Redefining "Default Deny"

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Redefining "Default Deny"

Post by p2u on 13/1/2011, 15:58

ssj100 wrote:By the way, on the subject of "insiders", is there any way to be safe from Hardware keyloggers from a software point of view?
Not so sure with all those laptops that come with pre-installed Windows versions + unnecessary firmware and other crap. Remember that in OEM versions, laptop vendors have the right to modify the OS and the system to their taste. Do you remember the Sony BMG copy protection rootkit scandal? I mean: That software interfered with the normal way in which the Microsoft Windows operating system plays CDs by installing a rootkit which actually created vulnerabilities for other malware to exploit by lying to the OS about what was really going on. Even the best security programs with all their kernel hooks weren't able to spot it and it took someone like Russinovich to uncover this scheme. Nobody seemed to care because it was T-R-U-S-T-E-D. And the assumption now is to relax, because SONY was the one and only doing this, and it won't happen again, ever...

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 13/1/2011, 16:28

Update: Russinovich's story: http://blogs.technet.com/b/markrussinovich/archive/2005/10/31/sony-rootkits-and-digital-rights-management-gone-too-far.aspx
P.S.: Had he installed a firewall that was able to log (not necessarily block) all outbound traffic or a sniffer, he might have noticed this earlier by checking the logs...

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 13/1/2011, 16:34

Well, it seems we need more people like Russinovich haha.

But the reality is that in this specific example, no one actually got their identity (I don't mean IP addresses and CD's used from those addresses!) stolen did they? I mean, our own ISP's probably know much more information than that - no one seems to be complaining. It sounds like it (only) made their systems more vulnerable to additional malware, whatever this malware might be. Hence the importance of preventing untrusted newly introduced code getting on the REAL system in the first place. Now to keep people up at night, we just need an example of "Trusted" software directly stealing eg. user's banking passwords haha.

By the way, if I saw those "Firewall logs", I would have just accepted it as "normal" behaviour. I don't see anything wrong with Sony knowing what album my "IP address" is listening to, just like I don't see anything wrong with the waitress knowing that I ordered steak haha. I'm not saying what Sony did was necessarily okay, but I'm just making a couple of points - I don't think I would have the time nor the expertise to work out what's "normal" or "abnormal" behaviour in a Firewall log, and I don't personally think Sony was "invading my privacy". If they were logging all my keystrokes, then that would be a different story.

Anyway, security is all about reducing the probability of getting "infected". However, you don't want it to reduce convenience and enjoyment (too much!). There are many ways of reducing these probabilities - for example, you can reduce the probability of getting your online banking details stolen to zero by simply not doing online banking!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 13/1/2011, 16:52

ssj100 wrote:But the reality is that in this specific example, no one actually got their identity (I don't mean IP addresses and CD's used from those addresses!) stolen did they?
This is not an example to prove that SONY did something malicious; I'm sure they didn't. This just proves that something may come pre-installed, that nobody may even notice, and that what happens afterwards depends solely on the intent of its creator. It also proves that you can't fully trust signed code if you haven't written it yourself. I mean: SONY made it actually possible (without intent) for security providers not to spot the installation of the dangerous keyloggers you are talking about.
P.S.: Somebody with good networking experience will spot that kind of outgoing traffic by the address the system goes to, even if the process is unknown.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 13/1/2011, 17:07

I suppose I'm always trying to apply such examples to the REAL world. The lack of examples of "Trusted" software directly performing malicious activity simply shows that this attack vector is probably non-existent (eg. the attack vector of companies like Sony genuinely trying to "hack" your system). I felt you had implied otherwise.

And I'm very thankful for this, because I really don't have time to monitor/analyse firewall logs all day haha. There's probably a good reason why Russinovich didn't pick it up via Firewall logs.

For our readers concerned about pre-installed stuff, you can simply re-install Windows when you receive your computer etc (something I personally do). And when downloading/acquiring new files, be careful how you treat them! For example, if it's a file from an unknown source, always open it virtualised first, and/or run it past some on-demand scanners. If it's an installation file, you can ensure that it's digitially signed and has the correct MD5, SHA-1 hash etc. The chances of getting infected with this security setup/approach is next to nothing, and it doesn't require endless tweaking and too much valuable time. Plus, you can genuinely enjoy your computer with relative peace of mind!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 13/1/2011, 17:41

ssj100 wrote:"Trusted" software directly performing malicious activity
I never said that. I was talking about giving "trusted" software, "trusted", "convenient" and even "enjoyable" features full reign. I was also talking about business models that may have very unexpected consequences in the security sense. Anyway, I trust that those who read between the lines will take the measures that suit them best. Case closed? Smile
P.S.: I also hope you didn't infer from my posts that I'm a proponent of "anonymous" browsing. On the contrary. In that case I would be putting all my eggs in the basket of the "anonymous browsing" provider, which is stupid. I trust my own provider with my data and I even trust the government with my data. I don't do anything special to "hide" myself. You and the moderators here can see me and the User Agent I send is real. It's just that without the users' consent, the rest of the world doesn't have the right to treat them all like fools and get access to data that don't belong to them through silly and imperceptible memory corruption exploits and other stuff.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 13/1/2011, 23:24

Fair enough mate. By the way, it's interesting that you don't care so much about being anonymous online. However, the fact is that we all pretty much are. Put it this way - in general, we're more anonymous online than we are when we step outside our houses. The danger of being "spied" upon and having identity stolen in the physical world is probably still much bigger. After all, an IP address, cookies and browsing history doesn't tell anyone exactly which coffee shop you personally physically go to! In fact, it doesn't tell anyone any details about yourself. All it tells is that whoever is using this IP address etc likes to visit ssj100.fullsubject.com!

By the way, how can I know for sure if your real name is Paul haha!

This is why I don't understand why people get so picky about "stealthing" themselves online. It's not like we're unknowingly giving out our real full names, date of births, and banking passwords right (especially if one doesn't do any online banking etc)?

However, as you've mentioned in the past, for the "greater good of all", maintaining some level of anonymity with our browsing can help prevent hackers from performing too much "market research" etc.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 14/1/2011, 00:05

ssj100 wrote:By the way, how can I know for sure if your real name is Paul haha!
Uhm... You got me there... Very Happy Should I send you a copy of my passport?
P.S.: I think that problem will actually be solved by 1012. There are plans for a digital passport for everyone, which you should "show" wherever you register. The downside is that it will probably be realized through Java, which is a security nightmare if you ask me. Time will tell.

ssj100 wrote:This is why I don't understand why people get so picky about "stealthing" themselves online. It's not like we're unknowingly giving out our real full names, date of births, and banking passwords right (especially if one doesn't do any online banking etc)?
Stealthing is a nice marketing term, but it does nothing for you in terms of "invisibility" or "anonimity".
cmd as admin:
Code:
net config server /HIDDEN:YES
may serve you better if you want to hide your computer in a hostile local environment.
And about stealth: worms in the provider's local network just don't care about it; they'll just keep knocking on your door, especially if you have services opening ports behind your firewall. A simple reply "We're closed today" may actually be a better solution and may make them go away. Better to disable services that open ports anyway, even if you're behind a router.

ssj100 wrote:However, as you've mentioned in the past, for the "greater good of all", maintaining some level of anonymity with our browsing can help prevent hackers from performing too much "market research" etc.
A reasonable level is OK, yes.
P.S.: By the way, one thing that really does make my hair stand on end are advertisers like Phorm, NebuAd or whatever, with their ISP-installed equipment (they pay good money to providers to do that) that does "deep-packet inspection" of all the traffic your system sends anywhere and receives back (and I mean e-v-e-r-y packet). That's really a bit too targeted if you ask me and there's no protection against it. They were forbidden some time in the past in the UK, but from what I understand, they're back in business now in Brazil.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum