funsec mailing list archives
Re: dumb. Comcast pop-ups
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 12 Oct 2009 09:05:07 -0400
On Sun, Oct 11, 2009 at 10:03:26PM -0400, Larry Seltzer wrote:
If they are not...I think it's fair to assume that a very high percentage of these users will have at least one malicious system behind the cable modem. We're pretty good at recognizing that now, aren't we?
I'm not sure what you mean. Yes, infection rates are high and steadily rising, so it's a decent bet that any household chosen at random will have at least one system with at least some issues, but our ability to detect these (from outside) depends entirely on what they're doing. A spam-spewing bot sticks out like a sore thumb, but a compromised system which is not making itself so readily visible may go undetected indefinitely. Given what we've observed during this decade about botnet operators, I think they are *easily* smart enough to hold huge numbers of systems in reserve. So I think "the set of systems that appear to be bots and are spewing spam" is just the tip of the iceberg. But even if that's true: it still doesn't tell us which ones. Figuring that out requires visiting all of them, booting them from known-clean media, running the appropriate tools, analyzing the results, etc., and that's time-consuming and expensive. So instead we have PR exercises like this rubbish from Comcast.
If they are, then what POSSIBLE reason is there to believe that theusers will actually see these pop-ups? It is, after all, not in the best interests of the new owners of those compromised systems to permit the former owners to be alerted to what's going on. Of course there's no evidence that any malware is yet blocking such messages. One day when that happens it will be a problem. In the meantime this is a fairly unobtrusive way for Comcast to communicate with users. When it's blocked they'll have to find another.
Of course there isn't. But do you really think that people clever enough to rewrite bank statements on the fly will have any technical difficulty at all deploying the code to block those pop-ups? My guess is that they'll assign the task to some junior programmer whenever they feel it's worth troubling themselves to swat this annoying little fly. More broadly: one of the reasons we find ourselves where we do is that we think too much about what the adversary IS doing instead of what the adversary COULD be doing. It's a failure of imagination. It's why they're so far ahead of us and pulling further away every day. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: dumb. Comcast pop-ups, (continued)
- Re: dumb. Comcast pop-ups Jon Kibler (Oct 11)
- Re: dumb. Comcast pop-ups Michael Collins (Oct 11)
- Re: dumb. Comcast pop-ups Larry Seltzer (Oct 10)
- Re: dumb. Comcast pop-ups der Mouse (Oct 10)
- Re: dumb. Comcast pop-ups Dave Dennis (Oct 10)
- Re: dumb. Comcast pop-ups der Mouse (Oct 10)
- Re: dumb. Comcast pop-ups Rich Kulawiec (Oct 11)
- Re: dumb. Comcast pop-ups Paul Vixie (Oct 11)
- Re: dumb. Comcast pop-ups Valdis . Kletnieks (Oct 11)
- Re: dumb. Comcast pop-ups Rich Kulawiec (Oct 12)
- Re: dumb. Comcast pop-ups Larry Seltzer (Oct 12)
- Re: dumb. Comcast pop-ups Rich Kulawiec (Oct 16)