um... no. Boot sector viruses are alive and well. We run into them at work all the time. Granted... you apparently have to go looking for them, and be a moron that thinks that every free torrent is a good thing... but people find them.
 


Precisely - you have to go looking for them.
 
Having an antivirus is a choice. A given defensive choice that you can use.

Better than having nothing at all and be afraid to click a larger group of website because they may be infected and thus limits your capability to explore the world (wide web).

As for antivirus slowing a pc... common, a flash based web does that more which almost 60% of internet websites uses. Unless you also dissable flash coz it slows you down and is just a serious security treat.

And windows secure in network. The only secure windows is windows in an network island. I have seen a server(not updated) crash just by plugging it in a network... and you are preaching people not to update and not to put antivirus...

And to think that boot virus is no more is a serious undermining of an overall risk. But then again thats your pc, but stop preaching it to the rest of the world because you are not helping us who have to fix that as a living.
 


Lol, I'm "preaching" to the power users, not to "common users" (aka n00bs). I'm not afraid to click on whatever I want, I'm just conscious of what I'm doing. For example, if I want to download an mp3 and the file has an extesion of ".mp3.exe", I'll realize it's a simple trap and get rid of the file, while your average user will not and the antivirus might not even help. How many users fall for "Your PC is infected! Click HERE for a FREE scan!"? Meanwhile I'll just laugh and ignore the BS (if it ever gets through Adblock, lol). I think my solution is better.

Boot virus or any other virus, they aren't a threat to a user with some logic and understanding of computers.

Notice, I haven't said ANYTHING about antivirus slowing down machines... see, you even know your disadvantages yourself, without me pointing them out!

Any more useless arguments for me to dismiss?
 
My frank impression is that most people with hacked/back-end access to these infrastructures won't make too much noise about their exploits.

Why? Because as soon as you claim something like this, you've got the world on alert and possibly police on your tail. That's a stupid decision if you've actually got the certificates in this case - your aim is to do damage, not become the person marked by Microsoft.
 
Hmmm, when say you address the power user, did you point it out in the first place. As far as I know, there is no discerning classification as to who can read this DB.

As for antivirus not slowing pc, so your point of making your pc faster by not having it is not the same... seriously...?

"Boot virus or any other virus, they aren't a threat to a user with some logic and understanding of computers. " again, do you think all who read this db has that...

As I have pointed out, your PC, your choice, but seriously, don't make others religiously believe it too. Do you notice you are getting hits because of that... maybe its because there is something wrong with your idea???
 
just now looking at a facebook, I saw a suspicious looking post and my antivirus has proven that it is... Most of the time its not but on occasion it is.

So if I applied your logic, I would have to also stop using my facebook and not have a social life because it too is dangerous 🙂

like I said, I will have my antivirus and be able to explore the world and have my social life extended as well. My choice and hopefully a lot will too.
 


I don't think you should ever point out your auditory, people will decide for themselves if they like your ideas or not. That's why I'm getting these silly thumbdowns - some people (you, for instance) don't like my ideas. That's fine; again, this is an OPINION thread.

In bold: I repeat again, I don't CARE whether antivirus slows down my main rig or not, my rig is powerful... it can handle an antivirus :) I never mentioned that idea because that's not what I'm after and thus I don't care. Drop it.

If you seriously believe that thumbdowns are the measure of right/wrong, you need help.



Facebook isn't social life. If you see a suspicious post, don't click. Don't use FB apps - it's a well-known fact they fish your FB data (and NO antivirus will help, because it's all in the blasted "cloud").

Anyway, you're not my target auditory. GTFO and keep using your beloved antivirus until it chews up one of the valid system files like the example in one of the previous posts.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom