|
Posted by Steve Riley [MSFT] on August 29, 2008, 4:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Dan, I have resisted writing a message like the one I'm writing now but I
can wait no longer. I'm not exactly sure what it is that you expect to
accomplish with statements like "web link may be manipulated by others" and
"poster not responsible if someone hacks post" (other than possibly stoking
the fears of other readers) nor do I understand your repeated requests for
me to comment on various things (I am not any kind of Microsoft crystal
ball).
In the newsgroups I avoid religious arguments about software, engaging in
flame wars, or questioning people's motives because none of those activities
do anyone any good. But your exaggerated claims about the realm of possible
attacks, your continued devotion to "internal safety" vs. "external
security" (which are terms NO ONE ELSE in the security field uses), your
frequent invocation of DHS (and your cc-ing the US-CERT in your private
emails to me -- what's up with that?), and your strange occupation with
"source code" is really getting quite tiresome.
In this thread you wonder about some kind of "new source code" that might be
under development. In your thread "Source Code," you lament that, according
to Wikipedia, Windows 7 "will use the Windows NT source code" -- then later
on claim that we've got some sort of secret skunkworks project. Do you
really even understand what source code is? Nowhere in the Wikipedia article
did I see any reference to Windows NT source code. Do you realize that
virtually none of the original NT code still exists in the current versions
of Windows? Much of the architecture (for example -- file storage,
communications, process handling, and memory managememt) is still in place,
of course, but nearly every single element has been rewritten and expanded
to increase reliability and security, and to take advantage of modern
hardware capabilities. In a reply to "Is DNSSEC supported by Windows?" you
claim that DOS is required for "internal safety" -- is this a joke? Do you
understand that DOS is an ancient thing written for a totally different
time -- when there were no networks, no multitasking, no re-entrance
(executing the same piece of code multiple simultaneous times), no
multi-user support, and no concept of virtualizing any of these layers? DOS
HAS ZERO security of any kind. To claim "society and the world are paying
for the mistake" of not using DOS in the current version of Windows is
really rather silly.
Your assertion that "the majority of people here...have...bought the company
line" is intended to indicate what? What "company" do you mean? Information
security practices and philosophies have evolved over time to address
changing business requirements in an age where everything is connected all
the time using public networks. To claim that "the majority" are wrong and
that the development practices (and products) of two decades ago will
somehow save us from all evil shows a fundamental misunderstanding of the
issues and solutions.
Dan, I am not attacking your motives or impugning your character. But I am
asking that you rethink your positions (and your allegiances) as you
continue your journey in field of computer security.
--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
> Thanks for your reply MowGreen. I really do respect you and consider you
> a
> great asset to this group. I loved when Apple users were so sure of their
> operating system and computers that they claimed they were really safe and
> when an Apple, Windows Vista and Ubuntu Linux computer competed against
> each
> other the first one to be hacked was the Apple. BTW, have you heard
> anything
> about Microsoft new source code that you can publicly share on this
> newsgroup?
>
> "MowGreen [MVP]" wrote:
>
>> Where are the Penguin fanbois exclaiming " Linux is the safest OS; it's
>> impenetrable " ?
>> C'mon guyz, do your part. You have a role to fill here.
>>
>> But, seriously, Dan. Anyone with common sense knows that any system that
>> is exposed to the internet can be compromised. And, it is irrelevant
>> which OS one runs.
>> The key is, never drink 'OS koolaid'. Use the one that suits your
>> purposes but don't tell everyone that it is ' the most secure ' or ' it
>> can't be hacked '. That's total nonsense.
>>
>>
>> MowGreen [MVP 2003-2008]
>> ===============
>> *-343-* FDNY
>> Never Forgotten
>> ===============
>>
>>
>> Dan wrote:
>>
>> > http://www.us-cert.gov/current/index.html#red_hat_releases_openssh_security
>> >
>> > {Note: Web Link may be manipulated by others and smart web surfing is
>> > encouraged like reading in plain text and blocking remote code --
>> > Disclaimer:
>> > Poster is not responsible if someone hacks post and web link is
>> > illegally
>> > changed}
>> >
>> > Here is the information from US-Cert.gov which is a part of DHS: all
>> > below
>> > should be considered a quote ". . ."
>> >
>> > SSH Key-based Attacks
>> > added August 26, 2008 at 03:41 pm | updated August 27, 2008 at 03:41 pm
>> >
>> > US-CERT is aware of active attacks against linux-based computing
>> > infrastructures using compromised SSH keys. The attack appears to
>> > initially
>> > use stolen SSH keys to gain access to a system, and then uses local
>> > kernel
>> > exploits to gain root access. Once root access has been obtained, a
>> > rootkit
>> > known as "phalanx2" is installed.
>> >
>> > Phalanx2 appears to be a derivative of an older rootkit named
>> > "phalanx".
>> > Phalanx2 and the support scripts within the rootkit, are configured to
>> > systematically steal SSH keys from the compromised system. These SSH
>> > keys are
>> > sent to the attackers, who then use them to try to compromise other
>> > sites and
>> > other systems of interest at the attacked site.
>> >
>> > Detection of phalanx2 as used in this attack may be performed as
>> > follows:
>> >
>> >
>> > "ls" does not show a directory "/etc/khubd.p2/", but it can be entered
>> > with
>> > "cd /etc/khubd.p2".
>> > "/dev/shm/" may contain files from the attack.
>> > Any directory named "khubd.p2" is hidden from "ls", but may be entered
>> > by
>> > using "cd".
>> > Changes in the configuration of the rootkit might change the attack
>> > indicators listed above. Other detection methods may include searching
>> > for
>> > hidden processes and checking the reference count in "/etc" against the
>> > number of directories shown by "ls".
>> > US-CERT encourages administrators to perform the following actions to
>> > help
>> > mitigate the risks:
>> >
>> > Proactively identify and examine systems where SSH keys are used as
>> > part of
>> > automated processes. These keys will typically do not have passphrases
>> > or
>> > passwords.
>> > Encourage users to use the keys with passphrase or passwords to reduce
>> > the
>> > risk if a key is compromised.
>> > Review access paths to internet facing systems and ensure that systems
>> > are
>> > fully patched.
>> > If a compromise is confirmed, US-CERT recommends the following actions:
>> >
>> > Disable key-based SSH authentication on the affected systems, where
>> > possible.
>> > Perform an audit of all SSH keys on the affected systems.
>> > Notify all key owners of the potential compromise of their keys.
>> > US-CERT will provide additional information as it becomes available.
>> >
>> > US-CERT credits DFN-CERT for their contributions regarding this issue.
>> >
>> > {Note: to Microsoft only users: The above is provided as a general
>> > service
>> > announcement and although it affects Linux systems is provided here
>> > publically to raise user's awareness of how serious computer attacks
>> > are
>> > getting --- thank you for any feedback and have a great day}
>> >
>> > Also please use Microsoft's own password tool to generate stronger
>> > passwords
>> > that are safe and secure. I hope Steve Riley, MSFT will ocmment for
>> > all of
>> > us to benefit on the issue of new security and safety measures and the
>> > new
>> > source code Microsoft is slowly but surely developing. That new source
>> > code
>> > is what I am super excited about for Microsoft's future.
>>
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map