Article <vjg25u$1bgn$1@nnrp.usenet.blueworldhosting.com>

Deutsch English Français Italiano
<vjg25u$1bgn$1@nnrp.usenet.blueworldhosting.com>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!weretis.net!feeder9.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail
From: "Edward Rawde" <invalid@invalid.invalid>
Newsgroups: sci.electronics.design
Subject: Re: Win11 explorer bug?
Date: Thu, 12 Dec 2024 20:21:01 -0500
Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com)
Lines: 151
Message-ID: <vjg25u$1bgn$1@nnrp.usenet.blueworldhosting.com>
References: <qieclj5ca2dsc2fnpufpg51fn7qt0u2peh@4ax.com> <vj6im4$cf7f$1@dont-email.me> <dcselj96kvngr6gid7mje3phabj2sp876t@4ax.com> <vj91de$t4hr$2@dont-email.me> <jcoglj5c0cmprqek68tah1euht1amhu9ko@4ax.com> <vj9q8g$11i0t$2@dont-email.me> <13vgljdqp79a2onuijph2om08fk99u2fdm@4ax.com> <vjablv$14se5$1@dont-email.me> <addhljp8i0d5t42lavnd37a8e883ijhsqt@4ax.com> <vjaeii$14se5$2@dont-email.me> <gquhljd83745shtckfjgtd5u6iphkprprc@4ax.com> <vjblle$1fd6a$1@dont-email.me> <gsnjljdvnhu7m25ops26ek9lvca5eqvk2n@4ax.com> <vjec62$22pn8$1@dont-email.me> <vjefoe$23fh4$1@dont-email.me> <uj2r2lxum3.ln2@Telcontar.valinor> <vjennd$24vi6$1@dont-email.me> <vjeu9v$1k7v$1@nnrp.usenet.blueworldhosting.com> <vjf6rs$2rvlf$1@dont-email.me> <vjfdof$1d8$1@nnrp.usenet.blueworldhosting.com> <vjfg9k$2tnfq$1@dont-email.me> <vjfhrg$saj$1@nnrp.usenet.blueworldhosting.com> <vjfjul$2ufi0$1@dont-email.me> <vjfs1g$1iam$1@nnrp.usenet.blueworldhosting.com> <vjfvvb$310fn$1@dont-email.me>
Injection-Date: Fri, 13 Dec 2024 01:21:02 -0000 (UTC)
Injection-Info: nnrp.usenet.blueworldhosting.com;
	logging-data="44567"; mail-complaints-to="usenet@blueworldhosting.com"
Cancel-Lock: sha1:32P7eJupsRaydi9GSpqMFww4wIs= sha256:VE9m9JC8vj/a0JqUo/UMcQzEK2McFXob1ayZO3P+zMs=
	sha1:XfN0dB+nYVPeqvnLUlZNmdWh6SQ= sha256:EMl0Bs/+aRY4R2DJXsLlvPf5iCRHoalPK1CX8tRiw4k=
X-Priority: 3
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5931
Bytes: 8753

"Don Y" <blockedofcourse@foo.invalid> wrote in message news:vjfvvb$310fn$1@dont-email.me...
> On 12/12/2024 4:36 PM, Edward Rawde wrote:
>>> Most users have banal needs for a firewall.  If running Windows hosts,
>>> then the filter in the host is even finer-grained than a filter in
>>> an external firewall (as the host-based filter can be tailored
>>> to specific applications).
>>
>> The host based filter is worthless if the user is administrator (like most Windows users are) because malware can 
>> configure/disable
>> the firewall as it likes.
>
> It's not going to suddenly decide that, e.g., PhotoShop needs access to
> the internet!
>
>>>> I don't permit outbound connections to a long list of countries.
>>>
>>> You're thinking two-dimensionally.  Your *neighbor*'s PC can be acting as
>>> a C&C node for a foreign actor.  Just like the camera INSIDE your "perimeter
>>> defenses" (WELCOMED in!) can act on behalf of some other agency.
>>>
>>> IP filtering doesn't buy you any real protection.
>>
>> It does if you watch the logs for anything unusual.
>
> Do you have more than one host?  Printer?  etc.  How many thousands of
> connections are you going to examine every day?

Automatic (python scripts in my case) examination of successful connections (ignoring anything blocked) takes a few seconds per day 
so that I can easily see anything out of the ordinary. Connection between anything on my network and another nearby IP on the same 
(or not far away) ISP would have been obvious.

>
> Windows machines typically run a whole slew of protocols, many of which
> have dubious GENERAL value.  Yet, disable one and you may find you've
> shutdown CIFS support.  Or, network discovery protocols.  Or...
>
>> A connection to a neighbor IP address would be obvious to me and I'd likely block it to see if anything legitimate breaks.
>
> So, you work for your computer!  Most folks want their computers to work
> for THEM!

See above.

>
>> Just like I watch who goes in and out of my house and who I give keys to.
>> Imagine owning a house where you can't tell who comes and goes or who has keys.
>
> Knowing who has keys tells you ONLY who has keys.  It tells you nothing
> of whether they are using them, have given them to someone else to use, etc.
>
> Do you really spend your waking hours watching all the lockable doors on
> your property?  AND, connections to your computer(s)?

See above. Security personnel are generally trained to watch for anything unusual.
Knowing whether a complete stranger has entered your house is all that's needed.
It is of course best that they stay locked out.

>
>> That's how it is for most people online and they aren't interested in knowing more, except perhaps briefly after the ransomware
>> cleanup.
>
> A simpler solution is simply not to have anything "stealable" on a machine
> that can be compromised.

A better solution is not to get anything compromised.

>
> If you could commandeer THIS machine, remotely, you could look to see
> who I correspond with.  And, what I've downloaded, recently.
>
> And, that's about it!
>
> If you manage to install malware, then you could use it as a C&C node to
> manipulate other machines -- machines that I don't own (because the only
> other thing on this network is a printer and the modem).
>
> And, at the next semi-annual review, I will discover your malware
> and remove it -- along with taking steps to protect against reinfection
> (e.g., install the custom boot loader that I have on the laptop that
> wipes the OS each time I boot)

I wouldn't want to use a laptop which wipes the OS each time I boot.

>
>>>>> I "hide" my file server behind a particular "knock sequence" that is
>>>>> only known to folks who should need access to it.  Trying to probe
>>>>> the IP address gets you no information -- it looks like there isn't
>>>>> a machine AT that IP address.
>>>>
>>>> I don't see any additional value in this provided the file server is restricted to specific IP addresses or networks and the
>>>> connection is secure.
>>>
>>> Knowing that a server exists is information.  (esp if your AUP
>>> prohibits them!  :> )  Knowing that there is <something> sitting
>>> at an IP invites probes.
>>
>> Knowing that there's a house there is information.
>
> Who said there is a house?  :>  Who says it is (physically) *here*?
>
>> Or in the country I'm from, knowing that there's a castle there is information but if it's surrounded by a moat then good luck
>> getting in unseen.
>
> What difference if you can still get in and inflict whatever damage?
> Imagine trying to get OUT in the event of a fire... when the drawbridge
> mechanism fails?
>
>> Violation of the access protocol could get you an arrow or cannon ball up your somewhere in the past.
>>
>>> An address that never reacts to your actions is uninteresting.
>>> And, unless you can snoop the actual traffic, you can't know that
>>> the address is actually actively moving data!
>>
>> In many cases you can infer. 1.2.3.0/24 and if you know 1.2.3.20 is active then the rest are likely doing someting potentially
>> interesting.
>
> I have ~70 hosts in my office.  Yet, you'd be hard pressed to see more
> than one or two (despite not deliberately trying to "hide") simply
> because they are never ALL powered up (yet each needs a distinct
> IP so I can power up any subset of them).
>
> The advantage of an "internal agent" (like a pwn plug) is that it
> can run 24/7/365 and patiently collect data from its observations.
>
>>> Several decades ago, a "transformer" was installed on such a pole
>>> (why was it SUDDENLY needed, there?) outside from a business that
>>> sold "growing supplies" to folks who were suspected of being marijuana
>>> growers.
>>>
>>> The joke was that the transformer had NO wires (primary or secondary)
>>> attached to it.  And, a large, rectangular region that resembled a
>>> "window" -- on the side facing the business.
>>>
>>> "Gee, wanna bet that's a (really poorly disguised) camera??"  :>
>>
>> It must have been powered by something, even if everything else was wireless.
>
> A large battery.  The voltage present on the pole is ~11KV (14KV?) or more.
> Silly to design a surveillance device that has to accept those high voltages
> for power when you have all that volume to use for an energy store!
>
> (You can always come back to visit it a month later to replace the battery
> and retrieve the stored video footage!)

A camera system which requires me to go up a ladder to change the large battery and retrieve the footage doesn't sound like fun to 
me.

>
>