In the wake of the recent revelation of the ‘Heartbleed’ OpenSSL bug, online security personnel have discovered yet another hack that threatens to reveal your computer secrets.
Computer experts are reporting a new ‘backdoor’ hack, discovered in part due to the Snowden leaks. Apparently this zero-day style exploit takes advantage of a weakness in the garbage collection routines of most common computer servers and computing devices. It essentially scoops up key portions of the files that are presumed to be already deleted by the system whenever these garbage collection routines go into action. It then picks through these recycled tidbits for useful chunks of information before sending them off the violated computer to the outside attacker, essentially taking advantage of the systems’ waste-removal mechanism.
The experts who discovered this exploit are calling it:
The assaulting trojan uses a new penetration method called an Externally Negotiated Erased Memory Assault. This ENEMA method is capable of flushing out large quantities of data previously presumed to already be dumped from the system’s internal storage. Computer attendants first caught wind of the possibility of something afoul after examining some of the papers Snowden left behind in an airport restroom before fleeing the country.
“After going through multiple system logs, we ended up stepping right into the problem,” said security expert William MacDougal. “It’s running through systems all over and leaving quite a mess behind.”
Some allegations have recently surfaced that suggest that the NSA has been aware of this method of intrusion and has been taking advantage of it for at least 18 months. One CERT team member commented that “it shouldn’t be a surprise to anyone that the NSA has been both aware of this bug and exploiting it,” saying “everyone knows by now that the government has been going through our shit for years!”
In response to media inquiries, an NSA spokesman did offer helpful advice today in a press briefing saying, “all computer users should just change their computer password to something on our ‘recommended safe list’. We have determined that these ‘safe’ passwords are the only ones immune to numerable cyber-penetration methods.” The NSA safe list include: love, password, jesus, qwerty and 123456 and for bank pins they recommend using either 0000 or 1234.