1481 posts • joined 14 Jun 2007
Wouldn't a less drastic solution be to just switch the thing off, or even just uplug its net connection until a full audit can take place?
Additionally, shouldn't they have offline backups of the data?
I'm probably a bit more sympathetic to the situation than Fred is, but he makes a good point, and I don't understand his downvotes..
Re: NSA seal-of-approval
The fallacy with DRM is that the user needs to have the keys to decode the content to view it!
It's irrelevant how secure your crypto is - the goal of DRM is not to protect data in transit, but to deny user-controlled access to the data, which it ultimately can't do.
Re: Don't forget the design
>>"The point is that the way unix (and unix like) systems are designed means that bugs are generally more contained, and therefore typically less destructive.
Windows 'all or nothing' design means that a whole system can be rooted by a malformed PDF, JPG or MP3 etc."
Everyone else has pointed out to you that you can run Windows without a GUI since 2008, so I'll cover the error about thinking GNU/Linux is more secure by design. Like your ignorance about GUIs on Windows, it appears your knowledge here also dates from pre-vista.
Yes, I admit I didn't know that, but as has been pointed out already, that option produces a reduced interface, it doesn't remove the whole GUI system. Also, how do you do remote administration in that environment? Do you still have to remote desktop/vnc etc. ?
Windows vs. UNIX permissions
Windows ACLs are substantially more powerful than standard GNU/Linux permissions. They're also more capable than the ACLs that you can install on GNU/Linux but which no-one does. If your immediate reaction is to disagree, please read the link above to a previous discussion.
Firstly, coming from a VMS background, I agree that standard Unix permissions are not all that powerful. But do you want to compare that to win3.1? Just as relevant.
Secondly, I don't use Linux. I haven't used Linux in over 15 years (apart from the Android tablets), but saying their ACL's are too complicated is as stupid as people saying that all Windows users do everything as Administrator, because the alternative is too complicated.
Thirdly, the article was about bugs in things that already run with full privileges, so banging on about ACLs and file permissions is only vaguely related to the discussion in hand.
But, whatever, the ACLs and capabilities sandbox, along with process 'jailing', on the systems I use are more than adequate.
>>"An extension to that is that I run my servers with everything that is unused stripped from the kernel. I'll never need to use the USB ports, raid controllers, and there is no bluetooth or wi-fi etc."
Yeah, I used to do the same on my home computers. Please do not tell me you are running a professional service on custom-hacked around installs and are out of the distros official packages and updates. What if you leave and your replacement hooks up a SCSI drive or sticks in a USB device and you've removed the modules? What if some kernel update comes down and you don't have the time to start recompiling everything (or do you compile on another machine and copy over binaries?) This cannot be a production machine - please! If I found one of my sysadmins had been manually fiddling around with the kernel of one of our CentOS boxes, I would roast them alive.
I'm pleased you know your limits. Too many people go out of their depth in these matters, and cause more problems.
Of course I run all the production servers on tuned kernels - all competent people do. Attempting to demonise it by calling it 'custom-hacked' is either an attempt to make it look a bad thing, or you really aren't all that knowledgeable on kernel design.
Having only a few hundred thousand users a day, these machines are obviously far less used than Facebook/Google etc., but do you really think they run their systems on generic kernels? Or do you think only these big companies employ people capable of kernel tuning?
As I say, I'm glad you know your limits, and whilst I currently have no responsibility for hiring/firing, I'd be less than pleased if one of my staff had similar shortcomings.
I know not every one has the time organisational luxury to do it, but yes, most of the time I compile from source. There are no binary installed blobs here. And whilst I don't do full compiles on production boxes, it is quite possible to do it at nice +20 without any significant performance impact on live services.
As for new hardware etc., as you've already mentioned yourself (but conveniently seem to forget)...... KERNEL MODULES.
<troll>Typical Microsoft attitude - overcome efficiency shortcomings by throwing more CPU/RAM at the problem</troll>
>>"Can you do that on Windows? Other than maybe remove a few .SYS files, you are basically stuck."
Well you can uninstall any drivers you don't need if you really want to. It's not going to save you any memory or processor load because they're dynamically loaded as needed just the same as kernel modules on Linux. In neither case are they going to be a security vulnerability if they're not being executed so if you're doing this for security reasons on GNU/Linux, then not only do you not understand how Windows works, you don't fully understand how Linux works, either. A security vulnerability in a SCSI module is not going to be an issue if that module is never loaded. And your server isn't going to load that without a reason. The only gain of removing it is reducing the size of your kernel by about forty bytes. (basically you're removing an if clause that contains a call to load module that will never be triggered).
Again, I apologise about windows kernel modules. I really though that there was still a hell of a lot that to remain within the kernel directly, but if you're saying otherwise, I'm not in a position to argue.
And again, not a Linux user. However, the systems I use tend to have a lot of stuff contained within the main kernel at default - it's more efficient that way, and less of a security risk if kernel module loading is disabled, or restricted to console control etc.
There is also no point having something as a kernel module if it always needs to be loaded. You can strip your core kernel of stuff you'll never use, and add stuff you will always use.
Still, this is all largely tangential to the original point that windows machines have been rooted by malicious media files. This wouldn't happen on any sane system.
Do current windows versions still have explorer embedded in the kernel?
I was largely intentionally trolling in my original post (I can't always help it when it comes to windows/linux;apple - they are all easily flammable targets), but it seems my ignorance of Windows systems was my downfall. Still, thanks for replying with so many fallacies and inaccuracies that I don't now feel quite as much of a moron.
Have a nice day!
Re: Don't forget the design
Since Windows 2008 you can run a server without the GUI. It looks your Windows knowledge dates back to 1995."
Oh, they've finally caught up!
Ok, my mistake, and you are right, I fortunately haven't had to deal with windows servers since before 2008, so I take that one back if it's true, though I bet it's more of a 'reduced GUI' than true non-GUI.
The GUI was far too entwined when I last used windows
"I run my servers with everything that is unused stripped ... raid controllers..."
Strange kind of server. with no fault tolerance. Is the one you're running in your bedroom?"
A veiled insult! Nice one!
But no, not at all. Well, actually, yes, to the servers in my house, but I'm referring to the proper commercial servers.
I'd love for you to explain how keeping code for various different different raid controllers that I don't use helps with fault tolerance. I *did* say *unused* stuff, didn't I?
"Can you do that on Windows?"
Sure. You just have to learn how to do that. BTW: drivers are kernel modules in Windows. It looks you have no clue about how Windows is designed and works.
Well, I did mention .SYS files briefly, but yer, I screwed up there too.
Thanks for the reply.This posts icon is directed at me
Don't forget the design
It's not simply about bugs - All humans make mistakes after all.
The point is that the way unix (and unix like) systems are designed means that bugs are generally more contained, and therefore typically less destructive.
Windows 'all or nothing' design means that a whole system can be rooted by a malformed PDF, JPG or MP3 etc.
Another attack vector is done by low level access to GPU I/O. Unfortunately, Unix isn't totally immune to bugs here, as X needs to run with root privs (and even if access was simply granted to the I/O, it would still often be enough to root a system
However, on servers, you simply don't run a GUI. Try doing *that* with Windows!
An extension to that is that I run my servers with everything that is unused stripped from the kernel. I'll never need to use the USB ports, raid controllers, and there is no bluetooth or wi-fi etc.
So, all that code is stripped out, as is any backwards-compatibility code for previous versions oof the OS where I don't require that either.
Can you do that on Windows? Other than maybe remove a few .SYS files, you are basically stuck.
"And even if Netflix someday works in Firefox, it will NEVER work in any browser running on Linux. I know for a fact that in Linux, audio streamed in a browser running from a website can easily be intercepted, allowing the user a choice about what to do with that audio stream next. You don't even need any special plugin. I'm reasonably sure this is also true for video content. And I'm sure the Netflix folks are well aware of that..."
What you so authoritatively "know for a fact" is obvious and fundamental to anyone who knows anything about OS design. The same goes for any other types of stream or - more generally - all I/O
The concept just seems to be lost on a generation brought up on Windows, and its restrictive obfuscation.
Basically, DRM is a sham - as long as people have control of their computers, they can do what they want, as ultimately, your computer is provided with the tools to unlock the data (otherwise you wouldn't be able to view it!)
Sure, they may try to hide the method, but they are basically saying to your computer: "Here is the encrypted data. Here are the keys to decode it, but don't give them to the human who has 100% control you"
lt's a bit like your neighbour installing the most sophisticated security/alarm/lock system on his house, and telling you you'll never manage to get in, but then handing you the keys so you can feed his cat when he's out of town.
And you can bet your life Netflix and co. know this too - all that matters is that the DRM companies can convince the media companies to buy their snake-oil.
For more detailed analysis and commentary, see this rant by Luke Leighton, in response to the controversy regarding the 'rtmpdump' utility : http://lkcl.net/rtmp/
Re: @ Don Jefe -- Tipping Point
To be fair, they haven't always been so blatently corrupt, and batshit crazy.
Look at some of their old policies and you'll see they used to be far more 'socialist' than the current Democrats!
Re: Tipping Point
Once again, the Don has nailed it.
For some time now the Republicans have been pro-the-corporations not pro-the-people - heck, they don't even bother to hide it anymore.
And as Don says, their faithful tea party fans are the ones who will be most affected negatively by Republican policies.
But of course, when you have Glenn Beck (fortunately he was eventually too much even for Fox) and co saying that just about everything is a pinko commie plot, feeding on the 'commie paranoia' which seems to affect many of the intellectually challenged (The British equivalent seem to just care about who does what in the Big Brother house, and who killed Lucy in some sodding fictitious soap-opera), they lap it up.
Remember the placcard one tea-partyist had saying 'get your government hands off our medicare!', and Palin talking about European 'death-panels'
I once had a tea partyist telling me he felt sorry for my lack of freedom compared to his own, and when I asked him for examples, I swear he said that our healthcare system is a form of opression, and the government controls us by mandating a mininum number of days leave our employers must give us! A poster child for the corporate fat cats!
Re: Not smart at all
"Oh dear time to try to get over a fairly basic lesson."
*cough* I wouldn't normally have replied, but your rather condescending tone to the original poster means you have to be correct - pedantically correct.
"Apparently you do not know but the way a DVD player reads a disc is not the same as the way a computer reads the disc. When you load it into a computer it checks specific tracks/sectors to look for various information which it needs to know where everything is and what type of data the disc holds."
.... which is exactly what a DVD player has to do, unless you have one of those rare psychic DVD players that don't actually exist.
"When you try to play a DVD with a movie it can instead launch a run-time version which is intended to stop you ripping the DVD and bypassing all the unskippable anti-piracy sections. Various music CDs have a similar setup."
Errrrr, what? What do you think launches programs? The DVD? The DVD player? Or maybe..... just maybe..... it's Windows and it's misguided autorun system!
As for audio CD's, standard red book CD's don't even contain a filesystem. Any sort of CD with an ISO-6990 filesystem in addition to the normal CDDA section would again require that a consumer player skips the unknown section, whilst a computer recognises the filesystem, mounts it, and autoruns some shite from there.
Again, though, it's the OS that decides to do this. The drive doesn't command the OS what to do!
Basically, your consumer DVD player is a computer. The software on your personal computer can basically behave exactly like a consumer player if it wishes (indeed, many do, as they even allow the running of customised DVD virtual machine bytecode - the software on video DVD's that runs in hardware consumer units is nowt to do with Windows)
If hypothetically, the DVD contains some non-standard encoding requiring a windows program to play it, then it won't play on a consumer player either (and would then be more accurately described as a windows DVD-ROM)
"The problem is that this runtime system is a Windows only process (actually there may be an Apple version on there but I don't have the kit to check) so if you insert the DVD into a linux PC it will not work."
How, then, does my non-windows, non-mac, non-linux, OS plays every Video DVD that's thrown at it?
You seem to be getting confused with DVD data disks (not video disks) containing windows code.
*TL; DR* : The original poster was correct, and you just 'corrected' him with a load of old bollocks!
"Hopefully I did not use too many complicated phrases in there."
Re: Truisms Spoken Aloud
Firstly, moron, I apologise, as the content of your post clearly shows that you are somewhat lacking in the neurons department (which may explain your anger issues), so I shouldn't really respond to your rant (which rather ironically, shows clear language comprehension issues).
With that out of the way, and leaving aside why you would get hostile at a light-hearted reply you basically baited with your original post, I'll start with reminding you what you originally said:
"What's with adding the "U" in color? Why do you misplace the second "E" in center?"
I suggest you read up on history. American Noah Webster deliberately *removed* the "U" and misplaced the E" - the arrogance suggesting they were our deviations and not yours.... The language is called "English" not American"
And why are you wittering about Canadians - Canadians spell the same way as us, so the point you make about them mainly being of Sottish or English decent, is at best irrelevant.
Here's something about the influence Spanish had on American spelling deviations: http://html.rincondelvago.com/american-english_general-historical-background.html
In future, I suggest doing some research before posting, as you've just shown yourself to be the very dip-shit you accused me of being.
HAVE A NICE DAY
HOPE TO HAVE HELPED
Re: Truisms Spoken Aloud
"What's with adding the "U" in color? Why do you misplace the second "E" in center?"
You do realise that the only reason you deviated in the above 2 ways is down to the Spanish influence on yous? :-)
Re: Truisms Spoken Aloud
I know it's wrong, but I keep reading it as sounding the same as Hawaii
Re: The Competition
Google wins on 'i' but loses on 'yn' !
Re: Can't leave it alone
Whilst 'popty' (not 'popety' as some people think) is Welsh for 'oven', 'popty ping' is slang at best!
Re: The actual translation
I was going to post the missing 'i' / 'to', but you beat me too it!
Re: Canada quashed this balloney ...
"Am I going senile or did you move from Vietnam?"
haha yeah! Good catch!
Re: I'm confused
Fatter pipes == more money for the transits?
Won't someone think of the routers?
"Moreover, since there's a to-most-intents-and-purposes-inexhaustible supply of IPv6 addresses, your device can have the same address forever, regardless of which network it's connected to"
Ummm. Nope. Portable IP addresses for hosts is not the same as portable IP blocks with AS assignations
Re: NAT has to go, no..
Brilliant idea *thumbs up* (Icons don't work from this phone)
Re: My worry is the admins
Obvious troll is... Etc.
Re: Shutting down because things get too hard?
"Sorry, I hope you were both OK after that, but that made me LOL."
:-) Yeah, a slightly dented wing and a few stones knocked from the wall were the only casualties (apart from her pride!)
It's funny - this happened about 25 years ago (showing my age!) and I haven't thought about it in years, but this story triggered the memory of someone/something throwing everything in the air and shouting "I want to stop!"
Shutting down because things get too hard?
Reading this, I was reminded of the first time I gave my sister a 'driving lesson' in the front driveway.
So she wouldn't stall, I had her over-revving the engine before slowly releasing the clutch.
However, as soon as the car started to move, she lifted both feet up, held her hands in the air, and screamed "I want to stop". However, due to the high revs, the car didn't stall, but jumped forward until hitting a nearby wall.
It seems that this system had a similar panic attack. But you'd expect it to react better than a 16 year old kid who's only real worry was what my dad would say when he saw the car (and the wall!)
Re: The truth from the greatest liar?
To be fair to Ratner, he was attempting an (ill-advised) joke
Re: .uk vs .gb
.gb used to be used for x400 stuff, and some MOD sites.
.gb is still assigned to JANET, but I think the only active domain now is dra.hmg.gb
I don't understand..
"In the past year, it has battled with domain name registrars who failed to halt, or at least freeze, Oxford-based Nominet's unpopular second-level namespaces plan."
Why did they battle with registrars who failed to halt something they planned?
Re: Anyone can be president
"We can all be president one day"
I can't. I'm not American (unless you include 'President of the EU' in that statement)
Strange rule, that one. It's almost like you don't trust your own selection/voting system, or even us 'forriners'... Oh...wait...
Re: Why do you put up with so much BS?
"Maybe one day, when all this BS is sorted out, I can finally upgrade from my perfectly useful and adequate 'dumbphone'. "
I'm similar, but not quite as much of a stuckist :-)
I love my android tablet, but there is a maintenance requirement that I have no desire to deal with on my phone.
My phone is an old symbian Nokia E63 which I don't intend to replace until it dies (at which point I'll be looking for another E63)
P.S. The E63 has ssh/putty, a camera, and a decent web browser by the still supported UC browser.
Not bad for a phone that came from 'the back of my brothers sock draw', and costs 2p per text, 3p per min voice, 1p a meg data (with 300mb free for a month when you top up £5) and no monthly fees!
Re: Why a large battery?
2 days cycling across London? Rather you than me!
You deserve a pint (or 3) for that!
Re: re: Had to downgrade security as the TV supports WEP!
"Everything else goes over WEP2."
WPA2 you mean :-)
[ That maybe the reason for the downvote, but it wasn't from me! ]
....and trust a 3rd party VPN?
Even if they are totally honest, I know where I'd concentrate efforts if I was a spy agency...
You'll hate El Regs' "buzzfeed-style" article headlines
That is all.
"I have a Galaxy SII just like my daughter. "
Well, the Galaxy doesn't look much like a human, so I assume your daughter looks like a phone?
Errrrr, am I the only one here who assumed that he actually means resolution?
He was talking to a non-technical audience.
I assumed El'Regs comment about DRM etc. was based on errornously taking his words literally
You've basically described Freenet, which is a sortof p2p cloud storage based on file hashes...
Freenet is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to store information, and has a suite of free software for working with this data store.
Freenet works by storing small encrypted snippets of content distributed on the computers of its users and connecting only through intermediate computers which pass on requests for content and sending them back without knowing the contents of the full file, similar to how routers on the Internet route packets without knowing anything about files—except with caching, a layer of strong encryption, and without reliance on centralized structures. This allows users to publish anonymously or retrieve various kinds of information.
Re: history is always repeated.
"Yes, but it was UNIX - Solaris, IIRC, not Linux. "
I wondered if anyone would mention that.
From what I gather, Sun Solaris run the backend mailservers and storage, whilst FreeBSD/apache the front end web servers and cgi's
Re: Why bother with new stuff?
Have a thumbs-up from the FreeBSD camp!
I realise this post will be unpopular with the GPL cultists here, but whatever.
I'm actually not trolling - I just hope there is no pressure on non-GPL projects to switch to GPL, or indeed, any bias towards GPL licensed projects.
Downvotes from people that think GPL is the solution to everything in 3..2..1...
Re: How often has throwing money at bad software worked?
"mixing tab and space characters for indentation should be illegal)"
I hate TABS
No security issues?
“Broadly, we have an impeccable track record with 500 telcos in 150 countries. There's never been a security issue of any kind,” Sykes told journalists. “We wouldn't be a $40bn company today if were not good at building secure networks"
I generally think that Huawei gets political FUD thrown at them, but the above is clearly incorrect.
If you have one of their wi-fi devices, anyone can grab the wifi password without needing to go through authorisation.
Re: C - the leech theraphy of coding. It will never go away!
As for heartbleed:
". buffer overruns would be a thing of the past as the overrun space would be empty."
Do we know for sure that the buffer read overran into freed memory, and not just some other data structures that were still in use?
Even if so in this case, the malloc proposals aren't a silver bullet for all overruns
Re: Right, so ...
"For starters they'll probably make it work with the system malloc instead of OpenSSL's brain dead memory allocator:"
I knpw you're not implying it, but as many people believe it to be so, it's worth reminding that the hearbleed bug has nothing to do with malloc, nor memory management in general.
Also, the OPENSSL_malloc function ends up calling system malloc, but as you infer, this point is moot if they use other mechanisms to manipulate their malloced memory block in user space.
"Gary Campbell of the Official Loch Ness Monster Club."
So how did his 'club' become official?
Does he know Nessies agent or something?
Re: Er, why?
"It's not obvious that they knew of this specific bug - developers were already concerned that OpenSSL's own "secret malloc sauce" was dangerous. Here's OpenSSH's Theo de Raadt gently remonstrating..."
How many times do I need to repeat myself?
This bug is a buffer over-read.
Nothing to do with malloc.
No malloc/calloc/jemalloc/magic-pixies-malloc would have helped.
Yeah, guard pages and canaries could help, but as it stands, so long as the memory being overflowed to still belongs to the process, there won't be any sigsev crash.
After reading your posts, I spent a few hours going over the code again, and google, before replying.
I''m no C expert - definitely no crypto expert, but I would have to say it shows that the code is written by mathematicians rather than programmers! - loads of labels and pointers to pointers to functions and bleugh!
They even comment-out code using #ifdef 0 . Ugh
"If they are really using a stack-based source then electric fence would not have caught it, but I would have hoped some of the code profiling tools would have thrown up a warning about the copy size being potentially bigger than the buffer."
There was an interesting post (http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html) from one of the Coverity people on why they missed it, and in a linked followup post, how they've now altered their product to find such errors in future, though to me, it look like their solution is a bit of a kludge, potenially producing false positives (I'm probably wrong, but t seems to me that they are keying on a very weird scenario, not necessarily an illegal one - though I'm probably wrong! - or maybe that's how these programs generally work anyway... I don't know!)
Anyway, I agree with all your comments in general, but am curious - is there really any 'live' malloc that doesn't return a pointer to cleared/scrubbed memory? I know the spec says the contents are undefined, but surely it would be a security risk ( I suppose that a malloc optimized to not bother scrubbing memory returned to the same UID or even just process wouldn't be a hole in itself, but even that would make it easier to exploit bugyy software (especially servers))
Anyway it's a lovely day, so Im going outside. Have a cold beer on me!
Re: @Michael Wojcik
2 errors in the comments in this thread:
"They use their own malloc"
No. If you follow the spaghetti trail that is the source code, you'll see that their "malloc wrapper" is simply a call to the system malloc.
"This wouldn't have happened if they used calloc"
Yes it would. Try it yourself!
This bug has nothing to do with memory allocation. It seems many people think that the buffer is malloced to the 64k by virtue of the attacking packet, but only the much smaller payload is copied into the buffer, exposing the rest of the buffer as malloced but stale data.
THIS ISN'T THE CASE!
Besides, any sane malloc on a multi-user system would clear/randomize the returned buffer.
What is happening is that 64K of data is being copied into a 64kb buffer, from a char * buffer that contains the much smaller data sent by the attacker, hence overfilling the buffer with other variable data on the stack.
It can be simplified to:
strcpy (retbuf, 65535, sentbuf);
I.e. it's read-overflow (or 'buffer overflow' by reading rather than writing) - nothing to do with the memory allocation!
"You are aware that there are IDS rules to detect large-packet TLS responses specifically to spot Heartbleed then? No? Oh..."
Hmmmm, so you're saying the attack will be caught on those servers which have updated IDS rules, but not patched servers?
In other words, any update made to explicitly stop/catch heartbleed is irrelevent when talking about attacks against heartbleed!
Re: this could be exploited in just 4 bytes
"The 4 byte example was enough to show it would work, not enough to have any chance of stealing useful data."
Nah... 4 bytes is all that is needed - in fact, any more would be less effective, as you'd be 'overwriting' the out-of-bounds data you'll be getting back!
Note, this is the request data we are talking about. Many such small requests receiving 64Kb replies may be detected, though.
Re: Selfies can be good.
"So we dutifully used proper ones. Whereas the old self-signed could be replaced instantly. Hence paradoxically our users were more secure with selfies."
Also, don't forget that with a 'selfie' there is no third party chain of trust above you that could be hacked/pwned by gchq/nsa/blackhat etc.
Re: This is nonsense...
Um. My apache servers record both the data size of the request, and the response.
If they have something like that, wouldn't checking the logs for repeated large requests that go nowhere imply they were being heatbled?
- Review This is why we CAN have nice things: Samsung Galaxy Alpha
- MEN: For pity's sake SLEEP with LOTS of WOMEN - and avoid Prostate Cancer
- Ex-Soviet engines fingered after Antares ROCKET launch BLAST
- Vid BONFIRE of the MEGA-BUCKS: $200m+ BURNED in SECONDS in Antares launch blast
- Hate the BlackBerry Z10 and Passport? How about this dusty old flashback instead?