Thursday, January 14, 2010

The Mother of All Trojans

Well, now we know that the Communists do not understand that entering someone's computer is the same as entering someone's house.  Or maybe I am giving them too much credit.  Do they also enter people's homes if no one is watching?

Using zero-day attacks or upatched vulnerabilities is a contorted process that requires lots of hardwork trying to predict and then handle all possible outcomes.  Such attacks are not always successful even if the target computer is vulnerable.

If they could spent their talent and energies on such hacks, just imagine what they could have put into all those Huawei routers!

According to Wikipedia, Huawei is founded and still led by an ex-PLA man, a card-carrying member of the Communist Party of China and a congressman!

Could they be that far-sighted?  The router is the mother of all Trojans.  It's the interface point between your internal network and the Internet.  All other network equipment are similarly vulnerable as they just have to communicate.  Just imagine all the sleeping robots out there waiting to be awaken and report back to Commie HQ.  The possibilities for total destruction are mind-boggling.  All that is needed is a little backdoor code to boot-strap the software of the day!

All you corporations and government departments out there in America, Europe, and even China: if you had purchased Huawei because the quotation was 50% cheaper than the Cisco one, you had better quickly unplug them.

My thinking is not original.  See the following too:

UK Sunday Times Huawei's Dubios Reputation Is Huawei behind Ghostnet?

Welcome to the new Cold War - added May 10, 2011 Perhaps the hacker community can do some community service and study the Huawei firmware for Trojans.

Sunday, January 3, 2010

Download Fails for Windows Update

I don't know how well-known it is that the Windows Update client, even when run from IE, does not run using your logged-in credentials.  This is according to KB 900935.

So, if your computer requires a proxy server to connect to the Internet and you have configured the proxy server through your IE settings, the Windows Update client will still try to connect directly.  This is because the IE settings are specific for each user.

I have a newly installed Windows Server 2003 that is on a LAN that requires a proxy.  The first update went through ok.  But subsequent updates keep failing to download. By running proxycfg -u to copy my IE proxy settings for everyone, Windows Update breezed through.

The puzzling thing is that I have two other Windows Server 2003 sitting next to this one on the same network.  They were installed 1.5 years ago, with the proxy server configured in IE.  I checked and proxycfg on these two says "Direct access".  But Windows Updates for those two servers work fine!!