Re: Death of antivirus software imminent
Anne Lynn Wheeler wrote: Virtualization still hot, death of antivirus software imminent, VC says http://www.networkworld.com/news/2007/121707-crystal-ball-virtualization.html Interesting how virtualization seems to imply safe in the public mind (and explicitly in that article) right now I'm sure with the increasing use of virtualization, we'll start to see more VMware-aware malware and virtual machine escapes in the wild. Another example of putting many, many eggs in the same basket. Here's a good article about the first public VMware escape, which Intelguardians demonstrated at SANSFIRE this summer: (Note: I'm biased, having worked on this project.) http://www.pauldotcom.com/2007/07/ What boggles my mind is that despite this, the DoD has still decided to rely on virtualization software to keep classified and unclassified info on the same physical systems: http://www.internetnews.com/storage/article.php/3696996 Sherri Anne Lynn Wheeler wrote: re: Storm, Nugache lead dangerous new botnet barrage http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1286808,00.html from above: The creators of these Trojans and bots not only have very strong software development and testing skills, but also clearly know how security vendors operate and how to outmaneuver defenses such as antivirus software, IDS and firewalls, experts say. They know that they simply need to alter their code and the messages carrying it in small ways in order to evade signature-based defenses. Dittrich and other researchers say that when they analyze the code these malware authors are putting out, what emerges is a picture of a group of skilled, professional software developers learning from their mistakes, improving their code on a weekly basis and making a lot of money in the process. ... snip ... ... and somewhat related Virtualization still hot, death of antivirus software imminent, VC says http://www.networkworld.com/news/2007/121707-crystal-ball-virtualization.html from above: Another trend Maeder predicts for 2008 is, at long last, the death of antivirus software and other security products that allow employees to install and download any programs they'd like onto their PCs, and then attempt to weed out the malicious code. Instead, products that protect endpoints by only allowing IT-approved code to be installed will become the norm. ... snip ... and post about dealing with compromised machines http://www.garlic.com/~lynn/2007u.html#771 folklore indeed mentioning sophistication in other ways: Botnet-controlled Trojan robbing online bank customers http://www.networkworld.com/news/2007/121307-zbot-trojan-robbing-banks.htm from above: If the attacker succeeds in getting the Trojan malware onto the victim's computer, he can piggyback on a session of online banking without even having to use the victim's name and password. The infected computer communicates back to the Trojan's command-and-controller exactly which bank the victim has an account with. It then automatically feeds code that tells the Trojan how to mimic actual online transactions with a particular bank to do wire transfers or bill payments ... snip ... there have been some number of online banking countermeasures for specific kinds of system compromises like keyloggers ... but they apparently didn't bother to get promises from the crooks to only limit the kinds of attacks to those exploits. some related comments on such compromised machines http://www.garlic.com/~lynn/aadsm27.htm#66 2007: year in review http://www.garlic.com/~lynn/aadsm28.htm#0 2007: year in review - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Question on export issues
On Dec 30, 2007, at 12:06 AM, [EMAIL PROTECTED] wrote: never be permitted to export to the embargoed country list (Cuba, Iran, Sudan, Syria, North Korea, and Libya). Not Libya. See 15 C.F.R §740Spir[0], country group E: Cuba, Iran, North Korea, Sudan, Syria. Interestingly, 15 C.F.R. §746.8[1] also lists Rwanda: an embargo applies to the sale or supply to Rwanda of arms and related matériel of all types and regardless of origin, including weapons and ammunition. I am not a lawyer, and cannot tell whether this applies to encryption. We've recently had to jump through the BIS crypto export hoops at OLPC. Our systems both ship with crypto built-in and, due to their Fedora underpinnings, allow end-user installation of various crypto libraries -- all open-source -- through our servers. It was a nightmare; the regulations and paperwork appear to be designed for the use case of individual applications that utilize a handful of primitives and attempt to keep the user from examining or modifying the utilized crypto. Trying to fit a Linux distribution into this model proved, er, challenging. (We also found that projects that we expected would know the drill cold, such as Fedora and Mozilla, were actually not very familiar with the processes involved.) Cheers, Ivan. [0] http://www.access.gpo.gov/bis/ear/pdf/740spir.pdf [1] http://www.access.gpo.gov/bis/ear/pdf/746.pdf -- Ivan Krstić [EMAIL PROTECTED] | http://radian.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Death of antivirus software imminent
On Dec 29, 2007, at 6:37 PM, Anne Lynn Wheeler wrote: Virtualization still hot, death of antivirus software imminent My, that sounds awfully familiar: http://radian.org/~krstic/talks/2007/auscert/slides.pdf I note that, come the January OLPC software update, I will be using my XO laptop for all my e-banking and related needs. It provides a drastically more secure platform for doing so than any mainstream computer I know exists. -- Ivan Krstić [EMAIL PROTECTED] | http://radian.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Philips/NXP/Mifare CRYPTO1 mostly reverse-engineered
* Ralf-Philipp Weinmann [EMAIL PROTECTED] wrote: My colleague Erik took photos of the slides which I put up on Zooomr [0]. A video recording of the talk should be available shortly and will be linked here. preliminary link for the video: http://stan.freitagsrunde.org/mirror/24c3/matroska/24c3-2378-en-mifare_security.mkv -- left blank, right bald pgpEBaezFdod1.pgp Description: PGP signature
DRM Helps Sink Another Content Distribution Project
See: http://msl1.mit.edu/furdlog/?p=6538 And Foxtrot on DMCA: http://www.gocomics.com/foxtrot/2007/12/30/ And Opus on e-books: http://www.salon.com/comics/opus/2007/12/30/opus/ saqib http://www.quantumcrypto.de/dante/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Question on export issues
Ivan Krsti? wrote, On 31/12/07 12:48 PM: We've recently had to jump through the BIS crypto export hoops at OLPC I find that very strange considering this from a BIS FAQ http://www.bis.doc.gov/encryption/encfaqs6_17_02.html all encryption source code that would be considered publicly available under Section 734.3(b)(3) of the EAR (such as source code posted to the Internet) and the corresponding object code may be exported and reexported under License Exception TSU -- Technology and Software Unrestricted (specifically, Section 740.13(e) of the EAR), once notification (or a copy of the source code) is provided to BIS and the ENC Encryption Request Coordinator. What hoops did you have to jump through? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
