Dailydave mailing list archives
Re: First RSAC 2015 Note
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Tue, 28 Apr 2015 08:47:28 -0700
As an offensive technique, power analysis is quite useful (which is why NSA boxes filter their power supplies). As a defensive technique it is entirely useless. If all a malware writer has to do is add (sleep(rand()); into their code a couple places to defeat your detection, then you probably shouldn't build a whole company based on the hope that they won't someday do that.
Antivirus companies had a good run for the past ~20 years, and many of the most successful multi-billion-dollar post-AV businesses embrace a functionally similar approach - just mentioning APT and cloud-based machine learning a bit more. Analyzing power consumption doesn't offend my sensibilities more than divination from binary signatures or syscall patterns. The success of the "enumerating badness" approach to security is probably unparalleled by anything else the industry had to offer in a very long time. So, I'm not sure if your "probably shouldn't" is a valid concern. One could lament so much money and resources being tied up on solutions that will probably not stop an interesting victim from getting owned, but then, what would? The only thing that probably works well is hiring a top-notch security team and giving them sweeping powers - but good candidates are in extremely short supply and are hard to tell apart from quacks. /mz _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- First RSAC 2015 Note Dave Aitel (Apr 28)
- Re: First RSAC 2015 Note Michal Zalewski (Apr 29)
- Re: First RSAC 2015 Note Darkpassenger (Apr 29)
- Re: First RSAC 2015 Note Michal Zalewski (Apr 29)