[tech] It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out … a deep technical dive into the difficulties around proving if a computer has tampered been with. ‘There is a sneaky class of attack, called “evil maid” attacks, that disk encryption alone cannot protect against. Evil maid attacks work like this: An attacker (such as a malicious hotel housekeeper, for example) gains temporary access to your encrypted laptop. Although they can’t decrypt your data, they can spend a few minutes tampering with your laptop and then leave it exactly where they found it. When you come back and type in your credentials, now you have been hacked. Exactly how an evil maid attack would work against your laptop depends on many factors: the type of computer you use, what operating system you use, which disk encryption software you use, and the configuration of firmware used to boot your computer, firmware which I’ll call “BIOS,” although it can also go by acronyms like EFI and UEFI. Some computers have considerably better technology to prevent evil maid attacks than others – for example, attackers have to do more advanced tampering to hack a Windows laptop encrypted with BitLocker than they do to hack a Mac laptop encrypted with FileVault (as of now, anyway) or a Linux laptop encrypted with LUKS.’

[web] The Perks Are Great. Just Don’t Ask Us What We Do … What working for an adware company is like … ‘Tyler was not pleased when a colleague finally explained the business model to him. “Wait, really? That’s what we do?” he remembers thinking. “We’re that skeezy toolbar company that your grandmother installs that she can’t get out and she’s got seven of ’em and her computer doesn’t work anymore?” Oops.’

[tech] How “omnipotent” hackers tied to NSA hid for 14 years-and were found at last … a fascinating look at the NSA’s collection of malware … ‘Beyond the technical similarities to the Stuxnet and Flame developers, Equation Group boasted the type of extraordinary engineering skill people have come to expect from a spy organization sponsored by the world’s wealthiest nation. One of the Equation Group’s malware platforms, for instance, rewrote the hard-drive firmware of infected computers-a never-before-seen engineering marvel that worked on 12 drive categories from manufacturers including Western Digital, Maxtor, Samsung, IBM, Micron, Toshiba, and Seagate. The malicious firmware created a secret storage vault that survived military-grade disk wiping and reformatting, making sensitive data stolen from victims available even after reformatting the drive and reinstalling the operating system. The firmware also provided programming interfaces that other code in Equation Group’s sprawling malware library could access. Once a hard drive was compromised, the infection was impossible to detect or remove.’

[tech] 18 Days of Reckless Computing — How to Kill a Dell Computer in under three weeks … ‘I ask friends and relatives to forward me their nastiest-looking spam. In response, I start getting emails from my mom with discomforting subject lines like “Dating for kinky people!”‘

[windows] How secure is your computer? … ‘Windows Service Pack 1, or SP 1, however, was another story. It’s an older version of Windows that was sold in computer stores until a few months ago. SP 1 was attacked 4,857 times. It was infested within 18 minutes by the Blaster and Sasser worms. Within an hour it became a “bot,” or a machine controlled by a remote computer, and began attacking other Windows computers.’

[blogs] Spyware Warrior — useful blog ‘Waging the war against spyware’.

[virus] News from the Lab — a weblog written by the F-Secure Antivirus Research Team … ‘I think we’ve seen more virus writers caught during year 2004 than during last five years combined.’