Re: CRYPTO-GRAM, July 15, 2012

[coderman <coderman () gmail com>]

On Sat, Jul 14, 2012 at 4:25 PM, Bruce Schneier <schneier () schneier com> wrote:
>  ...
> Many roadside farm stands in the U.S. are unstaffed.  They work on the honor
> system: take what you want, and pay what you owe.  I like systems that
> leverage personal moral codes for security.  But I'll bet that the pay boxes
> are bolted to the tables.

many but not most.

also, goats are exceptional sources of inspiration on side channel
attacks and insider threats. more on this later.. ;)

[i'd like to see a survey of info-sec specialists[0] turned ag
entrepreneurs. or sechors[0] as jya calls them...]


>      The Failure of Anti-Virus Companies to Catch Military Malware
>
> Mikko Hypponen of F-Secure attempts to explain why anti-virus companies
> didn't catch Stuxnet, DuQu, and Flame.  His conclusion is simply that the
> attackers -- in this case, military intelligence agencies -- are simply
> better than commercial-grade anti-virus programs.

this is true. they are better.


> I don't buy this.  It isn't just the military that tests its malware against
> commercial defense products; criminals do it, too.

many criminals are also better!
 ... but not most. heh


> Probably the
> people who wrote Flame had a larger budget than a large-scale criminal
> organization.

as evidenced by novel MD5 collision attacks leveraged for windows
update MitM (aka, "holy grail") and expansive A/V countermeasures via,
again novel, code injection methods.

they also do extensive QA to ensure success against their targets,
spanning whatever platform and processes. QA is expensive, and
methodical QA on malware; this makes me chortle!


> I think the difference has more to do with the ways in which these military
> malware programs spread.  That is, slowly and stealthily.

this is intended to preserve return on investment. maybe one
difference, but not the most significant.


> it seems
> clear that conventional non-military malware writers who want to evade
> detection should adopt the propagation techniques of Flame, Stuxnet, and
> DuQu.

they won't and they don't need to. conventional malware targets the
masses, and they're vulnerable without much effort.

military malware targets the specific, and they'll do whatever they
can (which is significant) to achieve success.

entirely different domains!



> ... I think there's an interesting discussion to be had about why
> the anti-virus companies all missed Flame for so long.
> http://www.f-secure.com/weblog/archives/00002388.html

this is succinct and apropos. commercial A/V is not going to protect
against state sponsored attacks (of which world class malware is a
part).

such protection requires ..., well, far more than kaspersky can ever give you :P


0.  "Reign of the Sechors"
  http://cryptome.org/2012/07/sechors.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/