BC INTERNET

Saved by @Alex1Powell

Kyle Hanslovan
@KyleHanslovan 4 years, 4 months ago 1123 views

Save to PDF Share See On Twitter

Only 1 / 67 antivirus engines list SUNBURST backdoor as malicious - SolarWinds.Orion.Core.BusinessLayer.dll https://t.co/taaiUtSJzR #SUNBURST #UNC2452

SolarWinds' digital certificate hasn't been revoked yet.

The full compromised package is still being hosted online as well 😓 hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2019.4/2019.4.5220.20574/SolarWinds-Core-v2019.4.5220-Hotfix5.msp

Job class within the backdoored #Sunburst DLL is pretty straight forward and aligns with @FireEye's analysis. CollectSystemDescription:

DeleteFile

DeleteRegistryValue

FileExists

#UNC2452 prefers MD5 for their file hashing routine

#UNC2452's DirList is savvy enough to always expand environment variables. Doesn't appear to have any recursion or depth arguments for DirWalk'ing.

Use of token manipulation was underwhelming. Sets process privilege to SeTakeOwnershipPrivilege, SeRestorePrivilege, and SeShutdownPrivilege.

Domain1 = https://t.co/BGPAyeprMm
(just like the report said). Thus far all analysis has held up (no real surprise there).

One of the anomalous #SUNBURST DLLs from October 2019 that Microsoft highlighted can be found in the SolarWinds Coreinstall.msi for 2019.4.5220.20161 - hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2019.4/2019.4.5220.20161/CoreInstaller.msi

Malicious #SUNBURST DLL CE77D116A074DAB7A22A0FD4F2C1AB475F16EEC42E1DED3C0B0AA8211FE858D6 from May 2020 can be found in CoreInstaller.msi for 2020.2.5320.27438 -hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2020.2/2020.2.5320.27438/CoreInstaller.msi

Malicious #SUNBUST DLL 019085A76BA7126FFF22770D71BD901C325FC68AC55AA743327984E89F4B0134 from April 2020 can be found in CoreInstaller.msi for 2020.2.5220.27327 - hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2020.2/2020.2.5220.27327/CoreInstaller.msi

More from Internet

Disclosure Backpack
@DisclosureBP

Affidavit by former head of IT for large Italian defense contractor admitting he uploaded instructions through military satellite to Frankfurt to flip votes from Trump to Biden on election night under direction of US persons. Willing to testify.#ItalyDidIt

Kristine Schachinger
@schachin

@curaffairs The author doesn't know enough about search to have written that article and the reason he's having those problems is AI algos like Rank Brain and Google's attempts to use natural language processing nothing to do with SEOs.

1/x

YMYL is not evaluated at the site level, but the query level.

Again this is on Google, not SEOs because they want to surface better sites.

And those devaluations are part of Core Updates which SEOs like me recover sites from.

2/

Featured Snippets are not optimized for - you can use certain HTML to be pulled in one but there is no definite use case where Featured Snippets are shown or that your site's will show for it. Also doesn't always come from the #1 result.

& that's Google not the SEO.

3/

Also there are many times when an SEO doesn't want their site in the Featured Snippet cuz it doesn't result in a click to the website. But we have no control over what Google pulls as Feature Snippets except to put in a meta tag to exclude us from them

4/

And Neil Patel is not an SEO. Most senior level SEOs see him as nothing more than a scammer because reportedly he's ripped them off by stealing their content and articles and passing them off as his.

5/

Advertisement

Dannielle (Dossy) Blum...
@DrDannielle

SolarWinds follow up. Very good tweet explaining what happened.

Hackers reportedly slipped malware into prior SolarWinds software updates, which gave them access to a "God-mode" for infected networks, including the Treasury and Commerce departments.

The Pentagon is also a SolarWinds customer.https://t.co/Srcoztssol https://t.co/OgMhAjJqPx
— Wes Wilson (@weswilson4) December 14, 2020

Basically what this means is that SolarWinds itself was exploited. Someone posted an infected update as legitimate (digitally signed), leading customers to download a bad update.

“Multiple trojanized updates were digitally signed from March - May 2020 and posted to the SolarWinds updates website” https://t.co/8e3bMFWXYu

FireEye then explains that infected organizations were approached and exploited. This is a separate Step 2.

At this point, information is already going to “malicious domains” without extra intervention, after the malware does nothing for “up to two weeks”

Joy of the People
@JOYofthePEOPLE

Play is our future

Skill is measurable w/ two resources 1) time, 2) energy

Players whose actions make better use of these resources can be defined as optimal. This is not subjective

Time (faster)/overload/conscious/stress
Energy(easier)/underload/unconscious/low anxiety

Orgel's First Rule:

"Whenever a spontaneous process is too slow or too inefficient a protein will evolve to speed it up or make it more efficient."

Faster (speed/strength)-Deliberate Practice
Easier--Play

Overload (D.Practice) builds faster=hypertrophy and results in measurable selection resulting in problems such as Relative Age Effect, and players with very fast cars saddled with inexperienced drivers

It's more likely to be wrapped around a tree than finish the race.

as Orgel says, if we allow it, play will produce faster and easier

Kids in play build the driving sills first, in Go Karts, like Ayrton Senna

Big brains, slow cars, easier

But where speed is limited by physics,

Ideas are plentiful and under resourced in US youth sport

Almost every coach will agree w/ the following

Competition is important
Training is more important than games
Play is more important than both

But,

the big thing is to keep the big thing the big thing

foone
@Foone

I was hacking a game and accidentally invented a word for when you think someone is trans and you're proud of them for coming out but then you find out they aren't

someone is excited to watch bill nye in science class

This happens because one of the ways I figure out which memory location needs to be modified is by memory-searching for all occurrences and changing the first letter of them

so like if I know the next line of dialog is "Die"
I change it to "Aie" "Bie" "Cie" "Eie" "Fie"

then I see which one shows up in the game

You May Also Like

George Mack
@george__mack

THREAD: 15 of the most useful razors and rules I've found.

Rules of thumb that simplify decisions.

Bezos' Razors:

• If unsure what action to take, let your 80-year-old self make it.

• If unsure who to work with, pick the person that has the best chances of breaking you out of a 3rd world prison.

Skinner's Law:

• If procrastinating on an item, you only have 2 options:

1. Make the pain of not doing it greater than the pain of doing it.

2. Make the pleasure of doing it greater than the pleasure of not doing it.

Luck Razor:

• If stuck with 2 equal options, pick the one that feels like it will produce the most luck later down the line.

I used this razor to go for drinks with a stranger rather than watch Netflix.

In hindsight, it was the highest ROI decision I've ever made.

Bragging Razor:

• If someone brags about their success or happiness, assume it’s half what they claim.

• If someone downplays their success or happiness, assume it’s double what they claim.

The map is not the terrain.

Chris Herd
@chris_herd

The 2020s will be known as the Remote Work decade

A few predictions of what is likely to emerge

[ a thread ] 💻🏠🌍

🏦Third Space: Office and Working from Home will be joined by somewhere close by that a number of people will use

Supermarkets or local bank branches should emerge as a convenient ubiquitous location option – if they are smart

⏰Asynchronous Work: Offices are instantaneous gratification distraction factories where synchronous work makes it impossible to get stuff done

Tools that enable asynchronous work are the most important thing globally remote teams need. A lot of startups will try to tackle this

⚽️Hobbie Renaissance: Remote working will lead to a rise in people participating in hobbies and activities which link them to people in their local community

This will lead to deeper, more meaningful relationships which overcome societal issues of loneliness and issolation

🚜Rural Living: World-class people will move to smaller cities, have a lower cost of living & higher quality of life

These regions must innovate quickly to attract that wealth. Better schools, faster internet connections are a must

Advertisement

Noah Smith
@Noahpinion

1/OK, I should really write another thread about university-centric regional development, because I think people often make some (very understandable) mistakes when thinking about this issue.

2/The biggest myth, I think, is that universities help regions by educating locals as undergraduates.

Skeptics of universities say: "But most of the people who graduate end up leaving."

3/In fact, most of what a university does for a regional economy is NOT about educating local kids.

Educating local kids is good for the nation, but doesn't help a region much.

The way a university helps a region is through

4/Undergraduates usually leave town after graduation.

But university RESEARCH pulls in OTHER smart people from other regions, and they stay there.

Here's a paper showing that this is the main way universities increase a region's human capital:

5/Research also pulls in business investment.

Companies want to partner with university labs, so they can commercialize the technologies the labs produce. So they invest in the labs, and sometimes they even put their offices in the town.

$Vibhu Vashisth \U0001f1ee\U0001f1f3$

Vibhu Vashisth 🇮🇳...
@VIBHU_Tweet

VEDIC COSMOLOGY, also known as Hindu Cosmology, and cosmography are both interesting and inspiring. Today’s “modern” Vedic texts originated around 3,000 B.C.E. This is the oldest scientific and the oldest religious doctrine known to the human race.

Our current astronomy of the solar system and universe has its roots in Vedic knowledge. It only shows that man had advanced knowledge of astronomy way before our current civilization came into existence.
We are here to talk about the Vedic version of the planetary system,

starting at the top from the eternal planets to the temporary planetary system within innumerable universes in the material world.

Talking about “cosmic manifestation,” we need to incorporate both spiritual and material existence.

The spiritual realm of the planets is everlasting, and this will forever be beyond what the material universe can encapsulate. The spiritual realm belongs to the “super dimensional” or “anti-material” dimension. It means that it is beyond what we can perceive,

beyond time as a linear dimension, and the space of our vision and perception.

There are innumerable planets, all indestructible and forever lasting. That is what the Vedas say about the spiritual planets. Our concentration here is more towards the material side of things.

Jaya_Upadhyaya
@Jayalko1

SRI BANKEY BIHARI JI, VRINDAVAN (UP)

Very famous Krishna Mandir where Bankey Bihari Ji is worshipped and looked after as a child.
Bankey means “Bent at three places”.
Thakur Ji was worshipped in Nidhivan till 1863. This mandir was constructed in 1864 by Goswamis.
@LostTemple7

Legend says that Swami Haridas used to worship Krishna in Nidhivan.
Once, his curious disciples entered the forest but they were almost blinded by bright, intense light. Upon knowing this, Swamiji himself went there and after his requests, Krishna appeared with his consort.

Krishna, then, left back this black charming murti,which we see now, before disappearing.
A curtain is drawn before the murti after every 15-30 second. It is said that if one stares long enough into the eyes of Shri Banke Bihari, the person would lose his self consciousness.

Bankey Bihari Ji sports a flute only once a year on the eve of Sharad Purnima.
Darshan of His lotus feet can be done only on Akshay Tritiya every year.
There are no loud bells here and
no early morning Darshan can be done so that child Krishna’s sleep is not disturbed.