On 12/08, Warren Bailey wrote:
http://m.washingtonpost.com/business/technology/2013/12/06/352ba174-5397-11e...
Noticed this tonight.. Not saying the WP is always on target, but what software could be installed via a browser on any computer to gather all of that data? And how would it be done without the OS speaking up about it? Far fetched.. Or do the Firefox / chrome guys have some 'splainin to do?
My first thought as I read the article Friday evening was that they were attempting to exploit a vulnerability in a popular application (first guess: Adobe Flash) in order to execute arbitrary code -- at which point they have full control of the victim's PC and can do (or install) whatever they want. "A software update to a program the surveillance software was planning to target, meanwhile, raised fears of a malfunction, forcing the FBI to refashion its malicious software before sending it to Mo’s computer." However, the article also states that: "Federal magistrate Judge Kathleen M. Tafoya approved the FBI’s search warrant request on Dec. 11, 2012, ..." "The surveillance software was sent across the Internet on Dec. 14, 2012 ..." December 11, 2012 fell on a Tuesday. More specifically, it fell on the second Tuesday of the month, a.k.a. "Patch Tuesday". Perhaps it was a vulnerability in Microsoft Windows itself, then, that they were attempting to exploit? Six of the seven vulnerabilities fixed that month "could allow remote code execution". Internet Explorer and Microsoft Office were among the affected software, according to http://technet.microsoft.com/en-us/security/bulletin/ms12-dec. "... but the FBI’s program didn’t function properly, ..." Oops. /p