Operators, news and more

It’s not interesting to read about Trojans and other virus rubbish until you get stuck yourself. And when I’m in trouble, it suddenly becomes interesting to read, but it’s too late to read, such is the dialectic. The new TrickBot is simply beautiful! Beeline: if you are not disabled yet, then life is striped, like the Beeline logo, anything can happen.

TrickBot: new functionality of a Trojan that breaks computer software at the hardware level

TrickBot is already a well-deserved malware, but the latest news about its updates and modifications can easily scare anyone. A good example of how a Trojan can be extremely destructive, killing the system even at the hardware and not at the software level. We are not ready for this yet, and I am afraid that computer specialists are not really ready either. You can read a detailed and professional analysis on Eclypsium here (English), a short summary on the Anti Malware website – here.

The bottom line is that the “improved” version of the malware registers itself in the system in the motherboard microcircuit, and the Trojan is loaded from the MBR main boot sector and starts before any protection means, including before anti-virus programs. As far as I understand, even a low-level formatting of the hard drive will not help and changing the drive to a new one is also useless. The price of the issue rises sharply due to the need to change the entire motherboard or reflash it; in fact, the cost of such repair / restoration of the system is already approaching the price of a new computer. A quote with a description of the main “charms” of this cute product:

“Since the bootkit functionality allows malicious code to start from the Master Boot Record (MBR) or the boot sector, enabling Secure Boot OS will have no effect. Standard protection tools – such as BitLocker, ELAM (Early-Launch Anti-Malware), Windows 10 VSM (Virtual Secure Mode), Credential Guard, EDR (Endpoint Detection and Response), antiviruses – will not help either, since they start later than the MBR malware. The updated TrickBot will even be able to disable them seamlessly. Using a bootkit allows a bot not only to bypass the protection and firmly establish itself in the system, but also to perform the following actions:

  • re-infect a machine cleaned using standard system recovery tools;
  • Rollback important microcode updates like Specter patches, MDS patches, etc.
  • remotely turn the device into a useless brick at the firmware level;
  • attack vulnerabilities in the firmware of important Intel components – CSME (Converged Security and Management Engine), AMT (Active Management Technology), BMC (Baseboard Management Controller) ”.

Someday they will learn how to deal effectively with this scourge, if they have not yet learned. But personally, I still have a poor idea of ​​the mechanism of struggle at the everyday level. If this TrickBot starts almost first and even before the operating system is loaded. Formatting hard drives and reflashing the motherboard isn’t cheap, but what else can you do here? And yes, you still need to understand what exactly is happening with the computer.

I also remembered how sometimes people panicked and even just threw away the computer when faced with ransomware, and the specialists laughed. I am afraid that soon it may not be a laughing matter for specialists. In general, health to you and your computers, wash your hands more often, wear masks and do not click anything. Covid is not a runny nose, and TrickBot is not a relatively harmless worm that “only” will lease your computer for another DDOS attack.

Beeline, feel like an invalid?

All jokes, but after reading the press release, I still felt a little disabled. If not physical, then mental. Remembering my periodic torment with the search for the desired description on the Beeline website … Brrr! On the other hand, maybe such a style / methodology of presenting material on tariffs just meets the needs of this poorly protected part of our society?

Operators, news and more

“The site beeline.ru received a Certificate of Compliance with the requirements of the Code of Rules“ Accessibility of Websites and Applications for People with Disabilities, ”indicating a high level of accessibility of its functionality for use by clients with disabilities. As part of the certification, the following parameters were assessed: the layout and structure of the site, the correct designation of links and clickable elements, the accessibility of forms and fields, the responsiveness of the interface when controlled from the keyboard and when using manipulators, timeouts and other important elements that affect its accessibility.

In the process of preparing for the voluntary certification, the following website page updates were implemented:

  • The ability to disable tabulation by site elements on all pages for people who have limited keyboard functionality or do not have a mouse;
  • Added lower-level headers (h3-h6) to make it easier for screen readers to navigate the site;
  • The arial-lebel HTML attribute has been added to interactive blocks. Developers often implement various interactive elements (buttons, links, etc.) that are not available for recognition by special audio programs. This attribute helps to use a screen reader to speak all the interactive elements of the site;
  • Added Alt attribute to all graphic elements. The Alt attribute contains a textual description of the image. Screen readers reproduce this description to users. This way, customers know which image is shown and how it is displayed on the page if it cannot be loaded for some reason;
  • The main navigation elements of the site are presented in the form of lists ”.

Only after reading such a description, you begin to understand what painstaking work is behind the observance of the entire set of rules “Accessibility of websites and applications for people with disabilities.” The eye stumbled a bit on the weird “arial-lebel” HTML attribute, what is that? Air rebel (kamikaze pilot), if it’s a mistake in the word rebel? Okay it does not matter. In fact, this is a good, important matter, and specialists know better how to organize everything correctly and “according to science”. If you don’t like it, then you are most likely just not the target audience or do not understand your happiness. But even if you are not disabled, I would still love to read your comments. And I will try to publish the most interesting, in my opinion.

Disclaimer

By the way, once again a warning: I have a reverent attitude to names and other personal data, I only allow such data to be published strictly after the explicit consent of the author, everything is boring and simple, there are no exceptions, and you have nothing to worry about. But the “impersonal” author’s text itself is another matter. Usually I try to ask the author again, but I don’t always get an answer, and sometimes I’m running out of time. Therefore, it is better for you all the same to stipulate right away in the letter whether you agree to the publication of quotes from “your beloved one”, it will be easier for everyone. And in general, this is a good rule when dealing with any media representatives. And, of course, if the author of the letter quotes another open source on the network, then I am not at all forbidden from using the same source. With all the befitting references to the source, of course. Usually I try not to forget to thank the person who sent me the link, but this is no longer an obligation, but just my politeness. I mean that the one who sent me the link does not automatically become the owner of the material that is posted on this link. You would be surprised how many people sincerely consider themselves to be the owners of the material found on the Internet on the basis of the principle “what you find is mine!”. Another thing is that successful works are quickly spreading over the network, but few indicate the sources, and it is not easy to find the real author. In such situations, a sign of good form is at least to indicate the source from where you personally “borrowed” this content. After all, the Internet is not a mushroom lawn; every mushroom has its legal “grower”.

My favorite example is a picture of a clockwork pig that I once stolen from some website. Used in the preview picture, this is the one that is the size of a postage stamp. However, the copyright holders of the pig saw their little animal, fixed the plagiarism and made a huge scandal. I don’t remember what they demanded from Eldar, it seems, to write and place a refutation (I wonder what refutation?) And an advertising article about the company for free. Therefore, I understand well the editors who prefer to buy stock photos, because it is calmer and as a result comes out cheaper.

“Beeline” with its connection sneaked into Stockholm?

Look, “but the men didn’t know!” I read the comments, really had fun. Advertising as advertising, who is looking at it especially? Moreover, to the background, which goes in the background. But our people are meticulous, and the meticulous reader is a terrible force. They dug up, compared – yes, in the photo there is a metro train in Stockholm in the background. Oops, it happens that advertisers are a bit bursting with the publication of a photo clearly from the stock.

Operators, news and more

I liked how the ladies grabbed the author of the post with a stranglehold, demanding to immediately decipher the statement about the cameras, which, they say, “stop working underground”. And yes, the angry ladies wrote that everything works great for them, and they were thirsty for blood. The author of the joke was still lucky that the specific model of the device was not indicated, otherwise they would have filed a complaint against it both to the Federal Antimonopoly Service, and to Rospotrebnadzor, and I don’t know where yet, human fantasy is unlimited. And a phenomenon that I regularly encounter: people with a lack of sense of humor write a lot and with obvious pleasure, they write everywhere, and to various authorities too.

Returning to the train on the advertisement. What religion did not allow the Moscow metro train to be photographed for advertising? Yes, there may be plenty of reasons! Do you think the press is different? So, when I worked in one very respectable paper edition, I didn’t bother with illustrations to my imperishable opuses at all. There is a standard procedure, there is an issuing editor, and his job is to choose the right one from the paid editorial access to the stock. In that edition, on the contrary, it was difficult to persuade the editor to put his own photo as an illustration. Faced with a sincere misunderstanding: why ?! No money was added to the author’s fee for the photo posted in the article. And the editor has an extra headache: you never know who the real author of the photo is, and will there be any claims to the publication later? And in general, is there any hidden advertising there, in the photo? It’s easier to take a known clean and verified photo from the stock for a little money. I’m not even talking about unnecessary waste of expensive time and, even if small, but still money for visiting the metro.

As for the “primary source” of the picture on the advertisement, we are talking about the possibility of free and unlimited use of the Beeline connection in the metro from November 12, 2020 to January 12, 2021, you can read here. I wrote about this in the review here, but it’s harmless to remind about a good stock. It is a pity that again only for prepaid tariffs, but you do not need to connect anything and the news assures that the action is valid for all prepaid tariffs.

Related Links

Share




we are in social networks:

Anything to add ?! Write … eldar@mobile-review.com

 

Related Posts

Leave a Reply

Your email address will not be published.