an egregious violation of investor trust and ethics.
I agree that this kind of behavior is too obvious and not socially acceptable or common practice. But the concept of the modern style of silicon valley private equity industry (of which angels are obviously within the broad ecosystem) as that operates with any substantial amount of ethics or is deserving of or even expecting trust is so far from my experiences as to be laughable. They just are very loathe to be as obvious, or apply pressure without sufficient supporting influence.
If you've been sitting at the poker table for 30 minutes and you can't tell who the sucker is, it's you.
The anti-virus age may be over, but if the supporting evidence is that host based signature products don't provide an effective defense against a variety of common security threats then the anti-virus age was over a long, long time ago. Like back to when things propagated for moths or years autonomously without any modifications to the main component - the stuff that actually matched the term "virus" that we now use as a synonym for malware.
The last time that such items were anything but an unusual novelty was something like 2003. The last time they were the most substantial threat was sometime in the 1990's. And while it typically wasn't viral, a variety of naive threats produced by amateurs continued to be a good portion of the threat landscape until around the middle of the last decade.
That isn't to say database driven signature systems never stop any attacks. They just provide such a small amount of defense and so consistently unable to identify well publicized threats months after their public use in the wild that there is little to any statistical difference in compromise between a well configured and patched system with an av engine and the same system without an av engine.
But while their product is ineffective, they are far from alone in the security industry. IDS systems are wildly ineffective in any configuration that isn't custom tuned for defending an extremely limited network that exclusively transports a few specific protocols in very predictable ways - mostly backend networks in datacenters. Typical edge firewalls defend against a threat primarily exists because they enable it - clients are so vulnerable on local networks that can't survive that way on open networks. But without them we'd have just reduced the attack surface like we;ve done with public facing servers. As nearly every compromise includes a service that's intentionally exposed or intentionally allowed through the edge, they at best are a limited crutch to avoid having to ensure each computer is as minimally exposed to start with. If your firewall allows you to be an extra soft target once an attacker has established a foothold inside it's arguable that you'd have been better off totally exposed so that you limit the number of additional systems that exist in radically insecure postures.
The only automated system that comes to mind that ive seen provide any real amount of value are the expensive and exclusive block list subscriptions that contain databases of actively operating C&C servers and similar active apt sources. But these would become worthless if any of them ever enjoyed widespread adoption, as they'd simply stop being lazy and using the same servers all the time.
ASLR, DEP and even managed code to a certain extent all are similarly ineffective in that while making exploits more complicated they've had no impact on the rate of compromise.
The simple fact is that offensive security has won for the forseeable future and defensive security has lost entirely, with no real hope of change without dramatic practice shifts.
For client security the only things that have provided clear and practical benefits have been a) reducing the attack surface by mass removal of services and features and b) building the system withe the expectation of regular compromise, and including an easy and reliable way to wipe and restore. Oh and forced automatic patching.
The ChromeOS team gets it. The windowsrt team gets it. ios gets it. Anyone producing a client OS that is feature rich, highly configurable strives for easy out of the box use should be considered systemically insecure at this point. Any motivator attacker will succeed against it 99%+ of the time.
But since there are really no other options for so many people and tasks, it's very uncomfortable to explain to someone that they are able to do little to nothing about it that won't involve draconian systems users would refuse to use, and that compromise is at some point essentially inevitable.
So you tell them to run anti-virus. It's like children hiding under their desks in the event of nuclear war. It helps avoid some amount of existential crisis.
That's why the anti-virus age won't be over for a long, long time. Because if you don't have a replacement that's actually good, and no one even has a clue what that would look like, you still need to tell people to use their AV. Just like you need to tell people there is heaven.
If there is one thing that I have considered a flaw in computing, it's that there have been few ways for inexperienced developers and users to use one simple system which allowed them to circumvent their host based firewall, their network IDS, their edge based UTM and the OS security assumptions around localhost being a protected, private interface. The value of a point and click system to expose these directly to the internet and a domain that serves as a collection point for them can not be understated.
If a service is bonding only to ::1, and not 0.0.0.0 or your current routable ip it's explicitly deciding that it shouldn't be accessible from beyond the local computer. And in a lot of cases, it's right even if it doesn't explain why exactly. When exactly did we decide local port forwarding was too hard even for technical people? Or, I dunno, servers?
I think I just heard many system administrators collectively clutching their chests in pain.
If inexperienced devs and users could suddenly drop their pants at will, imagine the mayhem that would occur if experienced devs with malicious intent were set loose in that environment? You can't pretend they don't exist - in fact, it's better to assume everyone who's not you is out to utterly destroy your data ASAP. Some would argue don't even trust yourself.
Those firewalls, ids, utms and assumptions are pretty much the only thing protecting inexperienced users from themselves.
I think, if you have a system administrator, you're not the target audience for localtunnel. This is for home users who don't understand how to get their computer+router+apartment building's switch+etc to cooperate in getting them a public route.
Maybe they should just make it bind to a port below 1024, so it requires root/Administrator privileges to run. Then, if you are your own sysadmin, you can let yourself in--and if someone else is, you'll have to take it up with them.
The real barrier to entry is the point between "cheap" and "free"--especially when first learning. For me, that was when I was 10/11. No chance of getting hold of a credit card to get a "cheap web host or VPS." I could only experiment with what my computer was willing to do on its own.
Heroku's almost the right thing for this, I think, though it still requires a credit card to sign up fully (it doesn't technically, but it does to enable free add-ons, so without a credit card you don't get, say, database persistence.) Obviously, Heroku is geared for adult developers--or, more specifically, to start-ups that Heroku hopes will become monsters dependent on Heroku's stack.
What would be perfect is a service like Heroku, but specifically for people learning to code; maybe something joined-at-the-hip with an online coding-school website. When you attend a real CS program, you get access to the labs and mainframes to test your programs on--where's the online version of that?
So, anything like this already exist? Or should I build it?
I just think of a 10-11 year old putting their personal--or their family's--computer straight onto the public web with some random hacked-together code, and it makes me feel very nervous. What are the chances they are going to understand all the security implications? Pretty low, I think.
On the other hand, no one ever learned much by always taking the perfectly safe path. And who am I to judge whether people are "ready" for the Web? It's the old freedom vs. security argument.
Amazon does provide a free tier of EC2, which is great for tinkering around. But it takes a certain amount of knowledge to get one working as a web server. A tutorial, or a project that makes it easier, might be a good place to start.
>>I think I just heard many system administrators collectively clutching their chests in pain.
I was trained to do this by reflex. Anytime you expose anything on your network, not matter what it is, without some layer of security between you and the internet, you're asking for trouble.
Whether this is a warranted reaction or not, I don't know. I'm pretty sure its from spending too much time hanging out with hackers and sys admins. It's just locked in my brain not to doing something like this - ever.
It's completely impossible to develop for Twilio, Facebook, and many other public APIs without putting your work on the public internet. If you want to develop for a public API in a native GUI text editor, tunneling through your firewall is the only way to do it.
Abstracting away all the firewalls and IP addresses and stuff is really convenient. Restrictions aren't always put in place for a good reason, increasingly they are just a function of IP address scarcity.
(disclaimer: I created https://pagekite.net/ which is one of localtunnel's competitors)
and yet when the service binds to localhost instead of a local, private routable address that clearly exists as you're tunneling to the internet, it has said "hey, look, whatever im doing i dont want any other computer anywhere to be able to connect. localhost is identical on everything explicitly so it has zero chance of routing. Why not open tunnels to whatever routable private ip you have up?
And while a bit toung in cheek, i'm not too aware of this whole ip address scarcity thing. I've got a decent chunk of a /29, if you could use a /48 or ten for your local networks just ask! Or would it be tough to squeeze down to only 18,446,744,073,709,551,616 local addresses?
Binding to localhost by default is good security hygene, a "closed by default" strategy, which doesn't necessarily mean you never intend to expose that server ever.
Tools like PageKite and localtunnel are completely in line with that philosophy, nothing is exposed to the outside world until you explicitly request it and then only the named service you chose (as opposed to whatever is on the port or god forbid everything listening on a particular IP). I personally feel more secure temporarily exposing a server using PageKite than I would if my router had been reconfigured to always allow traffic through on particular ports - it's a lot easier to turn PageKite off than it is to go reconfigure my router every time I am done testing.
Convenient security is good security, because it is more likely to be used correctly.
IPv6... well, good luck with that. :-) Aside from how few western ISPs offer IPv6 service, consider the fact that the majority of our devices are mobile these days. My laptop changes networks and IPs many times a day and I still like being able to run a visible server on it. Configuring plain IPv4 or IPv6 to do that elegantly is decidedly nontrivial.
I think you missed the sarcasm and irony that was fairly evident in his comment. However, perhaps we can expect a user who can gem install something to have an acceptable level of awareness of the security implications of such a tool?
> However, perhaps we can expect a user who can gem install something to have an acceptable level of awareness of the security implications of such a tool?
No, we can not. From both personal experience (developers can be dumb as bricks and know nothing outside their specific knowledge domain) and good security practices (you don't trust the user, even if they say they're good for it).
And yes I hope it was just sarcasm I missed, but that's why I had to ask.
Can you elaborate on why you equate this localtunnel to "removing all security" ?
I haven't tried it, but it seems to forward a single port that's running service X that I want to make available on the net.
Any way whatsoever of fulfilling that need (no matter if it's one button click or setting up a separate VM for that service) would involve making a hole in all relevant firewalls and making the (possibly buggy) service X available to everyone.
Is the user goal of "making service X available to everyone" bad in itself?
When you allow public connections to a service running on a machine, security for that entire machine now largely depends on that service. Are you 100% sure that your copy of Apache or Nginx is patched up to date? That the web app you just coded up won't allow arbitrary command execution? That the OS has no local privilege escalation vulnerabilities?
If you are using a web host or VPS, the risk is limited to the code you're testing. You could lose the whole machine and it's no big deal.
But if you've exposed your personal machine--with all your documents, files, settings, etc.--then you've got a lot more to lose if a bad guy gets in. Worst case is a rootkit install that collects all your passwords and sends them out.
The primary use case is for web applications which will eventually run on public servers. So yes, it is a good thing for people to be able to easily simulate having their software run on a public server. It's also necessary if you're writing something that receives events from other APIs like Twilio.
You pretty much nailed how it's done, good show for off the cuff. Encrypt file with large symmetric key. Slice into n pieces, where n is like 5-10 or more. Distribute a few copies of each slice to reliable people unlikely to directly conspire. Distribute encrypted file widely. Give instructions on how to gather as a group based on some basic trigger. The chance of the gathered group missing every copy of one of the slices is pretty low as long as nobody gets a master list of key holders.
This play is straight out of the wikileaks playbook that they used almost verbatim when the us was making a lot of noise about assange. It appeared to be effective, in that US intelligence took the threat seriously and were concerned about the ramifications of what might be included. One element of that was the belief that those docs included some kind of "kill shot" class leak that would pretty much sink Bank of America.
There were certainly elements of truth to all of these things - there was a document cache, it was encrypted, people did have split keys, it probably did include elements of what was revealed as the robosigning scandal.
But from hearing discussion about it the subject, I think that US Intelligence now more or less holds the opinion that it was a bluff. Nothing of significant harm was included in the unreleased documents, though I think that's informed speculation and not some kind of confirmed fact.
All of a sudden after Snowden was getting helped by wikileaks and he was under a lot of pressure, the revelation of a similar encrypted cache of documents distributed widely was given to a lot of news agencies, and has regularly come up at opportune times in friendly media outlets.
I haven't been told this by anyone, but I'm pretty sure the intelligence community isn't buying it. Reports by greenwald were somewhat inconsistent with idea that there is a large cache of even more damning documents left. He's been travelling internationally, was staying in hong kong where many services operate openly, and presumably under pressure from a variety of security services and states as he tries to escape moscow and secure a safe place to live. It is hard to keep secret keys and documents secure under the best of conditions, and those are about the worst conditions possible.
The only reasonable thing to assume here is that it's all burned - everything snowden walked away with is or will be in the hands of foreign states and anything particularly damning will likely end up in the press sooner or later.
So if you believe that, that there is no way to unring this bell, the last thing you're going to do is spend any time being concerned about a dead man's crypto cache.
If you're willing to do enough horse trading to close the entire european airspace to a single individual, you're pissed and you're gonna do whatever it is you want to do. That's not going to include killing him, simply because the cost is high and the benefit is low. But they are clearly going to exert an inhuman amount of resources into making him regret being born.
And that's absolutely unrelated to Mr. Snowden. That's all for the effect it will have on anyone having similar thoughts. I think he's awesome and did Americans and the world a great favor, and that's he's really brave. And yet after seeing this go down if I was ever in a position to consider doing something like this there is no fucking way I'd ever think I could handle this kind of heat. Not a chance, no question.
The fact of the matter is that both Wikileaks and Snowden overestimate just how much damage their documents can do.
Look at the facts on the ground. The United States government is well-documented for atrocities ranging from torture to extrajudicial killing to political assassinations to mass surveillance, not to mention providing support to private American corporations involved in similarly disgusting behavior.
Has this impacted the power of the United States? Not really. France, Portugal, Spain, and Italy -- countries with tremendous "pride of place" and a sometimes sneering disdain for the US -- denied airspace to a foreign head of state on the mere suspicion that Edward Snowden was on board. The US is still, by at least an order of magnitude, the most powerful country in the world.
The only challenge to US hegemony is the declining relevance of the US economy relative to other world economies like China, India, Russia, Brazil, and others. In the end, only money and guns talk. There is no "kill shot" leak as long as Bank of America has the right friends in Washington.
I completely agree with you. I am very appreciative of being able to read these documents, but it clearly will cause little or no harm to the us or the intelligence community.
About the only thing that was in the manning cache that probably significantly bruised US operating power was the diplomatic cables. And that was just because the publicity and bluntness undoubtedly lead to some personal grudges that closed some doors for entirely human and entirely undiplomatic reasons.
The only people that didn't know everyone was listening to everyone were members of the public who didn't want to know. Now that they know they just don't care.
Economic power surely is the only killer. Mass espionage programs are probably quite beneficial economically, or at least if you're willing to share state and private intelligence like a large number of countries are. I would be very surprised if the US doesn't adopt that practice more and more over time. It's essentially already begun - if you run large networks data sharing is quid pro quo for heads up on state intrusion activity and reports of data exfiltration. We just don't steal secrets and give them out for favors yet.
Countries do occasionally commit suicide though. While a popular revolution in the US feels inconceivable at any point within our lives, the primary factor behind them is usually way too many pissed off poor people and radical imbalance in wealth and little room for economic advancement. As US economics begin to resemble japan's more and more you might have the potential for a forceful rejection of policy being so captured by wealth and neo-liberal philosophy. Hard to imagine though. Globalization seems to have ended that whole concern.
This is always something that amuses me about many conspiracy theories, in that the 'big, awful conspiracy' is usually just workaday stuff compared to what's actually known, documented, and admitted.
If it's not a bluff, then it would behoove anyone with an insurance file to give the decryption keys for at least some of it to the intelligence agency that they are protecting themselves from to prove that it is not a bluff. If that wasn't done, I would naturally assume a bluff.
The way these things work is no one person actually has the whole key - portions of it are distributed to various people you trust but may otherwise be unlikely to conspire. They might not even know who has the other parts. The idea is it takes an extreme event to bring them together to decide to combine the key. That way no one is in danger of being intimidated etc. into revealing the key by a hostile party.
I'm sure nobody doubts there is an encrypted file with unreleased documents and that the key has been split and distributed. The only question is, exactly what is it that is in that cache and how damaging would it be to be released publicly.
The element of the unknown in terms of what precisely stays unreleased is the primary nexus point in US policy here. Even if they believe nothing of considerable value is left, anyone the gambles there and loses no longer has a career in the us government. Providing any specific damaging proof to them alone is only helpful to them - it allows them to confirm how accurate they've been at estimating the leak, and they can preemptively act to diffuse the impact or provide disinformation. And they get a good read on what the higher end of the stuff he has is.
I'm 90% sure this is what the leak of the Brussels/EU tap and intrusion documents were about. They were released soon after the cache was first mentioned, and at a time he was being effectively held captive in an airport as every sympathetic country was suddenly being offered huge incentives to turn their backs.
It certainly served as proof some highly damaging documents still had been held back. It may not have softened US rhetoric much, but it may have been effective in convincing the us to stop applying as much pressure on potential sources of asylum.
The biggest problem is that the NSA really isn't super worried about what the public finds out as much as they are institutionally built to be worried about what other foreign services learn. They have to assume that somebody has or will get the whole cache privately - either covertly or as a trade for passage etc. And while they aren't happy about it becoming public either, it isn't the end of the world. After all, the same year they got caught illegally wiretapping everyone they got the telecoms blanket immunity and were at that very moment developing PRISM. The NSA leaks have been huge, yet there are no serious calls for congressional hearings, the executive isn't disowning it, there is zero risk the public is about to stage a revolution and most significantly - they haven't even said they're going to stop doing any of it.
While Alexander will probably be losing his job, the publicity may even end up as a net positive for surveillance USA. Now that its out in the open and not resulted in any apparent systemic meltdown in sigint - it only makes it easier to start the next even more expansive program. After all, whoever they go to will know that Schmidt and Zuckerberg ended up just fine, and people barely even remember that verizon gave away cdr for every customer call without question. I bet there hasn't even been a blip in verizon subscriber numbers.
They really have carte-blanche now, and tons of people in the community were expecting that these leaks would have a great deal more blowback.
EDITED: Thanks guys, it seems like I managed to paste over most of my post with the clipboard filled with the last one. Thanks for being so nice pointing it out. Sucks, the on topic one i destroyed was leaps above the banal content that replaced it. Let something here to avoid you guys being orphaned. Sorry for reducing the signal to noise ratio!
Wow, if this is the class of insert you get after paying what I presume are not insignificant amounts of fund, I'd hate to see the budget for a compelling one.
Reading between the lines, he sounds butt hurt to me due to dismissals from the sand hill road set. Well, no shit. Everybody (there) knows that adult content can be cash positive very close to day one, and due to their strong balance sheets they are hardly the likeliest M&A targets.
The rest (bulk) of the article seems to riff on mainstream acceptance nay open discussion. But it's far from jerking off that many people have an aversion to speaking frankly about. Go talk to some random guy on the streets about his bowel movements, or if his daughter is still on anti-psychotics and get back me.
If you want "respect" go do a social/mobile/whatever the new hotness is and go to the big firms hat in hand. They'll probably give you the money assuming you keep the crazy bottled up for the duration. Then you'll have no problem getting those business critical speaking gigs and becoming a go to react quote of some 3rd rate blog like tech crunch. And your friends will all be suitably impressed and jealous (to your face).
But after the money runs out all that goes away. Personally I'd just take the cash positive business for what it is ( a gift) and stop trying to validate yourself through others. Or just take up lying.
(yes, I know this doesn't have a lot to do with the specific points raised, but if you let them frame the conversation tehy've already done 90% of their job)
wow, i'm shocked that amazon would stoop so low. what's next, the yahoo toolbar stops being a convenient and secure way to search the web and gets into the spyware business?
I'm not sure which they you mean, but I assure you nobody is under the impression that only some people do it. Core routers and core cellular gear is quickly becoming an industry that every nation state that can is looking to jumpstart their own homegrown industrial suppliers.
The number of global intelligence agencies that believe cisco (or Huawei or Alcatel etc) core routers are free of
side channel attacks or dodgy opaque asics can be safely assumed to be 0.
While they do have their own bespoke fab, the description given there is wildly more impressive than I've ever heard it described by people not giving speeches.
For obvious reasons they are always going to need their own fab to some extent, because some applications are just too low volume or would leak way too much project specific information. Wherever the truth lies, I'm sure nothing coming out of there is general purpose computing meant for typical nsa run systems.
It's not too hard to figure out who they're using for mainstream chips and mid size run custom fabs. Look for well established strong us based companies that use us designers that have good analog and small cmos process digital fabs that are located in the US - especially new york, texas and oregon.
I agree that this kind of behavior is too obvious and not socially acceptable or common practice. But the concept of the modern style of silicon valley private equity industry (of which angels are obviously within the broad ecosystem) as that operates with any substantial amount of ethics or is deserving of or even expecting trust is so far from my experiences as to be laughable. They just are very loathe to be as obvious, or apply pressure without sufficient supporting influence.
If you've been sitting at the poker table for 30 minutes and you can't tell who the sucker is, it's you.