Slashdot Mirror
Is Whitelisting the Answer To the Rise In Data Breaches?
MojoKid writes "It doesn't take a rocket scientist to figure out that cyber criminals are quickly getting more sophisticated than current security, intrusion detection and prevention technology can defend against. And you have to wonder if the computer security industry as a whole is willing to take the disruptive measures required to address the issue head-on. One way to tackle the surging data breach epidemic is with a technology called "whitelisting." It's not going to sound too sexy to the average end user and frankly, even CIOs may find it unfashionable but in short, whitelisting is a method of locking-down a machine such that only trusted executables, DLLs and other necessary system and application components are allowed to run – everything else is denied. A few start-up security companies are beginning to appear in this space. The idea is to start with a known, clean system installation and then lock it down in that state so absolutely nothing can be changed. If you follow system security, regardless of your opinion on the concept of whitelisting, it's pretty clear the traditional conventions of AV, anti-malware, intrusion detection and prevention are no longer working."
Yes, yes, tell me more about this novel concept, I have never heard of the term before
... next we'll make it impossible to emulate a trusted DLL ... oh, wait.
Why aren't OSes in ROM? Why do they have to be in read-write memory? If it's so expensive to suffer breaches, why trust any rewritable core? (I guess because OSes are never released as finished products, without built in security holes.)
What is someone breaks in, gets command line access and uses trusted commands to send the data elsewhere. The hacker used trusted programs to do the breach so white list would not stop it.
Can you guess? Erm....no....
Move along now...ps: can get get rid of everyone adding f*** b*** to every post now please?
It's too expensive. If you operate in a Windows environment then you have to use Windows Enterprise to access the functionality (which is expensive) and since code-signing certs are expensive not many devs (including driver devs) use them, meaning, you have to go back to file hashes for individual versions for files that aren't signed. We use these mechanism at my work for high risk workstations and the workload of maintaining them is quite tedious. We just aren't there yet as an industry.
Why the flying fuck does anybody think Slashdot readers need to have "whitelisting" defined for them, let alone think they can pass it off as a "new technology"? Did Dice start putting those retarded SlashBI articles in main Slashdot now?
Newer versions of Linux can already do this. Using the integrity measurement architecture, module signing, and Secure Boot it's possible to have a system where almost any change is detected. I'm currently trying to get it all working on my machine right now, but it's slow going. Here's hoping that distros start shipping with this set up by default. http://lwn.net/Articles/488906...
A shorter term security measure that more users/Distributions should take is making the root partition read only. I know Android already does this, but it really does help. Something that I would really like to see is an easy to use per application firewall. Cgroups mean that I don't even have to worry about it just spawning a child process. Yes, I want to play this game in wine. No, I don't want it to access the internet. No, wine refuses to run it as a different user, much less one with lower privileges.
So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
http://netbsd.org/docs/guide/en/chap-veriexec.html
Veriexec is NetBSD's file integrity subsystem. It's kernel based, hence can provide some protection even in the case of a root compromise.Veriexec works by loading a specification file, also called the signatures file, to the kernel. This file contains information about files Veriexec should monitor, as well as their digital fingerprint (along with the hashing algorithm used to produce this fingerprint).
What company directs 25% of its users to a partially-working, not-ready-for-production website? Please realize that Beta will not have the features that we want, because it goes against Dice's plans for Slashdot. To their advertisers, Dice presents Slashdot as a "Social Media for B2B Technology" platform. B2B - that's the reason Beta looks like a generic wordpress-based news site. A large precentage of the current userbase might be in IT, but /. is most certainly not a B2B site.
Nevertheless, Dice is desperate to make money off of Slashdot, since it has not lived up to their financial expectations, a fact that they have revealed in a press release detailing their performance in 2013:
Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.
Beta is not a cosmetic change. It is a new design that deliberately ruins the one thing that makes /. what it is today -- the commenting system. There is nothing wrong with Slashdot, from the users' perspective, that demands breaking its foundations. As others have commented, this is an attempt to monetize /. at any any cost, and its users be damned. Dice views its users, the ones who create the site, as a passive audience. As such, it is interchangeable with its intended B2B crowd. We, the current users of Slashdot, are an obstacle in Dice's way.
That is why they ignore the detailed feedback they have received in the months since they first revealed Beta. That is also why they now disregard our grievances. Their claims of hearing us are a deliberate snow job. It is only pretense, since at the same time they openly admit that Classic will be cancelled soon:
"Most importantly, we want you to know that Classic Slashdot isn't going away until we're confident that the new site is ready.
Don't hold your breath waiting for Dice to fix Beta. Their vision of Slashdot is a crippled shadow of the site as it is today. Don't let them pull the wool over your eyes. Dice doesn't need us, and it wants us out.
Slashdice delenda est!
Maybe we could combine that with a formal deployment process so that only blessed binaries can be installed, via a special system account, to production hardware. Maybe could also have live monitoring to ensure that the installation on a production box is not tampered with. And maybe we could prevent general write access on production boxes.
Oh wait, we do.
Windows can be made to boot of DVD or read only media.
Now to also make %TEMP% with no execute allowed.
Liberty freedom are no1, not dicks in suits.
Please post this to new articles if it hasn't been posted yet. (Copy-paste the html from here so links don't get mangled!)
On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design. Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system.
If you haven't seen Slashdot Beta already, open this in a new tab. After seeing that, click here to return to classic Slashdot.
We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project.
We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott
Moderators - only spend mod points on comments that discuss Beta
Commentors - only discuss Beta
http://slashdot.org/recent - Vote up the Fuck Beta stories
Keep this up for a few days and we may finally get the PHBs attention.
-----=====##### LINKS #####=====-----
Discussion of Beta: http://slashdot.org/firehose.pl?op=view&id=56395415
Discussion of where to go if Beta goes live: http://slashdot.org/firehose.pl?op=view&type=submission&id=3321441
Alternative Slashdot: http://altslashdot.org (thanks Okian Warrior (537106))
That is probably the most inflammatory, but still accurate, way to illustrate something I've ever seen. Well played.
"Be particularly skeptical when presented with evidence confirming what you already believe." -
... I guess that's how we're being demonstrated against our own will we will need and want those systems (TPM, Secureboot, UEFI...), like a treacherous way to convince the most reluctant of us it's for our own good.
Why not just take computers away from people? I mean if you're going to put such heavy restrictions in place why not just give someone pen and paper, it would be equally as efficient for the end user than having to call up IT every 5 minutes because you're not allowed to use the computer you're given.
The idea is one of the oldest in IT security.
And it works really, really well.
And it is a PITA to administrate if you have a system that changes, as lots of systems do. For your regular service server, much less a desktop system, where new releases require new libraries, system updates are regular and new application required every now and then, it is almost impossible to actually do it.
On a locked-down system that needs to do one thing, but do that thing reliably and securely, it's a fantastic security measure that will eliminate about half of your security headaches right there.
It's the same idea as SELinux, just on a different level, and it shares many of the disadvantages, namely that it makes policy management into a full-time job.
Assorted stuff I do sometimes: Lemuria.org
All longtime users are now logging out of slashdot, and posting as AC. I registered on /. 11 years ago. Beat me.
While I admit that as a programmer I will inevitably have a skewed point of view, I view it as ill-advised.
A computer is useful primarily because it is NOT a special purpose tool, but a general purpose one.
Whitelisting cripples your computer. If you can't run software without it being on a whitelist, you can't even write a shell script, or a VBA macro. Your computer stops being useful as a general purpose tool - only the software that has been approved remains useful.
Yes, I get that most users are numpties and probably do need to be kept from hurting themselves. But this kind of policy cuts down the tall poppies - the ones who actually can make their computer work for them, instead of just working at their computer, and removes the possibility that any more will arise - no-one will voluntarily seek the rights they need to approve of their own software, because they'll be singled out as potential hackers and troublemakers, and any data breaches that do occur will be attributed to them.
As applied within our organization, it's also soul-crushingly annoying to programmers. We'll have the rights to approve of any software we want to run, but we have to click through an approval dialog for each... new..... file... which of course, means that every time we rebuild our code we face a clickfest just to debug it, or run unit tests on it, etc.... most of us have shied away from being "upgraded" to Windows 7 because of this. Several of us just wish we could change to Linux, being Java programmers.
Indeed, many of our internal teams are also getting the self-approval rights, which just trains them to click "Approve" and you're all the way back to UAC again, no extra security, just extra hassle, reduced performance of the computer (which is now hashing every file you access on the drive to see if it's on the whitelist), and more money diverted into the coffers of the kind of company that sponsored this story in the first place.
Should have been implemented as a standard from the beginning or at least as soon as spam showed up. An email address should be a randomly generated hash like 23ihalkh23lkhwdlkj234lkjq3i@ymail.com etc. so nobody can just email you. It should be constantly changing and only trusted parties should possess the key to see the pattern. It should be a function - > The sum of all changes to the hash in tailored individual has function. Every user has a slightly different hash function and only the whitelist users have access to that hash function and so only they can email you. So while it's an old idea, it just never really got given enough airing time.
I founded a company and filed a patent. It is called Utopic Persystent Suite.
The technology still has room to grow, but it been clear to me for 14 years that the force of gravity goes towards whitelisting(with cryptographic hashes like Tripwire, and autonomous file/setting healing).
Of course, that just moves the goal posts of the attackers from the end machines to the managing network of servers. However, I believe, and have evidence indicating the possibility that the attack service is greatly reduced in such a system. I performed some data mining on self-healing logs and I believe that not only does it provide immediate remediation, but that the collected events can prevent "delay detection" and give a very leading edge indication that something wrong is happening in the network. Also, the self-healing gives time for the staff to perform analysis and react while minimizing the impact.
Whenever someone tells you that x solves all problems, it typically doesn't.
Whitelisting is currently practised on many mobile platforms. The only thing it does is force people to turn it off so they can actually use their devices, since the white list was done by people with differing opinions.
The more sensible solution is to do it like Debian does it. Have repositories making it easy to download software which matches certain criteria. Make it moderately hard to install new repositories and make it hard to just "download a binary and run it". That way the layperson will just use decent software from the main repositories while the expert can still do anything they want to do.
Whatever happened to boycotting comments until Dice announces it will not move to Beta? Fellow slashdotters, don't give up.
Some web cafes adopt an approach where user terminals are re-imaged after each user session. Essentially network booting from a known "good" baseline.
Obviously this wouldn't be appropriate for point of sale terminals but it (or a variation) may be viable at end of day. It raises other potential problems (namely availability) and it doesn't guarantee that your base image can't be owned but your points of assurance are reduced.
Reddit has a text-based, list-oritented design the way we want it. It suffers from a lack of article summaries though.
How to cuztomize reddit to replace slashdot:
Step 1: Singup on reddit.
Step 2: Visit these subreddits and click the "subscribe" button in each one of them:
http://www.reddit.com/r/games
http://www.reddit.com/r/gaming
http://www.reddit.com/r/pcgami...
http://www.reddit.com/r/privac...
http://www.reddit.com/r/politi...
http://www.reddit.com/r/openso...
http://www.reddit.com/r/techno...
http://www.reddit.com/r/law
http://www.reddit.com/r/space
http://www.reddit.com/r/scienc...
http://www.reddit.com/r/govern...
http://www.reddit.com/r/securi...
http://www.reddit.com/r/biotec...
http://www.reddit.com/r/censor...
Step 3: Go to your user profile and look for your personalized RSS feed, (should be in https://ssl.reddit.com/prefs/f...) it will give you a digest of the best stories accross all your subscriptions.
But... the future refused to change.
It's not that those methods do not work, it is that the managers, executives, and directors are insulated from the damage. Make the CIO, CFO, and CEO cough up a few million per breach and they will be stopped. Close companies that are breached repeatedly, and make the directors reimburse the other stockholders out of their own pockets. I once worked at a company where the CEO mandated that he should be able to access confidential information at any location in the company, including offshore locations. I've worked other places where the product programmers had admin privileges on the financial systems.
For gov't breaches, jail those responsible as traiters.
As usual with this type of headline, this is not a solution. In fact, it is not a solution at all. Just think of the most common way to compromise an executable: Buffer overflow. In that case, code is put somewhere in the memory area of the running process and then the process is coerced to execute it. This means the attack code runs in the context of the already running process afterwards and white-listing has zero impact. The only effect it has is that it gets harder for the attacker to start additional processes.
As for code-injection attacks, these are usually done with interpreted code, and white-listing does not even apply to that.
This is another technology that at best makes it harder for script-kiddies to break into a system, but has basically no impact on competent attackers.
Incidentally, techniques like SELinux allow far more than a simplistic "white-listing", and have done so for quite a while.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
What is someone breaks in, gets command line access and uses trusted commands to send the data elsewhere. The hacker used trusted programs to do the breach so white list would not stop it.
Well your machine is now compromised. You now have to ask the question "What can I do". Normally in a case like this you should do a fresh OS install from a trusted source (eg. bootable CD/DVD, USB key) followed by appropriate customisations then updates from a trusted source. You could do a recovery from your OS backup but if you have been compromised I would not trust this.
Obviously you may need to recover your user data if that has also been compromised but if are looking at an enterprise system or even just a home PC, initially you may not need to do this until all interested parties (eg. DB administrators) have checked for issues since you cannot be sure if your backups have not been compromised as well. This is why an appropriate documented disaster recovery plan needs to be in place whether the system is a multi million dollar Enterprise system system or a home computer.
There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
The powers that be had the great idea of launching a policy of locking down PCs where I work. Which is ridiculous considering that we're a large research university and that, believe it or not, bureaucrats can't predict what researcher X in lab Y will want to put on their computer. Because users were unable to do anything on their own, the IT people were spending a lot of time going from one office to the other installing the software that people needed. It lasted for maybe a week, at which point some "helpful" IT person decided that it was much easier to just give "trusted" users the admin password! However, that was the XP era and people soon realized that they could not easily install .msi packages for instance because you could not just right-click, "run as admin" them. But if you were logged in as admin, you could install everything easily.
So, eventually, lots of people started using the admin account FULL TIME and leaving the password in plain sight on post-it notes. So, to "improve security", we went from people using regular user accounts, with a small risk of their machine being infected/compromised, to people logging in as admin with full rights on the machine. What a great improvement!
I suppose that white-listing may solve the problem if it's really impossible to do anything. But it's 2014 and you can't predict what people will want to use.
Who knew?
UK - GCHQ - scan everyone - unless some law stops them, oh it does the EU courts so the UK gov elects to opt out of the ones that get in their way - lie to tribunals about scanning anyone. Anonymity dead?
USA - NSA - scan everyone - unless some law stops them - lie to everyone Anonymity dead?
UK - TPS - Telephone preference service - you have to give your phone number and address to a gov department so they can publish it to everyone so UK firms only may choose to voluntarily opt out of using your number for marketing, so they know my number and my address now and have given my numbers to every foreign company who requests it !!!! what a FUKKIN STUPID IDEA, the TPS department has not made ONE conviction for miss-use of the list or defaulting UK companies. Exclusion is a good idea? Anonymity dead?
World - Every fukkin website - wants to send me adverts - fuck beta
World - Every fukkin mobile phone company - install software that is mandatory with ads as I can't get rid of it without crippling functionality and back holes into the end users device, what gives them the right to monitor me?
Microsoft - Windows allows nearly everything to run unless you know what settings out of hundreds of thousands to switch off to make it secure. Active Directory anyone?
Google - goggles for cops - streams everyones details to them in realtime, maybe they will overlay RAG colour coding to highlight your perceived risk to society and only when enough false positives screw their game will some wooley laws get passed to curb it with appropriate loopholes to allow them to ignore it. Anonymity dead?
UK - Satellites and ANPR - scan every journey you ever make just in case you stray over the speed limit occasionally, no opt out, scan everyone, criminals, suspects and free citizens alike. Anonymity dead?
UK - NHS - Include everyones medical records in a huge database, give the police full access to all records without warrant, even opt out doesn't help here, they will just ignore it. Sell everyones details to private firms .... make it illegal for GP's to opt out patients by default, abandon one attempt where too many people opted out so put another one in place and state the original optout doesn't count, don't tell patients about the need to RE-opt out so they get included by default. Anonymity dead?
World - If you have nothing to hide you have nothing to fear, think of the children, think of the terrorists - Repeat mantra until sheeples believe constant monitoring is a right the government should have. Anonymity dead?
World - Browsers have a voluntary setting for do not track!!! that'll work then won't it!
WHAT A BUNCH OF FUKKIN STUPID IDEAS !!!!
I'm SO sick of this 'Fuck Beta' crap.
YOU the /. community are one of most technically-able groups of users on the internet. Therefore, instead of whining about a FREE service that you no longer enjoy, why not group together and build something better? If it's better than /. (not hard...) then your user base will come. A handful of you could throw up a simple blogging system in a few hours, whilst you work on something permanent...
So instead of bitching about it to corporate owners who do not care, get off your arses and build something better.
http://altslashdot.org/ seems to be offline at the time of writing - a good effort but when I did look at it yesterday it seems to be 90% ideas, and sod all development. The best sites on the net, didn't spring into life fully formed, they evolved. The important thing is to just get something up and working as fast as possible.
(Why am I not joining the effort? I'm a Windows guy, my linux foo is simply not good enough else I would.)
-Jar
Together, We Can Make Slashdot Better. I Do NOT Mod ACs. - Check Me Out
The last use of Dicedot can be to migrate to a better site.
We don't need it, it's not "ours" so let's get the fuck out and do everything practical to punish Dice in the marketplace by discouraging traffice to Dicedot.
Fuck us? No, FUCK THEM. The time for playing nice is over.
No. Getting your mom to show you how to use the washing machine is the answer to dirty britches.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
All it does is move the vulnerabilities to whatever system(s) the whitelist points to though.
If that system is swiss cheeze, or the routers, or the identity of the whitelisted systems are... you are no better off.
And in some cases, actually worse off. The whitelist tends to give the listed systems total trust...
YOU the /. community are one of most technically-able groups of users on the internet. Therefore, instead of whining about a FREE service that you no longer enjoy, why not group together and build something better?
Two reasons. 1 - Having a userbase is what really drives a site like this. No one wants to go to a technically superior site just to be the only one reading and posting anything. Not even mighty Google could get around this one trying to compete with Facebook, and Google has been aggressive about it (did you sneeze? great, you just signed up for a G+ account!). 2 - We the users made this site what it is and created the success its owners enjoy today, they would sell no ad space on an empty no-traffic site, they would be foolish not to recognize this and listen to our opinions.
> only trusted executables, DLLs and other necessary system and application components are allowed to run
Trusted means digitally signed. This means two things:
1., no more self-modifying code, since they are impossible to sign, due to ever-changing MD5/SHA checksums. The von Neumann architecture there goes through the door.
2., The more powerful supercomputer you have, the more you laugh all the way to the bank. Hint: NSA and Unit 8200 created a false, but valid digitally signed .DLL for the Tilded-Flame-Stuxnet malware family. The used a Beowulf cluster of supercomputers to craft a hash collision for an ordinary and benign Microsoft crypto key and turned it into digital signature for a trusted malware. They could have created trusted malware out of CentoOS 6.4's "nslookup" command if they desired so, without ever telling anybody or needing extra-agency collaboration.
A buffer overflow should not provide the keys to the city.
We need security orthogonal to the executing application surface.
Here's an idea, don't know if it will catch on but how about
encrypting the data in it, whitelisting the users / apps that can use it, thereby
reducing the
surface vulnerable to attack. It would require a sophisticated public key
infrastructure integrated
with all processes. Data objects could organize their fields into multiple segments that can be origressively unlocked.
2007 is calling and wants their whitelist/blacklist technology back ..
`There is very good resource here comparing various host prevent/block whitelist/blacklist agents.'
UEFI SecureBoot isn't designed to secure the computer, but to prevent dual booting Linux. There are any number of ways to get unauthorized code to run on fully UEFI secure Windows PCs ..
I am sure the white list contains the hash of the all the items.
UEFI SecureBoot isn't designed to secure the computer, but to prevent dual booting Linux. There are any number of ways to get unauthorized code to run on fully UEFI secure Windows PCs ..
How does it prevent dual booting Linux? If you don't have any of the distros offering a key solution you can just easily disable secure boot and dual boot all you want (someone capable of installing and dual booting Linux should be capable of finding an easy "bios" setting). Only device where this is not possible is the Surface RT...
Unfortunately, though it's relatively rare, vulnerabilities allowing software to "escape the virtual machine" are not unheard of. For the kind of security model we're talking about here, you ought to be running isolated segments on completely separate physical systems that can communicate only via controlled channels with suitable safeguards like firewalls and DMZs in place, if they even need to communicate at all. Basically, each segment in your network should regard traffic from any other segment as potentially hostile, in the same way you don't just trust traffic from the Internet and you limit access from non-audited systems if you allow BYOD.
None of this is a new idea, of course. Security and compliance people in fields like finance and healthcare have been advocating these kinds of measures since forever. It's just that every time a major breach happens because someone didn't do it, the subject gets brought up again, and hopefully a few more people (including the executives who need to sign the cheques) get the message.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Unfortunately, among the worst offenders for lax security practices you will often find company executives. The kind of person who makes it into such positions tends to have a certain arrogance, sociopathic tendencies, and a presumption that anything they screw up can be fixed by someone else later if necessary. If someone like that runs into an access control barrier on their computer, they call IT and say remove it. And if it doesn't get removed, they call the IT guy's supervisor and say remove it, and then they fire the first IT guy.
Obviously not all management is that naive, but I suspect you'll find a strong correlation between management that repeatedly causes serious security problems and management that is willing to run over their sysadmins without losing any sleep over it.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
now. This is hardly a new concept or a new implementation.
You still have to apply security updates to your installed software, specially with the lot of remote java vulnerabilities that had been disclosed in the last year (and that you should had been hurried to fix). And you must trust in who send you your update to whitelist it, because it could be someone playing MITM.
In the other hand, whitelisting an approved by some authority list of software means that the only software you will be able to install is the already backdoored by government ones, and perpetuating monopolies.
For routine operation of Internet-exposed systems, the / (which includes /usr and, usually, /usr/local) mounted read-only. The user-modifiable places (/home, /tmp, /var) are mounted with the noexec option.
Although a dedicated attacker might be able to succeed anyway (the same script can be run with a sh script instead of ./script), it throws sort of a "tangle-foot" over them — most of the hacks involve some compiled binaries. And, if the targeted filesystem is mounted read-only, even root can not modify it (remounting without a shutdown can be prohibited by policy).
In Soviet Washington the swamp drains you.
When trust depends on something being signed, then the certificate can and will be stolen. Major malware has spread in this way, when a device driver cert was stolen and used to sign malware. The trust-until-revoked model does not work, because there's a window between stealing the cert and having the cert revoked ... ... and that window is all the bad guys need or want. If you can't do your damage in that window, you aren't a real malware player.
I couldn't agree with you more. UEFI doesn't stop Linux from booting if you don't use UEFI. Brilliant. Your assumption seems to be that the option to disable UEFI is always available and always will be (The former is already false, and if you don't think M$ is trying everything in their power to make sure you don't have the later option in the future then you are either woefully ) or delusional
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Pissing away points modding up a troll AC. Nice.
You can have my SIG when you pry it from my cold, dead hands.
The more I see security the less I feel secure. I gave up on PC security programs a very long time ago. Its not that I don't find ways to monitor and make sure I don't have malware. Its just, I do not believe any security suite can prevent what wants to get in. For many hackers the more security the more challenging it is.
I think the problem with Target like breeches is simply old technology that has not kept up with the hackers. It would be like using Anti Virus software but never updating your OS or programs. You cannot do one and not the other. When I used to use a security suite I consistently found what malware I got was limiting in its damage and was not detected by the security software. Even though it was considered older malware. If companies would spend more time being proactive then reactive the end results would be less compromises. The hackers are not attacking you with stuff your security suites already know about. They attack you with stuff they don't yet know about. If PC users spent as much time learning how to spot and protect themselves they rely on a program that basically reacts to malware. They would be less vulnerable.
Why not have a no cost public registration process for anybody who wants to write an trustworthy executable program. Issue a certificate for each individual developer who is added to the list of contributors for a trustworthy program. Make it voluntary. If you want to develop or run anonymous or old software - go right ahead - you've been warned so you can be careful.
*All* execution environments would need updates to support this so it won't be easy or quick. This is not a new idea, but having it popularized and in widespread use is the challenge. We all haven't really cared enough to take the time to make it happen. Its unfortunately clear that its now necessary.
As developers we could get valuable feedback from users and would have an additional motivation for quality. It could serve to protect our profession.
As people who use programs we would at least have a tool to deal with some of the f*&^ed up bull shit we are increasingly having to put up with. This would make viruses and malware a thing of the past. High security systems like heath care, payment and financial processing and civil defense and services would have a potent tool to eliminate a huge piece of the security puzzle.
Why don't we do this?
Greed is the root of all evil.
"So instead of bitching about it to corporate owners who do not care, get off your arses and build something better."
There is a cost to forking the site; namely that the existing data of comments and discussions are locked up by Dice. So it's sensible to apply some political organizing and public protest in the hope that Slashdot comes to its senses and not effectively destroy itself with Beta. If that doesn't work, then of course forking the site is a reasonable backup plan. But not optimal due to lost data.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
So, sure, whitelisting might prevent your uses from running unapproved browsers at work, but it will not secure a computer system against actual attackers. Not to mention that a good chunk of would-be whitelisted binaries actually have embedded language environments (macros, javascript, shell/batch scripts, java, vbscript, etc.) that would also need to be added to the whitelisting framework.
A point-of-sale terminal is not a general purpose computer.
Whitelisting works against a lot of things. It doesn't work against things that look enough like the program to sneak through or against hack systems that are outside your system probing for weaknesses.
Not only do you need a white listing system you need portions of the network that are hardcoded. Literally impossible to change because the coding is set in stone. You can have firmware in those systems but the firmware has to be READ ONLY. Possibly you could have a PHYSICAL switch that enabled read/write to the firmware or make it a removable chip that can be inserted elsewhere for editing. But when in the machine under normal operation... most of your core infrastructure must be hardcoded. Unchangable.
Beyond that, many systems should not only be hardcoded but also very simple. Simple systems that can only work one way and no other can't be hacked. You can hack something behind them often but you can't hack them directly because there is nothing you can do to them. That is a strength. You know in the event of a breach that those assets were not at fault.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
I just figured out how to turn on the Administrator account on Windows 7 & knock everyone else down to Standard! O:
It's probably not offline. I bet it's altslashdotted.
A simple shell script runs only resident binaries, and it can already do a lot of harm. It can even escalate using local exploits.
How can whitelisting help here?
I'd NEVER whitelist the BETA SLASHDOT :)
more like the opposite
This article appears to me to be an advertisement placement article. The technology is not new, and hence not 'start up companies', except the one they are pushing. The technology is built into Windows but has no useable interface. stupid of Microsoft to leave that to the user and say nothing while maleware and hacking goes rampid. It is however good however to see the best solution get more attention. The AV track is a loosing proposition right out of the gate if you are the target of a hacker. My company has been using Bit9 for years. It does the job fairly well. The downside to this technology is process injection and overflow attacks do not run binaries, so 'running process checksums' are likely necessary. Fixing the overflow problem with an OS level secure library, and its enforcement, is necessary.
I couldn't agree with you more. UEFI doesn't stop Linux from booting if you don't use UEFI. Brilliant. Your assumption seems to be that the option to disable UEFI is always available and always will be (The former is already false, and if you don't think M$ is trying everything in their power to make sure you don't have the later option in the future then you are either woefully ) or delusional
UEFI is a bios replacement, supported by most modern OS. UEFI SecureBoot is a part of the UEFI 2.2 specification (defined by Intel, Apple, AMD, IBM, MS, etc.).
You conveniently skipped that a number of Linux distros do provide a way to install on a Windows 8 PC w/Secure Boot. But to your other comment:
To mention the option to disable Secure Boot (not UEFI) for any OS that doesn't support it was just to show that it isn't in any way a blocker against dual booting Linux, and to keep believing that the whole nefarious purpose of a standard from Intel, Apple, IBM, MS etc, is to prevent dual booting of Linux, when it doesn't, is a very strange logic.
Well, you are right, but it wasn't very convenient. I did in fact fail to mention the point you just made. SecureBoot is in fact already limiting people's choices and closing hundreds and hundreds of Linux distributions off. Thanks for making my point in yet another way!
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread-malware/
If your whitelist gets hacked you have false protection.
Let me subvert that for you.
It will always be an arms race.
We use Bit9 Parity...inventories and monitors ALL executable content on a given system and the policies remain in effect even when offline...this app closed many audit findings for us because with tamper protection and blocking of known malicious items it's more proactive. You can even import SHA/MD5 keys manually if something is discovered in the wild and there is no real detection yet....Nothing is 100% BUT much of what infects these user systems are executable content plain and simple. I wish they made this for Home use as it would be worth it. I am just another IT person too by the way and am not endorsing this product in any way..just giving an option to AV and other reactive apps. I love this app for our front-end web servers...you put these in HIGH mode and not a d@mn thing runs except what is supposed to...i.e. if the server is compromised new executable content STILL has to be approved even as local admin. That's the best part....local admin has nothing to do with this proactive approach...check it out....there is no such thing as one protection but with app control implementations like this and security in layers it just make it that much harder for the bad guys...hope this info helps....
No. You don't get it. I didn't say they all have the goal, I said M$ has the goal.
Well, you are right, but it wasn't very convenient. I did in fact fail to mention the point you just made. SecureBoot is in fact already limiting people's choices and closing hundreds and hundreds of Linux distributions off. Thanks for making my point in yet another way!
I'm confused, you seem to be offended by the presence of SecureBoot, but it is also bad that you can turn it off as if it wasn't there to begin with (as you ridiculed in post above)?
It helps make a lot of users more secure by default, and for the users who don't want it, it isn't there if you don't want it too.
Yes. You are confused. That it how it is currently used. There is no guarantee against the possibility, and every reason to be concerned that, SecureBoot will become first prevalent and then ubiquitous as those of us in the know are a severe minority. Those who forget the past are doomed to repeat it. You have either never known about, or forgotten, the history of computing.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
By following the link below you'll know that I am a developer of an Application Whitelisting solution. I came across this thread and think there's some great discussion points being made here, some totally valid and others perhaps a bit misinformed, at least pertaining to the AWL solution that I am very familiar with, the one mentioned in the original link on this thread. I've responded to various statements made in this thread here:
http://www.savantprotection.com/misconceptions-application-whitelisting/