P.S. Speaking of hackers: Did you know Intel's AMT Management Engine coprocessor (that thing that stays awake even when your computer is off) has 192k of 3rd party data storage, for uh... handy persistent data to hide from OS?!?
doubleplusbonus] Oh and how handy, AMT/ME storage network accessible even when the computer is off, and bypasses all firewalls and configs.
for me, seems it`s propaganda..
Kaspersky done that better if you ask me:
Right around when folks are down-playing some bit of attack surface, that's when your curiosity level should go up.
Since May, Intel's researchers have had their chance to analyze the JellyFish PoCs (proof-of-concepts), and they claim that GPU malware can be easily detected if scanning tools know what to look for.
"Numerous articles were published reiterating the claims made by the authors. Out of context, it’s easy to twist these points together into a picture of an undetectable superbug, running autonomously and hidden from current defenses, but the truth is not as it first appears," said Intel's Craig Schmugar.
Examining how the JellyFish tools work, and more specifically how communication is carried out between the GPU and the system memory via the DMA (direct memory access) feature on the infected host, researchers claim that because the malware needs "ring 0" (root-level) access on the CPU itself "to map critical OS memory onto the GPU for read/write access [...] adds to the malware’s footprint on the host."
"This dependency is subject to existing kernel protections," says the Intel team, referring to various tools like Secure Boot, ELAM, and PatchGuard which can safeguard users from this type of GPU malware.
Additionally, because of the way the GPU malware will try to conceal itself by deleting CPU host files used in its installation, this leaves orphaned code on the GPU, which in the case of Windows PCs "will initiate a Timeout Detection and Recovery (TDR) process that resets the graphics card."
If hackers try to alter the TDR default GPU reset time (which is 2 seconds) to anything else to cover their tracks, Intel researchers claim that "any modification of these values can be considered a suspicious behavior: one that security products may choose to alert on, or even block."
Users may see "visual evidence of a problem because the GUI will become unresponsive"
Additionally malware on the graphics card also causes "long-running GPU workloads," which "will result in visual evidence of a problem because the GUI will become unresponsive." To prevent this, attackers need to leave some code running outside of the GPU, "which provides something for endpoint protection to identify."
Taking on JellyFish's claim that GPU malware is persistent across PC reboots and will remain running on the victim's PC, Intel researchers claim that "'Persistent' does not describe executing code, but rather data storage."
This means that "malicious usermode code must also persist outside of the GPU," which could be detected, and if deleted, render the GPU-based attacks lifeless.
Using these clues left outside of the GPU's cloud-shrouded realm, security products should be capable of detecting GPU-based attacks without incorporating specialized GPU analysis tools.'
- University of Alberta
Demand answers and real consequences for robocall election fraud
Elections Canada just traced misleading phone calls made during the 2011 federal election to a company that worked for the Conservative Part
KB14320-How to maximize battery life and free memory on the BlackBerry s...
Maximizing Battery Power. Application Management. Multitasking - Close any running BlackBerry® smartphone applications that are not being ac
XBMC is awesome on Nexus 7! - Page 3 - xda-developers
XBMC is awesome on Nexus 7! Nexus 7 Themes and Apps
Play VOB,MKV,MTS,FLV RM,RMVB on Windows RT (Surface 8 RT included) » AMV...
Overview Micrsoft has made an important step to support the playback of MPEG-4 on Windows 8 RT and Windows 8 Pro. Windows RT has excellent s
A free and open world depends on a free and open web. | Google
A free and open world depends on a free and open Internet. Governments alone, working behind closed doors, should not direct its future. The
There's a New Way to Own a Piece of Facebook Before Its IPO
If you're looking to invest in Facebook before its IPO but not privy to the secondary markets where shares of the company have been trad
Vancouver Riot: Psychology (Not Hooligans) Is Responsibile for the Chaos...
As I sat at home watching the Vancouver riots unfold in front of me, I was amazed at how ill-informed the newscasters and on-site reporters