×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

blueg3 Re:You are a bit over a decade out of date (129 comments)

With respect, you are the one that came in with the childish "my platform is better than yours because your root can do anything" bullshit, so if you can't take a rebuttal then don't try to start such an argument.

No. You're completely imaging--synthesizing--that Windows is "my platform" because Secure Boot was mentioned. The whole argument of signing kernels, root compromising the kernel with modifying the disk, etc. is just as true in Windows as in Linux. You just change the jargon. It's absolutely the same system.

Incidentally, by the nature of my work, I have all kinds of different operating systems. Most serious work gets done on Linux, or, occasionally, OS X, because I can't stand MinGW / Cygwin and command-line is faster. I also don't have a Windows system that actually supports UEFI Secure Boot.

2 days ago
top

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

blueg3 Re:You write of reading comprehension, yet ... (129 comments)

Just because you reject a simple solution in favour of complex one

Your simple solution is simple but unusable.
Signing binaries is not complex.
The UEFI Secure Boot implementation used by Microsoft is not the only way to implement Secure Boot.

2 days ago
top

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

blueg3 Re:Separate firewall box blocking traffic (129 comments)

When attacks can hop airgaps through things like USB devices, the solution "airgap more" sounds a little desparate.

2 days ago
top

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

blueg3 Re:You are a bit over a decade out of date (129 comments)

So, most of that post was illegible anti-MS "I imagine everyone who disagrees with me is a fanboy" twisted worldview shit and is largely unreadable. I don't particularly agree with MS's Secure Boot approach, and you manage to point out why in the one coherent sentence at the beginning:

As distinct from the complex web of trust described above where all it takes is yet another leaked key to break into it and render all that TPM stuff irrelevant

Preshipping kernel-signing keys in TPMs and making it tricky to modify the trusted-signing-key list is a dangerous approach they've taken, for this reason. The benefit is that they can get people to actually use it. You can't get many people to use any feature that requires actual configuration. But key revocation is nearly impossible to get right in userland, so there's no way it'll work in a TPM -- a compromised signing key has carte blanche.

Incidentally, as far as I know, the TPM Secure Boot implementation doesn't use web-of-trust, it uses a typical PKI hierarchy.

Somebody clicking on a link in an Outlook message is all it takes to open up Internet Explorer to run whatever it finds in an "asp" script on a hacked MS webserver and next thing you've got files on network shares encrypted and some criminal demanding money - all before the MS or any other antivirus gets a chance to block it.

Secure Boot doesn't do anything to address user-space exploitation. It's not supposed to. That's a more serious problem for most users, yes, but different solutions are for different problems.

Incidentally, with a non-compromised kernel, an antivirus can, if it wants to, block anything before it executes. They hook system calls. They strictly get to operate before any change to the system occurs. In practice, this is often not done (which is why they're not very good), because characterizing "evil behavior" is hard, hooking all system calls is expensive, and people uninstall things that slow down their machine.

You can even, if you want, enforce that every executable memory page on your entire system have a SHA-2 hash that matches the hash for a page from the corresponding signed binary, so that you have no tampered executable memory pages on your whole system. The kernel will gladly do that if you implement it. You can even whitelist individual binaries (by hash+signature, no less), so that untrusted-but-signed binaries can't run either. It's been implemented on a Linux system, years ago. This approach does ruin Javascript, since it's JIT-compiled, but that's probably for the best.

2 days ago
top

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

blueg3 Re:You write of reading comprehension, yet ... (129 comments)

I'm not cheering MS. UEFI Secure Boot is just MS strongarming people into actually adopting something that's been widely researched for a while now. People have had research-grade implementations of secure-boot for Linux for some time now. Hell, it was probably five years ago that there was a proof-of-concept implementation of a signed full stack on Linux that did remote attestation (so that a server could prove to a user that its software stack was untampered).

Otherwise, you're being deliberately obtuse in order to argue on the Internet.

The "reading comprehension" comment was in response to this:

what? you have given us no useful information. you talk of root escalation but don't even discuss how it could be done.

I said exactly what had to be done. It's simple. It does take writing to disk. I assume the anon is you, by the way, turning on the anonymous box in order to be a dick. Good job.

Read-only media plus turning off module loading is a solution to preventing adversaries from modifying the kernel, yes (provided you turn off some other kernel features also, and that your kernel has no exploitable bugs). Just "no module loading" is not a replacement for secure boot. It's a different thing. Read-only media is arguably a replacement for secure boot. You'll notice that not many people actually use booting from read-only media, and the reason for that is that it's terribly inconvenient. (It's particularly inconvenient to securely update the kernel without throwing away the read-only security benefit.) Signed kernels is a lot like that, except hey, you get to store your kernel on a normal disk, like most Linux distros expect you to do.

2 days ago
top

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

blueg3 Re: You are a bit over a decade out of date (129 comments)

Christ, use a little reading comprehension.

Consider that in Linux, root is able to modify the kernel binary. So privilege escalation from root to kernel requires only a reboot and writes to disk.

1. Be root.
2. Use disk writes to modify the kernel binary.
3. Reboot

There are fancy ways to accomplish (2), but a suitable proof-of-concept is to completely overwrite the existing kernel binary (on disk) with a new one compiled by the attacker. That should make it obvious that the attacker gets to completely control what is in the kernel.

2 days ago
top

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

blueg3 Re:You are a bit over a decade out of date (129 comments)

Those solve different problems. Turning off the ability to load modules is an alternative to signing kernel modules. Secure boot is about, at boot time, validating that the kernel has not been modified before loading it.

Consider that in Linux, root is able to modify the kernel binary. So privilege escalation from root to kernel requires only a reboot and writes to disk.

3 days ago
top

Apple To Donate Profit Portion From Black Friday For AIDS Fight

blueg3 Re:AIDS is bad (102 comments)

Please don't respond and give your "totally sound" reasons for shopping on black Friday, you're mistaken.

Our friendly local gaming store is running game demos (and unstructured try-before-you-buy) and giving out coffee Friday morning. The owner encouraged us to come by.

What am I mistaken about?

3 days ago
top

Apple Disables Trim Support On 3rd Party SSDs In OS X

blueg3 Re:Summary is misleading, you can work around (327 comments)

The article paints this as a huge security issue, but why?

Because loading kernel extensions is one of the easiest ways of turning a user-mode code-execution exploit into a kernel-mode code-execution exploit. Those are serious business.

People like to treat exploits in a vacuum and handwave around the other components of a full-stack exploit. Vulnerability in Safari that enables an attacker to make you silently download and run a native executable? No problem, it's only running in user mode. Vulnerability in system configuration that enables loading of unsigned kexts? No problem, just don't download anything that's obviously bad. Wait...

about two weeks ago
top

Internet Voting Hack Alters PDF Ballots In Transmission

blueg3 Re:Umm, encryption? (148 comments)

No and no. There are other problems with end-to-end encryption, but you have not identified any of them.

about two weeks ago
top

Internet Voting Hack Alters PDF Ballots In Transmission

blueg3 Re:TLbhtlhblthttt. (148 comments)

2. covertly install functioning hacked firmware on the wireless routers of a significant percentage of the citizenry

That's already been done in the real world. It looks like it was done on a budget that's trivial compared to the value of modifying votes.

about two weeks ago
top

Philae Lands Successfully On Comet

blueg3 Re:sloppy wording (188 comments)

It doesn't say "gravitational field". It says "[t]he comet's local gravity".

I'll have you know that acceleration, like gravitational field, is also a vector quantity.

about two weeks ago
top

New Atomic Clock Reaches the Boundaries of Timekeeping

blueg3 Re:"More precise than any clock before" (249 comments)

If time is a human construct...

It's not.

...[if] two identical clocks can't remain synchronized with each other, can they really be said to be precise at all?

Yes, because the fact that they can't remain synchronized is a result of the actual behavior of time and space. Both clocks are being perfectly accurate (and precise) -- so accurate and precise that they are measuring effects that would make *any* two clocks drift apart.

about three weeks ago
top

Researchers At Brown University Shattered a Quantum Wave Function

blueg3 Actual abstract (150 comments)

"An electron in liquid helium forces open a cavity referred as an electron bubble. These objects have been studied in many past experiments. It has been discovered that under certain conditions other negatively charged objects can be produced but the nature of these “exotic ions” is not understood. We have made a series of experiments to measure the mobility of these objects, and have detected at least 18 ions with different mobility. We also find strong evidence that in addition to these objects there are ions present which have a continuous distribution of mobility. We then describe experiments in which we attempt to produce exotic ions by optically exciting an electron bubble to a higher energy quantum state. To within the sensitivity of the experiment, we have not been able to detect any exotic ions produced as a result of this process. We discuss three possible explanations for the exotic ions, namely impurities, negative helium ions, and fission of the electron wave function. Each of these explanations has difficulties but as far as we can see, of the three, fission is the only plausible explanation of the results which have been obtained."

Research group website
Non-paywalled copy of paper

TLDR: This research group studies exotic electron effects in superfluid helium. They see a particular effect that is not currently explained. There are a few possible explanations, and they argue that a particular one is probably true.

Inaccurate "news" articles ensue.

(The physics is subtle enough that, despite reading the abstract and bits of the paper, I would not venture to try to summarize it. You can smell a mile away, though, that this article is poor understanding mixed with hyperbole. The specific flavor is, "Quantum Mechanics is Philosophical Magic".)

about a month ago
top

Black Swan Author: Genetically Modified Organisms Risk Global Ruin

blueg3 Re:Nonsense. Again. (432 comments)

requires massive amounts of pesticides to live

Since when is this true of any organism?

because your dog Sniffles is actually the product of genesplicing of a dog and fish genes

At the breeding level, no, your dog is the product of many generations of selective inbreeding, to the point that most purebred dogs have serious genetic defects and health problems. But your dog does undoubtedly have quite a bit of DNA from other species. Retroviruses are helpful like that.

about 1 month ago
top

Soda Pop Damages Your Cells' Telomeres

blueg3 Re:'Regardless of... income and education level' ? (422 comments)

They generally don't know that it's an organic process without controlling for those factors. You can't shove a microscope up someone's ass and just observe why a particular diet is having a particular effect.

Remember how people always like to harp on how correlation is not causation? Well, it's said too often and too zealously, but it's still true. One of the most important lessons is that you need to control for confounding factors, or the effect you observe could simply be a correlation. It's very, very hard to control for the entire set of a human's behavior, though -- which is what you'd want to do in a classic, traditional experiment.

There are a handful of confounding factors that are constantly problems -- they correlate with tons of things. Any good study about humans will control for them. Income and education level are two of them. So you will always see a paper controlling for these and, if they find an interesting effect, you will see a statement about how the effect is independent of income and education level -- because if that wasn't true, it's not a very valuable finding.

about a month ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

blueg3 Re: Objection One: (549 comments)

I wasn't disagreeing with you. (Weird, for the Internet, I know.) I was just answering your semi-rhetorical question of "how would they think of random words"? The answer is that they can't.

If you want some disagreement: while picking spots in a dictionary is random, it's not a uniform distribution and it's not as random as you might suspect. It's much safer to use a mechanical method that your brain has as little control over as possible to do the selection: dice, for example.

about a month and a half ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

blueg3 Re:Objection One: (549 comments)

Humans can't think of random words. There's not a sufficiently random process available. Humans can think of semi-random arbitrary words, which are totally different.

about a month and a half ago
top

FBI Says It Will Hire No One Who Lies About Illegal Downloading

blueg3 Re:Fewer candidates to draw from... (580 comments)

"Seeding" is simply the mode BitTorrent is in when you no longer have any parts of the file that still need to be downloaded. Prior to that, even though you are not "seeding" yet, you are still transmitting the pieces that you *have* downloaded to any peers that ask for them.

That's sort of the whole idea behind BitTorrent: peers trade pieces of partially-downloaded files with one another to reduce demand on seeders.

about a month and a half ago

Submissions

blueg3 hasn't submitted any stories.

Journals

blueg3 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?