Flendon - Slashdot User

Comment: Re:No (Score 1) 671

by Flendon on Monday March 05, 2012 @11:33PM (#39257527) Attached to: Ask Slashdot: Using Company Laptop For Personal Use

Given that mode of thinking, I would assume you would check the image of returning employees laptop hard drive for malicious changes installed by professionals.

That is the funniest thing I've read in a long time. Thanks for the laugh.

Even if you trust your employee completely, the laptop has been in the hands of customs and other unknown people while in the world. It can't be assumed safe until re-imaged. Finding any attackers code would be a bonus of the 'standard' harddrive swap by IT on return.

Very true here. However, most IT departments have more important things to worry about, like making sure the new security patch isn't going to interfere with the CEO's favorite gambling website. Looking for malicious code isn't going to be on any priority lists when a wipe will "solve the problem".

And no it wouldn't be that bad. Employee has only had laptop for a few days. Tech pulls old drive, installs standard image replacement, checks for nonstandard flash, updates crypto, puts back on shelf. Tech installs old drive in USB enclosure, enters crypto key, scans then copies data folders to employees user folder, then runs paranoia process on OS and drive. If nothing found drive re-imaged and put back on shelf.

To the employee it looks like he turned in his machine and his data showed up in his folder 30 minutes later. To the tech it looks like he has a job doing paranoid shit, until one day he finds the next Stuxnet.

An anti-virus scan will only catch malware that is widespread and has been in the wild for several days. Look how old Stuxnet was before it was detected by A/V. Their are other custom jobs that have gone years without detection as well. The 'paranoia process' would require a forensic examination. A decent forensic triage takes at least 4 hours on a smallish drive. A full examination can take days just to determine if something unusual is present. Than you have to take apart that unusual piece of software just to find out you are chasing down the wrong rabbit hole. This is the kind of work it takes to find the next Stuxnet.

Unless you are in the security industry then some VP is going to look at a poorly done risk assessment, look at the pricetag as overhead, and slash the budget, thinking "that won't happen here" and put down on his next review how many millions he just saved the company. Even in the security industry this isn't done nearly as often as it should.

Comment: Re:No (Score 1) 671

by Flendon on Monday March 05, 2012 @11:07PM (#39257365) Attached to: Ask Slashdot: Using Company Laptop For Personal Use

Their are several well known adages in the IT security field. The most important one is that the usability of a system is inversely proportional to the security of the system. The corollary to this is, the only secure system is the one locked in a safe with no power or internet connection. I've worked cases of documents being stolen from computers which had never been connected to the internet and had all the security bells and whistles. If the computer is required to be capable of running software (kind of important for most users) security holes will be found. No exceptions. The biggest threat I've seen to network security is admins who are overconfident in the security of their network.

Comment: Re:Alternatives (Score 1) 208

by Flendon on Monday February 23, 2009 @12:52PM (#26959421) Attached to: SSLStrip Now In the Wild

For those who don't like to verify there connection themselves can just use Firefox 3.0. If the site really is secure the background of the favicon changes to blue or green depending on how trusted the certificate is. So when the background of the padlock doesn't change color you will know it is fake.