|
I just finished reading "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race" by Nicole Perlroth (https://www.goodreads.com/en/book/show/49247043-this-is-how-they-tell-me-the-world-ends) and was wondering what the threads thoughts about it were. It paints a pretty stark picture and the source sounds credible (a NYT journalist). Still, is it sensationalist or pretty accurate?
|
# ? Aug 12, 2022 07:49 |
|
|
# ? Apr 17, 2024 20:27 |
|
It glosses over a lot of technical details to make the book more approachable for a wider audience. I would say the tone is a bit sensationalist, and I've worked at one of the companies mentioned in the book and she paints a slightly different picture than what I experienced in reality. On the whole I'd say its fine and gives a decent overview of the current state of things.
|
# ? Aug 12, 2022 13:58 |
|
SlowBloke posted:If they pop your bitwarden password they can both login and MFA, that's the core issue(i have a similar scheme on keepass so i shouldn't be preaching on this). If you have a strong enough key you should be fine. Thats what i figured, just curious if there was some known flaw or something with the BW implementation. I have 2fa on bw itself, and only use it for video games, so not worried
|
# ? Aug 12, 2022 16:37 |
|
https://twitter.com/d_feldman/status/1558309810801631233
|
# ? Aug 13, 2022 19:25 |
|
Has anyone ever heard of any storage (NVMe, SATA, eMMC, USB drive or SD card) that provides a seriously strong guaranteed read-only mode? Basically I want some kind of bootable device that can make strong guarantees of being immutable. I can always setup linux to mount the filesystems all read-only but that's just a quick escalation & remount away from a permanent exploit. In this scenario an escalation isn't the end of the world as long as it's not persistent. I mean go ahead and assume spinning optical is not an option for this, due to size and performance. The best idea I could come up with so far was some kind of microcontroller that can monitor the SD card data lines for write commands and disconnect the sd or reset the cpu before the entire write command goes through. Seems like there could be a lot of commands/patterns to worry about though. Another option would be some microcontroller that is a USB device and can present an attached SD card as a block device, so it's easier to snoop on the write commands. There are definitely source code examples floating around that do this, but would likely be much slower than the dedicated SD controller on the host.
|
# ? Aug 14, 2022 01:37 |
|
What's your actual threat model here? On which side of the Mossad / Not Mossad line are you concerned? E: someone suggested a card flexxon makes that specifically prevents further writing, take a look at that? Volmarias fucked around with this message at 03:57 on Aug 14, 2022 |
# ? Aug 14, 2022 03:32 |
|
worm storage is a thing, flexxon makes a usb stick
|
# ? Aug 14, 2022 03:36 |
|
Buy one of these and break the switch off?
|
# ? Aug 14, 2022 03:37 |
|
Thanks! I really just need something like a write protect switch, but a real one. I knew the little switch on SD cards was bs, but it looks like some of these USB or special SD card options could work.
|
# ? Aug 14, 2022 04:19 |
Rescue Toaster posted:Has anyone ever heard of any storage (NVMe, SATA, eMMC, USB drive or SD card) that provides a seriously strong guaranteed read-only mode? Basically I want some kind of bootable device that can make strong guarantees of being immutable. I can always setup linux to mount the filesystems all read-only but that's just a quick escalation & remount away from a permanent exploit. In this scenario an escalation isn't the end of the world as long as it's not persistent. I mean go ahead and assume spinning optical is not an option for this, due to size and performance.
|
|
# ? Aug 14, 2022 09:22 |
|
CD rom
|
# ? Aug 14, 2022 12:54 |
|
R/O Zip Drive
|
# ? Aug 14, 2022 12:59 |
|
There are NAND flash chips that literally cannot be written to unless the write protect pin on the chip has the "allow writes" voltage level applied to it. Having the USB device signal the OS that "hey, the write protect switch is on so please do not try writing" is definitely still something you want the device to do, but if that switch is also hooked up to the write protect pin on the actual flash then even if the computer tries to write something it won't actually be written. You might have to buy from several different vendors and crack them open to find one that's been designed properly and isn't just relying on the OS signal.
|
# ? Aug 14, 2022 16:08 |
|
I was looking at flash chips at one point to in terms of write protecting BIOS on motherboards with a physical switch, and unfortunately a lot of them aren't as simple as just a write protect line. There's a control register that itself is protected by the write protect IO, but you have to write a write protect bit to that control register first, and then assert the line, and it will be blocked after that point. So you'd still need a microcontroller in between the motherboard and BIOS chip to manipulate it before boot. Also quite a few models of the large (32MB+) 8 pin NAND flash ics that are used for BIOS in particular just don't even bother to hook up the write protect lines, the chip will just have a no connect in that position. USB seems like a crapshoot since it's just whatever firmware is on the controller IC, whether it actually internally obeys the write protect switch or not, and whether the firmware can be easily reset/reloaded at runtime... but that's getting much farther down the rabbit hole than the scenarios I'm trying to deal with. Although these days who knows what all is freely available in the various exploit toolkits out there.
|
# ? Aug 14, 2022 17:38 |
|
Rescue Toaster posted:Has anyone ever heard of any storage (NVMe, SATA, eMMC, USB drive or SD card) that provides a seriously strong guaranteed read-only mode? Basically I want some kind of bootable device that can make strong guarantees of being immutable. I can always setup linux to mount the filesystems all read-only but that's just a quick escalation & remount away from a permanent exploit. In this scenario an escalation isn't the end of the world as long as it's not persistent. I mean go ahead and assume spinning optical is not an option for this, due to size and performance. I’ve always put storage behind one of these if I needed it to be read only: https://www.amazon.com/Tableau-TK8u-USB-Forensic-Bridge/dp/B00YDEM30O. I’m almost positive I’ve done a Debian netinst behind one.
|
# ? Aug 14, 2022 19:22 |
|
Hed posted:I’ve always put storage behind one of these if I needed it to be read only: https://www.amazon.com/Tableau-TK8u-USB-Forensic-Bridge/dp/B00YDEM30O. I’m almost positive I’ve done a Debian netinst behind one. Why is that thing nearly 2 pounds? I would expect it to be the size and weight of a deck of cards to do read-only USB…
|
# ? Aug 14, 2022 23:19 |
|
Package weight including the power brick, at a guess. There's also devices like https://wiebetech.com/products/usb-3-1-writeblocker/ Thanks Ants fucked around with this message at 23:53 on Aug 14, 2022 |
# ? Aug 14, 2022 23:50 |
|
Ah, that makes sense (hell of a power brick still)
|
# ? Aug 14, 2022 23:55 |
|
https://twitter.com/ImbecillicusRex/status/1558903108574625792 #wholesome
|
# ? Aug 15, 2022 04:34 |
|
Rescue Toaster posted:Basically I want some kind of bootable device that can make strong guarantees of being immutable. https://github.com/enjoy-digital/litex/wiki/Installation https://github.com/enjoy-digital/litesata sniff here for your undesirable commands. the above gives you several points where you can trivially insert some extra logic and memory as a command buffer / cop. kudos if you don't slow it down much. the whole point of litex is that its implementations don't take much area. https://wiki.osdev.org/ATA_Command_Matrix write / no write https://www.digikey.com/en/products/detail/c-k/JS102000SAQN/1640101 Potato Salad fucked around with this message at 05:33 on Aug 15, 2022 |
# ? Aug 15, 2022 05:14 |
|
alternately you can package the os you want as a live image, burn it to a $0.20 dvd-r, and run it off a $15 dvd drive don't know to what degree you need the os itself to be "immutable" as pretty much any os running in memory has the tools of is own demise available to it; just because the block storage device is "immutable" doesn't mean that the OS is immutable once it's booted if what you're really looking for is a robust code/execution trust integrity stack, the hard drive isn't the focal point of the problem Potato Salad fucked around with this message at 05:26 on Aug 15, 2022 |
# ? Aug 15, 2022 05:23 |
|
triple post, apologies What I'm trying to say is that bosses and compliance guys often don't know enough about what an OS running on a machine IS to understand that "this drive is literally immutable" doesn't actually buy you much security beyond what is strictly promised by worm media: what is on the drive can't change, but everything else CAN just make sure you understand exactly what the use case you're aiming for is, and make sure that "the block device can't be written to" actually helps you once the OS boots and you've given it a scratch volume and waved goodbye
|
# ? Aug 15, 2022 05:45 |
|
Rescue Toaster posted:I was looking at flash chips at one point to in terms of write protecting BIOS on motherboards with a physical switch, and unfortunately a lot of them aren't as simple as just a write protect line. There's a control register that itself is protected by the write protect IO, but you have to write a write protect bit to that control register first, and then assert the line, and it will be blocked after that point. So you'd still need a microcontroller in between the motherboard and BIOS chip to manipulate it before boot. The ones I've seen using that scheme (e.g. https://www.endrich.com/fm/2/GD5F1GQ4UAYIG.pdf) power up in a fully write-protected state, and you have to change the control register to unlock them for writes. So it stays unwriteable if the WP line is asserted from power-on.
|
# ? Aug 15, 2022 06:00 |
Rescue Toaster posted:Has anyone ever heard of any storage (NVMe, SATA, eMMC, USB drive or SD card) that provides a seriously strong guaranteed read-only mode? Basically I want some kind of bootable device that can make strong guarantees of being immutable. I can always setup linux to mount the filesystems all read-only but that's just a quick escalation & remount away from a permanent exploit. In this scenario an escalation isn't the end of the world as long as it's not persistent. I mean go ahead and assume spinning optical is not an option for this, due to size and performance.
|
|
# ? Aug 15, 2022 10:18 |
|
BlankSystemDaemon posted:Another option would be secureboot with something equivalent to MAC/veriexec on FreeBSD, where every file is checked against a hash and if it doesn't match it isn't allowed to execute (enforced by MAC, which is in the kernel) - I'd be a little surprised if Linux can't do something like that. That seems like it would be incomplete for this purpose since it wouldn’t protect against data-based attacks, like changing config files or exploiting an approved program with bad input. A cool facility, though!
|
# ? Aug 15, 2022 12:34 |
Subjunctive posted:That seems like it would be incomplete for this purpose since it wouldn’t protect against data-based attacks, like changing config files or exploiting an approved program with bad input. A cool facility, though!
|
|
# ? Aug 15, 2022 13:59 |
|
BlankSystemDaemon posted:Sorry, I guess I didn't explain it well enough - if any file fails a checksum on either open() or exec(), it fails with EIO. I swear I saw something on phoronix about something like veriexec for linux but I can't figure out what to search for, or I'm remembering it wrong.
|
# ? Aug 15, 2022 14:44 |
|
Subjunctive posted:Ah, that makes sense (hell of a power brick still) The power brick is ridiculous and conjures up bending pins in an old PS/2 or S-video plug--it's that same mini-DIN, I can only assume to carry both USB and device voltages from the same power brick. Still, the device mounts mass storage as read-only and swallows any write commands so I like it very much. They have similar (smaller) devices for SATA and perhaps other things.
|
# ? Aug 15, 2022 17:39 |
|
Ooo this should be entertaining: https://twitter.com/SteveD3/status/1560025494594224133?t=Yft59DBINYPqOs-mA4ryNg&s=19
|
# ? Aug 18, 2022 06:28 |
|
Imma sue DT for the covid I got.
|
# ? Aug 18, 2022 13:42 |
|
EDIT: I fear I mentioned to much even changing things, just being extra cautious.
BaseballPCHiker fucked around with this message at 16:02 on Aug 18, 2022 |
# ? Aug 18, 2022 14:08 |
|
fyallm posted:Ooo this should be entertaining: https://twitter.com/SteveD3/status/1560025494594224133?t=Yft59DBINYPqOs-mA4ryNg&s=19 i thought this was a pretty good thread on what it's "actually" about : https://twitter.com/AlyssaM_InfoSec/status/1560035887421046800
|
# ? Aug 18, 2022 14:33 |
|
Jeoh posted:i thought this was a pretty good thread on what it's "actually" about : I don't think that is what it is actually about. But I guess we will just wait for the trial. Can't wait for this all to play out because there are lots of legal things that will come up because of this
|
# ? Aug 18, 2022 15:08 |
|
If you're in the US or Europe, you may wish to get personal legal counsel. You may have mandatory reporting requirements for that type of information breach. Your company almost certainly does. IANAL and don't get legal advice from goons online, etc., but take care of your own exposure. Ynglaur fucked around with this message at 17:34 on Aug 18, 2022 |
# ? Aug 18, 2022 15:21 |
|
Ynglaur posted:If you're in the US or Europe, you may wish to get personal legal counsel. You may have mandatory reporting requirements for that type of information breach. Your company almost certainly does. IANAL and don't get legal advice from goons online, etc., but take care of your own exposure. Yeah like I know you've been covering your rear end with paper but once there's a breach of medical information I would at the very least have a consultation.
|
# ? Aug 18, 2022 15:46 |
|
Ynglaur posted:If you're in the US or Europe, you may wish to get personal legal counsel. You may have mandatory reporting requirements for that type of information breach. Your company almost certainly does. IANAL and don't get legal advice from goons online, etc., but take care of your own exposure. You only have mandatory requirements if you hold a license that comes with those kind of strings. A computer toucher has no individual requirements and it rests solely on the company. Unless you are doing something illegal personally (stealing data, committing fraud, etc) , I would save your money.
|
# ? Aug 18, 2022 15:58 |
|
fyallm posted:Ooo this should be entertaining: https://twitter.com/SteveD3/status/1560025494594224133?t=Yft59DBINYPqOs-mA4ryNg&s=19 His goal is to out the victims. I hope DEFCON ruins his life.
|
# ? Aug 18, 2022 17:33 |
|
Yeah, literally everyone whose opinion I trust thinks the guy is a shitbag and this is definitely a retaliation lawsuit in order to intimidate his victims.
|
# ? Aug 18, 2022 18:24 |
|
The Fool posted:Yeah, literally everyone whose opinion I trust thinks the guy is a shitbag and this is definitely a retaliation lawsuit in order to intimidate his victims. I haven't actually heard what he has actually done? I've heard rumors but no one has really stated what he did. And it sounds like everyone is piling on? I honestly have no idea because I just saw all the drama when he was banned and when he joined another Con last minute.
|
# ? Aug 18, 2022 18:37 |
|
|
# ? Apr 17, 2024 20:27 |
|
fyallm posted:I haven't actually heard what he has actually done? I've heard rumors but no one has really stated what he did. And it sounds like everyone is piling on? I honestly have no idea because I just saw all the drama when he was banned and when he joined another Con last minute. Surprised nobody's eager to gossip about the guy throwing defamation lawsuits around. He cited cancel culture in his suit, that should tell you all you need to know.
|
# ? Aug 18, 2022 18:39 |