[Dailydave] First RSAC 2015 Note
Darkpassenger
darkpassenger at unseen.is
Wed Apr 29 10:38:15 EDT 2015
this technology was in fashion among spooks when tempest [1] wasnt well
matured , e.g days of remotely screen grabbing or copy machine reading
from afar . putting random sleep cannot protect you if you were the
emperor [2] and "serious" sigint & elint were learning your every comm
and move . i suspect its an OFFENSIVE product aim at cyber market
instead of typical comsec buyers
-dp
[1] http://www.cryptome.org/nsa-tempest.htm
[2]
http://www.amazon.co.uk/The-Emperors-Codes-Bletchley-breaking/dp/1906447128
On 2015-04-28 08:47, Michal Zalewski wrote:
>> As an offensive technique, power analysis is quite useful (which is
>> why
>> NSA boxes filter their power supplies). As a defensive technique it is
>> entirely useless. If all a malware writer has to do is add
>> (sleep(rand()); into their code a couple places to defeat your
>> detection, then you probably shouldn't build a whole company based on
>> the hope that they won't someday do that.
>
> Antivirus companies had a good run for the past ~20 years, and many of
> the most successful multi-billion-dollar post-AV businesses embrace a
> functionally similar approach - just mentioning APT and cloud-based
> machine learning a bit more. Analyzing power consumption doesn't
> offend my sensibilities more than divination from binary signatures or
> syscall patterns.
>
> The success of the "enumerating badness" approach to security is
> probably unparalleled by anything else the industry had to offer in a
> very long time. So, I'm not sure if your "probably shouldn't" is a
> valid concern.
>
> One could lament so much money and resources being tied up on
> solutions that will probably not stop an interesting victim from
> getting owned, but then, what would? The only thing that probably
> works well is hiring a top-notch security team and giving them
> sweeping powers - but good candidates are in extremely short supply
> and are hard to tell apart from quacks.
>
> /mz
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
More information about the Dailydave
mailing list