They do it today, not with DHCP but with game keys. If you register a game and your key has been used, then you can't register your game
Sure, but that is fairly different to what you initially proposed. It would only work with online verification, so the first time you plugged in a keyboard with a unique ID your laptop would have to go out to some trusted server to authenticate it. That wouldn't stop somebody from later cloning that specific keyboard, but it would prevent them from cloning another keyboard and plugging it into your PC. Then again, if they only cloned any particular keyboard once it probably still wouldn't help unless you only authenticated any keyboard once. If you did that then if you took a legitimate keyboard and tried to use it on two laptops it would fail.
Keep in mind that if you're a government then your adversaries are likely to be foreign intelligence agencies. Do you think it would really be that hard to get your hands on one keyboard/printer/etc and clone it without it being reported missing so that you could target one computer for hacking?
Also, none of this is consumer-grade capability. That means that instead of buying $20 logitech keyboards the government is now buying $1000 secure keyboards, and no doubt the next Ronald Regan will come along and point that out. I was chatting with somebody who worked for a defense contractor and a bunch of brass was wondering why they couldn't have an "app store" for military phones, instead of huge bricks that had fixed firmware and multi-year upgrade projects.
I'm not trying to say that security is impossible to achieve. I'm just saying that a significant increase in security isn't just an incidental bolt-on to existing consumer hardware. If you're going to re-design interfaces, register individual pieces of hardware with special authentication modules, and all that stuff, then sure, you can improve on things. Just don't expect to be buying that stuff at Staples.
Since these are now real loans, they will likely come with real interest rates and parental co-signing just like currently available non-student loans available today for pricy boutique schools to supplement subsidized student loans. The terms just hurt middle-class families more as I mentioned in my original post.
Sure, but real interest rates means that people will think twice before taking them, and they can have 300 co-signatures but it doesn't change the fact that they can be discharged fairly easily in bankruptcy. Parents can declare bankruptcy too. In fact, many middle-class families tend to have kids late in life and by the time payments on the loan are due the parents are probably done with refinancing mortgages and all that stuff.
In any case, I don't think that any of this is a real solution. I do think that private loans would be better than the special class of student loans that exist today. However, I'm more in favor of just making advanced education (including trades) free, and basic income as well so that people who just can't make it aren't starving.
Sure, but your statement is a bit like saying that with a college education you can make $200k/yr. Sure, some people with college educations do make that much money, but is a vast minority who do so. I suspect there are more people do make that much in the first 10 years of their career with a bachelors degree than there are who manage to discharge their student loans in bankruptcy.
And the first 2 years of college/university are worlds apart from what you learned in grade 12.
It certainly wasn't when I went to college. Granted, I took high-achievement/AP-track classes when I was in high school, but there wasn't much taught in my college Chem 101/102 course that wasn't covered in high school chemistry. Ditto for literature, math, etc. At least that is true for the first year - if you start to get into the 3rd semester of any subject then things start becoming new, but I suspect that the typical community college approach is not going to be moving on within major subjects but rather to cover a whole lot of the general liberal arts electives (so take all your fluff courses in the first two years instead of spreading them out).
The one problem I see with this is that you defer getting into your major. Instead of taking moderately advanced classes within your chosen field in year 2 you're taking foreign languages, humanities, etc. So, if you're thinking about becoming an electrical engineer you haven't really covered more than Ohm's Law at the end of year 2, which means you really don't have any more info about what it is like to be an EE than you did on day 1.
Of course, I'm a big fan of getting involved in a career before day 1 of college - get some exposure to your future dream job unpaid while you're still in high school or whatever. All the same, getting progressively more involved in your career as you advance will help you to understand if you should change directions.
Granted, with the community college route all those courses make you equally unprepared to do any major, so in some sense you haven't wasted any more time than you would have otherwise. It just means you're really going to be stepping up in rigor all at once in year 3 and at that point it might be a shock if you find out that it wasn't what you were expecting.
i am all for people rising or falling depending on the extent of their hard work
Well, the present system in the US and capitalism in general certainly won't work for you then. The current system rewards/punishes people for their work output, not for how hard they work. I'm sure there most construction workers work a lot harder than I do. Heck, I'm sure there are a lot of people working in the same field as I do who work harder than I do. And yet, I tend to be rewarded fairly well because employers value my work output more than theirs.
When was the last time you bought a consumer product and asked, "how hard did the company that made this product work to produce it?" You just want to know how much it costs YOU, and how well it meets your needs. If one company can make a widget that meets your needs and either sell it at a loss or do it more cheaply than somebody else, you're going to prefer that to the one that involved 300 hours of manual labor at $30/hr.
Personally I think the approach that makes the most sense is to quit doing make-work and just make the economy as efficient and ruthless as possible from a business standpoint (but with good safety and environmental protections and so on), and then having progressive taxation and basic income to take care of the people who just can't compete in such a system. We don't need to subsidize inefficient companies so that people will have jobs. Instead reward the most efficient companies so that costs are low and profits are high, and then tax those profits so that all the people who lose jobs can get paid just as much not to work at all. That takes some of the heartlessness out of capitalism, and much of the inefficiency out of communism.
For most prestigious private schools, I suspect if they were required to do this crap, they would simply opt-out of the loan programs and finance loans through their endowments. This wouldn't impact their application rates, nor the tuitions they charge at all, it would likely only punish middle class students (who rely the most on these programs).
Hardly. Either the graduates end up making enough money to repay the loans, or they just declare bankruptcy and the college eats the cost of the education. These are now private loans that are not subject to all those pesky rules like not being allowed to declare bankruptcy.
Can you really call any code of ethics that permits this an actual code of ethics. Lets start with Informed Consent. You have to inform the entire world since it would be involving everyone and not just the one country you want to help.
Sounds great. Let's start with you. Every breath you take expels CO2 into the atmosphere, contributing to climate change which affects every person on the planet.
I'd like you to explain that to every person on earth and collect a signature and notary from each one before you take your next breath.
Or, we could just do what makes sense and not require unanimous consent from the entire planet.
The thing you're missing in your replies is that these attacks have hardware-level support.
Yes, and if the person who wins the contract to deliver the computers is attacked by Al Qaeda, and they replace all the computers with identical ones, save one minor intentional "flaw", that would be undetectable under today's process.
Your argument is "because security is not 100%, there's no reason to try."
I'm saying "it's better than today" which you are leaving unargued.
They already have this level of security today. You can configure most OSes to only accept USB devices that identify themselves with acceptable identifiers. You just want to make the length of the identifier longer (the length of a signed driver file). Either way you can identify yourself as something else.
As you point out, you're fine if you only plug in USB devices from trusted sources. However, I doubt anybody paid to safeguard IT for the US government is going to be satisfied with that.
Then in the middle of the night when you aren't at your PC it will disconnect and connect using the signed logitech keyboard driver and work just fine as a keyboard, and use keyboard input to run a rootkit on your PC. Then it will disconnect and connect as a printer again so that you never realize what happened.
With USB hubs, the printer could identify as a hub, and then you wouldn't need to disconnect the printer to "plug in" the Logitech keyboard.
That attack should work no more than once, once discovered. You revoke the signature for those keyboards. And get more security than doing nothing.
If you do that a ton of keyboards stop working. Then you have to buy all new keyboards. Then the attacker just updates their hacks to identify itself as the new keyboard.
It is about as likely to be effective as trying to revoke HDCP keys if somebody extracts a key from a TV set. You tick off a bunch of TV owners, and the pirates just switch to a new key.
, then the tl;dr of my response is "fine, just copy the driver and the corresponding signature, that will let you authenticate an insecure device"
Sure, you can get an insecure printer running on that driver, but when it starts sending HID commands, the OS will turn it off.
The printer will disconnect from the USB bus. Then it will reconnect using a signed keyboard driver which the OS trusts. Then it will send keyboard input (the driver doesn't create the keystrokes - the user does - so a keyboard driver HAS to accept arbitrary input from the hardware). The OS has no way to know that the plug wasn't physically removed from the bus - the hardware can just disconnect and reconnect electronically.
It would be possible to mitigate this using a sensor on the plug to test for physical insertion/removal. Of course, that wouldn't work if you plugged a hub in unless you trusted the hub to tell you the truth. Plus, I could see that sensor wearing out like disk drive change sensors tended to ages ago.
The thing you're missing in your replies is that these attacks have hardware-level support. They actually disconnect electronically from the host and re-connect. That means that they can re-authenticate as an entirely different device. It could even emulate a USB hub and connect as 14 different devices at various times - some simultaneously.
There is no question that when it is connected as a printer that the OS would reject keyboard input (not that keyboard input would really be possible - the driver wouldn't interpret anything sent as keyboard input anyway).
Reality proves you wrong. The HP I use has a read-only flash drive in it with the drivers for the printer on it.
Besides, your arguement is invalid anyway. "It can't be done because it is currently done differently" has been said millions of times by millions of people. Everyone one of them proved wrong by progress.
Oh, and if you are wondering, the drivers in the printer are signed.
And if I had the money I could duplicate that USB device, signed drivers and all. Signatures don't prevent copying, only tampering. There is no need to tamper with the drivers to do the kinds of exploits that have been discovered for USB devices. The modified HP printer will connect using the signed HP printer driver and work just fine as a printer. Then in the middle of the night when you aren't at your PC it will disconnect and connect using the signed logitech keyboard driver and work just fine as a keyboard, and use keyboard input to run a rootkit on your PC. Then it will disconnect and connect as a printer again so that you never realize what happened.
Sure, locking your PC at night or turning it off would mitigate that particular attack, but you get the general idea.
So, is the tl;dr "if you just copy the key from one USB to another, that will let you authenticate an insecure device".
I want to make sure the question is clear when I answer. I'm amazed by the number of people who say "security is hard, it's better to not even try."
So, the tl; dr of your proposal is: "put the device driver on the USB device instead of in the OS, and put a signature of the driver on the device as well" if so, then the tl;dr of my response is "fine, just copy the driver and the corresponding signature, that will let you authenticate an insecure device"
If I'm misunderstanding your proposal, feel free to state it clearly so that I can answer clearly. I'm amazed by the number of people who think that public key cryptography is some kind of magical thing that lets you give somebody a physical object that is impossible to copy.
The same is true if I plug a USB flash drive and then after 10 minutes it disconnects itself, reconnects as a USB keyboard, and does the same thing.
When it connects as a USB keyvoard, it would be challenged for its driver. If it doesn't have one, it must authenticate with a null driver, properly signed, or the OS will disconnect it.
That's easy. Most OSs already handle signed drivers. It's just a change to *require* them for USB devices used by the federal government. When that happens, your problem goes away.
USB devices don't contain drivers - the OS does. The device just identifies itself.
But, if USB devices did contain signed drivers, then somebody would just copy the signed driver from a valid device. Encryption doesn't prevent copying - a copy of valid encrypted data is just valid encrypted data.
That would require crypto locker to be specifically targeted to OS X. I highly doubt it does this. There are so many people who don't have adequate backups, or any backups, that it's probably not worth the effort to go after the ones who do, unless you're running a targeted attack.
Absolutely, an offline backup system is necessary for complete security. But for a home user protecting against non-targetted attacks, obscurity offers very good security, with minimal effort.
Cryptolocker for Windows already targets backups and fileshares. I don't know why somebody would write Cryptolocker for OSX and not do the same.
The current Cryptolocker doesn't work at all on OSX - we're talking about a hypothetical clone written for OSX. It certainly is possible to do, but as long as they're making enough money on Windows users they may not bother with it.
You can open powershell and enter, compile, and run a program with just a keyboard.
Absolutely. Back in the days of DOS Laplink let you clone a PC onto another by just connecting a null-modem cable between them and typing "stty COM1:" into the remote computer. That simply redirected the DOS prompt console to the serial port, and laplink would install a receiving program via keyboard input and then have it do the copy. I don't know how it did it - could have used debug.exe to hexedit the file in, or for all I know it it just did "copy CON: filename" and just sent the binary over the wire.
There is nothing wrong with the drivers. The problem is with the device impersonating another device. If I plug a keyboard into your computer and it uses the signed RedHat keyboard driver it doesn't help you when I type rm -rf/* into an open shell. The same is true if I plug a USB flash drive and then after 10 minutes it disconnects itself, reconnects as a USB keyboard, and does the same thing.
It's clear you don't know where to begin criticizing it. DVDs do it (very poorly) and Blu-Ray do it (less poorly). A similar system would be trivial.
DVDCSS was cracked ages ago, largely due to a poor design. The Blu Ray system had a better design, but every Blu Ray player contains a key that can be used to read any Blu Ray disk. The only reason they aren't routinely cracked is that nobody cares to bother - there are a bazillion other ways to do it. If a country doing espionage wanted a Blu Ray key they'd just go to the local Walmart, buy one, and extract the key from it.
As would be putting the PRIVATE KEYS on the mass produced hardware (encrypted and signed, of course). You do know how PKI works, don't you? You don't send someone your private key for them to authenticate you. You encrypt their public key with your private key and send that encrypted PRIVATE KEY derivative. So, burn that encrypted key into the USB device as part of the driver.
Your valid USB device needs to authenticate itself. That means that ALL the necessary credentials necessary to do so MUST be stored on the USB device. That means it can be duplicated. That is all there is to it. You can certainly make it tamper-resistant, but against something like an intelligence agency I would not trust that to work.
Sure, you can encypt the key on the USB device, but then how does the USB device use that key? If the key needs to be decrypted to use it, then the device has to have the decryption keys burned into it as well. If the key doesn't need to be decrypted to use it, then the attacker doesn't need to decrypt it either.
Public key cryptography is about protecting messages from interception. We're talking about protecting the keys from interception.
"From an OS security standpoint, there really isn't anything in OSX or Linux that would prevent something from Cryptolocker from working. Neither does security beyond the user-level by default, and typically the browser (which is what tends to get exploited) has access to all user data."
Yes there is: time machine.
You mean that service that just stores all your data on a hard drive which gets plugged into the device that a Cryptolocker clone will be running on? Why wouldn't the virus take out your backups at the same time? I believe Cryptolocker already does this for Windows - if you use automatic external backups on Windows they WILL be hosed by Cryptolocker the next time you plug in the drive. Remember, the software runs in the background for days secretly encrypting all your stuff before calling attention to itself. You'd only be safe if you had data on an external hard drive that you didn't plug in for a few weeks most likely.
Time machine is great, but it doesn't protect against something like this.
Seems like a sensible approach not to use the same OS as all those lucrative targets then.
I know macs do one thing that would have helped. Time machine is built into the OS and makes regular backups. If you plug an external drive into an airport, the backup volume isn't mounted except when the backup is happening.
The problem is that when the next timed backup fires off, it is mounted, and presumably the malware will target it. Also, I'd be shocked if somebody would write something like Cryptolocker for OSX and not address Time Machine.
I wouldn't trust local media to keep me safe. I'd prefer to have backups on some remote server whose software enforces history on the files that are stored, so that it would also need to be hacked to take out the backups. Most of the usual cloud storage services or backup services would be fine.
Security by obscurity does count for something, but I wouldn't use it as a substitute for backups.
I've been reading for 20+ years how "Macs are just as vulnerable as Windows," and yet, somehow, that malware parity never seems to happen. Sure, every now and then there's a headline about Mac malware, but when you read the article it's either a theoretical vulnerability or, at worst, something that happened to a handful of people.
I've been reading for 20+ years about these things called Macs that are far safer than Windows, and yet, somehow, nobody actually uses them.
Thieves will always go for max reward for minimum risk. Sure, they hit lots of mom and pop computers running Windows, but I imagine the real money is in medium-sized businesses. How many organizations do you know that could be persuaded to maybe pay a $300k ransom but they store all that data on OSX, or even on Linux?
If medium-sized companies tended to run OSX, you'd see Cryptolocker for OSX. No, you won't see it anytime soon, because those businesses aren't going to switch to OSX anytime soon.
From an OS security standpoint, there really isn't anything in OSX or Linux that would prevent something from Cryptolocker from working. Neither does security beyond the user-level by default, and typically the browser (which is what tends to get exploited) has access to all user data.
>I can't imagine that any website would work on Chrome on OSX that wouldn't work on Chrome on ChromeOS.
In our case, the web software my daughter's school used would refuse to upload a file (homework) from a google drive, but would do fine off the local drive, which isn't an option on the chromebook.
All chromebooks have local storage. It is used primarily for these sorts of situations.
USB keys don't contain drivers. The attack is that when you aren't looking your thumb drive presents itself as a Logitech USB keyboard and then proceeds to type in a rootkit or whatever.
To be an HID, it must announce itself as one (called "driver" even when it just announces itself and requests the default OS driver). To do so, it must authenticate with the host OS. If not, the HID functionality will be disabled.
As far as I'm aware USB does not have any kind of strong authentication built into it. It can announce itself as an HID, and label itself as whatever it wants to.
Even if they did authenticate, the necessary private keys would be in every logitech USB keyboard out there, to use my example.
That's why they need brilliant people in the government.
I can see how govt would hate using thumb drives (a rogue thumb drive could mimic any USB device),
The government is large. A demand that any driver be signed by the maker (with the proper key loaded into the government PKI) would eliminate 99% of such attacks. All USB storage must have a key.txt in the root with a valid key.
USB keys don't contain drivers. The attack is that when you aren't looking your thumb drive presents itself as a Logitech USB keyboard and then proceeds to type in a rootkit or whatever. Since the government probably does buy Logitech USB keyboards the computer already has the signed logitech driver installed. Sure, the drive can only do things that you could do with a keyboard, but you'd be amazed just what you can do with only a keyboard.
the difference is one system is locked down and Google ultimately controls it. with any proper OS - I control it. chrome does whatever Google says it can do. I am not paying without control.
Chromebooks aren't locked down unless you want them to be. Every one has a switch which disables secure boot and you can flash whatever you want on it, including ChromiumOS. Flipping the switch does wipe the device for security, which is the approach Google takes with Android as well.
Slashdot Mirror
They do it today, not with DHCP but with game keys. If you register a game and your key has been used, then you can't register your game
Sure, but that is fairly different to what you initially proposed. It would only work with online verification, so the first time you plugged in a keyboard with a unique ID your laptop would have to go out to some trusted server to authenticate it. That wouldn't stop somebody from later cloning that specific keyboard, but it would prevent them from cloning another keyboard and plugging it into your PC. Then again, if they only cloned any particular keyboard once it probably still wouldn't help unless you only authenticated any keyboard once. If you did that then if you took a legitimate keyboard and tried to use it on two laptops it would fail.
Keep in mind that if you're a government then your adversaries are likely to be foreign intelligence agencies. Do you think it would really be that hard to get your hands on one keyboard/printer/etc and clone it without it being reported missing so that you could target one computer for hacking?
Also, none of this is consumer-grade capability. That means that instead of buying $20 logitech keyboards the government is now buying $1000 secure keyboards, and no doubt the next Ronald Regan will come along and point that out. I was chatting with somebody who worked for a defense contractor and a bunch of brass was wondering why they couldn't have an "app store" for military phones, instead of huge bricks that had fixed firmware and multi-year upgrade projects.
I'm not trying to say that security is impossible to achieve. I'm just saying that a significant increase in security isn't just an incidental bolt-on to existing consumer hardware. If you're going to re-design interfaces, register individual pieces of hardware with special authentication modules, and all that stuff, then sure, you can improve on things. Just don't expect to be buying that stuff at Staples.
Since these are now real loans, they will likely come with real interest rates and parental co-signing just like currently available non-student loans available today for pricy boutique schools to supplement subsidized student loans. The terms just hurt middle-class families more as I mentioned in my original post.
Sure, but real interest rates means that people will think twice before taking them, and they can have 300 co-signatures but it doesn't change the fact that they can be discharged fairly easily in bankruptcy. Parents can declare bankruptcy too. In fact, many middle-class families tend to have kids late in life and by the time payments on the loan are due the parents are probably done with refinancing mortgages and all that stuff.
In any case, I don't think that any of this is a real solution. I do think that private loans would be better than the special class of student loans that exist today. However, I'm more in favor of just making advanced education (including trades) free, and basic income as well so that people who just can't make it aren't starving.
That statement means that 60% end up with nothing discharged, and it says nothing about how much is discharged on average.
And I'm not sure how my reaction is emotional. I merely pointed out that your statement was misleading, even if completely factually true.
I didn't say you "always" can.
Sure, but your statement is a bit like saying that with a college education you can make $200k/yr. Sure, some people with college educations do make that much money, but is a vast minority who do so. I suspect there are more people do make that much in the first 10 years of their career with a bachelors degree than there are who manage to discharge their student loans in bankruptcy.
And the first 2 years of college/university are worlds apart from what you learned in grade 12.
It certainly wasn't when I went to college. Granted, I took high-achievement/AP-track classes when I was in high school, but there wasn't much taught in my college Chem 101/102 course that wasn't covered in high school chemistry. Ditto for literature, math, etc. At least that is true for the first year - if you start to get into the 3rd semester of any subject then things start becoming new, but I suspect that the typical community college approach is not going to be moving on within major subjects but rather to cover a whole lot of the general liberal arts electives (so take all your fluff courses in the first two years instead of spreading them out).
The one problem I see with this is that you defer getting into your major. Instead of taking moderately advanced classes within your chosen field in year 2 you're taking foreign languages, humanities, etc. So, if you're thinking about becoming an electrical engineer you haven't really covered more than Ohm's Law at the end of year 2, which means you really don't have any more info about what it is like to be an EE than you did on day 1.
Of course, I'm a big fan of getting involved in a career before day 1 of college - get some exposure to your future dream job unpaid while you're still in high school or whatever. All the same, getting progressively more involved in your career as you advance will help you to understand if you should change directions.
Granted, with the community college route all those courses make you equally unprepared to do any major, so in some sense you haven't wasted any more time than you would have otherwise. It just means you're really going to be stepping up in rigor all at once in year 3 and at that point it might be a shock if you find out that it wasn't what you were expecting.
i am all for people rising or falling depending on the extent of their hard work
Well, the present system in the US and capitalism in general certainly won't work for you then. The current system rewards/punishes people for their work output, not for how hard they work. I'm sure there most construction workers work a lot harder than I do. Heck, I'm sure there are a lot of people working in the same field as I do who work harder than I do. And yet, I tend to be rewarded fairly well because employers value my work output more than theirs.
When was the last time you bought a consumer product and asked, "how hard did the company that made this product work to produce it?" You just want to know how much it costs YOU, and how well it meets your needs. If one company can make a widget that meets your needs and either sell it at a loss or do it more cheaply than somebody else, you're going to prefer that to the one that involved 300 hours of manual labor at $30/hr.
Personally I think the approach that makes the most sense is to quit doing make-work and just make the economy as efficient and ruthless as possible from a business standpoint (but with good safety and environmental protections and so on), and then having progressive taxation and basic income to take care of the people who just can't compete in such a system. We don't need to subsidize inefficient companies so that people will have jobs. Instead reward the most efficient companies so that costs are low and profits are high, and then tax those profits so that all the people who lose jobs can get paid just as much not to work at all. That takes some of the heartlessness out of capitalism, and much of the inefficiency out of communism.
For most prestigious private schools, I suspect if they were required to do this crap, they would simply opt-out of the loan programs and finance loans through their endowments. This wouldn't impact their application rates, nor the tuitions they charge at all, it would likely only punish middle class students (who rely the most on these programs).
Hardly. Either the graduates end up making enough money to repay the loans, or they just declare bankruptcy and the college eats the cost of the education. These are now private loans that are not subject to all those pesky rules like not being allowed to declare bankruptcy.
Can you really call any code of ethics that permits this an actual code of ethics. Lets start with Informed Consent. You have to inform the entire world since it would be involving everyone and not just the one country you want to help.
Sounds great. Let's start with you. Every breath you take expels CO2 into the atmosphere, contributing to climate change which affects every person on the planet.
I'd like you to explain that to every person on earth and collect a signature and notary from each one before you take your next breath.
Or, we could just do what makes sense and not require unanimous consent from the entire planet.
The thing you're missing in your replies is that these attacks have hardware-level support.
Yes, and if the person who wins the contract to deliver the computers is attacked by Al Qaeda, and they replace all the computers with identical ones, save one minor intentional "flaw", that would be undetectable under today's process.
Your argument is "because security is not 100%, there's no reason to try."
I'm saying "it's better than today" which you are leaving unargued.
They already have this level of security today. You can configure most OSes to only accept USB devices that identify themselves with acceptable identifiers. You just want to make the length of the identifier longer (the length of a signed driver file). Either way you can identify yourself as something else.
As you point out, you're fine if you only plug in USB devices from trusted sources. However, I doubt anybody paid to safeguard IT for the US government is going to be satisfied with that.
Then in the middle of the night when you aren't at your PC it will disconnect and connect using the signed logitech keyboard driver and work just fine as a keyboard, and use keyboard input to run a rootkit on your PC. Then it will disconnect and connect as a printer again so that you never realize what happened.
With USB hubs, the printer could identify as a hub, and then you wouldn't need to disconnect the printer to "plug in" the Logitech keyboard.
That attack should work no more than once, once discovered. You revoke the signature for those keyboards. And get more security than doing nothing.
If you do that a ton of keyboards stop working. Then you have to buy all new keyboards. Then the attacker just updates their hacks to identify itself as the new keyboard.
It is about as likely to be effective as trying to revoke HDCP keys if somebody extracts a key from a TV set. You tick off a bunch of TV owners, and the pirates just switch to a new key.
, then the tl;dr of my response is "fine, just copy the driver and the corresponding signature, that will let you authenticate an insecure device"
Sure, you can get an insecure printer running on that driver, but when it starts sending HID commands, the OS will turn it off.
The printer will disconnect from the USB bus. Then it will reconnect using a signed keyboard driver which the OS trusts. Then it will send keyboard input (the driver doesn't create the keystrokes - the user does - so a keyboard driver HAS to accept arbitrary input from the hardware). The OS has no way to know that the plug wasn't physically removed from the bus - the hardware can just disconnect and reconnect electronically.
It would be possible to mitigate this using a sensor on the plug to test for physical insertion/removal. Of course, that wouldn't work if you plugged a hub in unless you trusted the hub to tell you the truth. Plus, I could see that sensor wearing out like disk drive change sensors tended to ages ago.
The thing you're missing in your replies is that these attacks have hardware-level support. They actually disconnect electronically from the host and re-connect. That means that they can re-authenticate as an entirely different device. It could even emulate a USB hub and connect as 14 different devices at various times - some simultaneously.
There is no question that when it is connected as a printer that the OS would reject keyboard input (not that keyboard input would really be possible - the driver wouldn't interpret anything sent as keyboard input anyway).
USB devices don't contain drivers
Reality proves you wrong. The HP I use has a read-only flash drive in it with the drivers for the printer on it.
Besides, your arguement is invalid anyway. "It can't be done because it is currently done differently" has been said millions of times by millions of people. Everyone one of them proved wrong by progress.
Oh, and if you are wondering, the drivers in the printer are signed.
And if I had the money I could duplicate that USB device, signed drivers and all. Signatures don't prevent copying, only tampering. There is no need to tamper with the drivers to do the kinds of exploits that have been discovered for USB devices. The modified HP printer will connect using the signed HP printer driver and work just fine as a printer. Then in the middle of the night when you aren't at your PC it will disconnect and connect using the signed logitech keyboard driver and work just fine as a keyboard, and use keyboard input to run a rootkit on your PC. Then it will disconnect and connect as a printer again so that you never realize what happened.
Sure, locking your PC at night or turning it off would mitigate that particular attack, but you get the general idea.
So, is the tl;dr "if you just copy the key from one USB to another, that will let you authenticate an insecure device".
I want to make sure the question is clear when I answer. I'm amazed by the number of people who say "security is hard, it's better to not even try."
So, the tl; dr of your proposal is: "put the device driver on the USB device instead of in the OS, and put a signature of the driver on the device as well" if so, then the tl;dr of my response is "fine, just copy the driver and the corresponding signature, that will let you authenticate an insecure device"
If I'm misunderstanding your proposal, feel free to state it clearly so that I can answer clearly. I'm amazed by the number of people who think that public key cryptography is some kind of magical thing that lets you give somebody a physical object that is impossible to copy.
The same is true if I plug a USB flash drive and then after 10 minutes it disconnects itself, reconnects as a USB keyboard, and does the same thing.
When it connects as a USB keyvoard, it would be challenged for its driver. If it doesn't have one, it must authenticate with a null driver, properly signed, or the OS will disconnect it.
That's easy. Most OSs already handle signed drivers. It's just a change to *require* them for USB devices used by the federal government. When that happens, your problem goes away.
USB devices don't contain drivers - the OS does. The device just identifies itself.
But, if USB devices did contain signed drivers, then somebody would just copy the signed driver from a valid device. Encryption doesn't prevent copying - a copy of valid encrypted data is just valid encrypted data.
That would require crypto locker to be specifically targeted to OS X. I highly doubt it does this. There are so many people who don't have adequate backups, or any backups, that it's probably not worth the effort to go after the ones who do, unless you're running a targeted attack.
Absolutely, an offline backup system is necessary for complete security. But for a home user protecting against non-targetted attacks, obscurity offers very good security, with minimal effort.
Cryptolocker for Windows already targets backups and fileshares. I don't know why somebody would write Cryptolocker for OSX and not do the same.
The current Cryptolocker doesn't work at all on OSX - we're talking about a hypothetical clone written for OSX. It certainly is possible to do, but as long as they're making enough money on Windows users they may not bother with it.
You can open powershell and enter, compile, and run a program with just a keyboard.
Absolutely. Back in the days of DOS Laplink let you clone a PC onto another by just connecting a null-modem cable between them and typing "stty COM1:" into the remote computer. That simply redirected the DOS prompt console to the serial port, and laplink would install a receiving program via keyboard input and then have it do the copy. I don't know how it did it - could have used debug.exe to hexedit the file in, or for all I know it it just did "copy CON: filename" and just sent the binary over the wire.
There is nothing wrong with the drivers. The problem is with the device impersonating another device. If I plug a keyboard into your computer and it uses the signed RedHat keyboard driver it doesn't help you when I type rm -rf /* into an open shell. The same is true if I plug a USB flash drive and then after 10 minutes it disconnects itself, reconnects as a USB keyboard, and does the same thing.
It's clear you don't know where to begin criticizing it. DVDs do it (very poorly) and Blu-Ray do it (less poorly). A similar system would be trivial.
DVDCSS was cracked ages ago, largely due to a poor design. The Blu Ray system had a better design, but every Blu Ray player contains a key that can be used to read any Blu Ray disk. The only reason they aren't routinely cracked is that nobody cares to bother - there are a bazillion other ways to do it. If a country doing espionage wanted a Blu Ray key they'd just go to the local Walmart, buy one, and extract the key from it.
As would be putting the PRIVATE KEYS on the mass produced hardware (encrypted and signed, of course). You do know how PKI works, don't you? You don't send someone your private key for them to authenticate you. You encrypt their public key with your private key and send that encrypted PRIVATE KEY derivative. So, burn that encrypted key into the USB device as part of the driver.
Your valid USB device needs to authenticate itself. That means that ALL the necessary credentials necessary to do so MUST be stored on the USB device. That means it can be duplicated. That is all there is to it. You can certainly make it tamper-resistant, but against something like an intelligence agency I would not trust that to work.
Sure, you can encypt the key on the USB device, but then how does the USB device use that key? If the key needs to be decrypted to use it, then the device has to have the decryption keys burned into it as well. If the key doesn't need to be decrypted to use it, then the attacker doesn't need to decrypt it either.
Public key cryptography is about protecting messages from interception. We're talking about protecting the keys from interception.
"From an OS security standpoint, there really isn't anything in OSX or Linux that would prevent something from Cryptolocker from working. Neither does security beyond the user-level by default, and typically the browser (which is what tends to get exploited) has access to all user data."
Yes there is: time machine.
You mean that service that just stores all your data on a hard drive which gets plugged into the device that a Cryptolocker clone will be running on? Why wouldn't the virus take out your backups at the same time? I believe Cryptolocker already does this for Windows - if you use automatic external backups on Windows they WILL be hosed by Cryptolocker the next time you plug in the drive. Remember, the software runs in the background for days secretly encrypting all your stuff before calling attention to itself. You'd only be safe if you had data on an external hard drive that you didn't plug in for a few weeks most likely.
Time machine is great, but it doesn't protect against something like this.
Seems like a sensible approach not to use the same OS as all those lucrative targets then.
I know macs do one thing that would have helped. Time machine is built into the OS and makes regular backups. If you plug an external drive into an airport, the backup volume isn't mounted except when the backup is happening.
The problem is that when the next timed backup fires off, it is mounted, and presumably the malware will target it. Also, I'd be shocked if somebody would write something like Cryptolocker for OSX and not address Time Machine.
I wouldn't trust local media to keep me safe. I'd prefer to have backups on some remote server whose software enforces history on the files that are stored, so that it would also need to be hacked to take out the backups. Most of the usual cloud storage services or backup services would be fine.
Security by obscurity does count for something, but I wouldn't use it as a substitute for backups.
I've been reading for 20+ years how "Macs are just as vulnerable as Windows," and yet, somehow, that malware parity never seems to happen. Sure, every now and then there's a headline about Mac malware, but when you read the article it's either a theoretical vulnerability or, at worst, something that happened to a handful of people.
I've been reading for 20+ years about these things called Macs that are far safer than Windows, and yet, somehow, nobody actually uses them.
Thieves will always go for max reward for minimum risk. Sure, they hit lots of mom and pop computers running Windows, but I imagine the real money is in medium-sized businesses. How many organizations do you know that could be persuaded to maybe pay a $300k ransom but they store all that data on OSX, or even on Linux?
If medium-sized companies tended to run OSX, you'd see Cryptolocker for OSX. No, you won't see it anytime soon, because those businesses aren't going to switch to OSX anytime soon.
From an OS security standpoint, there really isn't anything in OSX or Linux that would prevent something from Cryptolocker from working. Neither does security beyond the user-level by default, and typically the browser (which is what tends to get exploited) has access to all user data.
>I can't imagine that any website would work on Chrome on OSX that wouldn't work on Chrome on ChromeOS.
In our case, the web software my daughter's school used would refuse to upload a file (homework) from a google drive, but would do fine off the local drive, which isn't an option on the chromebook.
All chromebooks have local storage. It is used primarily for these sorts of situations.
USB keys don't contain drivers. The attack is that when you aren't looking your thumb drive presents itself as a Logitech USB keyboard and then proceeds to type in a rootkit or whatever.
To be an HID, it must announce itself as one (called "driver" even when it just announces itself and requests the default OS driver). To do so, it must authenticate with the host OS. If not, the HID functionality will be disabled.
As far as I'm aware USB does not have any kind of strong authentication built into it. It can announce itself as an HID, and label itself as whatever it wants to.
Even if they did authenticate, the necessary private keys would be in every logitech USB keyboard out there, to use my example.
That's why they need brilliant people in the government.
I can see how govt would hate using thumb drives (a rogue thumb drive could mimic any USB device),
The government is large. A demand that any driver be signed by the maker (with the proper key loaded into the government PKI) would eliminate 99% of such attacks. All USB storage must have a key.txt in the root with a valid key.
USB keys don't contain drivers. The attack is that when you aren't looking your thumb drive presents itself as a Logitech USB keyboard and then proceeds to type in a rootkit or whatever. Since the government probably does buy Logitech USB keyboards the computer already has the signed logitech driver installed. Sure, the drive can only do things that you could do with a keyboard, but you'd be amazed just what you can do with only a keyboard.
the difference is one system is locked down and Google ultimately controls it. with any proper OS - I control it. chrome does whatever Google says it can do. I am not paying without control.
Chromebooks aren't locked down unless you want them to be. Every one has a switch which disables secure boot and you can flash whatever you want on it, including ChromiumOS. Flipping the switch does wipe the device for security, which is the approach Google takes with Android as well.