RE: *ICN - A Conspiracy of Inertia?

From: Benninghoff, John (John.Benninghoff@Rbcdain.com)
Date: 03/19/02 

Date: Tue, 19 Mar 2002 16:45:53 -0600
From: "Benninghoff, John" <John.Benninghoff@Rbcdain.com>
To: <falcon@cybersecret.com>, <focus-ids@securityfocus.com>

After some research, I found the following paper: http://www.cylant.com/whitepapers/acsac-2001.pdf. Apparently, the technology described in the article has made its way into Cylant's CylantSecure (http://www.cylant.com/products/cylantsecure.html) product.

I couldn't find much else relating to the product, but I did find a reported vulnerability;
http://online.securityfocus.com/archive/1/194287

What little I've read so far looks interesting, but I remain skeptical of its use in real-world installations (though Cylant does offer an evaluation copy). I certainly wouldn't classify it as a "magic bullet" that will fix all security problems.

> -----Original Message-----
> From: Benjamin Tomhave [mailto:falcon@cybersecret.com]
> Sent: Tuesday, March 19, 2002 12:36 AM
> To: focus-ids@securityfocus.com
> Subject: FW: *ICN - A Conspiracy of Inertia?
>
>
> Has anybody else heard about this? It seems to uphold a
> principal that I've
> tried to consistently apply throughout my security career --
> working with
> known quantities whenever possible and configuring systems to
> only accept
> those known quantities. Even if the software is ficticious,
> it represents
> the possibility for a paradigm shift from the perspective of
> IDS, among
> other things. Thoughts?
>
> ----- Original Message -----
> Sent: Monday, March 18, 2002 12:17 PM
> Subject: FW: *ICN - A Conspiracy of Inertia?
>
>
> > This guy simply has no idea how big and stupid the world is.
> >
> > -----Original Message-----
> > From: internetcrimenews [mailto:internetcrimenews@infowar.com]
> > Sent: Monday, March 18, 2002 9:47 AM
> > To: icnlist@infowar.com
> > Subject: *ICN - A Conspiracy of Inertia?
> >
> >
> >
> >
> > By Sarah Scalet
> > An academic-turned-entrepreneur says he's found the key to security
> > problems - and the security community doesn't want it.
> >
> > I'm deeply suspicious of anyone who claims to have created
> a new paradigm
> in
> > security. In fact, I usually hit the delete button faster
> than you can say
> > "snake oil." But this week, allow me to entertain one such
> vendor claim
> that
> > relates to how the entire security community approaches insecurity.
> > It involves a man named John Munson, who has spent the last 30 years
> > thinking about software reliability - and we're talking
> about serious
> > software like the stuff that powers the Space Shuttle and
> the Cassini
> > spacecraft that's currently hurtling toward Saturn. Dr. Munson, a
> University
> > of Idaho professor and NASA contractor turned entrepreneur,
> is not a man
> you
> > want to find out is a kook. Yet he's skittering on the edge of a
> conspiracy
> > theory that, if it turns out to be true, could turn the
> security community
> > on its head and empty out its pockets.
> >
> > His premise? That the security community doesn't want to
> solve security
> > problems once and for all, because the whole business
> relies on the very
> > existence of computer crime and malicious code.
> >
> > The technical details of the research that led Munson to
> this conclusion
> are
> > far beyond the scope of this column, but here's the
> 250-word version.
> >
> > Munson's life work involves researching and monitoring how software
> > responds, and sometimes breaks, because of what a user does to the
> software.
> > Software doesn't wear out like hardware; it crashes because
> of user input.
> > Astronauts can only hit so many buttons in the Space
> Shuttle, and Munson
> > used to make sure that none of those combinations would
> cause the systems
> to
> > break.
> >
> > Then, about three years ago, he decided that this research could be
> applied
> > to computer security. By monitoring the kernel of an
> operating system, he
> > set out to find nuances of behavior change when a system
> was under attack
> > from a hacker or computer virus. "It turns out there were no such
> nuances,"
> > explains Munson, at work at Software Systems International,
> the second
> > obscure company (the first one went bankrupt) attempting to
> profit from
> > these principles. "Assaults were astonishingly obvious. In
> fact, we have
> yet
> > to observe a malicious activity that is not wearing a Day-Glo orange
> shirt."
> >
> > If an attack on a computer system were so easy to identify, he asked
> > himself, then why not build in controls that identify and
> allow normal
> > behavior and stop abnormal behavior? There'd be no need for
> patches to fix
> > specific vulnerabilities, and no need for antivirus
> software to fight
> > malicious code.
> >
> > Munson says he has a few Linux servers up and running that
> are protected
> by
> > an early version of these operating system controls, which
> are calibrated
> > based on how the server normally operates. He says the
> controls could
> > eventually be built into a computer's hardware.
> >
> > Needless to say, his work has been met with considerable skepticism.
> >
> > "The reaction is, we don't believe you," Munson says. "But
> this is not an
> > act of faith. All the research I have done is reproducible
> to scientific
> > standards."
> >
> > Munson suspects more than skepticism. "They (security
> vendors) thrive on
> > your misery. It's a conspiracy of inertia. I don't think there's
> collusion.
> > I don't think McAfee is sitting there kicking viruses out
> the back door. I
> > do believe that they're making money at it and would like
> to keep making
> > money at it. But they're working on the wrong problem."
> >
> > Whether Munson (or anyone) can actually deliver a product
> that avoids
> > security problems altogether - and whether hackers and
> coders couldn't
> then
> > launch attacks designed to look "normal" - I cannot say.
> But his logic is
> > tempting. The way things are done today is terribly inefficient and
> > ineffective, and a lot of people are profiting from it.
> >
> > Suppose, just for a moment, that there is a solution to the
> security woes
> > plaguing corporate America - the endless cycle of installing patches
> against
> > new vulnerabilities, of stopping viruses and security
> breaches, of fixing
> > damage done. I'm not talking about a magical elixir but a so-called
> > disruptive technology that comes from an outsider whose
> ideas could make
> > columns like this obsolete. CIOs would be ready to hear it.
> But what about
> > the rest of us?
> >
> > What do you think? E-mail Sarah D. Scalet, security editor
> and senior
> > writer, at sscalet@cio.com.
> >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Cybercrime Reports: http://www.infowar.com/ccr/ccr1.shtml
> > CCR@infowar.com
> > Internet Crime Watch: http://www.infowar.com/iwatch/iwatch.shtml
> > ICN@infowar.com
> >
> > Internet Crime News ( ICN) is brought to you by Infowar.Com Ltd.
> > Please feel free to pass this on as long as all information
> and header
> > remains intact.
> > Please forward your comments or posts to ICN@infowar.com.
> > Subscribe and Remove instructions appear at the end of this email.
> >
> > Infowar.Com Ltd. 3030 N. Rocky Point Drive West. Suite 275.
> Tampa, FL
> 33607
> > 813-288-1955 Voice 813-288-1985 FAX
> > Need Further Info? Write betty@infowar.com
> > Visit the Security Store @ Infowar.com
> > http://estore.infowar.com
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > ----------------------------------------------
> > To unsubscribe send an email to icnlist@infowar.com
> > with unsubscribe as the first line of the message in PLAIN TEXT.
> >
> > To receive a digest of 15 messages per email
> > send an email to icnlist@infowar.com with
> > mode_digest as the first line of the message.
> > Note that control messages must be sent as PLAIN TEXT.
>
>
>

Quantcast