Thread: Idle fun for net hackers..
View Single Post
  #86   Report Post  
Posted to uk.d-i-y
Rod Speed Rod Speed is offline
external usenet poster
  
Posts: 40,893
Default Idle fun for net hackers..
Tim Watts wrote
Rod Speed wrote
David WE Roberts wrote
The Natural Philosopher wrote
David WE Roberts wrote
Bernard Peek wrote
The Natural Philosopher wrote
Bernard Peek wrote
The Natural Philosopher wrote

Well thats uyouir knowelege limits and I have mine.

I know.

Let's say that if anyone has broken in they have
left no trace and altered nothing. Or I would *know*.
Which makes it 'not compromised'

Absence of evidence is not evidence of absence.

Hint: there is no such thing as an undetectable change.

I'd like to see evidence for that assertion.

Are you really stupid?

I'm a philosopher. I was hoping that you knew something that I didn't
and I could learn something. It seemed improbable given the ignorance
that you appeared to be displaying but hope springs eternal.

If a change makes no difference to anything, ipso facto, it is
not a change. All changes therefore must make a difference,
and are therefore detectable.

Yes, but as I pointed out in the post to which you replied absence
of evidence is not evidence of absence. You can know that you
haven't detected a change, but you can't know that there is no
change. Absence of a change is not detectable.

Why don't we ask Schr?dinger's cat?
Damn - it's hiding in its box.

Best you can do is affirm that you have been unable to detect
a significant change in the items you are measuring and this
meets your requirements for assurance and security.

exactly, An undetectable change that results in no detectable
activity by anyone in the whole universe is not a security risk.

Come on, sense of balance ;-)
You are not everyone in the Universe.
There might be someone out there who knows a way to change a system
which is not detectable by the currently publicly available tools.

Nope, not with hashes over the entire storage system there isnt.

What's protecting the hashes?

A system that isnt even net accessible.

More hashes... And what protects them?

A system that isnt even net accessible.

It's a parallel problem to the old: who watches the watchers...

Fraid not.

And the other obvious way to completely protect a system
is to just restore it entirely periodically so that any change
that ever did happen just gets wiped out.

Did they hack your install media?

Not even possible if its read only media.

Corse that last is only practical for some situations, but would
work fine if say you want a completely secure web browser and
dont want to keep any local record of what you have browsed etc.

One loon I communicate with ocassionally is so mindlessly oaranoid
that he quite literally uses a DOS machine with some utterly obscure
approach to net access to usenet from, so he cant actually use any
links in usenet posts. It would make a hell of a lot more sense to
just restore that machine from an image after every usenet session
instead and do whatever looks useful links wise in that session with
no risk whatever.

I still maintain ZERO risk is impossible

You're wrong on that.

and I am confident that I am right.

Your confidence doesnt change a thing.

However, what matters in the real world is whether that risk is
acceptable... For most people, reasonable precautions are sufficient.

And its perfectly possible to have zero risk too.

For me, if "they" hack my home servers, they might delete my data
or use it as a staging post to hack someone else. It would be a pain,
but I have many backups in different places and "they" would have to
be targetting me personally to locate, attack and damage all of them.

And its perfectly possible to ensure that they cant find them all.

In reality, my box *might* be attractive as a bot or a proxy but
I doubt anyone would bother to damage it. So I class my risk
factor as quite low and generally stick with auto patching stuff.

Work is different - with 2GBit/sec connectivity, we are a more
useful target so the risk is higher. Work is also more visible.

If the computer however is in the final loop of a nuclear missile
lauch chain, then (barring more primite interlocks in its way), a
small risk is highly unacceptable.

Its easy enough to eliminate the risk there too.

Getting back to reality again - there was a problem in the
US where someone got control of some big water pumps
which may, or could have cause pump damage:

http://www.itproportal.com/2011/11/1...upply-network/

http://www.huffingtonpost.com/2011/1...n_1103498.html

The likelihood of this, and also the added likelihood of this person
choosing to attack your system instead of any other, is part of your
risk assessment.


Reply With QuoteReply With Quote