World’s best cryptography brains behind Flame spy virus - News and Current Events | futures io social day trading
futures io futures trading

World’s best cryptography brains behind Flame spy virus
Updated: Views / Replies:275 / 0
Created: by kbit Attachments:0

Welcome to futures io.

(If you already have an account, login at the top of the page)

futures io is the largest futures trading community on the planet, with over 90,000 members. At futures io, our goal has always been and always will be to create a friendly, positive, forward-thinking community where members can openly share and discuss everything the world of trading has to offer. The community is one of the friendliest you will find on any subject, with members going out of their way to help others. Some of the primary differences between futures io and other trading sites revolve around the standards of our community. Those standards include a code of conduct for our members, as well as extremely high standards that govern which partners we do business with, and which products or services we recommend to our members.

At futures io, our focus is on quality education. No hype, gimmicks, or secret sauce. The truth is: trading is hard. To succeed, you need to surround yourself with the right support system, educational content, and trading mentors – all of which you can find on futures io, utilizing our social trading environment.

With futures io, you can find honest trading reviews on brokers, trading rooms, indicator packages, trading strategies, and much more. Our trading review process is highly moderated to ensure that only genuine users are allowed, so you don’t need to worry about fake reviews.

We are fundamentally different than most other trading sites:
  • We are here to help. Just let us know what you need.
  • We work extremely hard to keep things positive in our community.
  • We do not tolerate rude behavior, trolling, or vendors advertising in posts.
  • We firmly believe in and encourage sharing. The holy grail is within you, we can help you find it.
  • We expect our members to participate and become a part of the community. Help yourself by helping others.

You'll need to register in order to view the content of the threads and start contributing to our community.  It's free and simple.

-- Big Mike, Site Administrator

Thread Tools Search this Thread

World’s best cryptography brains behind Flame spy virus

  #1 (permalink)
Elite Member
Aurora, Il USA
Futures Experience: Advanced
Platform: TradeStation
Favorite Futures: futures
kbit's Avatar
Posts: 5,884 since Nov 2010
Thanks: 3,303 given, 3,334 received

World’s best cryptography brains behind Flame spy virus

The spy malware Flame used bogus Microsoft certificates to infect new computers, a prominent cybersecurity expert says. The science needed to pull the trick probably required some of the world’s best knowledge of cryptography.

The virus, which spread across the Middle East and particularly Iran, can mask itself as legitimate patches distributed through a Windows Update, reports Marc Stevens from the Centrum Wiskunde & Informatica (CWI) in Amsterdam.

It does so by providing a fake digital certificate, stating that the malware is a code originating from a trusted producer, which appears to have been issued by Microsoft itself.

Obtaining such a fraudulent certificate required a so-called chosen-prefix collision attack. It’s an attack targeting a specific cybersecurity algorithm called Message-Digest algorithm 5, or MD5. MD5 basically takes a piece of data and turns it into a unique digital fingerprint called a hash.

The important feature of a hash is that it cannot be used to reverse-engineer the original data, so, for instance, a database of password hashes cannot be used to establish the passwords, but can be used to match a password to its hash and verify it. Hash functions are vital to online commerce, safe file distribution and other important parts of cyber infrastructure.

A malign party would want to find a way to find pairs of data, which would generate identical hashes, called a collision. A criminal using hash collisions may intercept communication and act as a middle man, eavesdropping on the exchange or modifying it as he pleases.

For MD5, which was developed in the early 1990s, a way to perform such an attack was first theorized in 2004, although it was deemed impractical by the cybersecurity community. In 2008, Stevens and his group managed to improve on the method and construct a rogue Certification Authority, a body with the authority to issue digital certificates.

The demonstrated vulnerability of MD5 prompted national governments and IT leaders to speed up the shift to better and more secure hash functions. In June 2009, Stevens made public how exactly he and his team performed the attack, assuring that this would not compromise the Internet.

But apparently Microsoft failed to disallow D5-based signatures in their Terminal Server Licensing Service (TSLS), and the authors of the Flame virus made use of this, executing a collision attack in February 2010, Stevens speculates in a statement. The result of this attack was a code-signing certificate appearing to be from Microsoft that may be used to sign Windows Updates. Stevens discovered that the attack took place using custom-made software his team created for their cryptography research.

More interestingly, the Flame collision attack is an entirely new and unknown variant, not the one Stevens used. He adds that the method used by Flame’s coders was already in development before June 2009, when he and his colleagues revealed their take on the problem. “This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis,” Stevens says.

The Flame virus was used by unidentified perpetrators for a massive espionage operation in the Middle East, which lasted for at least two years. It was first reported in late May. Some cybersecurity experts judged that the level of sophistication evident in the malware shows nation-state-level backing was needed to create it.

World?s best cryptography brains behind Flame spy virus — RT

Reply With Quote


futures io > > > > World’s best cryptography brains behind Flame spy virus

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Upcoming Webinars and Events (4:30PM ET unless noted)

Wyckoff Hunting for Great Risk/Reward Ratio w/Gary Fullett

Elite only

Digging into the Details of iSystems w/Stage 5 & iSystems

Jun 5

Similar Threads
Thread Thread Starter Forum Replies Last Post
Your Gut Beats Your Brains in Shady Transactions madLyfe Psychology and Money Management 2 June 12th, 2012 03:07 AM
Powerful "Flame" cyber weapon found in Iran kbit News and Current Events 0 May 28th, 2012 04:43 PM
New virus-infected emails ..... kbit News and Current Events 2 February 3rd, 2012 09:03 AM
Avast anti-virus Big Mike Tech Support 2 February 25th, 2011 02:16 AM
anti virus software Riverend Tech Support 6 February 1st, 2010 02:45 PM

All times are GMT -4. The time now is 05:53 PM.

Copyright © 2018 by futures io, s.a., Av Ricardo J. Alfaro, Century Tower, Panama, +507 833-9432,
All information is for educational use only and is not investment advice.
There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
no new posts
Page generated 2018-05-22 in 0.08 seconds with 19 queries on phoenix via your IP