Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Don Y Newsgroups: sci.electronics.design Subject: Re: German state gov. dicthing Windows for Linux, 30k workers migrating. Date: Sun, 7 Apr 2024 12:55:40 -0700 Organization: A noiseless patient Spider Lines: 97 Message-ID: References: <5qb31j9c2ia9a6h2fr50onqa2vp4d4bsfm@4ax.com> <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com> <1qrnmxu.99joma1j6s84iN%liz@poppyrecords.invalid.invalid> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sun, 07 Apr 2024 19:55:45 +0200 (CEST) Injection-Info: dont-email.me; posting-host="7b2fe21eb6b5d2d7a7be57c86afff5a8"; logging-data="3133769"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18qLPB0CQtEXcvPkSoxUmGw" User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Cancel-Lock: sha1:852Fxphr+XbpRXmxuh0ihih7BVo= Content-Language: en-US In-Reply-To: <1qrnmxu.99joma1j6s84iN%liz@poppyrecords.invalid.invalid> Bytes: 6328 On 4/7/2024 9:35 AM, Liz Tuddenham wrote: > There are two extreme approaches to security: > > 1) Put a major effort into designing a universal high-security system > that can be sold worldwide to cover its development costs. That assumes you want to DIRECTLY recover its development costs. E.g., the military thinks of "recovering" costs by avoiding future LOSSES. The same can apply to many other industries. > 2) Have every small operator design their own system, which is > reasonably secure but may not be foolproof. Define "reasonably secure". Given that most "small operators" lack the technical skills to undertake such an effort, they will end up piecing together a system using bits of a relatively few number of "available" (free or otherwise) systems -- the security of each of those being relatively unknown. And, again a result of lack of knowledge, they will likely not understand the risks that those systems bring to their applications/deployments. Developers often treat security as window dressing so tend not to design truly secure devices/appliances; yet want to convince themselves that they've addressed those needs ("I put a lock on the front door to my house so I'm now secure!") Adversaries, OTOH, can accumulate lists of exploits and their associated targets. Then, fingerprint systems of interest to get a reasonably good idea of which vulnerabilities might apply. ("The center stile in some windows can be removed with a single screw thereby allowing the window to be removed from its frame and providing a person-sized opening into the house") All this from the comfort and (legal?) safety of some remote location. > The first option is the one which most people and businesses take, but > it results in a prize that every hacker feels is worth breaking because > of the results it will yield. Sooner or later someone will find a > weakness and exploit it. A major update is then required. > > The second option is theoretically weaker, so very few major players > would consider it, but it would take a lot of time and effort to hack > into the pecularities of each individual system and simply wouldn't be > worthwhile if it only results in a tiny yield. Small changes to the > system can be made easily and will involve the hacker in an inordinately > large amount of work for small returns. That's the fallacy. It costs relatively little to probe (and fingerprint) every accessible IP. Then, throw a set of exploits *already* deemed LIKELY to compromise such a system at it and note the results. The process can be automated (and likely would be given the sheer number of potential targets!) [A colleague always thought he was "safe" because he ran an out-facing Solaris/SPARC host. No, just because so few people do so doesn't mean the known exploits for such hosts are no longer available to the hacker!] Because there are so few truly different systems "out there", the likely locations (in the permanent store) of any "goodies" are known or easily identified -- because the SYSTEM has to know where these things have been placed! As damn near ALL of these "systems" are available to an adversary to probe and explore "offline", he's already figured out how he's going to get what he needs -- unlike trying to break into some proprietary system that he's no first-hand prior experience "observing". I.e., give me a VALID login for some "institution" and I'll have to poke around to figure what MIGHT be accessible, then where/how. Point me at a Windows/Linux/OSX/BSD host and I'll already have a headstart! With the proliferation of appliances with none/poor/laughable security, your system is no longer the sole attack surface. Each of these appliances can be attacked, compromised and then used as a beachhead to poke at your other system(s) -- as it is now "inside" your peripheral defenses! As they all want to have their software updatable ("to keep current with the latest security fixes" -- really? exploits are announced every month; how often do you push updates to your appliances??), they are all routable and EXPECTED to access the outside world. So, open a connection to a WAITING hacker on the outside and let him serve as C&C while you (the appliance) are the dutiful soldier behind enemy lines... How many devices in your home/organization are "undocumented" (i.e., effectively black boxes)? Can you speak to the levels of their security? Ever have a friend bring their phone/laptop to your home and connect to the internet using your connection? Are you sure his device wasn't also probing your hosts -- without HIS knowledge? Consider the number of "complimentary wifi" APs that most phone users eagerly connect with. Are they sure there have been no exploits hosted behind those APs? Can you enumerate all of the potential security vulnerabilities that you *have*? Today? Tomorrow??