Don't forget having a KMS infrastructure where every single machine in the company can contact an activation server every 180 days. Yes, one can use MAK type of keying, but if a box needs a reinstall, that means one has to burn another install key.
In a previous life, I've encountered cases with legacy apps as well, where the client was 32 bit... but just would not work on Windows 7 for love or money. I ended up having to use virtual machines running XP for the dedicated program.
Of course, there is the server infrastructure Windows 7 requires. New GPOs, more disk space for updates for WSUS, more PXE images, etc.
So, a move to Windows 7 (or a major OS update for the clients for that matter) isn't something to be taken lightly in a company, because one mistake can trash hundreds to tens of thousands of desktops. At minimum, it requires a test lab and running upgrades to see what ugly issues will rear their heads.
Other than Windows 7 (or for that matter 8.1) being an OS made to address security concerns for 2014 as opposed to having security strapped onto an OS made in 2001, for a lot of users, XP is good enough.
Other than being newer, there just isn't much in Windows 7 or newer that is groundbreaking and would get users to move to it. Moving from ME to XP was an obvious improvement, but from a user's perspective, XP to Windows 8.1 just doesn't bring that much with it for their sake, other than it being easier to reinstall the OS [1].
[1]: I wouldn't want to reinstall the OS from those options, just because if it is due to malware, the OS image can get tampered with. Hardware failure likely means a complete reinstall from OS media. The only case I see that makes a "reset" something as an option would be Registry corruption... and that is very uncommon these days.
Counterfeiters can still be foiled -- just use materials that can't be 3D printed such as hardened steel, or multiple types of materials. Then they would have to do the work the old fashioned way.
Then there are things like patinas, corrosion, wood grain, and other factors which will almost always allow someone with a trained eye to find a forgery.
Of course, we will still have the IP issue, and I'm actually surprised that we have not had DRM shoved down our throats, such as requiring all printers to have a chip forcing all files sent to be signed by a vetting committee that will approve/reject things by previous IP, or some other stuff like that. Create a sculpture too close to someone's IP, they won't sign it.
Even five years ago, the movie FX industry was using 3D scanners on actors to make accurate molds for latex masks and prosthetic costume pieces compared to splatting on alginate [1] on an actor and waiting for that to harden.
[1]: That stuff is not plaster. Plaster heats up when it cures and can burn unprotected skin. That is why a cast gets wrapped up in gauze or other cloth first, then the plaster-laden bandages put on.
The POWER8 will be an interesting CPU architecture. It is the first since PowerPC that is available for license to anyone other than IBM. May not mean much, but I'd love to have a generic PC or server running Linux and not x86, although in reality, this is a pipe dream.
I wonder if SPARC is still an open CPU model, although the days of the Tatung or other clones are gone.
ZFS is a decent alternative to having a "smarter" SAN. One can buy a VNX and have real time deduplication, encryption, snapshots [1], async replication, etc.
Intead, one can buy a "dumb" array, something that might just take disks, run JBOD, or go with RAID5, or RAID6, and let the OS do the work from there with deduplication, encryption, etc. With ZFS, a directory of critical files can be protected with RAID1 while everything else on that filesystem is RAID5 or RAID6. An occasional scrub of the pool will catch any bit rot that might happen, and if one adds SSD, the filesystem will know to autotier it.
Of course, we have seen this before. Ages ago, there was a push to move to software RAID from hardware controllers back around the turn of the century. However, a few years after that, it was back to hardware RAID controllers and the software just using it as a plain disk.
[1]: Careful with snapping over 3-8 terabytes, or you will have a very unpleasant experience, unless this was fixed.
Solaris 11 has had a couple security changes that are interesting. For example, root is gone by default until you use rolemod. Instead, UID 0's functionality is a role, where you su for that access, similar to how one uses UAC in Windows to access administrator functionality that your account has.
ZFS is also one of the most useful features of the OS. No LVM to worry about, and far better bitrot catching than any other filesystem except for MS's Storage Spaces + ReFS.
I still like Solaris and SPARC, but for the cost involved in the enterprise (where commercial support is necessary), I can get 95% of the features (all except ZFS [1]) for a lot less hardware investment.
[1]: My only complaint about Linux in general is that it doesn't have an enterprise-grade modern filesystem. btrfs is still not finalized yet (and it can't be booted from), and a true enterprise grade filesystem merges the LVM and the FS to be able to catch bitrot and file corruption via CRCs. Without both layers working at the same time, that protection isn't there. Even MS tossed out the LVM with Storage Spaces.
Solaris was made in a time when there were almost hundreds of flavors of UNIX. Everyone had their own different variant.
When SunOS 1.x to 4.x were out, those were extremely BSD. It wasn't until the renaming to Solaris and Solaris 2.x when Sun moved to a SVR4 base.
I do miss Sun though. SPARC hardware was extremely well built. Now, Oracle hardware just looks like any other machine sitting in a rack. Plus, it was nice having another CPU architecture than x86 that was commonly available.
There is a difference between making stuff cheap, and making stuff good.
If you want to make it cheap, then China is your go-to place.
If you want to make quality items, then you have a choice from a lot of countries. The US is one of the best choices for anything robotics, Germany and most of Europe is good for high tolerance manufacturing (high security tumblers for locks), and so on.
The people who have been pushing gold and silver on us for a while have said the same thing. However, there are a few problems with that:
1: If someone even got an inkling that someone was carrying a large amount of cash for a purchase, they likely would be mugged. Someone nearby seeing someone at McDonalds having a large wad in their wallet might make them a prime target. The reason why muggings are down is because it is a lot harder to make any useful money from a pile of credit cards. It can be done, but it is easily traced.
2: Fundamentally, our currency exchange system is working. It just needs a cryptographic overhaul, work with tokenization, and separation of duties. That way, it would require attacking individual registers physically instead of pushing code from remote, and even then, the "black box" that one inputs a PIN from would be isolated, so one might get a hashed, encrypted value, and that's it.
3: Physical cash is slower. I can make a purchase online in seconds. To do the same thing in paper bills would take days to weeks.
What I see that makes Windows 8.1 [1] an upgrade isn't the UI changes. There are some nice under the hood features. The annoying wait for chkdsk to finish is gone, because it can be run while a volume is online to find broken index nodes. BitLocker can be used without a TPM to ask for a password, similar to how TrueCrypt functions on boot. It is easier to blank out a PC completely if handing it to someone else ("reset" option, choose to blank the drives, let it erase and reinstall,) Windows Store apps function in their own jailed space, which helps security, and so on. None of these features are really what a lot of users care about, but with a third party program like Classic Shell, W8 or W8.1 can be made decently usable.
So, all things being equal, and if Classic Shell does make up for the new UI quirks, moving to W8.1 is a good thing to do just due to the fact that it is coded for more recent threats. This isn't as bad as the XP days where an OS made in 2001 is trying to handle threats in 2014, but using an OS with security designed for more recent threats as opposed to having it strapped on can be the difference between reading about the latest version of Cryptolocker going around versus having to pay the Cryptolocker guys several BitCoins.
[1]: Well, in my case, Windows Server 2012 R2, just because the server version of wbadmin is one of the best and simple backup utilities out there, and server editions install as little of possible by default, so it tends to have less useless cruft than a client.
That is an issue with cloud applications, and SaaS in general. You have no way of reverting back to an earlier version should a new update break things.
This is one fundamental lesson -- on the Internet, Heinlein may long since have been worm food, but TANSTAAFL is still the rule of the day. Either you pay for the E-mail account directly, or you deal with a lack of privacy.
The gmail account I have is useful for Android related stuff, but for anything professional, I use an Exchange hosted provider and a custom domain. Plus, the TOS is a lot more in my favor when I'm shelling out the cost of the account, especially the fact that only the usual people (NSA/FBI/etc.) have access to my mailbox other than just me. This is a lot more private than some providers to allow some form of access to advertisers.
Long term, I wonder about biting the bullet, tossing a couple boxes in a co-loc rack, and doing the same thing -- running my domain's E-mail on my own boxes. At least then, I know where the machines are, what type of hard disk encryption is used, what firewall (if any) is in place, and I'd know that the SSL/TLS key's signature, and if it changes, even if the CA states that it is OK, then I know something is amiss.
The funny thing is that is how I ended up learning about various types of government and how they functioned via pencil and paper RPGs. The difference between a theocracy and a plutocracy versus a pure democracy and a representative republic. As characters wandering around, one saw how each government and the country fared or didn't. For example, a country that was essentially autocratic, one paid a formal tax and could enter the borders. A less organized government owned by the rich merchants had a lot of would-be people asking for their "tax", perhaps up to 100%, if not more (as in trying to add the PCs to their slave collection.)
Another item was running battles and having to learn terrain, weather, wind direction, and other items. If you have an army of swordsmen, you won't fare well sending your infantry charging uphill into crossbowmen.
Military history may not be something that one finds on a standardized test, but it has made us what we are, culturally, and learning causes and effects can teach a lot of other items, be it meteorology, geology, astronomy, logistics, or math (it takes both accounting as well as more advanced forms of math to get food and booze to all troops on a battlefield.)
I've wondered why PC makers don't get out of the "good enough" mold and start working on addressing user concerns, especially in security. Preferably in a way other than demanding people move to a restricted, locked down platform. Some suggestions:
Built in hypervisor and AV software that can run as a separate VM, pause the Windows partition, do a RAM image scan of that, then go on. Rootkits can hide from the OS, but they have to show themselves somehow, and something that sits outside the memory space that can't be touched would catch them sooner or later. It isn't a 100% magic bullet, but it can help catch things and require fewer signatures (mainly heuristics) as opposed to the hundreds of thousands needed for conventional AV signature detection. The hypervisor and virus scanning VM can also scan the disk image for stuff that is hidden from the OS. Not perfect, but this is only a tool in some of the highest end enterprises.
Some "mini-SAN" features on the disk controller. Snapshots, a LVM tool, disk encryption on the controller level, the ability to save snapshots to an external hard disk as backups regardless of what OS is on the drives, and so on.
A read-only flash disk with the recovery media burned on it. This way, when someone has a corrupt disk, the recovery volume on the same disk is also infected, there is a way to completely zero out the drive and install a clean OS from scratch without having to repurchase Windows or other OS media. This isn't new. There were Tandy with built in MS-DOS in ROM.
A hypervisor where one can easily clone and switch between Windows installations. That way, one's general Web browsing is on one VM, banking on another, gaming on still another... and all the VMs use a deduplicated LUN so creating a new Windows instance takes up a small amount of space. Of course, updates can be handled by a WSUS-like mechanism so only one set would need to be downloaded for all the VMs.
Built in 3G/4G/LTE/CDMA/GSM connection that can be turned off and locked down via BIOS or a switch. The onboard hypervisor would offer it as a vSwitch, or perhaps even with router/firewall functionality, so the inner OS is well protected. This way, there is always some connectivity to the Internet, barring areas with zero cellular service.
Thunderbolt, so one can use tape drives and other high I/O stuff. USB 3 is OK, but it can't drive a modern tape drive without shoe-shining.
IMHO, what we have seen in the CryptoLocker game is just the beginning. We have close to a perfect storm here -- Bitcoin being a currency that is easy to use no matter where one is, provided Internet access is obtainable [1]. For the most part, security is a joke because people/businesses either don't care, view it as having no ROI, or just view it will happen to "the other guy." Unlike incoming Internet connections which will get stopped by at the minimum, a perimeter firewall, the untrusted code on an external web page makes it well into the depths of a company. Most companies might have something to block the nudie pics, or use a device to force all SSL transactions to go through a transparent listening/MITM proxy (BlueCoat for example), but usually that is the extent of how far they go. Blocking suspect malware IP addresses tends to be rare unless a company is on top of their game.
With this in mind, it might take a single browser or add-on weakness for an organization to get malware deployed. Since most Web browsers run as the user, it means the malware usually ends up with a full unlimited user context. Barring Web based malware, there is always the good old fashioned "foo.pdf.exe" Trojan.
CryptoLocker is just version 2.0 (v1.0 being the early ransomware with an easily factored key being the same, or a flimsy encryption algorithm.)
I can see RansomWare 3.0, if it manages to get root/Administrator authority, installing a low level driver. It will encrypt files, and backup programs will back up the encrypted stuff (a la Microsoft's EFS), but the user won't know because the driver will allow reading/writing for a period of time. Then, after a cutoff date, the private key is wiped, and the driver is dropped from the system. This not just encrypts the files that are accessible, but it also ensures that recent backups will be completely and utterly useless for restores. The private key can also just never be stored on disk, and quietly fetched from the malware owner's website every time the machine reboots.
To boot, the software will detect where the software is installed and base the ransom of where it is located. If a police station, the demand to release all prisoners in the county jail can be made. A government office means that the criminals can demand someone be fired. At the extreme, if the files locked up are valuable enough, the organization can demand an execution of someone they don't like.
Now the question -- how can we prevent this. Well, it costs money. Someone can invent software that can check backups and detect files that were encrypted, but in reality, it means RansomWare 3.1 will just encrypt the file in a valid.doc,.xls, or other format. It will take keeping a round of backups for a long time. It will take better heuristics so an AV utility [2] can detect some process fiddling over time with files and stop it. It might even require machines be rebooted from offline media and scanned in that condition, and instead of a scan looking for anything out of the ordinary, the reverse happening -- a scan looking for anything that isn't a signed binary or valid Registry entry in order to find rootkits (assuming ones that just don't exist in RAM.) It might even require a new computer architecture with a hypervisor that can suspend the entire machine, then scan the RAM image and the disk every so often.
[1]: BitCoin isn't anonymous, but there are a growing number of "wallet mixing"/laundering services popping up. I'm sure a lot of them likely will just make off with any coins they get (a "100% commission"), but even if a fraction if the haul gets handed to the person coming up to the table, it can still be a good haul for the person trying to launder.
[2]: AV utilities tend to be a joke, but we can hope they might do the job.
I like the idea of having it in a separate product, on a separate server. Separation of duties 101. To boot, the product can use Google's Authenticator. This isn't the be all and end all in security, but it does provide the website designer with that ability to allow end users to use two factor authentication.
So far, I've done some work on an appliance that is essentially a separate box that stores username/password hash tuples, prohibits a wholesale dump of files (unless one physically attaches a usb flash drive), and handles the lockouts on the appliance end, so even if the web app and DB got hacked, the username/passwords are out of reach, barring a physical intrusion. However, something like this product stated above seems to do what I've been doing on an amateur level a lot better.
I'm curious about the NetIQ Access Manager backend. If this is good enough to keep a dedicated intruder out, it might be worth footnoting this product for later use should the need arise to build a forum site for a small business.
I agree with you there. The first thing is to consider the threat model. Is it better to forget some passwords and lose access for good as opposed to having them be exposed if one's password utility gets compromised?
I look at what threats I have. Theft of a device is a big one. Compromise of a cloud account is another biggie. Theft of a device and demands for access to passwords is a third, because criminals are wising up to the fact that coercing an unlock code can provide more usable things to sell.
The solution to this would be a program where every instance had its own private key. The central file would be stored on a cloud provider. When a new device is added, the public key from the new device would be manually copied to another device with access, and the device with access would add a decryption key entry to the encrypted file. When a device is removed, the whole file is decrypted, re-encrypted with a new master key, and a keylist [1] added of what public keys (that belong to devices) added.
Said program would function similar TrueCrypt where there are different users and passwords to access data segments of the file. So, one can hand over the password for a decoy user and be done with it. Since the program would randomly add "chaff", there is no way to tell if the data is garbage or other encrypted items. (this is taken from PhonebookFS's design.)
The result is decent security and ease of use. If one trusted the device's security, the passphrase to unlock things could be turned into a PIN, all the while, there are no brute-forcable passwords that an attacker could easily break with the file stored on the cloud provider. The downside with trusting the device's security (iOS's KeyChain for example) is that that can be compromised, but that is a risk someone should calculate.
[1]: The keylist is just the master key encrypted to a device's public key, so 10 devices would have ten separate entries, each device able to independently fetch and decode the file's contents. The reason for the complete decryption and re-encryption is to ensure that a device that had access to the master key would no longer possess that.
What about creating a private key, using a utility to share split it (where X out of Y pieces are required to recover it), send that to each of one's friends, then use the private key to encrypt the password data, and store that in an accessible location?
Of course, all the friends can collude and get the data, but it the cyphertext is stored securely, that is less likely to happen.
The benefit to this is that it is a good way to not have to respond to some government demand for the info. If the friends refuse to hand over the key parts, there is no way the data can be recovered.
In 1991, buffer overflows were just becoming to be an issue when it came to security. Back then, a lot of X servers came with no security, so any client could attach to the screen (no xhost or MIT magic cookie authentication.) Back then, the goal was to get functionality working in the first place. If you wanted a word processor, you had vi in an xterm, or fire up Xemacs. The only word processor would have probably been a variant of Wordperfect or possibly FrameMaker, and those were mainly living on the NeXT platform.
The X11 font bug is obscure enough to not be something that an attacker would be able to easily use. It is still a hole, but it has limited use, because to use it, one would have to have access as a user (unrestricted by policies like AppArmor or SELinux), and access to the X server's font path. This is about as hard as trying to place a ~user/ls in hopes that root runs something in the current directory over/bin/ls.
These new coins are great, but IMHO, these are just version 1.x of the coins.
What would be interesting would be a coin that would combine the obvious market value of eGold, the anonymity of a Chaumian currency, with the popularity of BitCoin. Someone does this, it has a better chance of becoming a currency of choice.
Of course, this would mean that mining and stuff wouldn't be a part of the process, but it would mean that the currency has some real world backing.
Very true. I was meaning the realtime tracking data, not the crap stored in the ECM/TCM, where car makers do a scan to check for tunes or modifications and if anything is found, put the vehicle on the "warranty is DEAD" list that goes to all dealers.
Newer cars, it is the same thing like jailbreaking iPhones if one wants a custom tune. Miss one gotcha or signature check, and the ECM will just refuse to run, and when the vehicle is taken to the dealer for a reflash, from there on out, all repairs are owner expense.
Slashdot Mirror
Don't forget having a KMS infrastructure where every single machine in the company can contact an activation server every 180 days. Yes, one can use MAK type of keying, but if a box needs a reinstall, that means one has to burn another install key.
In a previous life, I've encountered cases with legacy apps as well, where the client was 32 bit... but just would not work on Windows 7 for love or money. I ended up having to use virtual machines running XP for the dedicated program.
Of course, there is the server infrastructure Windows 7 requires. New GPOs, more disk space for updates for WSUS, more PXE images, etc.
So, a move to Windows 7 (or a major OS update for the clients for that matter) isn't something to be taken lightly in a company, because one mistake can trash hundreds to tens of thousands of desktops. At minimum, it requires a test lab and running upgrades to see what ugly issues will rear their heads.
Other than Windows 7 (or for that matter 8.1) being an OS made to address security concerns for 2014 as opposed to having security strapped onto an OS made in 2001, for a lot of users, XP is good enough.
Other than being newer, there just isn't much in Windows 7 or newer that is groundbreaking and would get users to move to it. Moving from ME to XP was an obvious improvement, but from a user's perspective, XP to Windows 8.1 just doesn't bring that much with it for their sake, other than it being easier to reinstall the OS [1].
[1]: I wouldn't want to reinstall the OS from those options, just because if it is due to malware, the OS image can get tampered with. Hardware failure likely means a complete reinstall from OS media. The only case I see that makes a "reset" something as an option would be Registry corruption... and that is very uncommon these days.
Makerbot has a 3D scanner. I don't see why all the hubbub.
Counterfeiters can still be foiled -- just use materials that can't be 3D printed such as hardened steel, or multiple types of materials. Then they would have to do the work the old fashioned way.
Then there are things like patinas, corrosion, wood grain, and other factors which will almost always allow someone with a trained eye to find a forgery.
Of course, we will still have the IP issue, and I'm actually surprised that we have not had DRM shoved down our throats, such as requiring all printers to have a chip forcing all files sent to be signed by a vetting committee that will approve/reject things by previous IP, or some other stuff like that. Create a sculpture too close to someone's IP, they won't sign it.
Even five years ago, the movie FX industry was using 3D scanners on actors to make accurate molds for latex masks and prosthetic costume pieces compared to splatting on alginate [1] on an actor and waiting for that to harden.
[1]: That stuff is not plaster. Plaster heats up when it cures and can burn unprotected skin. That is why a cast gets wrapped up in gauze or other cloth first, then the plaster-laden bandages put on.
The POWER8 will be an interesting CPU architecture. It is the first since PowerPC that is available for license to anyone other than IBM. May not mean much, but I'd love to have a generic PC or server running Linux and not x86, although in reality, this is a pipe dream.
I wonder if SPARC is still an open CPU model, although the days of the Tatung or other clones are gone.
ZFS is a decent alternative to having a "smarter" SAN. One can buy a VNX and have real time deduplication, encryption, snapshots [1], async replication, etc.
Intead, one can buy a "dumb" array, something that might just take disks, run JBOD, or go with RAID5, or RAID6, and let the OS do the work from there with deduplication, encryption, etc. With ZFS, a directory of critical files can be protected with RAID1 while everything else on that filesystem is RAID5 or RAID6. An occasional scrub of the pool will catch any bit rot that might happen, and if one adds SSD, the filesystem will know to autotier it.
Of course, we have seen this before. Ages ago, there was a push to move to software RAID from hardware controllers back around the turn of the century. However, a few years after that, it was back to hardware RAID controllers and the software just using it as a plain disk.
[1]: Careful with snapping over 3-8 terabytes, or you will have a very unpleasant experience, unless this was fixed.
Solaris 11 has had a couple security changes that are interesting. For example, root is gone by default until you use rolemod. Instead, UID 0's functionality is a role, where you su for that access, similar to how one uses UAC in Windows to access administrator functionality that your account has.
ZFS is also one of the most useful features of the OS. No LVM to worry about, and far better bitrot catching than any other filesystem except for MS's Storage Spaces + ReFS.
I still like Solaris and SPARC, but for the cost involved in the enterprise (where commercial support is necessary), I can get 95% of the features (all except ZFS [1]) for a lot less hardware investment.
[1]: My only complaint about Linux in general is that it doesn't have an enterprise-grade modern filesystem. btrfs is still not finalized yet (and it can't be booted from), and a true enterprise grade filesystem merges the LVM and the FS to be able to catch bitrot and file corruption via CRCs. Without both layers working at the same time, that protection isn't there. Even MS tossed out the LVM with Storage Spaces.
Solaris was made in a time when there were almost hundreds of flavors of UNIX. Everyone had their own different variant.
When SunOS 1.x to 4.x were out, those were extremely BSD. It wasn't until the renaming to Solaris and Solaris 2.x when Sun moved to a SVR4 base.
I do miss Sun though. SPARC hardware was extremely well built. Now, Oracle hardware just looks like any other machine sitting in a rack. Plus, it was nice having another CPU architecture than x86 that was commonly available.
There is a difference between making stuff cheap, and making stuff good.
If you want to make it cheap, then China is your go-to place.
If you want to make quality items, then you have a choice from a lot of countries. The US is one of the best choices for anything robotics, Germany and most of Europe is good for high tolerance manufacturing (high security tumblers for locks), and so on.
Even Adobe is getting this. You can use Flash (the authoring tools) to make HTML5 content now, which is ironic, but useful.
The people who have been pushing gold and silver on us for a while have said the same thing. However, there are a few problems with that:
1: If someone even got an inkling that someone was carrying a large amount of cash for a purchase, they likely would be mugged. Someone nearby seeing someone at McDonalds having a large wad in their wallet might make them a prime target. The reason why muggings are down is because it is a lot harder to make any useful money from a pile of credit cards. It can be done, but it is easily traced.
2: Fundamentally, our currency exchange system is working. It just needs a cryptographic overhaul, work with tokenization, and separation of duties. That way, it would require attacking individual registers physically instead of pushing code from remote, and even then, the "black box" that one inputs a PIN from would be isolated, so one might get a hashed, encrypted value, and that's it.
3: Physical cash is slower. I can make a purchase online in seconds. To do the same thing in paper bills would take days to weeks.
What I see that makes Windows 8.1 [1] an upgrade isn't the UI changes. There are some nice under the hood features. The annoying wait for chkdsk to finish is gone, because it can be run while a volume is online to find broken index nodes. BitLocker can be used without a TPM to ask for a password, similar to how TrueCrypt functions on boot. It is easier to blank out a PC completely if handing it to someone else ("reset" option, choose to blank the drives, let it erase and reinstall,) Windows Store apps function in their own jailed space, which helps security, and so on. None of these features are really what a lot of users care about, but with a third party program like Classic Shell, W8 or W8.1 can be made decently usable.
So, all things being equal, and if Classic Shell does make up for the new UI quirks, moving to W8.1 is a good thing to do just due to the fact that it is coded for more recent threats. This isn't as bad as the XP days where an OS made in 2001 is trying to handle threats in 2014, but using an OS with security designed for more recent threats as opposed to having it strapped on can be the difference between reading about the latest version of Cryptolocker going around versus having to pay the Cryptolocker guys several BitCoins.
[1]: Well, in my case, Windows Server 2012 R2, just because the server version of wbadmin is one of the best and simple backup utilities out there, and server editions install as little of possible by default, so it tends to have less useless cruft than a client.
That is an issue with cloud applications, and SaaS in general. You have no way of reverting back to an earlier version should a new update break things.
This is one fundamental lesson -- on the Internet, Heinlein may long since have been worm food, but TANSTAAFL is still the rule of the day. Either you pay for the E-mail account directly, or you deal with a lack of privacy.
The gmail account I have is useful for Android related stuff, but for anything professional, I use an Exchange hosted provider and a custom domain. Plus, the TOS is a lot more in my favor when I'm shelling out the cost of the account, especially the fact that only the usual people (NSA/FBI/etc.) have access to my mailbox other than just me. This is a lot more private than some providers to allow some form of access to advertisers.
Long term, I wonder about biting the bullet, tossing a couple boxes in a co-loc rack, and doing the same thing -- running my domain's E-mail on my own boxes. At least then, I know where the machines are, what type of hard disk encryption is used, what firewall (if any) is in place, and I'd know that the SSL/TLS key's signature, and if it changes, even if the CA states that it is OK, then I know something is amiss.
The funny thing is that is how I ended up learning about various types of government and how they functioned via pencil and paper RPGs. The difference between a theocracy and a plutocracy versus a pure democracy and a representative republic. As characters wandering around, one saw how each government and the country fared or didn't. For example, a country that was essentially autocratic, one paid a formal tax and could enter the borders. A less organized government owned by the rich merchants had a lot of would-be people asking for their "tax", perhaps up to 100%, if not more (as in trying to add the PCs to their slave collection.)
Another item was running battles and having to learn terrain, weather, wind direction, and other items. If you have an army of swordsmen, you won't fare well sending your infantry charging uphill into crossbowmen.
Military history may not be something that one finds on a standardized test, but it has made us what we are, culturally, and learning causes and effects can teach a lot of other items, be it meteorology, geology, astronomy, logistics, or math (it takes both accounting as well as more advanced forms of math to get food and booze to all troops on a battlefield.)
I've wondered why PC makers don't get out of the "good enough" mold and start working on addressing user concerns, especially in security. Preferably in a way other than demanding people move to a restricted, locked down platform. Some suggestions:
Built in hypervisor and AV software that can run as a separate VM, pause the Windows partition, do a RAM image scan of that, then go on. Rootkits can hide from the OS, but they have to show themselves somehow, and something that sits outside the memory space that can't be touched would catch them sooner or later. It isn't a 100% magic bullet, but it can help catch things and require fewer signatures (mainly heuristics) as opposed to the hundreds of thousands needed for conventional AV signature detection. The hypervisor and virus scanning VM can also scan the disk image for stuff that is hidden from the OS. Not perfect, but this is only a tool in some of the highest end enterprises.
Some "mini-SAN" features on the disk controller. Snapshots, a LVM tool, disk encryption on the controller level, the ability to save snapshots to an external hard disk as backups regardless of what OS is on the drives, and so on.
A read-only flash disk with the recovery media burned on it. This way, when someone has a corrupt disk, the recovery volume on the same disk is also infected, there is a way to completely zero out the drive and install a clean OS from scratch without having to repurchase Windows or other OS media. This isn't new. There were Tandy with built in MS-DOS in ROM.
A hypervisor where one can easily clone and switch between Windows installations. That way, one's general Web browsing is on one VM, banking on another, gaming on still another... and all the VMs use a deduplicated LUN so creating a new Windows instance takes up a small amount of space. Of course, updates can be handled by a WSUS-like mechanism so only one set would need to be downloaded for all the VMs.
Built in 3G/4G/LTE/CDMA/GSM connection that can be turned off and locked down via BIOS or a switch. The onboard hypervisor would offer it as a vSwitch, or perhaps even with router/firewall functionality, so the inner OS is well protected. This way, there is always some connectivity to the Internet, barring areas with zero cellular service.
Thunderbolt, so one can use tape drives and other high I/O stuff. USB 3 is OK, but it can't drive a modern tape drive without shoe-shining.
IMHO, what we have seen in the CryptoLocker game is just the beginning. We have close to a perfect storm here -- Bitcoin being a currency that is easy to use no matter where one is, provided Internet access is obtainable [1]. For the most part, security is a joke because people/businesses either don't care, view it as having no ROI, or just view it will happen to "the other guy." Unlike incoming Internet connections which will get stopped by at the minimum, a perimeter firewall, the untrusted code on an external web page makes it well into the depths of a company. Most companies might have something to block the nudie pics, or use a device to force all SSL transactions to go through a transparent listening/MITM proxy (BlueCoat for example), but usually that is the extent of how far they go. Blocking suspect malware IP addresses tends to be rare unless a company is on top of their game.
With this in mind, it might take a single browser or add-on weakness for an organization to get malware deployed. Since most Web browsers run as the user, it means the malware usually ends up with a full unlimited user context. Barring Web based malware, there is always the good old fashioned "foo.pdf .exe" Trojan.
CryptoLocker is just version 2.0 (v1.0 being the early ransomware with an easily factored key being the same, or a flimsy encryption algorithm.)
I can see RansomWare 3.0, if it manages to get root/Administrator authority, installing a low level driver. It will encrypt files, and backup programs will back up the encrypted stuff (a la Microsoft's EFS), but the user won't know because the driver will allow reading/writing for a period of time. Then, after a cutoff date, the private key is wiped, and the driver is dropped from the system. This not just encrypts the files that are accessible, but it also ensures that recent backups will be completely and utterly useless for restores. The private key can also just never be stored on disk, and quietly fetched from the malware owner's website every time the machine reboots.
To boot, the software will detect where the software is installed and base the ransom of where it is located. If a police station, the demand to release all prisoners in the county jail can be made. A government office means that the criminals can demand someone be fired. At the extreme, if the files locked up are valuable enough, the organization can demand an execution of someone they don't like.
Now the question -- how can we prevent this. Well, it costs money. Someone can invent software that can check backups and detect files that were encrypted, but in reality, it means RansomWare 3.1 will just encrypt the file in a valid .doc, .xls, or other format. It will take keeping a round of backups for a long time. It will take better heuristics so an AV utility [2] can detect some process fiddling over time with files and stop it. It might even require machines be rebooted from offline media and scanned in that condition, and instead of a scan looking for anything out of the ordinary, the reverse happening -- a scan looking for anything that isn't a signed binary or valid Registry entry in order to find rootkits (assuming ones that just don't exist in RAM.) It might even require a new computer architecture with a hypervisor that can suspend the entire machine, then scan the RAM image and the disk every so often.
[1]: BitCoin isn't anonymous, but there are a growing number of "wallet mixing"/laundering services popping up. I'm sure a lot of them likely will just make off with any coins they get (a "100% commission"), but even if a fraction if the haul gets handed to the person coming up to the table, it can still be a good haul for the person trying to launder.
[2]: AV utilities tend to be a joke, but we can hope they might do the job.
I like the idea of having it in a separate product, on a separate server. Separation of duties 101. To boot, the product can use Google's Authenticator. This isn't the be all and end all in security, but it does provide the website designer with that ability to allow end users to use two factor authentication.
So far, I've done some work on an appliance that is essentially a separate box that stores username/password hash tuples, prohibits a wholesale dump of files (unless one physically attaches a usb flash drive), and handles the lockouts on the appliance end, so even if the web app and DB got hacked, the username/passwords are out of reach, barring a physical intrusion. However, something like this product stated above seems to do what I've been doing on an amateur level a lot better.
I'm curious about the NetIQ Access Manager backend. If this is good enough to keep a dedicated intruder out, it might be worth footnoting this product for later use should the need arise to build a forum site for a small business.
I agree with you there. The first thing is to consider the threat model. Is it better to forget some passwords and lose access for good as opposed to having them be exposed if one's password utility gets compromised?
I look at what threats I have. Theft of a device is a big one. Compromise of a cloud account is another biggie. Theft of a device and demands for access to passwords is a third, because criminals are wising up to the fact that coercing an unlock code can provide more usable things to sell.
The solution to this would be a program where every instance had its own private key. The central file would be stored on a cloud provider. When a new device is added, the public key from the new device would be manually copied to another device with access, and the device with access would add a decryption key entry to the encrypted file. When a device is removed, the whole file is decrypted, re-encrypted with a new master key, and a keylist [1] added of what public keys (that belong to devices) added.
Said program would function similar TrueCrypt where there are different users and passwords to access data segments of the file. So, one can hand over the password for a decoy user and be done with it. Since the program would randomly add "chaff", there is no way to tell if the data is garbage or other encrypted items. (this is taken from PhonebookFS's design.)
The result is decent security and ease of use. If one trusted the device's security, the passphrase to unlock things could be turned into a PIN, all the while, there are no brute-forcable passwords that an attacker could easily break with the file stored on the cloud provider. The downside with trusting the device's security (iOS's KeyChain for example) is that that can be compromised, but that is a risk someone should calculate.
[1]: The keylist is just the master key encrypted to a device's public key, so 10 devices would have ten separate entries, each device able to independently fetch and decode the file's contents. The reason for the complete decryption and re-encryption is to ensure that a device that had access to the master key would no longer possess that.
What about creating a private key, using a utility to share split it (where X out of Y pieces are required to recover it), send that to each of one's friends, then use the private key to encrypt the password data, and store that in an accessible location?
Of course, all the friends can collude and get the data, but it the cyphertext is stored securely, that is less likely to happen.
The benefit to this is that it is a good way to not have to respond to some government demand for the info. If the friends refuse to hand over the key parts, there is no way the data can be recovered.
In 1991, buffer overflows were just becoming to be an issue when it came to security. Back then, a lot of X servers came with no security, so any client could attach to the screen (no xhost or MIT magic cookie authentication.) Back then, the goal was to get functionality working in the first place. If you wanted a word processor, you had vi in an xterm, or fire up Xemacs. The only word processor would have probably been a variant of Wordperfect or possibly FrameMaker, and those were mainly living on the NeXT platform.
The X11 font bug is obscure enough to not be something that an attacker would be able to easily use. It is still a hole, but it has limited use, because to use it, one would have to have access as a user (unrestricted by policies like AppArmor or SELinux), and access to the X server's font path. This is about as hard as trying to place a ~user/ls in hopes that root runs something in the current directory over /bin/ls.
These new coins are great, but IMHO, these are just version 1.x of the coins.
What would be interesting would be a coin that would combine the obvious market value of eGold, the anonymity of a Chaumian currency, with the popularity of BitCoin. Someone does this, it has a better chance of becoming a currency of choice.
Of course, this would mean that mining and stuff wouldn't be a part of the process, but it would mean that the currency has some real world backing.
Malpractice insurers?
Very true. I was meaning the realtime tracking data, not the crap stored in the ECM/TCM, where car makers do a scan to check for tunes or modifications and if anything is found, put the vehicle on the "warranty is DEAD" list that goes to all dealers.
Newer cars, it is the same thing like jailbreaking iPhones if one wants a custom tune. Miss one gotcha or signature check, and the ECM will just refuse to run, and when the vehicle is taken to the dealer for a reflash, from there on out, all repairs are owner expense.