[Cryptography] Windows Bash

Henry Baker hbaker1 at pipeline.com
Sat Apr 9 16:51:56 EDT 2016


http://www.theverge.com/2016/3/30/11331014/microsoft-windows-linux-ubuntu-bash

Microsoft is adding the Linux command line to Windows 10

Bash coming to Windows is huge news for malware/ransomware developers, nation-state APT teams

Redmond, WA -- April 1, 2016 -- Microsoft announced today that Win10 would soon provide full support for yet another universe of exploits by including the BASH shell in all Win10 installations including mobile phones, Raspberry Pi and IoT installations.

According to Roger Jolly, leader of Microsoft's highly-regarded "Stuxnet" team, "our partners in the International Persistent Threat Consortium -- particularly the smaller members like North Korea and Iran -- have had difficulty managing a large inventory of exploits based on Powershell due to the increasing difficulty in hiring Powershell experts."  Dr. Kim Kim, of North Korea, who also sits on the IPTC Board, added "Our recent hack of Sony may be the last of our Powershell-based attacks, because we are redeploying our Powershell hackers into the more versatile Flash and Java exploits."

Microsoft's Jolly also gave a shout-out to NSA, "The NSA felt that it could better optimize its scarce and expensive APT team members by standardizing on the BASH shell.  NSA's BASH-based platform -- codenamed Monster Bash -- provides all the capabilities that were needed to attack almost any widely used platform -- with the possible exception of legacy Mac OS9 applications still found on some California Senators' desks."



More information about the cryptography mailing list