Recently in technology Category

"Insanity: doing the same thing over and over again and expecting different results."

As a security architect, I've come to truly loathe the endpoint security space. The "answer" seems to be an unending stream of "yet another agent" to layer onto an endpoint, usually just to supplement another tool that's insufficient. Rarely, if ever, can I remove one of these tools (like AV! I still have AV after all this time?!), which means I get to encounter all sorts of conflicts and problems, and for what benefit? Why am I investing hundreds of thousands for incredibly small incremental gains? Insanity...

Part of the challenge with endpoint security is the problem state. As it stands today, we're typically stuck in a traditional general purpose OS environment with very little useful segregation. We deploy tools that live inside this general environment and then hope that a) they keep functioning, b) don't introduce more problems, and c) are somehow able to get enough visibility to assert reasonable control. Sheer folly. It's like trying to estimate the size of an infinite universe from an ant's perspective.

Putting aside specialized solutions deployed to endpoints for solving non-endpoint problems (like monitoring or controlling data movement)... the core focus of endpoint security /should/ be focused on monitoring for state changes. Unfortunately, in a general OS environment, this is very difficult because there are rarely clean, clear boundaries that can be watched for these state changes. In the mobile world we see this problem moving to a slightly more tenable position wherein wrappers and containers can be deployed to better define boundaries, which then enables watching for state changes. We're also starting to see this in production applications that leverage a container-based micro-services architecture. All of which leads me to an interesting thought:

unikernel+containers+sidecars=secure endpoint!

I contributed a piece to the Norse Security Dark Matters blog a few weeks back.

It's Time to Kill the General Purpose Browser

Another week, another critical Adobe Flash vulnerability (CVE-2015-3113), complete with active exploit in the wild. Adobe encourages everyone to patch right away, but is there more you should do?

In fact, here in 2015, with a constant stream of broken apps, broken browser, broken plugins, and breach after breach after breach, I'm left to wonder: Why are we still using general purpose browsers at all anymore? Are they, and their associated plugins, doing more harm than good?

Continue reading here...

Patch Your Internet Router/Gateway!

Just a friendly fyi... if you're running an Internet router/gateway from Asus or Linksys, please make sure that you've updated the firmware recently! In some ways, this strikes me as another example of attacks on the Internet of Things (IoT). If you've been following IoT attack trends, then you may have read about the possibility that a refridgerator may have be found sending out spam.

Continue reading here...

The Oatmeal has a great cartoon on why Netflix is splitting into two entities. If you've not seen it, then please, go look now! :)

While the cartoon certainly puts a fine point on what most of us are thinking, I do think there are 2 clear reasons why Netflix would want to decouple the disc-rental business from online streaming. Those are:

1) Shipping Rates Are Killing By-Mail Disc Rentals.

This one is pretty obvious. Netflix relies heavily on the postal service, which is itself seeing dire times. I don't imagine that their margins are all that great on the by-mail disc rentals as it is, and all this uncertainty around postage rates and the future of the postal service has to be registering as a major risk on the quarterly reports. Ultimately, I'd be shocked if Netflix Qwixster didn't move to purchase or create one of those rental-box companies and then move strongly away from mail-based delivery of movies. Imagine a passcard with a PIN that let you check out N movies at a time, return them, and rent more, for an unlimited amount. For more rare movies, you then pay a premium for mail-based service. Or something like that.

2) Netflix Has a Multi-Login Problem.

The other great annoyance with this change is that there will now be 2 separate logins and web sites, rather than the single one we see today. Now, personally, I disagree with the complete decoupling of the online interface as single sign-on has existed for a while. But, while that's annoying, I do think I understand their motivation. As of today, multiple people can simultaneously login to Netflix using a shared account, and they can all stream shows at the same time. This has to be problematic for Netflix, not only because they're not seeing as much revenue as they should be, but I'd also wager that the movie studios are holding back a bunch of content because /they/ also don't see the revenue in the same way. In order to solve this problem, Netflix needed to find a way to allow multiple logins to manage the DVD queue while only allowing N logins (based on account level) to stream video. By completely splitting the site, they've probably "solved" this problem (though, albeit, in an incredibly inelegant fashion). I fully expect to see new account tiers from Netflix once the sites are split that forcibly limit users to 1 active login at a time. On the flip side, I also expect that they will increase and improve their online content (and it had better be a dramatic improvement).

Anyway... just my quick thoughts on this Netflix/Qwixster business... I can't say that I find it the most elegant solution, but if it helps them achieve their goals, then so be it. *shrug*

If you travel at all, or are concerned about doing local backups, or maybe don't even have any backups today (talking primarily here about home and SOHO environments), then you've probably thought a bit about the various online "backup" (or "archive") providers. I've looked at a bunch of them and had mixed results. One thing to beware: many of these services style themselves "archive" solutions, rather than "backup" solutions, all to dodge reliability commitments. As such, I thought I'd share some of my thoughts/results...

As noted in my last post, I've made the jump to Lion. Overall, it's pretty good. I've already noticed that it's a bit zippier than it's predecessor (Snow Leopard). That said, there are a few quirks that require customizing back to what I consider a bit more sane. I'll try to update this list as I find other options since I've still not discovered how to fix a few things (noted later).

I've had my fair share of stability issues with my 15" MacBook Pro (MBP) since I bought it in late 2009. I've had to replace the RAM, the hard drive, and dealt with all sorts of issues. I recently went on vacation and opted to leave the ol' MBP at home so that it, too, could have a vacation. I even shut it down all the way (how considerate of me!). When I returned home it fired right up, wanted to install a couple patches, and all that good stuff. And then it all started going bad...

After being home a couple days, my laptop started crashing with kernel panics (I call this the "grey screen of death" - OS X says you've crashed and need to hold down the power button to reboot). After a couple days of this nonsense, with it getting progressively worse, I decided to call Apple Support, which, btw, ROCKS. They had me shutdown, do an SMC Reset, then boot into Safe Boot mode (hold down shift before the boot-up chime) to remap drive and directory info. Viola! Problem solved! (or not)

This is just a quick update to let you know that the upgrade portion of my "Upgrade+Migration" project has completed successfully (yay!). I'm going to let things simmer here for a couple days to make sure everything is good before I move on to the next phase. In the meantime, you can find me in Austin, TX, Fri-Sat (3/11-12) where I'll be helping run - and speaking at - Security B-Sides Austin 2011! Yeehaw! :)

Just a heads-up, if this blog suddenly disappears from your feed in the next couple weeks, please check back to make sure your RSS link is correct. Those following on SBN or Feedburner should be unaffected, and I expect those directly linked to my feed will be unaffected as well. Nonetheless, I thought I'd let y'all know... just in case!

I loved this quote from today's EFFector 22.32 by the EFF.

* DVR Is TV's New BFF
Digital Video Recorders (DVRs), once considered a mortal threat by the
entertainment industry, have now become its new best friend. It's just
the latest example of how the industry's constant warnings of the
dangers of "piracy" frequently turn out to be baseless hysteria.
https://www.eff.org/deeplinks/2009/11/dvr-tvs-new-bff