Blog‎ > ‎

Modularity, Malware, Security, Cloud, Anonymization, Python, PowerShell, Whonix

posted Dec 3, 2013, 8:22 AM by Sami Lehtinen   [ updated Dec 3, 2013, 8:24 AM ]
  • Software modularity is very important. Way too many apps are just huge pot fulls of spaghetti. It makes system hard to maintain. With current technologies, application can be built using totally independent modules. Where stuff which earlier processed by process, are now processed using remote procedure call. Therefore each "procedure" of program can even scale out, automatically and be remapped or changed in real-time production system without any problems. If process was earlier a-b-c, you can on the fly change process to be a-b-d-c. As well as if b has some kind of issues you can add a-l-b-l-c steps where l is detail logger. When issue is resolved, you can just drop those logger modules from the app on the fly. All processing is based on process and data flow routing table. As well as any of the modules can be changed with different module which just implements same interface. Of course this has been the basic of OOP for long, but now it can be made bit differently. Instead of Java's dynamic linking on runtime, links can be built between processes and not classes. This also greatly simplifies application design, because end result can't be that pot of spaghetti.
    I'm sure that we all have heard the story where they tell, no no, it can't be changed, because it affects whole program. Well, it shouldn't be that way.
  • It's really hard to glue security to product which is built to be totally insecure.
  • Some kind of strange malware got running on one undisclosed computer. It was only F-Secures Deep Guard which warned about the application when it tried to modify certain system files & configurations. Horrible stuff, browsers are so insecure. I'm really glad that F-Secure was running, because otherwise the execution attack could have been totally unnoticed. Only bad thing was that I didn't know what was changed before F-Secure warned about this ongoing threat. This lead to immediate disk wipe and re-installation of the system. Hard work, and annoying but totally mandatory to maintain system & network security. Virus Total didn't detect anything wrong with the file, even if I found copy of it from browsers cache. As well as nobody had ever scanned the file before. It seems that black list approach is nearly useless against current threats. As we all know, firewalls are only one small part of layered security. And security is hard, it's nearly impossible to be secure. When system is secure, then it's practically unusable. This is also great reason to have separate work stations for 'secure' and another for 'risky' business. Risky workstation won't contain any personal or private data, and can be easily reset to it's original state, what ever happens between. 'secure' work station is only used to process encrypted and signed text data from trusted sources. It's never directly connected to the Internet.
  • It seems that it's quite common to load JavaScript from third party sites, even this is very bad idea. When that third party site is compromised, even if your setup would be secure, it's really bad for your customers who can easily get infected and exploited. Almost all popular sites are currently doing this.
  • These hacks just prove what I have though originally. It's totally wrong attitude to use email as login or for password recovery. It's simply insecure and pointless. - I just noticed that Digital Ocean offers password reset by email. Why? That's sure and great way to make things insecure.
  • I'm tired of all this discussion if cloud is more or less secure than other types of systems. Well, it is more and it's less secure. It's totally what you're comparing to what. Without extensive analysis of both systems and defining all the details, proper analysis can't be done. I personally would say that professionally run proper PaaS / SaaS cloud is usually more secure than random server running in closet at office, which operating system and other Internet accessible server applications hasn't been updated for ages. As well as there's a broken disk in the RAID5 or even better, there's only single disk and no backups at all. But then people say that Amazon was down for X hours. So what? Your own server was down for whole weekend, but nobody just bothered to make news about it.
  • Configured Tor Relay and Exit Node for VPS so I can utilize excess  bandwidth for something useful.
  • Read FAQ & other documentation of Pythonium project (A Python to JavaScript translator)
  • What is EMET?
  • Wrote a PowerShell script which is run when user logs in. Script checks if user is Administrator or if it belongs to certain user groups and then launches suitable program for them. For admins, explorer, for power users full featured program ui and for rest really restricted ui. All other access is locked down using app locker, file access rights etc. After all this tuning, I feel quite confident that system is at least semi secure unless there's application backdoor / administrator / service access to the server. Honest users can't do much much damage, even if they would try to.
  • Finished reading complete  Design paper of Phantom Protocol by Magnus Bråding (PDF) and it's protocol implementation paper (PDF). It's quite silmilar to Tor, but just better. And just as bad what comes to global adversary due to low latency. Good thing about is that it allows high-availability anonymous tunneling, which Tor doesn't.
  • Played with VirtualBox and Whonix (Anonymous Operating System), seems to be easy to setup and use. All you need to make sure, is that there's absolutely no identifying information on either of the machines. So even if the hidden machine is hacked, hackers shouldn't have any way to find out where and what machine it actually is.
  • Studied MPTCP, it would be nice, as soon as it's actually usable.
  • Something completely different: Studied Ice Classes, including Polar Class and Finnish-Swedish Ice Classes.