LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 11-07-2009, 02:51 AM   #46
jgombos
Member
 
Registered: Jul 2003
Posts: 256

Rep: Reputation: 32

Quote:
Originally Posted by mase View Post
And what will be the radar you are talking about? iptables?
How do you configure iptables to differentiate between good and bad
traffic?
US-CERT, for one, detects attacks that are far stealthier than the sloppy low-tech approach of disclosing screen shots on a distributed scale. And at the corporate level, snort would catch it. And even the non-technical home user knows to question the sudden extra hard drive activity that would occur with every click.
Quote:
Originally Posted by mase View Post
And since when is it suspicious to move data around on the internet?
It's not the fact that data moves that's suspicious, but /how/ it moves. Intrusion detection tools develop a statistical awareness of the types of data moving, and the direction it moves in, including a number of characteristics of the data. It also keeps general statistics on overall egress network bandwidth consumption. General sensors would trip even if the attacker were to attempt to spoof the payload inspection.
Quote:
Originally Posted by mase View Post
The size of the malware itself won't be bigger and it only really matters if you write a trojan, because a text editor that is 10 MB in size is suspicious. And then again you only need a little piece of software that is able to download the actual malware of the net which is what is happening a lot in the windows world.
The malware itself is not inherently more or less detectable than the same malware that simply logs keystrokes. But it's the astronomical size of the captured information being disclosed that makes the idea foolish and unworkable. The tedious labor intensive process of extracting the sensitive bits in a usable form is show stopper alone, considering the alternative can be automated.
Quote:
Originally Posted by mase View Post
Once you are in though you can practically do whatever you want.
This is like saying the guy who grabs a $100k in chips from a casino table is in the clear if he can make it to the getaway car. Nevermind all the cameras and facial recognition data the prosecution has. And the fact that you still need to cash the chips in before you become a suspect. Collecting the information is the easy part. It's the not getting caught part that matters.
Quote:
Originally Posted by mase View Post
Malware is getting better and better using even more advanced techniques, and they have to keep producing new malware because otherwise antivirus companys would catchup soon.
This is my point. The idea is to have better security than the masses. But capturing screens would be a low-tech step back, because it lacks the stealth of todays attacks - and in fact attacks a decade ago were stealthier.
Quote:
Originally Posted by mase View Post
The law might protect them which is good, but it likely still was their fault. The bank has no control whatsoever about their customers computers.
The bank cannot use this as an excuse for their lack of due diligence in securing their systems. Banks that simply take a conventional and traditional username and password cannot claim diligence, so their lack of control over the customers computer isn't even worthy of mention. If the bank is wholly diligent, and can establish in court that they bent over backwards to secure logins with at least something you have and something you know, only then is it relevant to question the account holder. You can't fault the masses, when the bank knows full well what kind of security most end users tend to have. The bank is reckless if they don't design their security system with this in mind - and it's unreasonable to expect the average Joe to have as much as a CISSP understanding of security, or even know the meaning of the word malware.
Quote:
Originally Posted by mase View Post
I don't think it's a competent bank if it lets its customers vulnerable to the screenshot programs I mentioned.
Of course it is. Competent security professionals do risk assessments. It comes down to the bottom line. It's very unlikely that someone would attempt the attack you're talking about on a distributed basis. The cost of altering the security policy and forging tools to counter it quickly exceeds the money they would pay in damages (probability of the attack multiplied by the potential loss). It doesn't make sense to spend money on every obscure or unlikely corner case scenario, because the cost of security begins to erode the business case.
Quote:
Originally Posted by mase View Post
If a bank didn't use one-time password, ideally in combination with some hardware device, I wouldn't trust it for a second. The use of one-time passwords has long been standard in the banking sector at least in germany.
Agreed. That counters all kinds of threats and reduces vulnerability significantly. But it's not the screen cap threat that prompts it - it would be an absurd expense if that were the only threat being countered. One time passwords protect from the very real threat of keyloggers.

Last edited by jgombos; 11-07-2009 at 03:03 AM.
 
Old 11-11-2009, 03:00 PM   #47
mihalisla
Member
 
Registered: Jun 2006
Location: greece
Distribution: ubuntu 6.06 amd64
Posts: 132

Rep: Reputation: 15
So, after all this discussion I feel that a live cd would be the solution but....
1. the live cd should be in position to interact with the bank's site without any changes in the programs installed by default
2. the live cd should not allow any changes to the system (not even RAM after boot) ,not even an installation of a cookie

I don't know if my suggestions are applicable to a system but I like the idea.


P.S World's changes come from small ideas
 
Old 11-11-2009, 10:32 PM   #48
Jim Bengtson
Member
 
Registered: Feb 2009
Location: Iowa
Distribution: Ubuntu 9.10
Posts: 164

Rep: Reputation: 38
I wonder if anyone's put together a live CD with a version of Linux that is pared down to the bare bones necessary to support a browser (TCP/IP, Firefox, javascript, and Java(?)), and is hardened. It's purpose would be a bootable, secure browser and nothing else, so you could use it for banking, secure transactions, and for venturing where the malware is thick.

Being Linux, most malware won't work anyways. Being a live CD, any virus infections disappear when you reboot, so it wouldn't matter.

The logo would be Tux in an enviro-suit.
 
Old 11-11-2009, 11:58 PM   #49
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by Jim Bengtson View Post
I wonder if anyone's put together a live CD with a version of Linux that is pared down to the bare bones necessary to support a browser (TCP/IP, Firefox, javascript, and Java(?)), and is hardened. It's purpose would be a bootable, secure browser and nothing else, so you could use it for banking, secure transactions, and for venturing where the malware is thick.

Being Linux, most malware won't work anyways. Being a live CD, any virus infections disappear when you reboot, so it wouldn't matter.

The logo would be Tux in an enviro-suit.
It would be neat for the CD to put you in a VM by default too, in order to make it more difficult for an attack to propagate onto your hard disk. That is, assuming that unplugging the hard drive every time would be too inconvenient.
 
Old 11-12-2009, 11:01 AM   #50
Jim Bengtson
Member
 
Registered: Feb 2009
Location: Iowa
Distribution: Ubuntu 9.10
Posts: 164

Rep: Reputation: 38
Quote:
It would be neat for the CD to put you in a VM by default too, in order to make it more difficult for an attack to propagate onto your hard disk.
I suppose you could build the custom Linux kernel for the live Cd so that it didn't know anything about hard drives...
 
Old 11-12-2009, 11:09 AM   #51
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by Jim Bengtson View Post
I suppose you could build the custom Linux kernel for the live Cd so that it didn't know anything about hard drives...
Yeah, and without any module loading capability. Plus all browsers run in a VM, and everything restricted by SELinux. There should also be a memory overwrite script on shutdown, to prevent cold boot attacks*.

Some nice paranoia-themed music would be nice too.


*At least some of them.

Last edited by win32sux; 11-12-2009 at 11:12 AM.
 
Old 11-12-2009, 12:07 PM   #52
Jim Bengtson
Member
 
Registered: Feb 2009
Location: Iowa
Distribution: Ubuntu 9.10
Posts: 164

Rep: Reputation: 38
Talking

Quote:
Some nice paranoia-themed music would be nice too.
Band: Bugs In the Dark
Song: Paranoia
http://www.vimeo.com/2375755
 
Old 11-13-2009, 11:43 AM   #53
mihalisla
Member
 
Registered: Jun 2006
Location: greece
Distribution: ubuntu 6.06 amd64
Posts: 132

Rep: Reputation: 15
I Have a crazy idea :
To establish an encrypted relationship between the RAM and the system . . .
It gets even better now....... :
The type of the encryption could be the "one time password "(in every boot one random password from the user) that is mathematically uncrackable
So no matter how many times the cracker (even with quantum processor) tries to crack the system it would be impossible

PS. And moreover as win32sux said
Quote:
Yeah, and without any module loading capability. Plus all browsers run in a VM, and everything restricted by SELinux. There should also be a memory overwrite script on shutdown, to prevent cold boot attacks*.

Some nice paranoia-themed music would be nice too.
 
Old 03-21-2010, 05:39 PM   #54
deepsix
Member
 
Registered: Apr 2003
Distribution: ANY
Posts: 339

Rep: Reputation: 32
Quote:
Originally Posted by scourge99 View Post
Then perhaps you can explain it if its so obvious?
unless u have full disk encryption and a bios password anyone could take an external usb drive with a linux distro on it and have access to your filesystem
 
Old 03-21-2010, 09:29 PM   #55
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
deepsix, please don't resurrect dead threads help us keep LQSEC as zombie-free as possible.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Prevent un-blanking due to input events RuchiS Linux - Software 1 09-26-2009 09:07 PM
Repeated "input: AT Translated Set 2 keyboard as /class/input/input" messages AcerKev Mandriva 2 09-16-2007 08:35 AM
No keyboard input under gnome. gatdrydock Linux - Software 1 07-10-2005 03:15 PM
my mouse input is takes as keyboard input in BASH e1000 Slackware 5 12-08-2003 03:00 PM
No keyboard input seen neo77777 Linux - General 5 07-12-2002 09:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration