Back to Top

Sunday, October 08, 2006

Hack the Gibson - Episode #60

Read the reason for these posts. Read Steve Gibson's response.

Here I am again, with a little delay because I was away on a conference of economics over the weekend, but I'll cover that in a later post. This netcast started out very nicely, and I was hoping that I won't have to write this post (I'm in no way worried that I run out of things to rant about :)). But as you'll see there are some errors and bad answers in this show also as you can see from the length of this post.

The answer for the second question was right on spot (the first question wasn't about security). It also raised a very good question: why doesn't Microsoft unregister the affected DLLs through Windows Update as a first measure? In the case of the WMF flaw I suppose that deregistering the given DLL may have affected some printing services, but in the case of the VML flaw this seems to have been a good preliminary solution.

The first question where I have something to comment about is the one about the USB devices and virtual machines. As most of the time Leo hits the nail on the head: in VMWare (I don't know about VirtualPC or Parallels) the USB device is associated with the virtual machine only if it's in the foreground while you're plugging it in (probably you can change it in the settings).

For the gentlemen asking about reducing windows installation sizes: Normally I would recommend CCleaner. It's free and does a good job of removing unneeded temporary files. However being that he's already using a reduced version of Windows I don't believe that any method / tool would provide a considerable reduction in used disk space.

The answer to the security question is sort of ok, however one has to wonder what kind of network engineer is the one who doesn't have security knowledge. But let me use this room for a little rant about novice users and computers: you can't buy security. If you think that you plug a little box between you and your Internet connection and this will keep you secure from every possible threat, you're deluded or just watched too match marketing materials. The responsible thing to do on the computer shops part who puts together the computer and probably installs some kind on Windows on it to: (a) set up the user as user not administrator (b) install free security products on it and set them to auto-update without asking the user (c) set windows to auto-update without asking the user (d) load up the computer with open-source software to do most of the things a typical home user might need (like play music, watch films, read e-mail etc). Then put together some kind of learning material about security and say to the user: you can use your computer for most of the things you want. If you wish to get the Administrator password, you must read this material to understand the basic things about your computer and then take a free online test. If s/he passes, then s/he gets the Administrator password. This would make possible for the grandma-type users to read their e-mails with no effort and fairly safe and still provide a way for the more determined users to gain full control over their machine (after they know at least to some extent what they are taking control of). Now I know that no company in the world would implement such a policy, but wouldn't it be great?

About TrueCrypt and a possible performance degradation: I'm convinced that there would be only very little performance degradation (disclaimer: I didn't do any tests, this is just my personal opinion), however there would be a big gain: she can be sure that everything (and I mean everything) that she does in the virtual machine would be crypted. When using partial encryption (like putting your documents on a separate partition and only encrypting that or using the EFS facility of NTFS), you are always in the risk of leaving artifacts (for example temporary versions of documents are often written to the temporary directory during editing from where they can be recovered, or contents of the memory can end up the swap file). Thus the only 100% secure solution (assuming you've choose a long and had to guess password) is to put the VMWare image on an encrypted volume. Period. A sidenote: I've found some sites which claimed to have achieved performances in the range of 100MB/s with AES, one of the strongest algorithms included in TrueCrypt, using consumer hardware. This clearly is more than enough for disk transfers (the test were done using memory as source and destination to enable maximum throughput).

The answer for the question about overheating damaging your CPU is clearly wrong and I have factual evidence for it: you can watch the videos showing Toms Hardware removing the heatsink while they are running (go to the last page of the article to download the video). They are clearly damaged! Now I know this is extreme and just stopping he fan probably would do less damage, but it is possible. Then again I never heard about malware doing this, but this doesn't mean that it doesn't exists.

Now on to the next question: please don't run SAMBA on the internet. Please! And don't recommend it to other people either. The protocol contains no encryption and was not meant for usage in non-trusted networks. Please use SFTP, Apache with HTTPS and password protection or other means for sharing files. While sharing files with SAMBA is a little more convenient than these other methods, it is by no mean secure!

Finally the discussion about software patents was good.


Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.