Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A Brief Overview of the Red Star OS 3.0 Securit...

TJC573
January 12, 2015
Technology
0
43

A Brief Overview of the Red Star OS 3.0 Security Flaw

TJC573

January 12, 2015
Tweet

More Decks by TJC573

See All by TJC573
A Quick Overview of the Computer Fraud and Abuse Act
tjc573
0
35

Other Decks in Technology

See All in Technology
【JAWS-UG大阪 reInvent reCap LT大会 サンバが始まったら強制終了】“1分”で初めてのソロ参戦reInventを数字で振り返りながら反省する
ttelltte
0
140
AWSマルチアカウント統制環境のすゝめ / 20250115 Mitsutoshi Matsuo
shift_evolve
0
120
Alignment and Autonomy in Cybozu - 300人の開発組織でアラインメントと自律性を両立させるアジャイルな組織運営 / RSGT2025
ama_ch
1
2.4k
RubyでKubernetesプログラミング
sat
PRO
4
160
My small contributions - Fujiwara Tech Conference 2025
ijin
0
1.5k
Oracle Base Database Service:サービス概要のご紹介
oracle4engineer
PRO
1
16k
完全自律型AIエージェントとAgentic Workflow〜ワークフロー構築という現実解
pharma_x_tech
0
350
.NET AspireでAzure Functionsやクラウドリソースを統合する
tsubakimoto_s
0
190
AWS re:Invent 2024 re:Cap Taipei (for Developer): New Launches that facilitate Developer Workflow and Continuous Innovation
dwchiang
0
170
iPadOS18でフローティングタブバーを解除してみた
sansantech
PRO
1
150
20250116_JAWS_Osaka
takuyay0ne
2
200
東京Ruby会議12 Ruby と Rust と私 / Tokyo RubyKaigi 12 Ruby, Rust and me
eagletmt
3
880

Featured

See All Featured
The World Runs on Bad Software
bkeepers
PRO
66
11k
Writing Fast Ruby
sferik
628
61k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.3k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.2k
Embracing the Ebb and Flow
colly
84
4.5k
Measuring & Analyzing Core Web Vitals
bluesmoon
5
210
Building Flexible Design Systems
yeseniaperezcruz
328
38k
A Philosophy of Restraint
colly
203
16k
The Power of CSS Pseudo Elements
geoffreycrofte
74
5.4k
Navigating Team Friction
lara
183
15k
How to train your dragon (web standard)
notwaldorf
89
5.8k

Transcript

  1. “HEADS UP, DEAR LEADER: SECURITY HOLE FOUND IN NORTH KOREA’S

    HOME-GROWN OS” SEAN GALLAGHER, ARS TECHNICA

  2. “ATTACKING 'RED STAR': LEAKS SHOW JUST HOW EASY IT MIGHT

    BE TO HACK NORTH KOREA” THOMAS FOX-BREWSTER, FORBES

  3. RED STAR OS FIRST RELEASED IN 2003 LINUX DISTRO BASED

    ON RED HAT

  4. MOST OF NORTH KOREA’S CONNECTIVITY COMES FROM NETWORKS ISOLATED FROM

    THE REST OF THE WORLD. IT’S HARD TO SAY FOR SURE, BUT SOME BELIEVE THAT THE OS ISN’T RUN BY MANY INDIVIDUALS, BUT BY ORGANIZATIONS. MANY INDIVIDUALS RUN VERSIONS OF WINDOWS XP.

  5. RED STAR 3.0

  6. VERSION 3.0 RELEASED SUMMER 2013 DESIGNED TO LOOK LIKE APPLE’S

    OS X PREVIOUS VERSIONS DESIGNED TO LOOK LIKE WINDOWS
  7. None

  8. 3.0 RECENTLY APPEARED ON TORRENT SITES AS A FULL OS

    INSTALLER.

  9. THE FLAW ALLOWS A USER ACCESS TO ROOT PRIVILEGES; THIS

    IN TURN GIVES THEM THE CAPABILITY TO DISABLE SECURITY RESTRICTIONS IN PLACE BY THE GOVERNMENT.

  10. A RULE FILE FOR A BUILT-IN GENERIC KERNEL DEVICE MANAGER

    IS WORLD-WRITEABLE. THIS RULE FILE WAS ORIGINALLY INTENDED FOR AN HP LASERJET 1000 PRINTER. THE RULE FILE CAN BE MODIFIED TO RUN COMMANDS WITH ROOT ACCESS.

  11. WITH SUCH A SMALL NUMBER OF PEOPLE USING RED STAR

    3.0, THE DEVELOPERS MAY NOT HAVE FOUND THE FLAW IN THE BASIC SECURITY.

  12. THERE IS SPECULATION THAT THE FLAWS IN RED STAR ASSISTED

    THE FBI IN PINNING THE BLAME ON NORTH KOREA FOR THE SONY PICTURES HACK LAST DECEMBER.

  13. THIS MAY SIGNIFY THAT MANY COMPUTERS IN NORTH KOREA ARE

    EASY TARGETS. THAT MAY ALSO BE THE POINT. ERRORS LIKE THIS ONE HAVE PLAGUED EARLIER VERSIONS OF RED STAR.

  14. REFERENCES FOX-BREWSTER, THOMAS. "ATTACKING 'RED STAR': LEAKS SHOW JUST HOW

    EASY IT MIGHT BE TO HACK NORTH KOREA." FORBES. FORBES MAGAZINE, 9 JAN. 2015. WEB. 12 JAN. 2015. GALLAGHER, SEAN. "HEADS UP, DEAR LEADER: SECURITY HOLE FOUND IN NORTH KOREA’S HOME-GROWN OS." ARS TECHNICA. 9 JAN. 2015. WEB. 12 JAN. 2015.