Dailydave mailing list archives
Re: First RSAC 2015 Note
From: Darkpassenger <darkpassenger () unseen is>
Date: Wed, 29 Apr 2015 07:38:15 -0700
this technology was in fashion among spooks when tempest [1] wasnt well matured , e.g days of remotely screen grabbing or copy machine reading from afar . putting random sleep cannot protect you if you were the emperor [2] and "serious" sigint & elint were learning your every comm and move . i suspect its an OFFENSIVE product aim at cyber market instead of typical comsec buyers
-dp [1] http://www.cryptome.org/nsa-tempest.htm[2] http://www.amazon.co.uk/The-Emperors-Codes-Bletchley-breaking/dp/1906447128
On 2015-04-28 08:47, Michal Zalewski wrote:
As an offensive technique, power analysis is quite useful (which is whyNSA boxes filter their power supplies). As a defensive technique it is entirely useless. If all a malware writer has to do is add (sleep(rand()); into their code a couple places to defeat your detection, then you probably shouldn't build a whole company based on the hope that they won't someday do that.Antivirus companies had a good run for the past ~20 years, and many of the most successful multi-billion-dollar post-AV businesses embrace a functionally similar approach - just mentioning APT and cloud-based machine learning a bit more. Analyzing power consumption doesn't offend my sensibilities more than divination from binary signatures or syscall patterns. The success of the "enumerating badness" approach to security is probably unparalleled by anything else the industry had to offer in a very long time. So, I'm not sure if your "probably shouldn't" is a valid concern. One could lament so much money and resources being tied up on solutions that will probably not stop an interesting victim from getting owned, but then, what would? The only thing that probably works well is hiring a top-notch security team and giving them sweeping powers - but good candidates are in extremely short supply and are hard to tell apart from quacks. /mz _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- First RSAC 2015 Note Dave Aitel (Apr 28)
- Re: First RSAC 2015 Note Michal Zalewski (Apr 29)
- Re: First RSAC 2015 Note Darkpassenger (Apr 29)
- Re: First RSAC 2015 Note Michal Zalewski (Apr 29)