Slashdot Mirror
Living In an Unsecured World
GhostX9 writes "Charlie Miller, Accuvant Principal Research Consultant and keynote speaker at NATO's recent International Conference on Cyber Conflict, speaks with Alan Dang of Tom's Hardware about living in an unsecured world. He goes over his recent MacBook battery exploit and the challenges of computing security in the upcoming future. Quoting: '[W]hat we can do (and this is the approach the industry is sort of taking) is make it so hard and expensive to pull off attacks that it becomes economically infeasible for most attackers. ... The way we make it more difficult is to reduce the number of vulnerabilities and ensure users' software is up to date and "secure by default." Also, make the OS resilient to attack with things like stack canaries, ASLR, DEP, and sandbox applications so that multiple exploits are needed. We also need to better control the software loaded on our devices (i.e. Apple's App Store model). So, instead of having to write a single exploit, it takes three or four in order to perform an attack. This means most attackers won't be able to pull it off, and those who can will have to spend much more time working it out.'"
I'll see your defense in depth and raise you by one automation.
When, if ever, has the world been secure?
Mankind is flawed, you cannot patch this flaw. You can only mitigate the flaws.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I wonder if he has windows in his home. That's a terrible vulnerability that we have endured for centuries and somehow civilization survives.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Three or four exploits is one exploit. Unless your solution scales exponentially, it's bullshit.
No Thanks.
"[W]hat we can do is make it so hard and expensive to pull off attacks that it becomes economically infeasible for most attackers"
And doing that is so hard and expensive that it becomes economically infeasible to release a product at a competitive price.
This means most attackers won't be able to pull it off, and those who can will have to spend much more time working it out
So the theory is that making systems harder to hack will dissuade hackers, thus making all computers secure forever. It's too bad this is such a novel theory and no one's ever tried to harden existing systems against hacking otherwise we might have some empirical evidence to support his plan.
Oh what's that? The entire history of hacking is one of ever more elaborate and clever security precautions being overcome by ever more elaborate and clever hackers? One side cannot ever declare victory and rest on its laurels? It's an arms race, you say?
How very exciting!
It breaks my pluginses, my precious!
switch to openbsd :)
To bad it's not their model, the Linux and BSD communities have been vetting software through trusted distribution channels for over a decade now.
I love mine and know it is secure by the simple reason that no one has sold enough to make it a worthwhile target.
* Carthago Delenda Est *
So long as said security doesn't inhibit my ability to use my machine entirely as I wish, and doesn't treat me as an enemy as well.
This reminds me of the old joke:
Alice and Bob are camping when they get attacked by a hungry lion. Running away at top speed, Alice begins to overtake Bob. "We'll never be able to outrun it!" says Bob. Alice replies, "I don't need to outrun the lion - I only need to outrun YOU!"
In that sense, all the security any given person needs is just not to be low-hanging fruit.
Linux does not have the market share either.
The other reason is you hardly ever load software onto it. The other problem with your theory though is chrome (browser) has a massive (relative to Linux) market share, I wonder how long it will be before a persistently open tab could become an "attack vector".
FTFY
"I've got more toys than Teruhisa Kitahara."
Yep with capitals on every word.
So you see every security researcher and their friend claim how good it is to have long, strong unremembered passwords for each of your 1000 services.
They also want to have a million software work-arounds to manage flaws in the current software and operating system design. Such as ASLR, canaries, what not - then make your believe your system is, I quote again, RESILIENT. Nothing less! Your OS fights back for you and has multiple layers of security! (which usually are all bypassed in one go.. sometimes 2 go.)
That's a lot of nice words. Slashdot readers should know by now that while all these features are integrated in all modern OS (yay Lion now has real ASLR...) it doesn't stop attacks at all, and barely makes the exploits code longer to figure out.
These people have had their mind programmed to think a certain way and they do think, since "security is a process" that it's the correct way to secure software in the future. Well, it looks pretty bad and full of holes doesn't it? Pretty crappy security if you ask me, even if that's way better than 10 years ago.
They've been programmed that way because many fear that their job and their precious antivirus software would be less relevant if the flaws were fixed. Oh I can't tell you how much hate posts such a statement generates. It's like saying 'Chrome sucks because there's Google behind it and they want your data' you know. The truth too many don't like to hear and will close their eyes as if nothing was going on
There is, and there are however true alternatives. It involves rewriting from scratch the current OSes to fix the design flaws.
Actual, real OS programmers know this very well. Even the people behind UNIX knew that and rewrote it, and called it Plan9 (which died for other reasons).
Even Microsoft knows that and wrote Singularity as well as Midori. Even Open source OS programmers know that and made their little spin offs.
Those OS are by design very secure (even if the 'nothing is 100% secure' still stand true). Every app is sandboxed in it's own memory space. Every driver too and kernel components too. The memory has automatic reference counting and garbage collection, and there is also no way to provoke overflows and any attack of that class. The core assembly is typed to avoid type errors leading to exploits in the core kernel. Its also kept very, very small as are all the critical sections.
All the message passing between the apps, the apps to the kernel, the driver to the kernel and so on go through a special, ultra fast messaging system and it is the sole and unique vector for communication and thus attacks. Every message is verified and must match a predetermined contract to pass through. The contract describe the kind of data with precision. No more injection of bad data. Not only that but the kernel overhead is actually lower than Windows, OSX or Linux and the apps actually run faster.
And there's a whole lot more. With today's computer speed we will be able to afford running those new OSes while running legacy apps in emulation mode.
Besides many applications being written into portable languages such as JS this will be less of an issue.
Guess those guys who'll be interested in encrypting theirs are the ones who have saved files that are
for their eyes only huh. Am one of them. Nothing malicious though. http://financial.atlanticinternationalpartnershipnews.com/
start by taking the time to a non rush job and do a lot more QA / testing. Also usability testing needs to be done as well.
auto testing can help but it does not cover all things / leads to coding to pass the test missing the stuff that the test does not cover.
I am a firm believer that when we came up with the concept of zero tolerance we were in trouble. Life is shades of grey; some more white, some more black never just black nor white. If we lose the ability to take care of ourselves, we lose our ability of self determination a.k.a freedom. We are in trouble...
Stop makeing us change passwords each month or less and cut back on the pass word rules Ti5@j0ke is way to pass with out needing to use a post it and next month it's P@ssw0rd2!
educating the fucking users, which is the most glaring and most fundamental security hole there is. Make sure the users know they need to keep the PCs and anti-viruses updated, make sure they know how, make sure users know not to run untrusted programs, make sure they know what counts as a program (screensavers, plugins, installers... we know but they often don't), make sure they don't insert a USB stick they found in the street, if their PC has an instant-on OS option make sure they use that to do their banking instead of their main OS, if there are grandmas out there using Windows for no good reason try and get them to switch to another OS, teach users to recognise suspicious behaviour and ask for help... need I go on?
Computers weren't designed for security. They still aren't. We shouldn't feel bad though, 'god' didn't do much better.
A lot of Apple fans will disagree with that last part.
"We also need to better control the software loaded on our devices (i.e. Apple's App Store model)."
That is to consumer control as paladium/tcpa is to consumer security and DRM is to consumer choice.
Yes, we need better control on the run-time environment of untrusted software. No, the app store model is not the answer. The rest I leave as an excercise, though if this so-called expert gets it wrong, what about the rest of the industry? Go do your homework, guys.
To give Microsoft their due, I think Windows (that is to say Windows NT on which current Windows is based) was quite specifically designed for security. Remember the NT kernel was designed by guys stolen from Digital who had worked on VMS. What seems to have gone wrong is that Microsoft has different priorities from their customers. Uncontrollable automatic installation of things like Active X was done because they wanted their new system to push others out of the market place. Look at the big recent push to get the DotNet runtime installed.
The other thing that went wrong is more interesting and fundamental. Windows design for security actually seems to have achieved the opposite. For example, Windows uses full access lists where Unix traditionally only had file modes. Full access lists should be more "secure" because it should be possible to have the exactly the access you need. In practice, however, users don't understand the access lists and end up either giving too much access or locking themselves out of something. This leads to a situation where the standard practice in many companies is to not allow the users to set their own access lists and completely defeats the entire benefit. Process security is similar and UAC and a bunch of other recent ideas were basically the same problem.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Computers weren't designed for security. They still aren't. We shouldn't feel bad though, 'god' didn't do much better.
Modern ones maybe not. Many older ones, back when a big buyer was the military, and some smaller ones still designed for such areas, are. What we have now is an upgraded micro-controller architecture with security bolted on the back. The problem isn't that we don't know how to do security much better. The problem is that nobody who's building the systems cares enough.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
There's also the issue that security is annoying. Whether it's changing your password monthly or something non-IT related like checking badges at the lobby, security is a pain in the ass, and a lot of people would rather install the security infrastructure and then bypass it. Hell Feynman used to tell the story of the general at Los Alamos who ordered a zillion dollar uber-safe to store the secrets of the bomb in, and then never bothered to change the factory combination.
One reason UAC and the other recent ideas don't work is because they bug the shit out of the end user. Windows is especially annoying because when it decides it needs admin approval to do something, it pops up a dialog, and *locks the rest of the system from doing anything until you handle the question.* That's asinine. Lock the program in question from doing anything, but don't stop the video I have going in the second monitor. Stupid little irritants like that make me want to turn that crap off, and I know better. Most users wouldn't hesitate to make their system stop pissing them off on a daily basis.
"I disagree with you" does not equal "flamebait."
The efforts to improve Internet security are simply being out paced by the rate of new technology implementations. The Internet has been one gigantic Rube Goldberg construct since the beginning. Trying to provide security while maintaining backwards compatibility is creating security nightmares. Any large scale and meaningful security improvements would require a wholesale abandonment of past security methodologies and replacing that security infrastructure would be extremely expensive and would cause incompatibilities that would almost render the Internet useless. Just look at the amount of work required for implementing IPv6. This is only one aspect of the Internet core requirements. Everyone from ISP's, OS developers, and application developers across all platforms will be effected. We certainly know how to create very secure systems but unless we are willing to start over from scratch and abandon any backwards compatibility the chances of creating a more secure Internet is doubtful in the extreme.
Is that how it goes?
Listen, I do computer security audits and penetration testing and we break into 90% of the companies we attempt to break into. The simple fact is that password complexity and password changes is probably the #3 biggest risk in the enterprise, aside from simple patching and configuration/hardening issues.
Through a combination of techniques, we are able to obtain password hashes of various values. Frequently these are cached values. If you've ever logged into a windows workstation on a domain, your password is stored in a cached hash format on the system and that's what we consider a high value find, because we can run those through crackers very quickly to determine the result. Frankly, the first password you supplied is reasonably strong and would take a few days to crack if your attacker/tester was relatively skilled, the second would be picked up in the first pass after only about 10 minutes of a decent cracking system.
Changing passwords is an important part of keeping these caches from persisting in the long term. I can often tell how often password changes are forced, by looking at the number of valid cached credentials we obtain on the first batch of penetrated systems. Shops that require frequent password changes mean that 60-80% of our cracked cached credentials are going to be invalid (but we will see if there is an obvious pattern, like incrementing the digits by 1). Often we only get one set of valid credentials per machine, and it's for the user of that machine, which is almost inconsequential, since we could impersonate him anyway with the domain security tokens. But in a place with no password changes, or those that happen less than every 3 months or so, the value of those cracked credentials increases greatly.
Since security is a game of layering protections, it seems a rational thing to do. I recommend 60 days, rather than 30 days, however, just simply for the convenience.
Of course, it makes sense that a security consultant would want to centralize security even more. He would profit from such centralization, but he wouldn't profit from ensuring that we get better security.
In my opinion, computer security should be approached just like a public health issue. We should teach people good computer hygiene, just like we teach people about proper personal hygiene. Granted, this approach is not going to solve every problem, and this educational effort would have to be never ending, but I don't think there is any way around that.
We need to start teaching good computer hygiene courses in schools. And for the generations that are already out of school, we need to create ways to get them to catch up to the kids we educate on this subject. For this to really work, everyone needs to learn about proper computer hygiene. Not just the office worker, or IT personnel, but the janitor, the big-shot CEO, the stay-at-home wife, the unemployed, and even grandpa/grandma. The burden of good computer hygiene simply can not be pawned off unto someone else anymore.
And this goes for the people that are going to teach our kids (or teach us) about good computer hygiene, we can't let security firms, manufacturers, ISPs, software vendors, or even content providers, teach our kids about proper security. We need to start taking responsibility for this ourselves. The industry does not teach, it obfuscates. That's a big part of how it makes money. And letting them teach our kids about good computer hygiene would only lead to too many conflicts of interests. That's why we need to do this ourselves.
And I say "computer hygiene", but we should probably call it something else. The term "computer" is not enough these days to convey every type of security problems we should be teaching our kids (or ourselves) about. There is social engineering, which can be very low tech. And there are many more types of powerful computing devices, that can still have problems, but that we do not specifically call computers anymore.
UAC is not a security feature. Improving it's interface and security simultaneously would be simple by just automatically answering all questions with "no". Doing that "securely" would mean giving the user / administrator a set of instructions for which privileges need to be given to the application at the beginning which is precisely what is too complicated.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
One curious part of the interview is when Alan Dang write: "But it seems like in today's world, the end-user is playing a less important role. The end-user with the latest software updates who is also savvy to social engineering cannot protect himself against hackers who steal credit card data from Sony."
This is incorrect: many banks sell "virtual" credit cards services: these CC number work only for one purchase, so users can protect themselves.
But the sad part in this case is that it's the security conscious users who pay the cost of the protection against hackers, not Sony and the other stupid companies storing credit card numbers on unsecured servers..
The problem of seccurity starts with CPUs, goes through the operating system and programming languages, and ends up to the communication standards.
The problem with CPUs is their horrible security model: it is either user or kernel mode for an application, there is no other security mode. This means that once an app is compromised, and foreign code is executed, all sorts of nasty things can be done. A more finegrained CPU security model would offer much better security, allowing software components withihin the same process space to coexist without affecting each other.
The problem with operating systems is that their security model is based, again, on the guest/administrator model, i.e. it is actually the same security model as the one used by the CPUs. A better security model would allow software that communicates with the outside world to run with less privileges than the user, thus saving the user from being compromized when malicious code. Furthermore, operating systems resources are not virtualized for the user, requiring access to administrator rights for jobs that could not require such rights.
The problem with programming languages is that the most used programming languages for system programming are too open for abuse. I am talking about C/C++, of course. Take Windows, for example: hundreds of buffer overflows bugs, because C does not do bounds checking on arrays. If C was designed with safety first, performance second, and made checked array access the default, and unchecked array access explicit, less security issue would exist.
Finally, communications over networks should have been encrypted by default, and only revert to unencrypted when it did not hurt to do so. The encryption support cost would have been minimal by now, as with all technologies that start expensive and get cheap as they are massively produced.
I don't know what "Stack Canaries" are, but it sounds like an awesome name for a band.
If the app store is the best model they can think of, then time to hand in the fricken geek badge.
They could have proposed an even more restrictive model, namely that of video game consoles. One can't even get started developing for a console unless affiliated with an established company with "industry experience" (that is, having already published a commercial game on another platform).
'No, more like the Linux RPM/Deb model that's only been around for... what? a couple of decades? And which offer far better prices, control and access to the market.
If by "far better prices" you mean zero as the only available choice, then how are people supposed to cover the cost of developing high-quality video games or tax preparation software?
Finally, communications over networks should have been encrypted by default, and only revert to unencrypted when it did not hurt to do so.
In the system you propose, how would each party know the other's key?
However you completely miss his point.
He's saying that if you have to change password regularly, it more or less forces you to use worse passwords, since you also have to remember them.
In a world without MSWindows, who needs MSWalls?
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Almost all major distros have audit processes of some sort. That's the only reason we have not already seen rogue engineers introducing trojans directly into the kernel and/or tools.
They could be better, but we need more guys like Theo DeRaadt to lead the audit teams, which presents a sort of dilemma.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
When encryption was added to IP it was added at the Application (top-most) layer, not the transport layer, which is just as simple and far more practical. This stopped encryption being part of the OS kernel and enabled Man-In-The-Middle attacks on a data-gram stream. But that bad design decision is a small part of the problem.
How many machines use Microsoft's IPsec? With advent of broadband, packet-forwarding needs to be fast meaning dedicated CPUs (embedded devices) for communication: Now the need to decrypt the TCP packet while forwarding is minimal but still an encrypted packet could not be decrypted quickly on an embedded device. Lastly remember, encryption is a weapon, and in this day of 'find the terrorist', 'think of the children', '(wage) war on drugs', governments don't want any communications to be strongly encrypted. Note that GSM encryption was cracked in 2003 but there is no draft to implement more than the current 96-bit encryption. Which returns us to the problem mentioned by CAVreader, that of legacy protocls.
There's also the issue that security is annoying. Whether it's changing your password monthly or...
I've never understood why "change your password monthly" has become the poster child for security advice most often mandated by IT departments. On the list of things to make security stronger, this wouldn't even be in the top one hundred, and in fact, I suspect frequent password changes make security weaker.
("Never use the same password on two different systems" would have been my number one choice for advice.)
http://www.geoffreylandis.com
Or has this guy really made a living out of figuring out a way to destroy a battery and calling it a "hack".... Hell give me a sledge hammer and I can hack any laptop in his mindset.
Actually, paraphrasing the great line from Soylent green, "Chrome OS is made of SUSE"!
So, it is Linux. It just has anything not needed removed and all the posts not needed locked up. It's *prolly very secure in it's own right.
I had a Samsung Galaxy Tab 7", and replaced it with the Chromebook. It is great as an internet appliance with a real keyboard.
* Carthago Delenda Est *
I've always thought it was a butt-covering method. "Yeah, we had a data breach but we're taking proper security measures. We make them change their password every month!"
You're right - it makes it less secure. Everyone at my office writes their pw down and stores it somewhere around their desk.
"I disagree with you" does not equal "flamebait."
I think we will see the "increase the cost of attack" model be one of two solutions going forward. It will work well for highly organized organizations as well as small individuals. However, a large portion of the entire population will not take the necessary steps and will still be "low cost to attack" ultimately succeptable to anonymous-type attacks.
The second 'solution' will be a more active defense. Right now, people attack computers because the chance an unsuccessful attack will have a negative impact on them is basically zero. And the impact of a successful attack is much more likely to be positive (for the attacker) than negative. This also makes it very easy to practice attacking, particularly for people in other countries without the laws or will to deal with it. What we need is an active approach to our defenses. If you catch someone attacking, profile them and deny them access to services, wall them off to only access useless data, and deny them attack opportunities the next time they come knocking. This could be done by major organizations for themselves. Also, companies like Google or ISPs could provide this service for all hosts within their sphere of control. Some parts of it could even be automated and placed on servers and network gateways, (similiar to project honey pot or bad behavior.)
This reminds me of the old joke:
Alice and Bob are camping when they get attacked by a hungry lion. Running away at top speed, Alice begins to overtake Bob. "We'll never be able to outrun it!" says Bob. Alice replies, "I don't need to outrun the lion - I only need to outrun YOU!"
In that sense, all the security any given person needs is just not to be low-hanging fruit.
The joke only works so long as theres only one lion.
In the real world, there are plenty of hackers and plenty of targets, plenty of lions and plenty of campers, and no guarantees.
Forcing people to change passwords regularly is the biggest risk of all - because that _ensures_ that most people have simple, easily remembered passwords. Which are also very easy to crack. I change passwords only once per break-in incident. Which means I have the same password for many years at a time. Nobody guesses it, because it it is long and complicated. (Break-ins so far has been through buggy software, not passwd guessing.)
People with enforced password change have passwords like "peter01", "peter02", ... If someone abuses the account and suddenly find that "peter05" no longer lets them in - of course "peter06" is the next try. Most people simply can't come up with good hard-to-guess passwords month after month for many years. Or if they do, they consistently forget them over holdidays. Get a single _good_ password, Long, convoluted, and use it for years.
Password caching, in a easily breakable form? What kind of silliness is that? If the password is cached in a form that lets you break in - well it'd be cached after day one. So not much security in changing it a month or two later. If it is broken early, there is time enough to install a keylogger program for the next password. Or just break the new password the same way as the first. A better fix - don't use such software.
Actually, believe it or not it is based on Gentoo - at least the package management aspects are. The end-user experience is pretty appliance-ish.
One thing going for Chrome is the fact that it uses secure boot, so that greatly limits attack vectors, and if you do manage to get temporary control the next OS upgrade is going to fix that, unless you manage to somehow block those (and that will be even harder to do without tripping the signature checks). And, it is pretty trivial to re-image in the absolute worst case (push a button and insert a USB drive - re-provisioning takes 2 minutes and your settings/apps get completely restored on first login). There is an app you can download to make the rescue drive, and Google is looking to make it possible to create it from chrome.
On the other hand if you can root a phone chances are you'll be able to root chrome - nothing is perfect. However, compared to the typical general-purpose OS it is fairly secure.
If you've ever logged into a windows workstation on a domain, your password is stored in a cached hash format on the system and that's what we consider a high value find, because we can run those through crackers very quickly to determine the result. Frankly, the first password you supplied is reasonably strong and would take a few days to crack if your attacker/tester was relatively skilled, the second would be picked up in the first pass after only about 10 minutes of a decent cracking system.
Rainbow tables to defeat *good* passwords (more like passphrase sprinkled with odd characters, digits, and mixed-case) on modern Windows systems are not yet practical. Same goes for automatic crackers, dictionary-based or not. For now, a long, complex password mitigates those threats. But if you force frequent password changes, most people won't be able to deal with remembering a new *good* password every other month, and you'll end up with short, trivial passwords, often very similar to the previous one. If you force frequently changed passwords to be sufficiently complex, you'll merely shift the weakness from the hashes to increased use of post-it notes.
Human nature is the most persistent security weakness, and frequent password changing plays right into it.
- T
From/By "Yours Truly" -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!
I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:
http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text
& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.
That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...
Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:
---
1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))
---
Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:
---
SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2
"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral
AND
"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral
AND
http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3
"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier.
And doesn't everyone just increment their monthly password? Basepassword!1, Basepassword!2, Basepassword!3, etc.
The app store sucks, why would I want to model my applications after something that make my computing experience as well as others' less appealing?
In order to avoid man-in-the-middle attacks, a solution like verifying the other part's public key by a different route could be used.
I can think of three sorts of "different routes", none without drawbacks:
The problem with CPUs is their horrible security model: it is either user or kernel mode for an application, there is no other security mode.
Wrong. The x86 architecture alone has numerous rings. Five I think? No mainstream kernels use more than two of those rings.
The problem with programming languages is that the most used programming languages for system programming are too open for abuse. I am talking about C/C++, of course. Take Windows, for example: hundreds of buffer overflows bugs, because C does not do bounds checking on arrays. If C was designed with safety first, performance second, and made checked array access the default, and unchecked array access explicit, less security issue would exist.
C is just a tool. How a tool is used is a methodology. The tool is not at fault, the methodology is. Even with a good methodology, you just can not have morons at the console writing the code. I know, business owners dream of a world where they can have low-cost interchangeable morons writing code. That is not going to ever happen (reliably).
Finally, communications over networks should have been encrypted by default, and only revert to unencrypted when it did not hurt to do so. The encryption support cost would have been minimal by now, as with all technologies that start expensive and get cheap as they are massively produced.
I think Phil Zimmerman is the name of a guy you should talk to. Working with encryption has been an extremely dangerous pastime in a not-too-distant history. ITAR is the acronym you should specifically be looking for. One example: Windows 2000 shipped capable of doing 56 bit encryption (useless) due to ITAR. Once you proved you were in America, you could upgrade to 128 bit encryption.
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
Thanks for revealing my password, you insensitive clod!
That all sounds fine, but you don't really understand how security works in processors, OSs, or network communications.
Processors: actually x86 processors have 4 rings: http://en.wikipedia.org/wiki/Ring_0
OSs: it doesn't matter how many levels you have -- once you've been compromised, you've been compromised. extra levels just make it more complicated. You always need privileged services to help with tasks you aren't allowed to do and it doesn't matter how many levels or how fine grained they are -- they are all more privileged than you or they don't matter. Your recommendation is for a sandbox -- they still get hacked (see Chrome). Virtualization doesn't help as you still need higher privileged services.
Communications networks links can't be encrypted without and exchange of keys, that's where this breaks down. Who do you trust to control the keys (see recent Comodo hack and other related certificate authority weaknesses).
Active Directory cached credentials are salted. I've never seen RT files for anything other than the "administrator" account. It's a non-trivial hash.
But your point is valid.