|
|
Log in / Subscribe / Register

Security quotes of the week

[Posted September 28, 2016 by jake]

John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it.” This notion undoubtedly rings true for those who see national governments as the principal threats to free speech.

However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach.

More than 20 years after Gilmore first coined that turn of phrase, his most notable quotable has effectively been inverted — “Censorship can in fact route around the Internet.” The Internet can’t route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the “The Democratization of Censorship.”

Brian Krebs

Instead, the attacks against KrebsOnSecurity harness so-called Internet-of-things devices—think home routers, webcams, digital video recorders, and other everyday appliances that have Internet capabilities built into them. Manufacturers design these devices to be as inexpensive and easy-to-use as possible. Consumers often have little technical skill. As a result, the devices frequently come with bug-ridden firmware that never gets updated and easy-to-guess login credentials that never get changed. Their lax security and always-connected status makes the devices easy to remotely commandeer by people who turn them into digital cannons that spray the Internet with shrapnel.
Dan Goodin

The RecentFiles object gives access to the history of recent documents. Most users, unless they just installed Word, are going to have opened more than two documents. However, on a testing virtual machine (VM), the software is normally not "broken in". When the VM is initially created, software is installed, maybe opened once or twice to make sure it works, and then the state is saved and every time a test needs to be made, that state is loaded again. These VM images may then be used in automated analysis and testing tools which execute malware and see how they behave. If malware can be smart enough to know when it's being tested in a VM, it can avoid doing anything suspicious or malicious and thereby increase the time it takes to be detected by such tools.
Caleb Fenton
to post comments

home servers matter i think

Posted Sep 29, 2016 2:11 UTC (Thu) by Garak (guest, #99377) [Link] (3 responses)

The Internet can’t route around censorship when the censorship is all-pervasive
My view is that the all-pervasive censorship is based in the ISP's terms of service. Google Fiber prohibited "any kind of server", or even any "improper" traffic. I have this vague recollection there may even be some international policy (ietf perhaps) that mandates similar overbroad ToS terms. Somewhere along the line I think the effective (if not popular) understanding and management of the internet migrated away from "it would be completely unreasonable for ISPs to monetize the knowledge of their subscribers traffic packets, and even moreso to modify them without the subscriber opting in for some reason". But then there was the Snowden era. Now after the public failed to take an effective stand against the NSA with Snowden, I get the feeling the ISPs feel pretty comfortable feeling like they can do basically whatever they please (in truth, whatever they please that the NSA doesn't have any problems with. And that clarifier is a real big part of the complicated problem).

Oh well... times and tech change and they will continue to do so.

http://apps.fcc.gov/ecfs/document/view?id=7522219498
http://cloudsession.com/dawg/downloads/misc/kag-draft-k121024.pdf
https://www.wired.com/2013/07/google-neutrality/
http://arstechnica.com/information-technology/2013/10/google-fiber-now-explicitly-permits-home-servers
https://lwn.net/Articles/658006/
Their lax security and always-connected status makes the devices easy to remotely commandeer by people who turn them into digital cannons that spray the Internet with shrapnel.
I saw Frontline's "2016: The Choice" documentary explain Trump's "truthful hyperbole". I'm pretty sure using the word shrapnel here qualifies. There would be no schrapnel cannons or lethal massively distributed water pistol arrays to be afraid of if ISPs notified subscribers with misbehaving devices and required the subscriber to explain how they fixed the defective harmful device before allowing it to be reconnected to the network. This in turn would force the crappy device manufacturers to face some very unhappy customers, and this is how capitalism is supposed to resolve this problem, IMO.

home servers matter i think

Posted Sep 29, 2016 9:11 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (2 responses)

You really have some strange and unhealthy fixation on ToS of ISPs....

home servers matter i think

Posted Sep 29, 2016 19:33 UTC (Thu) by Garak (guest, #99377) [Link]

I like to consider it as being ahead of my time. I'll admit that history has plenty of examples where such truly did equate to 'unhealthy'. Of course not all of them are situations where people's retrospective view of the health detriments outweighs their retrospective view of the fixation benefits.

Cyberax- I'm a visionary. We both understand that you don't see what I see. Please leave me be, and don't make such comments in the future.

home servers matter i think

Posted Sep 29, 2016 19:59 UTC (Thu) by Garak (guest, #99377) [Link]

and hell, just for fun, if people really want to psychoanalyze me, I'll offer a few suggestions on how to characterize my fixations-

1) ToS - let's generalize it and call it a fixation on Ferengi Print. Shrink Wrap Licensing, etc.

2) Net Neutrality. Psychology-wise, I did go through a doozy of a phase in my late teens and early twenties as a fan of Ayn Rand's Atlas Shrugged. Railroads, Common Carrier, all the rest.

3) Free Speech. To me Free Speech is Spiritual. I mean that in all the best and worst ways of all religions throughout all of history. If I could somehow remove this feature from my psychology, I'd be tempted at least.

4) Cannabis. From personal usage, to the history of persecution.

5) Racism/Sexism. Probably would have been listed earlier if I wasn't a white male in the U.S.

6) Forking. I think just as with Free Speech, the way to counter the detriments of Bad Forks, is to just have so much forking that enough Good Forks come about that people don't find they have the time to care or whine about the Bad Forks.

7) There are probably more.

Security quotes of the week

Posted Oct 6, 2016 4:57 UTC (Thu) by ssmith32 (subscriber, #72404) [Link] (1 responses)

RE: malware & VM detection.
The late 90s & early 2000s called, and want their malware & security blog back :P
Seriously? Word macros? Textbook malware, as in, mostly found in a textbook?

Word exploits had moved to DOM parsing errors and shellcode from macros, the last time I reversed anything, and that was years ago...

And most vm detections routines are more interesting.. looking for vm-specific file, timing, the good ol' sidt trick... and on.

I have a rather cynical, low opinion of av software, and the entire industry that surrounds, but even I concede they have all move passed sigs. No one does just that anymore, afaik...

But it has been a looong time, as I said. I could be wrong.

Security quotes of the week

Posted Oct 6, 2016 12:08 UTC (Thu) by sourcejedi (guest, #45153) [Link]

Sadly for the world, your information is out of date

"But the DEFAULT was SECURE. That's why macro viruses disappeared. Later versions of Office added the stupid enable button."

See screenshot


Copyright © 2016, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds