Comment Re: Passes (Score 1) 73
(My condolences to the family.)
When our attackers desire to remain hidden, we usually can not detect and remove them using any common tool. The techniques for remaining in hidden control of systems are straightforward, effective and available to any attacker. We can detect all kinds of stuff by carefully inspecting network activity, but learning to do it takes years. And, analyzing 1 machine's traffic is slower than real-time.
For example, a while ago one of my coworkers managed to crack the C&C for a major fake-antivirus group. For 2 months we grabbed the rootkits as they went by. Code on compromised machines was updated daily. VirusTotal pronounced it all clean. Usually, the victims had no clue. None of the virus or malware detectors/removers would regain control of a compromised system. Sometimes the utilities would claim to have done something. It was never complete or successful. On the other hand, if we isolated a compromised machine from the C&C for 3 weeks, some of the utilities would start to be effective. At 6 weeks, almost all of them were effective. Of course, this fake antivirus group was indiscriminate and had a huge footprint.
We still use Microsoft Security Essentials or EndPoint Protection. It almost never prevents compromise, but in some circumstances it will let us know that that we have been had. Some attackers get what they want immediately and don't try to hide. Others break discipline after a few days or weeks. Then there are the ones that get what they want and sell you to less capable attackers. Finally, if the user/machine is vulnerable to attack then the machine eventually gets infested with multiple attackers. Once multiple attackers start interfering with each other, something always gets dropped.
We always recommend a "change passwords/backup/wipe/rebuild/restore" when we discover compromise. Even then, sometimes an attacker regains control by hiding hostile code in user files.
The preventative measures that seem to be most effective for us are:
A few crypto products need efficiency and performance. But, many don't. Many existing products are optimized for efficiency and performance, even when these goals are contrary to the stated goals of the product. Frequently, crypto solutions unnecessarily limit the size of keys. They extend the lifetime of keys. They limit the number of available keys. In many cases, all three of these latter goals are false savings.
We rarely use symmetric crypto, even though it is frequently simpler and more robust. Public Key is almost always preferred, even when it is easy to distribute keys.
Reliable, trustworthy sources of truly random numbers seem to be very useful, inexpensive, and straightforward to create. See: http://en.wikipedia.org/wiki/C...
If we are interested in secure communications, it should be normal and expected that we would pick up several hardware random number generators. We should have multiple simple, robust, trustworthy tools to generate symmetric keys. We should have multiple tools to utilize simple, robust, trustworthy symmetric crypto.
Instead, we seem to focus on always using a single complex public key solution even when it is not appropriate.
In my ignorance, I have been trying to map out a simple, robust tool for system administration, that makes use of symmetric crypto. See: https://it.wiki.usu.edu/201501...
I would really like to learn that I have been wasting my time.
This guide doesn't recommend disabling passwords. That's a huge omission.
Thanks. I figured that was obvious enough to not need explanation. So I decided it was out of scope. But, I am wrong all the time.
I am assuming you feel that we should teach our admins to test all their SSH passwords against standard attack dictionaries and disable/notify any that fail. This is a good idea. I will try to add it tomorrow.
Are there other conditions that are detectable by SSH admins that require disabling passwords?
You should have user honeypots. Once in a while present a fake certificate. If the user ignore the wrong fingerprint and type in the correct password, reset the account password.
That is an interesting idea. It is easy to MITM our SSH client connections. But, this control comes with a large expense. Because it is easy for our clients to see Security's actions, and it is hard for them to see the actions of attackers, they will conclude that Security is being evil for no good reason. This will greatly reduce our effectiveness by isolating Security from our community. Other controls may mitigate this problem with less expense.
For example, we are currently pushing our people to adopt widespread 2-factor authentication. Our people are ready to accept 2-factor. They understand it's value. They are familiar with it's use. We have multiple cheap 2-factor solutions. 2-factor somewhat mitigates MITM and also helps other issues.
That said, I think we really need a simpler form of SSH for trusted point-to-point communications. It should exclusively use pre-distributed one-time pads for it's authentication and encryption. We can now generate and distribute 100+ Gigabyte files of true-random data. This data can be used to authenticate. It can be used to generate secure symmetric encryption keys. We can handle millions of secure connections before we need to redistribute pads again.
Since I am not a cryptographer, this idea has many problems. But I believe that securely using these huge one-time pads could be as easy as:
As you can see, this system is very simple,crude and inefficient. We are just re-implementing the old concepts of secure phones using 1-time pads. None of this is new. We can use simple logic because we don't want or need complexity. It allows for 1 server and multiple clients. You have to redo this logic to have more than one server per pad/keyfile. It only solves one problem, but it is so simple that it should eliminate almost all opportunity for logic and programming flaws. Remember, complexity is the enemy. We don't care about efficiency. We want security. The NSA has used feature creep to corrupt many forms of existing crypto.
This proposal is connection oriented, but it can run on TCP or UDP or ICMP. You probably want to use TCP to reduce spoofing, DoS opportunities and sort out some of the low level attacks. If you do, you have to remember that you can't trust TCP to eliminate spoofing or verify message delivery.
https://it.wiki.usu.edu/ssh_de...
We try to use multiple overlapping security layers to protect SSH:
Much of this work can be automated. The rest is excellent training material for new security recruits and interns.
Looking back, the main change I should have made to improve our SSH protections would be to default block incoming TCP/22 at the border years ago. Then, only allow it for groups that can show they use it to provide services to a large community. Anybody using SSH for administration can change the SSH port.
Spending money on a mansion is literally the opposite of storing it at the bank.
You know that you don't have to just add useless and uninteresting words to something that already had substance, right? At least borrow some quotes from Socrates' Dialogues to spice things up: There is admirable truth in that. That is not to be denied. That appears to be true. All this seems to flow necessarily out of our previous admissions. I think that what you say is entirely true. That, replied Cebes, is quite my notion. To that we are quite agreed. By all means. I entirely agree and go along with you in that. I quite understand you. I shall still say that you are the Daedalus who sets arguments in motion; not I, certainly, but you make them move or go round, for they would never have stirred, as far as I am concerned. If you're going to say _nothing_, at least be interesting about it, post anonymously, or risk looking more clueless / foolish. This is why the moderation system is in place, and mods typically don't listen to inanities like "Well said" when deciding on what to spend their points.
1. I'm too busy to sit around thinking up additional words to throw in so I can score "mod" points
2. The people I like on Slashdot are too busy to read a bunch of additional words I only threw in so I can score "mod" points
3. It's not in my nature to waste words, or to waste time
If other posts here on Slashdot are any indication, "Mr. Councilman" is just as likely to lose political points by supporting the poor.
Actually this particular councilman represents an extremely high-rent district--Manhattan's upper east side. I doubt there are many wealthier neighborhoods in the world. He's not doing this to 'score points', he's doing it to do the right thing.
It is my opinion that poverty is partially systemic. Our economic system depends on there being a pool of available workers (unemployed and underemployed). So as long as there is capitalism and a functioning free market, there will always be poor people. That being the case, we have a responsibility to make sure the basic needs of everyone are met. Increasingly in order to succeed in school and in life, Internet access isn't really a luxury.
Well said
Time and again, history has shown a healthy middle class is the best road to alleviate poverty on a grand scale.
Let me fix that for you:
Time and again history has shown the way to have a healthy middle class is to alleviate poverty on a grand scale.
shutup. just shut the fuck up. you neither know you are talking about, nor have any valid point to make. its not about solving the digital divide any more than the housing thing is about solving poverty. its been widely and clearly shown that there is an increase in opportunity and outcomes between homes with and home without internet access. you're essentially complaining about improving someones potential opportunities to enrich themselves and make their life better and maybe even get out of that housing you mock. but again, you have no valid point, so therefore theres little sense in talking sense, like pointing out to you that without subsidized housing many of these people would be on street, homeless, increasing both crime rates and homeless and deaths among the impoverished. Theoretically we are a civilized nation. But a civilized nation doesnt advocate intentionally making it harder if not impossible for those most disadvantaged to improve themselves, nor advocate for them to die quickly and get out of the way.
Well spoken, bro
Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?