Just a few amusing points: On Fri, 6 Jul 2012, Eugen Leitl wrote:
b Imagine if some chemist invented some new formula for whatever that was of great value, growing hair, and they then placed the true [formula] in the midst of a hundred bogus ones,b explains Salvatore Stolfo, the Columbia University computer science professor who coined the Fog Computing term. b Then anybody who steals the set of documents would have to test each formula to see which one actually works. It raises the bar against the adversary. They may not really get what theybre trying to steal.b
So they try each one until they get a success? This doesn't raise the bar by much!
The next step: Track those decoy docs as they cross the firewall. For that, Stolfo and his colleagues embed documents with covert beacons called b web bugs,b
Web bugs? Really??? Sophisticated users don't allow HTML rendering casually - web bugs make the entirely assinine assumption that the entire universe is using outlook or it's equivalent. Bad assumption! Add to that the fact that deep packet inspection systems can and are set up specifically to catch these "tricks", and it should be obvious that secure (really secure, not just *labelled* "secure*) installations won't even allow that web bugged document to cross a monitored wire.
includes some standard network security tools, like an intrusion detection system that watches out for unauthorized exfiltration of data. And it has some rather non-standard components b like an alert if a person searches his computer for something surprising.
"Surprising"? That's a contextual question unlikely to be successfully modeled on a machine.
In their initial experiments, the researchers claim, they were about to b model all search actions of a userb in a mere 10 seconds. They then gave 14 students unlimited access to the same file system for 15 minutes each. The students were told to comb the machine for anything that might be used to financial gain. The researchers say they caught all 14 searchers. bWe can detect all masquerader activity with 100 percent accuracy, with a false positive rate of 0.1 percent.b
A *** 100% *** accuracy rate that also has an ERROR rate? Someone needs to go back to school.
The following month, a Pentagon-funded research paper (.pdf) noted the promise of b keystroke dynamics b technology to distinguish people based on their typing rhythms b [which] could revolutionize insider-threat detection. b Well, in theory. In practice, such systemsb b error rates vary from 0 percent to 63 percent, depending on the user. Impostors triple their chance of evading detection if they touch type.b
Ahhhh.... "When Harley Was One" returns for a repeat engagement! Really, this was a an idea that had statistically significant accuracy in the 70's, when users were extremely limited in numbers, and access to particular machines were known in advance. In today's dektop laden world the chance of it being useful to anyone other than the vendor who is paid to reimplement it is close to nil.
the decoy documents and with other so-called b enticing information.b Stolfo and his colleagues also use b honeytokensb b small strings of tempting information, like online bank accounts or server passwords b as bait. Theybll get a one-time credit card number, link it to a PayPal account, and see if any charges are mysteriously rung up. Theybll generate a Gmail account, and see who starts spamming.
This has been in place for years now - how well has it done so far? Why does nyone believe the numbers will change?
Most intriguingly, perhaps, is Stolfobs suggestion in a separate paper (.pdf) to fill up social networks with decoy accounts b and inject poisonous information into peoplebs otherwise benign social network profiles.
b Think of advanced privacy settings [in sites like Facebook] where I choose to include my real data to my closest friends [but] everybody else gets access to a different profile with information that is bogus. And I would be alerted when bad guys try to get that info about me,b Stolfo tells Danger Room. bThis is a way to create fog so that now you no longer know the truth abut a person through this artificial avatars or artificial profiles.b
The real question is why do "social networking" sites get access to secure environments in the first place? Does the USG Dept. of Hall Monitors really need a Facebook page? Really? Lastly, re: Stuxnet "leaks" - are they serious? Stuxnet's ancestry goes all the way back to the 80's Air Force contracts handed out through Battelle. Hardly a secret: at one point they were actually advertising for writers on early Prodigy! The single rational point is that there is incredible overclassification, and virtually no declassification - unless politically expedient, in which case "super-duper-above tippy-top secret" secrets get suddenly declassified the day before a politically convenient press conference. //Alif -- "What kind of world do we live in when the views of the oppressed are expressed at the convenience of their oppressors?" Alik Shahadah