Comments

Clive Robinson November 4, 2024 11:05 AM

First thing to remember,

It’s not just China or the other four horsemen of the axis of evil.

Yes China, Iran, North Korea and Russia are all at it as are Brazil, India, and other fast economic developers.

Oh and don’t forget every country in Europe, and East of the Mediterranean.

Where it’s not just Nation State SigInt agencies, it’s private corps funded by Venture Capital Investors.

Why, because there is a very great deal of money to be made selling technology and information on what most would consider at best questionably legal if not downright illegal markets.

Thus some are going to ask the obvious question,

“How to stop it and it’s risks?”

The answer is,

“If you have any external communications, all connected systems are vulnerable, beyond your capabilities to stop up the weaknesses on them all.”

Thus you have to develop a minimal connectivity policy and look up the old DMZ and Hardened Bastion Host stuff for a few historic foundation lessons. With any connected systems not having any sensitive or mutable information.

Then you need to “instrument” in ways an attacker can neither see or sense. Oh and have well developed “fast shut off/down” in place driven automatically.

Oh and as for “risk based prioritizing” a lot of alleged gurus talk about… Forget it, outside of “smash and grab” and allied “ransomware” you are very unlikely to know what your attackers real priorities are… So how can you see what risks they present and how to best mitigate them.

You are better advised on “bang for the buck” the top levels of which unsurprisingly tend to appear in the top five or seven industry “Best Practice” risk “priorities lists”…

The other priorities can be found in a more general form of “physical” rather than “information” security.

The two best bits of advice for “information security” are actually,

1, Don’t connect (Isolation / segregation).
2, Shovel S41t fast.

The first is “mitigation by Isolation / segregation” and unlike those expensive “firewalls” and similar bet devices will slow down or stop a “fire ship” attack.

The second is predicated on the unfortunate truth that all your consumer / commercial software from the boot ROM upwards at best stinks. Because it almost certainly has more holes than certain maggot infested cheeses that originate coincidentally in Italy (where a lot of commercial espionage tools originate).

There are a lot of lessons to be learnt from “physical security” and if you understand them you can pivot the knowledge into quite a chunk of “information security” (which in many cases is what the attackers are doing).

script blockers are your friend November 4, 2024 12:00 PM

why would they stop the gravy train?

lol, they don’t care if your already explained to them that

“security is an illusion”

respect for speaking the truth in your past books

Bruce Wilson November 4, 2024 2:39 PM

This was a great procedural sleuthing story. I was left with the impression that many of the players are just young security researchers in Chengdu chasing their muse and doing their best to adhere to local laws and ethics.

Clive Robinson November 5, 2024 9:42 AM

@ Bruce Wilson,

With regards,

“I was left with the impression that many of the players are just young security researchers in Chengdu chasing their muse and doing their best to adhere to local laws and ethics.”

It’s not just “Chengdu China” where this applies. As we know the same thing is going on in a country to the East of the Mediterranean.

The simple fact is that “students want to qualify” and in a way that will enable them to earn a living.

This gives the “Education Establishment” in any given nation thus it’s current ruling government significant power over the students and their “freedom to study” even if they do not realise it.

Sometimes the education system is quite corrupt, I’ve noted that on this blog in the past. In some places students have to “give papers” at conferences as part of qualifying. This enables faux-conferences to be set up that require the student to pay significant sums of money. Similarly faux-Journals. Those who have investigated such faux systems have all to often found those behind them pocketing significant sums of money. With a trail back to those in positions in academia…

So yup research direction can be quite easily be directed by making it “self interest” for students.

ResearcherZero November 11, 2024 1:52 AM

Security by obscurity is working wonders for industrial supply of exploits to governments.

Sandvine got itself of the list of sanctioned companies so it’s pals can keep up.

Clive Robinson December 19, 2024 1:42 AM

@ t33l0, ALL,

With regards Sophos putting malware on users systems.

Firstly this is “We’re the Good Guys” nonsense various governments use to spy on other governments, yet condemn those governments when they spy back.

But consider further, such software allows not just “files” to be looked at but altered or even created.

Such has been used by ransomware operatives for several decades.

But more recently Apple got into hot water over “on device” scanning supposedly to find CSAM. As was pointed out by many at the time, the scanning could “scan for anything”.

It also in effect constituted an “illegal search” but… This is where we get the “human eyes” nonsense as to if it is a search or not (something that really needs to be killed off).

The simple fact is encouraged by those in Law Enforcement and other local, state and national government agencies “the courts” are destroying the core fabric of human society.

We know where this goes, we have quite a bit of history from the end of the last century, a look at East Germany prior to the fall of the Berlin Wall gives plenty of detail.

There is a little known fact that we have to have crime to show that there is a need to have people investigate it and most importantly round up the law breakers.

Unfortunately some see “investigation” as being the sole reason, as this enables “Power to be accumulated”. Such people are not just anti-social they are with little doubt evil.

Clive Robinson December 22, 2024 10:21 PM

@ Bruce, ALL,

Do they ever learn?

An argument broke out in a “war game” and guess what?

Yup some numb brain leaked classified information into what is a public forum to “win an argument”

https://ukdefencejournal.org.uk/classified-fighter-jet-specs-leaked-on-war-thunder-again/

I’m old enough to remember back in the 1980’s the then UK PM Maggie Thatcher trying to have people eviscerated over the tiniest leaking of what she regarded as “secret” via The “Official Secret Act”(OSA) or the older “Defence Of the Realm Act”(DORA)

Including the UK Government claiming in Court the address of GCHQ was highly classified, thus a journalist who published it should be both hung drawn and quartered whilst being boiled alive etc.

The reality the address was well known to readers of Wireless World where every month GCHQ put a full page advert inside the back cover with it’s address…

But this leaking is quite a bit more serious, though how serious in terms of “leaked information” is a point open to debate, because I suspect some spy has already filched it… governmental department computer security or lack there of across more than a few European nations being what it is today.

After all if some chinese person has not flown a hobby drone through your underwear draw this week as an Xmas / festival of light etc treat you can not possibly be important 😉

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.