|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: what if you cannot trust jne
Henry J. Escobar (escobar
ESM.COM)
Tue, 28 Sep 1999 22:30:21 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: AS: "Any Protection against the Phrack 55-5 hack ?"
- Previous message: Peter da Silva: "Re: Alert: Microsoft Security Bulletin (MS99-038) - Source Routing Pa tch"
- In reply to: Bill Stout: "Re: Alert: Microsoft Security Bulletin (MS99-038) - Source Routin g Pa tch"
All:
Well one day I will learn to keep my big mouth shut...
If I remember from my Operating System Courses, a user is defined as
someone or something that interacts with (or uses) the operating system. It
doesn't matter if it has a conscience mind or not.
What is to stop a Trojan horse/virus/worm/etc from doing a low level edit
of the NAV (which I believe is the point of the original posting)? Is there
any cryptographic checking for this (such as a checksum i.e. like what
tripwire does for Unix platforms)?
Any decent programmer can write code to change the binary data without a
Hex editor.
Remember that the application will be running in the content of the user,
and will run with the same rights and privileges as that human user.
Having Symantec state "It's not our problem to protect from the keyboard"
is a valid statement. I have physical access to the machine, I can do what
I want. It may take a little work to get a bootable floppy that can read
NTFS (and IGNORE file permissions), but I'm sure one exists (let me know if
you know of one!). It is an anti-virus solution's problem to protect
against any virus, and a virus can remove/modify/replace any of the
anti-virus products out there just as it can with any other file on the
system (file permissions will naturally help!).
In "Henry's Perfect World" tm. any highly trusted and critical piece of
software should include:
1) The ability to set the file permissions extremely stringent on themselves.
2) Integrity checking, via a cryptographic checksum, with the correct data
existing on a Read Only device. I.e a read only network drive (corporate
environment) or a floppy with write protect enabled (individual/paranoid).
3) Everyone would remember the Security Mantra: "Don't trust anyone or
anything." Who knows if they are not trustworthy (or do a bad job...), or
if they get hacked, and serve as an attack point against YOU.
As a side note: I can't wait till someone hacks or spoofs Microsoft's
"Windows Update" feature... (Yes, I know about certificates, and how they
work.)
4) Security is layers, and anti-virus s/w is just one. Peel one away, there
should be another. Just like an onion.
5) Every product should come with a "I'm super super paranoid mode" that is
annoyingly secure. :-)
Just my three cents.
________________________________________________
Henry J. Escobar
Systems Administrator
ESM Services, Inc.
email: escobaresm.com
Disclaimer: All options and statements made above belong solely to Henry J.
Escobar, and do not necessary reflect those of his employer ESM Services,
or any client of ESM Services.
- application/pgp-signature attachment: stored
- Next message: AS: "Any Protection against the Phrack 55-5 hack ?"
- Previous message: Peter da Silva: "Re: Alert: Microsoft Security Bulletin (MS99-038) - Source Routing Pa tch"
- In reply to: Bill Stout: "Re: Alert: Microsoft Security Bulletin (MS99-038) - Source Routin g Pa tch"
This archive was generated by hypermail 2.0b3 on Fri Oct 01 1999 - 12:37:42 CDT