Naked Science Forum
Non Life Sciences => Geek Speak => Topic started by: Geezer on 27/05/2011 05:02:55
-
Let's face it. PCs, tablets, etc. are about as secure as a paper bag. Their ability to be programmed makes them wonderfully versatile and they can be adapted to the latest version of just about everything if there is some commercial reason to do so.
However, that wonderful versatility comes at a price. Programmability (is that a word?) makes these devices highly vulnerable to all sorts of nefarious exploits and, as we know, an entire industry has evolved in an attempt to counter these exploits. I say "attempt" because it's almost always a case of reducing the weakness after yet another new exploit has been detected.
It is now obvious, even to the most casual observer, that these systems are intrinsically, and hopelessly, insecure.
There is one, remarkably simple, method of defeating the vast majority of these exploits. It's called "fixing the function". In other words, you construct a device that cannot be reprogrammed in any fashion (or only under the strictest conditions) and you use that device for all sensitive Internet transactions.
Who do you think will wake up first?
-
Oh..
I remember the old ADM-3a
(https://www.thenakedscientists.com/forum/proxy.php?request=http%3A%2F%2Fupload.wikimedia.org%2Fwikipedia%2Fen%2F7%2F77%2FAdm3aimage.jpg&hash=5cf5c1475e22550cba1e9a1c9462a9f4)
It was quite a beast!!!!!!!!!!! And far more advanced that its cousin the teletype. But, otherwise fit the description of a "dumb terminal" quite well.
There are a number of Windows CE based devices including internet devices, which have less programmability. Presumably 100% of the device could be put in non-volatile ROM if one desired. What about the various TV Terminals?
The result would be, of course, that 100% of your data would be stored on a remote server. Generally the servers are more secure than PC's, but still would be vulnerable to centralized attacks and packet sniffer attacks. While currently I do use an internet mail provider, I refuse to do web-based backups.
You know, another option. Many corporations use a standardized computer image. The corporate image could be burnt into an EPROM, and delivered to the Windows CE terminals. I suppose one can do something similar with windows by using the standard MS Windows interface, but giving the users essentially zero system rights. What a pain that is... [xx(] But, one can go essentially as far as reloading a standardized image with every boot.
One problem, of course, is that if one is traveling, then one doesn't always have access to the internet/VPN (I believe phones and internet are still not allowed on planes at this time).
Personally, I think adding JAVA to HTML is quite foolish. A person can do some pretty wild programing with pure HTML and server based applications. Allowing JAVA to run on local machines gives way too much power to the web hosts.
Personally I use a program called NoScript to filter out the JAVA, but it is only marginally effective because many websites fail to function without the JAVA, and it pretty much opens it up as an all-or-none option for each site. It does, however, knock out about 3/4 of the advertizing.
-
If you go back a bit further, you will also find the KSR-33. I'd like to see somebody inject a virus into one of them.
The point is, if you use a fixed function device to communicate with your bank, and someone hacks into your bank's system and transfers money from your account, it's your bank's problem - not yours. As things stand, the onus is on you to ensure that your "intelligent terminal" (that's your PC, phone, whatever) is not compromised by some software exploit that has been loaded on to it.
That is beyond even the most adept computer scientists on the planet, and it is far beyond the capabilities of the average user. So called "anti-virus" inoculations consists of running around really quickly, discovering the latest holes in the hull, and trying to plug the holes before too much of the ship actually sinks. In other words, it's complete and utter boolshot.
-
I think the major issue here would be that people don't want to carry around or devote desk space to yet another device which serves only a few basic functions. A lot (I would even say most) people use one password for many of their accounts, so they'd rather have convenience than security.
But with technology these days, you should be able to set up hardware in a laptop that is isolated from the main PC and just runs a web browser. If you put a hardware switch in the laptop to toggle control to this secondary device, you could switch in and out of secure mode without needing a separate device.
By the way, a lot of countries other than the US seem to have two-factor authentication for banking. Mine consists of a tiny device with one button on it. It's synched to the bank's clock somehow so when I push the button, it gives me a 6 digit code which the bank knows. To log in to my account, I not only need my username/login, but I also have to hit the button and enter the code. No one would be able to hack my account without either getting a hold of this device or somehow cracking the algorithm--and the device itself obviously can't get a virus since there's no input/output on it.
-
You're right, it wouldn't be too hard to design a "browser chip" that would use your video and keyboard, but otherwise run independently. Perhaps it could even be windowed. However, one would still have to protect from keyboard logging, screen captures, and such.
The one password thing is a problem. I try to use a couple of different "banking" passwords, and never give a website like thenakedscientists.com my "banking" password. While it is easy enough to keep my PayPal password secret, I do occasionally erroneously put my primary PC password into incorrect website login attempts.
Technically, if you had a Windows CE based computer, you could run Word, Excel, etc all on the Windows CE based computer... or the CE versions of the office apps. The same would be true to a ROM based corporate image.
Another option that can be used in the corporate world is a terminal server. Essentially it is a full-featured Windows computer that runs as a task on a server.
You can then access the terminal server through either an application on your PC, or in the "secure world", you would access it as a task on your Windows CE dumb terminal.
The advantage of a terminal server is that it can improve your access to data and applications that are stored centrally in the company. The disadvantage is the extraordinary resources that would have to be maintained centrally for, say, 1000 employees.
Bank of America had an application that was supposed to send a security code to your cell phone whenever you did something like a balance transfer. I always found it was a pain in the A _ _ !!!!!!!!!!! because it would never call me. Sometimes I would even put my phone outside on my deck in vain hopes that the call would come through.
-
Yes, the extra piece of equipment is a problem. I don't see why it could not be be combined with a PC. The trick would be to completely block (through hardware) execution of any other code segments while the secure browser was running. That would defeat screen scrapers and key loggers, even if they were present on the device.
There is nothing technically challenging about doing something along these lines. It seems to me that it's more that the hardware guys seem to think security is a software problem, and the software guys are too busy making money to attack the problem head on.
Some people have a false sense of security because they run Linux, Apple, etc., but the truth is that the current model is intrinsically insecure, and I suspect it's only going to get fixed if there is a truly gigantic fiasco.
BTW - if you are not concerned, take a squint at this;
http://en.wikipedia.org/wiki/Zeus_(trojan_horse)
-
For some reason, the last bracket is lost with the link above.
http://en.wikipedia.org/wiki/Zeus_(trojan_horse) (http://en.wikipedia.org/wiki/Zeus_(trojan_horse))
Thank God it only affects Windows machines [:)]
One of the problems is that there are multiple entry points for a virus, and many depend on people doing stupid actions. For example, many viruses are delivered by e-mail which might circumvent your hardware WWW browser application. Then they anticipate the user to execute executable programs without knowing why.
Or, there are even some MS Word or MS Excel viruses, so someone might send you an infected spreadsheet app which you would open using Excel.
Floppy Disk boot sector viruses used to be common. While we're moving away from bootable floppies, there could be a resurgence of boot sector viruses in CD's sometime, especially if the default boot sequence in many machines remains with the floppy and CD before the Hard Drive.
I believe there was even a JPG virus. Essentially if you can create a buffer-overrun that will force a crash in a computer, then you can control that crash.
http://www.freerepublic.com/focus/f-news/1229010/posts
A large part of the viruses is getting back to the basics of programming.
Any array access needs to be checked and re-checked.
Compilers, by default, should also enforce array bounds checking.
But, some of this means to go back to really really old code that is still in our computer OS and programs and go through it line by line.
Another part is is removing the "do everything" capabilities.
JAVA and Visual Basic should have multiple security levels.
So, a MS Word file should not have the capabilities to spawn a shell script, to interact with the internet, or to force a file-save, unless those features are specifically enabled for that file on that particular computer.
Programs like NoScript are like using a chainsaw when a scalpel is required. I.E. What I really want to know is whether the scripts I encounter are actually incapable of harming me.
-
It might be because the bracket is the last character in the post
I'll try it a couple of ways now
mumble http://en.wikipedia.org/wiki/Zeus_(trojan_horse) mumble
mumble mumble
Nope! Can't fix it!
-
I think you have hit the nail on the head Clifford.
It's the versatility of the model that creates the vulnerability. These are mutually exclusive characteristics, and the sooner we come to terms with that, the sooner we will fix the problem.
The expectation that we can ever really fix the current model by applying a continuous string of patches has clearly been found wanting. [:D]