Re: [funsec] the heart of the problem [was: RE: mac trojan in-the-wild]

[yiri <yirimyah () gmail com>]

I would have thought this was obvious, but your analogy is critically shit.
We don't "choose" to be exploitable. Or if we do, we don't have another
viable choice.

We're professional software developers. We have to make software, otherwise
we get hungry and they shut off the power.
That said, we don't have the option of making our software unexploitable,
because we have things called contracts and budgets and at the end of the
day, it's not efficent to fix holes before release, because nobody's going
to find all the flaws that you release the software with.

Your idea has a very limited potential userbase, because not having such
things as cookies and personal files adds a lot of work and makes the people
who use our software less efficent, which makes us poor. You might suggest
that we store such data off-system (say, on a centralised storage system,
online or on personal USB keys) but USB keys would make it much easier to
steal information and with each of those 'fixes' you just force the attacker
to move their attacks to programs that are stored on the writable disk.

That being said, I've used systems which restore all their settings at the
start of each day. They're most commonly used in public libraries,
highschools and universities, where customization is inappropriate to start
with.

Yirimyah

On 11/2/07, Drsolly <drsollyp () drsolly com> wrote:
> > Things are in fact FUBAR. We need new ideas and new solutions as
> honestly,
> > although we want to feel we make a difference by taking care of this or
> > that malware or this and that C&C we are powerless and have not made a
> > real difference in the past 6 years while things got worse.
> >
> > We need new solutions and new ideas, and would be more than happy to
> have
> > new people exploring operational security.
>
> My new idea is a computer that cannot have new software installed on it by
> the user, or by someone logging in as root, or in any other way, other
> than by physical replacement of the OS medium.
>
> My first proposal was Grannyx, which I proposed a couple of years ago. No
> work has been done on this, because none of the people who think it's a
> good idea, have the time to make it happen. The OS is on a CD Rom, and the
> medium on which data is stored, is unable to run software.
>
> > The current state of Internet security is you get slapped -- BAM! -- and
> > you write an analysis about it. (when speaking at ISOI I actually
> slapped
> > myself -- HARD -- when I said it on stage, not a good idea for future
> > reference).
>
> A better analogy might be "you see someone else being tapped gently on the
> wrist", which explains why no-one does much to stop it happening in
> future.
>
> > Well, we can't choose the risks. They choose us. Sometimes they are
> cool,
> > sometimes they're not.
>
> Well, we can choose the risks, actually. Having chosen the risk, you can't
> choose the outcome. But we do choose the risks.
>
> For example, I climbed a tree yesterday. The outcome was good (it might
> not have been), but *I* chose the risk.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/