On Wed, Feb 18, 2015 at 1:17 AM, Christian Weisgerber <na...@mips.inka.de> wrote: > Remember, the official OpenBSD CDs carry signatures, too.
And we need to keep copies of those out-of-band. Printed copy and old CDs where they won't get thrown away --It's a good reason to buy the CDs now instead of later. Periodically save/printout a copy of the cvs mirror page, too. > https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf > > | The attacks that use physical media (CD-ROMs) are particularly > | interesting because they indicate the use of a technique known as > | "interdiction", where the attackers intercept shipped goods and > | replace them with Trojanized versions. > | > | One such incident involved targeting participants at a scientific > | conference in Houston. Upon returning home, some of the participants > | received by mail a copy of the conference proceedings, together > | with a slideshow including various conference materials. The > | [compromised ?] CD-ROM used "autorun.inf" to execute an installer > | that began by attempting to escalate privileges using two known > | EQUATION group exploits. Next, it attempted to run the group's > | DOUBLEFANTASY implant and install it onto the victim's machine. The > | exact method by which these CDs were interdicted is unknown. We do > | not believe the conference organizers did this on purpose. At the > | same time, the super-rare DOUBLEFANTASY malware, together with its > | installer with two zero-day exploits, don't end up on a CD by > | accident. > | > | Another example is a Trojanized Oracle installation CD that contains > | an EQUATIONLASER Trojan dropper alongside the Oracle installer. > > (Page 15.) > > -- > Christian "naddy" Weisgerber na...@mips.inka.de > -- Joel Rees Be careful when you look at conspiracy. Look first in your own heart, and ask yourself if you are not your own worst enemy. Arm yourself with knowledge of yourself, as well.
