Wednesday, June 4, 2014

Selling down the house...

from post that EBM hit a nail on...

The good news is anything running DOS3.0 can't multitask, network, or handle disks(logical) larger than 32MB...

However we have single chip micros that are barely of the power of the 1976 8bitters than do all sorts of networking and stuff...

Add to that people using minuscule systems of processing power of the PentiumI/333mhz on a 7$ chip the size of a fingernail for door openers with a OS, why?  Cause it cheaper.  They didn't have to think and write real code.  And they assumed the canned security is both functional and they used it right.  Seriously?

If you want secure computer run an obscure architecture with a real known secure OS and airgap it inside a locked room.  What is airgap, not connecting to any network, they can't reach you if the only way is through a physical locked door to a secure vault.  Anything less and people will try to poke at it over the network and if they poke right they might get lucky but more likely the operator/owner will get stupid.

Why use an odd computer with a odder OS and airgap it?  Well I do.  The beauty is with portable and well scrubbed media I can bring the nastiest virus to my favorite machine and look at its internals with total safety.  How is that, most nasties are written for PCs usually Intel or phones and Pads ARM are the popular ones though there are others.  So native code for them cannot run on say a lowly PDP-11 due plain being incomprehensible to the -11.  Some require things like Adobe reader, Java, or other PCism helper apps or languages.  So foreign systems can treat any nasty thing out there as DATA and data can be analysed in a forensic way.  That DATA is the software equivalent of a car you tried to run me over with complete with fingerprints and partly chewed gum.

Why steal data...?

First one has to know one thing.

Money is only worth face value and its physical so lots of it has bulk and electronic versions of money is traceable.

Data, however has not been so unlucky, data has value and more data has great value.  The right data is better than gold, it weighs less and is very very tiny.  Don't believe tiny try a USB that is 32gb and 17mm x 12m x 5mm and cheap too. So data is worth stealing as its both hard to trace, harder to physically find and very impossible to take back.

What is all this valuable data?
Why not put a sign on you house as follows; "Billboard for rent, Free." girls and boys that's you email address. One address is like a penny not worth much but a million known good ones has value for the guy selling a herbal johnson drug.  Your age and sex means rather than a johnson
drug maybe you should be getting a makes your face look 20 years younger cream, or adult diapers.  Three easy things, most give them away without thought An Email Address, age and sex.  Now is we know what you drive, the state and town you live in we can make some greater assumptions.  But there is only one more piece of data, your computer password.  With that
we can get you VISA card, and the ever valuable SSN aka 9 digits of pure gold, and more.
Horrors is what people freely post on book of face and other social networking sites.

Remember that for every sick ass doing break your machine malware there are groups of bad guys with serious intent looking to steal data for its latent value.  Lest I add companies that want your computer to be their billboard and also their corporate kisok for their that you will buy, buy, buy.

So if you read some article about what security is or isn't think about what you told your coworker today... ALL OF IT!  I'll bet as a third party to that there was tons of your personal info.

Keep your powder dry as they surely will try to take it.