Full Disclosure mailing list archives
Re: [funsec] the heart of the problem [was: RE: mac trojan in-the-wild]
From: Drsolly <drsollyp () drsolly com>
Date: Fri, 2 Nov 2007 10:33:22 +0000 (GMT)
Things are in fact FUBAR. We need new ideas and new solutions as honestly, although we want to feel we make a difference by taking care of this or that malware or this and that C&C we are powerless and have not made a real difference in the past 6 years while things got worse. We need new solutions and new ideas, and would be more than happy to have new people exploring operational security.
My new idea is a computer that cannot have new software installed on it by the user, or by someone logging in as root, or in any other way, other than by physical replacement of the OS medium. My first proposal was Grannyx, which I proposed a couple of years ago. No work has been done on this, because none of the people who think it's a good idea, have the time to make it happen. The OS is on a CD Rom, and the medium on which data is stored, is unable to run software.
The current state of Internet security is you get slapped -- BAM! -- and you write an analysis about it. (when speaking at ISOI I actually slapped myself -- HARD -- when I said it on stage, not a good idea for future reference).
A better analogy might be "you see someone else being tapped gently on the wrist", which explains why no-one does much to stop it happening in future.
Well, we can't choose the risks. They choose us. Sometimes they are cool, sometimes they're not.
Well, we can choose the risks, actually. Having chosen the risk, you can't choose the outcome. But we do choose the risks. For example, I climbed a tree yesterday. The outcome was good (it might not have been), but *I* chose the risk. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: mac trojan in-the-wild, (continued)
- Re: mac trojan in-the-wild J. Oquendo (Nov 02)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 02)
- Re: mac trojan in-the-wild reepex (Nov 02)
- Re: mac trojan in-the-wild Simon Smith (Nov 02)
- Re: mac trojan in-the-wild Dude VanWinkle (Nov 05)
- Re: mac trojan in-the-wild Paul Schmehl (Nov 05)
- Re: mac trojan in-the-wild Roger A. Grimes (Nov 01)
- Re: mac trojan in-the-wild Thor (Hammer of God) (Nov 01)
- Re: mac trojan in-the-wild Jay Sulzberger (Nov 01)
- the heart of the problem [was: RE: mac trojan in-the-wild] Gadi Evron (Nov 02)
- Re: [funsec] the heart of the problem [was: RE: mac trojan in-the-wild] Drsolly (Nov 02)
- Re: [funsec] the heart of the problem [was: RE: mac trojan in-the-wild] yiri (Nov 02)
- Re: the heart of the problem [was: RE: mac trojan in-the-wild] Roger A. Grimes (Nov 02)
- Re: mac trojan in-the-wild Roger A. Grimes (Nov 02)
- Re: mac trojan in-the-wild David Harley (Nov 02)
- Re: mac trojan in-the-wild Peter Besenbruch (Nov 01)
- Re: mac trojan in-the-wild Paul Schmehl (Nov 01)
- Re: mac trojan in-the-wild Peter Besenbruch (Nov 01)
- Re: mac trojan in-the-wild Paul Schmehl (Nov 01)
- Re: mac trojan in-the-wild David Harley (Nov 03)
- Message not available
- Re: mac trojan in-the-wild Peter Besenbruch (Nov 05)