Philosophically Secure

This is interesting research, but is it something you would use?

The researchers’ new approach, called CloudAV, moves antivirus functionality into the “network cloud” and off personal computers. CloudAV analyzes suspicious files using multiple antivirus and behavioral detection programs simultaneously.

In general, that’s not a bad idea. It might save a few CPU cycles on your local workstation by not having to directly virus scan files. Then again, you have to use network resources uploading each file to the cloud, where it is scanned for you.

Each time a computer or device receives a new document or program, that item is automatically detected and sent to the antivirus cloud for analysis.

The privacy concerns here are obvious. Would you trust CloudAV to receive a copy of every file you want to virus scan? How sure can you be that they don’t use the contents for something else, or accidentally leak private information?

I think this idea has more merit as an internal virus scanning system for a large organization. That way sensitive data doesn’t have to leave the corporate boundary, or be sent to a third party. The benefit is that you have a more thorough and updated virus scanning engine, possibly using several different products at once.

Researchers develop next-generation antivirus system.

pdp posted an interesting little article. He describes how he can take over a home router (like the kind someone might use with a cable modem) using a malicious Flash application and UPnP (Universal Plug-n-Play). Basically, all the user/victim has to do is load up a website with this particular Flash application embedded in it. Then the attacker can make whatever changes to the router he likes, such as disabling the firewall, forwarding ports to the outside, or even changing the DNS server.

As pdp states, this isn’t necessarily a bug, but rather an unintended consequence of the fact that UPnP does not require any authentication. I guess they figured since it only listens for multicast on the internal interface, that it’s not a big deal. If you don’t actually need UPnP functionality, disabling it might be a good idea.

Apparently, Cisco has decided it doesn’t need to invest that much into security research. It has closed the doors on its Critical Infrastructure Assurance Group. CIAG was focused on research in some really critical areas, such as the security of SCADA systems, DNS attacks, VOIP threats, and the Common Vulnerability Scoring System.

Considering how important protecting the nation’s critical infrastructure is, I think shutting down CIAG was the wrong decision. We need all the help we can get to keep our networks secure, and Cisco is a huge part of that process, simply because their products are so widely deployed.

Also, I doubt this move will help reduce the number of vulnerabilities discovered in Cisco hardware.

There are widely spreading rumors that Comcast is actively trying to degrade the performance of BitTorrent file transfers on its broadband cable modem network. Since BT uses a complex peer-to-peer architecture, stopping it is not as simple as just blocking a few port numbers. So, it looks like Comcast has resorted to sending spoofed TCP reset packets to terminate the occasional BT connection, making the protocol much slower and less reliable.

Why are they doing this? Well, the obvious reason is that BitTorrent traffic is taking up a huge part of their bandwidth, and that’s slowing down their over-subscribed cable modem networks. But this makes no sense. If Comcast users choose to allocate their bandwidth to BT, why shouldn’t they be allowed to? After all, that’s what they pay around $60 per month for.

Of course, Comcast will claim that they are trying to throttle the BitTorrent protocol due to the large number of copyrighted files it is used to transfer. Are they ignoring all the legal software, video, and music content that is also available via BitTorrent? There are tons of open source Linux distributions (which can be 4GB in size) that are frequently distributed via BT. And don’t forget local bands and amateur movie makers who use the protocol to spread their media content.

This makes about as much sense as blocking all email to help stop spam, or blocking all web traffic to help stop phishing attacks. Going after a widely used, generic, peer-to-peer file transfer protocol is the wrong approach.

By the way, according to Comcast, this is their policy on blocking network ports:

The only ports that may be actively blocked on the Comcast network are 67, 68, 135, 137, 138, 139, 445, 512, 520, and 1080 at this time. Any ports that are blocked will not be unblocked. If the port you would like to use is on this list, please select another port to use with your software. There are over 10,000 ports available for use. Please be advised that Comcast reserves the entitlement to block any ports on the network without prior notice. We thank you for understanding this security policy.

There is a good discussion about this topic on Slashdot.

This short interview with Vint Cert, by Dark Reading, gives an inside look at Vint’s daily life. He talks a lot about his role at Google, as well as his many other responsibilities. I’m always amazed at how someone can be actively and productively involved in several organizations, all at once. He also mentions some of his personal hobbies and aspirations beyond work, as well as his opinion on improving Internet security. For example, the one person Vint says he would love to meet is Richard Dawkins. That alone should give you some insight into his beliefs.