Path: ...!weretis.net!feeder9.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail From: "Edward Rawde" Newsgroups: sci.electronics.design Subject: Re: Win11 explorer bug? Date: Thu, 12 Dec 2024 20:21:01 -0500 Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com) Lines: 151 Message-ID: References: <13vgljdqp79a2onuijph2om08fk99u2fdm@4ax.com> Injection-Date: Fri, 13 Dec 2024 01:21:02 -0000 (UTC) Injection-Info: nnrp.usenet.blueworldhosting.com; logging-data="44567"; mail-complaints-to="usenet@blueworldhosting.com" Cancel-Lock: sha1:32P7eJupsRaydi9GSpqMFww4wIs= sha256:VE9m9JC8vj/a0JqUo/UMcQzEK2McFXob1ayZO3P+zMs= sha1:XfN0dB+nYVPeqvnLUlZNmdWh6SQ= sha256:EMl0Bs/+aRY4R2DJXsLlvPf5iCRHoalPK1CX8tRiw4k= X-Priority: 3 X-RFC2646: Format=Flowed; Response X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 Bytes: 8753 "Don Y" wrote in message news:vjfvvb$310fn$1@dont-email.me... > On 12/12/2024 4:36 PM, Edward Rawde wrote: >>> Most users have banal needs for a firewall. If running Windows hosts, >>> then the filter in the host is even finer-grained than a filter in >>> an external firewall (as the host-based filter can be tailored >>> to specific applications). >> >> The host based filter is worthless if the user is administrator (like most Windows users are) because malware can >> configure/disable >> the firewall as it likes. > > It's not going to suddenly decide that, e.g., PhotoShop needs access to > the internet! > >>>> I don't permit outbound connections to a long list of countries. >>> >>> You're thinking two-dimensionally. Your *neighbor*'s PC can be acting as >>> a C&C node for a foreign actor. Just like the camera INSIDE your "perimeter >>> defenses" (WELCOMED in!) can act on behalf of some other agency. >>> >>> IP filtering doesn't buy you any real protection. >> >> It does if you watch the logs for anything unusual. > > Do you have more than one host? Printer? etc. How many thousands of > connections are you going to examine every day? Automatic (python scripts in my case) examination of successful connections (ignoring anything blocked) takes a few seconds per day so that I can easily see anything out of the ordinary. Connection between anything on my network and another nearby IP on the same (or not far away) ISP would have been obvious. > > Windows machines typically run a whole slew of protocols, many of which > have dubious GENERAL value. Yet, disable one and you may find you've > shutdown CIFS support. Or, network discovery protocols. Or... > >> A connection to a neighbor IP address would be obvious to me and I'd likely block it to see if anything legitimate breaks. > > So, you work for your computer! Most folks want their computers to work > for THEM! See above. > >> Just like I watch who goes in and out of my house and who I give keys to. >> Imagine owning a house where you can't tell who comes and goes or who has keys. > > Knowing who has keys tells you ONLY who has keys. It tells you nothing > of whether they are using them, have given them to someone else to use, etc. > > Do you really spend your waking hours watching all the lockable doors on > your property? AND, connections to your computer(s)? See above. Security personnel are generally trained to watch for anything unusual. Knowing whether a complete stranger has entered your house is all that's needed. It is of course best that they stay locked out. > >> That's how it is for most people online and they aren't interested in knowing more, except perhaps briefly after the ransomware >> cleanup. > > A simpler solution is simply not to have anything "stealable" on a machine > that can be compromised. A better solution is not to get anything compromised. > > If you could commandeer THIS machine, remotely, you could look to see > who I correspond with. And, what I've downloaded, recently. > > And, that's about it! > > If you manage to install malware, then you could use it as a C&C node to > manipulate other machines -- machines that I don't own (because the only > other thing on this network is a printer and the modem). > > And, at the next semi-annual review, I will discover your malware > and remove it -- along with taking steps to protect against reinfection > (e.g., install the custom boot loader that I have on the laptop that > wipes the OS each time I boot) I wouldn't want to use a laptop which wipes the OS each time I boot. > >>>>> I "hide" my file server behind a particular "knock sequence" that is >>>>> only known to folks who should need access to it. Trying to probe >>>>> the IP address gets you no information -- it looks like there isn't >>>>> a machine AT that IP address. >>>> >>>> I don't see any additional value in this provided the file server is restricted to specific IP addresses or networks and the >>>> connection is secure. >>> >>> Knowing that a server exists is information. (esp if your AUP >>> prohibits them! :> ) Knowing that there is sitting >>> at an IP invites probes. >> >> Knowing that there's a house there is information. > > Who said there is a house? :> Who says it is (physically) *here*? > >> Or in the country I'm from, knowing that there's a castle there is information but if it's surrounded by a moat then good luck >> getting in unseen. > > What difference if you can still get in and inflict whatever damage? > Imagine trying to get OUT in the event of a fire... when the drawbridge > mechanism fails? > >> Violation of the access protocol could get you an arrow or cannon ball up your somewhere in the past. >> >>> An address that never reacts to your actions is uninteresting. >>> And, unless you can snoop the actual traffic, you can't know that >>> the address is actually actively moving data! >> >> In many cases you can infer. 1.2.3.0/24 and if you know 1.2.3.20 is active then the rest are likely doing someting potentially >> interesting. > > I have ~70 hosts in my office. Yet, you'd be hard pressed to see more > than one or two (despite not deliberately trying to "hide") simply > because they are never ALL powered up (yet each needs a distinct > IP so I can power up any subset of them). > > The advantage of an "internal agent" (like a pwn plug) is that it > can run 24/7/365 and patiently collect data from its observations. > >>> Several decades ago, a "transformer" was installed on such a pole >>> (why was it SUDDENLY needed, there?) outside from a business that >>> sold "growing supplies" to folks who were suspected of being marijuana >>> growers. >>> >>> The joke was that the transformer had NO wires (primary or secondary) >>> attached to it. And, a large, rectangular region that resembled a >>> "window" -- on the side facing the business. >>> >>> "Gee, wanna bet that's a (really poorly disguised) camera??" :> >> >> It must have been powered by something, even if everything else was wireless. > > A large battery. The voltage present on the pole is ~11KV (14KV?) or more. > Silly to design a surveillance device that has to accept those high voltages > for power when you have all that volume to use for an energy store! > > (You can always come back to visit it a month later to replace the battery > and retrieve the stored video footage!) A camera system which requires me to go up a ladder to change the large battery and retrieve the footage doesn't sound like fun to me. > >