Re: Firekeeper - IDS for Firefox available


Isn't it the case with every software created to add some protection
to you computer? Firewalls, antiviruses, IDSes etc. are all adding
code to your operating system that may, in the future, be found
vulnerable to some attack. It is just the question whether protection
they provide compensates additional threat they may introduce.


Yes, protection can mean added code, but consider the kind of code
and where it is running. Typically I run an IDS such as snort on a tap
interface with no access to send anything out. in particular, it's
not looking at endpoint traffic after it's decrypted. Why? IDS's are
big complicated things that to lots of string a byte comparisons
against data provided by an attacker, the kind of code that is easy
for the author to make mistakes in that lead to compromisable
situations.

So if snort is compromised, all the attacker typically gets without
more work is the ablility to sniff, not the ablility to look at
encrypted traffic in the clear, and ideally not the ability to send
traffic out.

Other programs (i.e. ssh) deal with complexity like this by
attempting to isolate the privileges that the code doing most of the
string bashing is running as - i.e. a privsep model, so if you break a
piece of it (at least in most of the code) you *Don't* see encrypted
traffic or passwords

If this critter is compromised, he likely gets the entire
endpoint machine, or if not, he most likely for sure gets
the ability to read decrypted https streams. - Fix the browser bugs
rather than having another plugin to look for them.

-Bob

Relevant Pages

  • Re: Encryption of messages between embedded system and PC?
    ... an attacker with unlimited physical access to several copies of the product, & free to destroy them in searching. ... My experience tells me that the desire to include the incredible amount of the enciphering protection into a system is usually either the result of paranoia, ignorance or the overvalued self esteem. ... Perhaps this will be of benefit to some of your customers. ... time/money to reverse engineer it). ...
    (comp.arch.embedded)
  • Re: encryption question
    ... If you implement proper layered security protection - firewall, resource ... Like change system files to do whatever the attacker ... You'll definitely need to educate your users on what EFS is and how they ...
    (microsoft.public.windows.file_system)
  • Re: thoughts on kernel security issues
    ... I'm not talking about bugs, I'm talking about mitigation of unknown bugs. ... You have to remember that I think mostly in terms of proactive security. ... down what exploits an attacker can actually use. ... If you can circumvent protection A by simply using attack B* to disable ...
    (Linux-Kernel)
  • Re: Top General "Under the Gun"
    ... don't think they should be afforded privileges in the name of rights. ... A gay guy gets beat up in an alley, ... attacker would face if his victim just happened to be straight. ... How do you see it as additional protection or disincentive if his ...
    (rec.sport.football.college)
  • Re: Password/worksheet-accessibility
    ... XL to be foolproof (since better fools are invented daily), ... information that MS puts in the protection dialogs and Help). ... Mac), I think you significantly underestimate the ability, and ... > computer program was fool proof, the simple fact of the matter is most pc ...
    (microsoft.public.excel.misc)