I'm surprised that they don't seem to be aware of the EICAR test file. From Wikipedia "The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs.... The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file..."
The actual test file contents are "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*". It's a COM file that when run will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!"
The term 'free' is an unfortunate consequence of there being no more specific word in English. The word is meant, to use the well-worn, free-software phrase, to be free as in speech rather than free as in beer.
As a course leader of several computing MScs I have to disagree. While Java isn't quite that bad, Python (or Ruby) is now a much better choice as a teaching language, especially for object oriented languages. Java is also not open source (yet) and universities should be leading the way in the use and advocacy of open source software.
The change is beginning - I know of at least one university that teaches its MSc students on machines running Fedora (since I helped introduce it into the labs) and I know of courses that use both Python and Ruby as first languages. I also know that my local primary school has ignored all attempts to introduce open source, in spite of being presented with the BECTA report. Should we not be expecting all our educational institutions to be leading the way on this issue?
There was a study done that asked a group of people to come up with a string of random ones and zeros. Unsurprisingly, after statistical analysis, they weren't very good. But the fantastic bit was to ask another group to pair off and for each of them to try to outguess the other: let your opponent see your string of ones and zeros so far and then try to make the next bit the opposite to the one they are likely to pick. Amazingly, these random strings were impressively more random. Perhaps we've evolved special pseudo-random number generators to allow us to be sneaky.
[I know, a reference would have been nice, but age does terrible things to your internal bibtex database]
One obvious weakness in Psiphon is the decision taken to not develop it anonymously. The fact that the developers are identified by name and location leaves them open to attack. If one of their loved ones were to be threatened by sinister guys with foreign accents, would they be able to resist the demands for weaknesses to be built into the system? And would the users of the system ever get to know before it is too late?
I'm fairly sure that you're right about most of that too! You're definitely right about buffer overflows but canary values and randomised positioning of the stack (diversity again) are making those harder and more vulnerabilities seem to be non-binary attacks. I've no hard figures to support this though.
However, once on a machine using a non-binary exploit, I can use the executables on it to transfer a sample of known programs to my machine, where I can crack the code using standard techniques (in effect, it is a Caesar cipher). When I know the mapping from the 'standard' instruction set to the one used on the victim machine, I have circumvented the protection offered by randomising the instruction set.
If there is a program to take plaintext instructions and translate them so that they work on the victim machine, as you suggest, then I don't need to crack the protection at all.
You are right in as much as I cannot use binary attacks and I have some extra work to do but it doesn't seem as though the system is significantly more secure.
What I'm saying is that most exploits start with a port scan to determine operating system and vulnerable services on the victim machine (ironically, it's the diversity of the responses to the scan that reveals the information). Then the attack generally involves supplying data to a service program to gain entry to the machine. Since most of these attacks do not rely on injecting binary code, this attack would work regardless of the instruction set of the machine. Once on the machine, determining it's key would be straightforward (since the 'plaintext' of many executables would be known) and wouldn't significantly slow an attacker. Also, many of the fingerprinting techniques used to spot malware would be less effective as the binary signatures of the executables would be different on each machine.
This would appear to be an attempt to increase security by hiding the instruction set. Security through obscurity is not effective for long and anyone interested in hardening their system would be much better advised to use defence in depth.
In the tradition of Slashdot, I have not RTFM but I imagine that this technique would not help with non-binary code injection (e.g. SQL).
However, increasing the diversity is a valid weapon against scripted attacks (including those real-world, RNA scripted viruses). Perhaps we should encourage the proliferation of incompatible GNU/Linux distros? Or encourage Bill to come up with even more versions of Windows Vista?
Unfortunately, Internet protocols work best when everyone uses the same rules. So the most important vectors for intrusion have to remain standard. Come to think of it, it's those pesky protocols that are causing all the trouble!
The speed problem is partly unavoidable. To overcome one threat model - that requests can be linked to replies statistically, based on traffic patterns or packet sizes - replies have added random latencies. Thus you could get a response quicker but you risk being identified because of your impatience. Systems like I2P that allow each user to choose their own level of anonymity allow you to trade efficiency for anonymity. By their very nature, anonymous P2P systems will always be slow, or bandwidth hungry, relative to other communication systems.
The best one I've heard was when someone left three (harmless) snakes in a student's room. The real killer was the note left prominently on the bed: 'There are four snakes in your room.'
Slashdot Mirror
I'm surprised that they don't seem to be aware of the EICAR test file. From Wikipedia "The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. ... The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file ..."
The actual test file contents are "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*". It's a COM file that when run will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!"
For those who don't know, Windows NT has an interesting ancestry:
VMS ----> WNT
Here's another example of the same relationship:
HAL ---> IBM
The term 'free' is an unfortunate consequence of there being no more specific word in English. The word is meant, to use the well-worn, free-software phrase, to be free as in speech rather than free as in beer.
Ahhh. Now I know what those job ads mean when they ask for embedded programmers.
As a course leader of several computing MScs I have to disagree. While Java isn't quite that bad, Python (or Ruby) is now a much better choice as a teaching language, especially for object oriented languages. Java is also not open source (yet) and universities should be leading the way in the use and advocacy of open source software.
The change is beginning - I know of at least one university that teaches its MSc students on machines running Fedora (since I helped introduce it into the labs) and I know of courses that use both Python and Ruby as first languages. I also know that my local primary school has ignored all attempts to introduce open source, in spite of being presented with the BECTA report. Should we not be expecting all our educational institutions to be leading the way on this issue?
There was a study done that asked a group of people to come up with a string of random ones and zeros. Unsurprisingly, after statistical analysis, they weren't very good. But the fantastic bit was to ask another group to pair off and for each of them to try to outguess the other: let your opponent see your string of ones and zeros so far and then try to make the next bit the opposite to the one they are likely to pick. Amazingly, these random strings were impressively more random. Perhaps we've evolved special pseudo-random number generators to allow us to be sneaky.
[I know, a reference would have been nice, but age does terrible things to your internal bibtex database]
Curious slashdot readers might find the following of interest:
s ystem
http://en.wikipedia.org/wiki/Steganographic_file_
Imagine the reaction of IT Managers if Microsoft were to include this in Windows.
One obvious weakness in Psiphon is the decision taken to not develop it anonymously. The fact that the developers are identified by name and location leaves them open to attack. If one of their loved ones were to be threatened by sinister guys with foreign accents, would they be able to resist the demands for weaknesses to be built into the system? And would the users of the system ever get to know before it is too late?
I'm fairly sure that you're right about most of that too! You're definitely right about buffer overflows but canary values and randomised positioning of the stack (diversity again) are making those harder and more vulnerabilities seem to be non-binary attacks. I've no hard figures to support this though.
However, once on a machine using a non-binary exploit, I can use the executables on it to transfer a sample of known programs to my machine, where I can crack the code using standard techniques (in effect, it is a Caesar cipher). When I know the mapping from the 'standard' instruction set to the one used on the victim machine, I have circumvented the protection offered by randomising the instruction set.
If there is a program to take plaintext instructions and translate them so that they work on the victim machine, as you suggest, then I don't need to crack the protection at all.
You are right in as much as I cannot use binary attacks and I have some extra work to do but it doesn't seem as though the system is significantly more secure.
What I'm saying is that most exploits start with a port scan to determine operating system and vulnerable services on the victim machine (ironically, it's the diversity of the responses to the scan that reveals the information). Then the attack generally involves supplying data to a service program to gain entry to the machine. Since most of these attacks do not rely on injecting binary code, this attack would work regardless of the instruction set of the machine. Once on the machine, determining it's key would be straightforward (since the 'plaintext' of many executables would be known) and wouldn't significantly slow an attacker. Also, many of the fingerprinting techniques used to spot malware would be less effective as the binary signatures of the executables would be different on each machine.
This would appear to be an attempt to increase security by hiding the instruction set. Security through obscurity is not effective for long and anyone interested in hardening their system would be much better advised to use defence in depth.
In the tradition of Slashdot, I have not RTFM but I imagine that this technique would not help with non-binary code injection (e.g. SQL).
However, increasing the diversity is a valid weapon against scripted attacks (including those real-world, RNA scripted viruses). Perhaps we should encourage the proliferation of incompatible GNU/Linux distros? Or encourage Bill to come up with even more versions of Windows Vista?
Unfortunately, Internet protocols work best when everyone uses the same rules. So the most important vectors for intrusion have to remain standard. Come to think of it, it's those pesky protocols that are causing all the trouble!
The speed problem is partly unavoidable. To overcome one threat model - that requests can be linked to replies statistically, based on traffic patterns or packet sizes - replies have added random latencies. Thus you could get a response quicker but you risk being identified because of your impatience. Systems like I2P that allow each user to choose their own level of anonymity allow you to trade efficiency for anonymity. By their very nature, anonymous P2P systems will always be slow, or bandwidth hungry, relative to other communication systems.
Out? Noooo....from the reports, it looks really dangerous out there!
This sounds an awful lot like the rolling 24 hour news channels that I am addicted to!
The best one I've heard was when someone left three (harmless) snakes in a student's room. The real killer was the note left prominently on the bed: 'There are four snakes in your room.'