Is it still good practice to reinstall everything after you are owned?
Is it still good practice to reinstall everything after you are owned? It used to be, but after reading about windows viruses I am not sure it is.
Depends on what you're reinstalling. I prefer Arch Linux or Slackware (because of security specific updates), once installed (the bare minimum system) I harden it by auditing the system itself, and then I keep an ever watchful eye on advisories. Windows is a virus itself tbh. VR, Umair -------- Original Message -------- On Sep 19, 2017, 07:37, Georgi Guninski wrote:
Is it still good practice to reinstall everything after you are owned?
It used to be, but after reading about windows viruses I am not sure it is.
On 09/19/2017 06:37 AM, Georgi Guninski wrote:
Is it still good practice to reinstall everything after you are owned?
It used to be, but after reading about windows viruses I am not sure it is.
If you are running an OS besides Windows or MacOS, yes. It is never a good idea to install Windows to begin with, let alone reinstall it after it's been hacked once. It's only a slightly better idea to install MacOS to begin with. -- Shawn K. Quinn <skquinn@rushpost.com> http://www.rantroulette.com http://www.skqrecordquest.com
On 09/19/2017 07:37 AM, Georgi Guninski wrote:
Is it still good practice to reinstall everything after you are owned?
It used to be, but after reading about windows viruses I am not sure it is.
Well if somebody who reads the CPunk list is "fixing" a failed Microsoft operating system, that implies that the computer in question belongs to somebody else who demands Microsoft. In that case, industry best practice is to follow the most expensive path possible: "It is morally wrong to allow a sucker to keep his money." The more of a client or employer's money you spend, the more important your job appears to be and the more /you/ can charge. So you will want to go shopping, and buy any "upgrades" that are available. Assure that the anti-virus and related tools installed are the very most expensive. If possible replace hardware, not just software. Explore the potential for adding firewall appliances etc. to the network the compromised system plugs into - every security incident is a window of sales opportunity and, thanks to the popular press and the efforts of Microsoft and other snake oil vendors, the sky is not necessarily the limit. Start building a case to change out /everything/ IT related at the shop in question for the most expensive and massively over-built infrastructure possible - where and as this becomes possible, it qualifies as a Total Win. Also bear in mind that once Microsoft has been specified, "security" is out the window and compliance with popular misconceptions and IT sales literature constitute due diligence on the security front. As a practical security objective, you will want to see the largest number of security incidents your client or employer will tolerate going forward, as you play the part of a heroic warrior battling hordes of Evil Genius Super Hackers on their behalf. Do this well, with a straight face and the assistance of talking points from your vendors, to meet the only security objective that matters: Your job and retirement security. Remember that an occasional /real/ loss of important assets will assure that your client or employer values your services very highly. If things get too quiet around the shop for too long, dropping a couple of anonymous tips on security issues at your shop in "hacking" forums - make them look like a disgruntled ex-employee looking for pay-back - can do wonders to boost your importance in the eyes of management. :o)
On Tue, Sep 19, 2017 at 1:41 PM, Steve Kinney <admin@pilobilus.net> wrote:
On 09/19/2017 07:37 AM, Georgi Guninski wrote:
Is it still good practice to reinstall everything after you are owned?
It used to be, but after reading about windows viruses I am not sure it is.
Well if somebody who reads the CPunk list is "fixing" a failed Microsoft operating system, that implies that the computer in question belongs to somebody else who demands Microsoft. In that case, industry best practice is to follow the most expensive path possible: "It is morally wrong to allow a sucker to keep his money." The more of a client or employer's money you spend, the more important your job appears to be and the more /you/ can charge.
So you will want to go shopping, and buy any "upgrades" that are available. Assure that the anti-virus and related tools installed are the very most expensive. If possible replace hardware, not just software. Explore the potential for adding firewall appliances etc. to the network the compromised system plugs into - every security incident is a window of sales opportunity and, thanks to the popular press and the efforts of Microsoft and other snake oil vendors, the sky is not necessarily the limit. Start building a case to change out /everything/ IT related at the shop in question for the most expensive and massively over-built infrastructure possible - where and as this becomes possible, it qualifies as a Total Win.
Also bear in mind that once Microsoft has been specified, "security" is out the window and compliance with popular misconceptions and IT sales literature constitute due diligence on the security front. As a practical security objective, you will want to see the largest number of security incidents your client or employer will tolerate going forward, as you play the part of a heroic warrior battling hordes of Evil Genius Super Hackers on their behalf. Do this well, with a straight face and the assistance of talking points from your vendors, to meet the only security objective that matters: Your job and retirement security.
Remember that an occasional /real/ loss of important assets will assure that your client or employer values your services very highly. If things get too quiet around the shop for too long, dropping a couple of anonymous tips on security issues at your shop in "hacking" forums - make them look like a disgruntled ex-employee looking for pay-back - can do wonders to boost your importance in the eyes of management.
:o)
Georgi, Yes - in addition, since some attackers have been shown to compromise not only UEFI firmware, but also blobs in peripheral devices, a re-flashing of those components from HW land. In many cases, this type of recovery is 'impossible'. Practically, individuals will take a stab on guessing attacker capability between; zero sophisticated persistence and h/w re-install survivability and act accordingly. It is difficult to get that right, if not impossible. Broadly, the types of activities you perform on various hardware would dictate the appropriate response. For example, you might not go about generating a root CA on the computer you routinely clean adware from, and you might not consider that computer 'safe for the task' after a OS reinstall, instead favoring fresh, network interface stripped, or purpose built HW. -Travis -- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
On Tue, Sep 19, 2017 at 01:57:33PM -0400, Travis Biehn wrote:
Yes - in addition, since some attackers have been shown to compromise not only UEFI firmware, but also blobs in peripheral devices, a re-flashing of those components from HW land. In many cases, this type of recovery is 'impossible'.
Practically, individuals will take a stab on guessing attacker capability between; zero sophisticated persistence and h/w re-install survivability and act accordingly. It is difficult to get that right, if not impossible.
Thanks. I suppose it is safe guess that non-negligible part of the world is persistently owned?
On Mon, Sep 25, 2017 at 10:44 AM, Georgi Guninski <guninski@guninski.com> wrote:
On Tue, Sep 19, 2017 at 01:57:33PM -0400, Travis Biehn wrote:
Yes - in addition, since some attackers have been shown to compromise not only UEFI firmware, but also blobs in peripheral devices, a re-flashing of those components from HW land. In many cases, this type of recovery is 'impossible'.
Practically, individuals will take a stab on guessing attacker capability between; zero sophisticated persistence and h/w re-install survivability and act accordingly. It is difficult to get that right, if not impossible.
Thanks. I suppose it is safe guess that non-negligible part of the world is persistently owned?
Hey Georgi, On prevalence I won't speculate - but my number would be pretty low. You don't burn your fancy hardware persistence on just any target. In somewhat-related news, the cat and mouse game is getting a bit more interesting with Apple High Sierra's eficheck. While I don't expect it to remain effective long, it promises to find some 'interesting' old samples. -Travis -- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
hi hi Georgi - winblows is a virus get off the sauce -------- Original Message -------- On Sep 19, 2017, 4:37 AM, Georgi Guninski wrote:
Is it still good practice to reinstall everything after you are owned?
It used to be, but after reading about windows viruses I am not sure it is.
participants (6)
-
Georgi Guninski -
rooty -
Shawn K. Quinn -
Steve Kinney -
Travis Biehn -
Umair Chachar