Forgot your password?
typodupeerror
Security Operating Systems Software

Is Whitelisting the Answer To the Rise In Data Breaches? 195

Posted by timothy
from the none-shall-pass dept.
MojoKid writes "It doesn't take a rocket scientist to figure out that cyber criminals are quickly getting more sophisticated than current security, intrusion detection and prevention technology can defend against. And you have to wonder if the computer security industry as a whole is willing to take the disruptive measures required to address the issue head-on. One way to tackle the surging data breach epidemic is with a technology called "whitelisting." It's not going to sound too sexy to the average end user and frankly, even CIOs may find it unfashionable but in short, whitelisting is a method of locking-down a machine such that only trusted executables, DLLs and other necessary system and application components are allowed to run – everything else is denied. A few start-up security companies are beginning to appear in this space. The idea is to start with a known, clean system installation and then lock it down in that state so absolutely nothing can be changed. If you follow system security, regardless of your opinion on the concept of whitelisting, it's pretty clear the traditional conventions of AV, anti-malware, intrusion detection and prevention are no longer working."
This discussion has been archived. No new comments can be posted.

Is Whitelisting the Answer To the Rise In Data Breaches?

Comments Filter:
  • by jklovanc (1603149) on Sunday February 09, 2014 @05:24AM (#46201269)

    What is someone breaks in, gets command line access and uses trusted commands to send the data elsewhere. The hacker used trusted programs to do the breach so white list would not stop it.

  • by Anonymous Coward on Sunday February 09, 2014 @05:41AM (#46201331)

    http://netbsd.org/docs/guide/en/chap-veriexec.html
    Veriexec is NetBSD's file integrity subsystem. It's kernel based, hence can provide some protection even in the case of a root compromise.Veriexec works by loading a specification file, also called the signatures file, to the kernel. This file contains information about files Veriexec should monitor, as well as their digital fingerprint (along with the hashing algorithm used to produce this fingerprint).

  • by Anonymous Coward on Sunday February 09, 2014 @05:45AM (#46201345)

    What company directs 25% of its users to a partially-working, not-ready-for-production website? Please realize that Beta will not have the features that we want, because it goes against Dice's plans for Slashdot. To their advertisers, Dice presents Slashdot as a "Social Media for B2B Technology" [slashdotmedia.com] platform. B2B - that's the reason Beta looks like a generic wordpress-based news site. A large precentage of the current userbase might be in IT, but /. is most certainly not a B2B site.

    Nevertheless, Dice is desperate to make money off of Slashdot, since it has not lived up to their financial expectations, a fact that they have revealed in a press release [diceholdingsinc.com] detailing their performance in 2013:

    Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero.

    Beta is not a cosmetic change. It is a new design that deliberately ruins the one thing that makes /. what it is today -- the commenting system. There is nothing wrong with Slashdot, from the users' perspective, that demands breaking its foundations. As others have commented, this is an attempt to monetize /. at any any cost [slashdot.org], and its users be damned. Dice views its users, the ones who create the site [slashdot.org], as a passive audience. As such, it is interchangeable with its intended B2B crowd. We, the current users of Slashdot, are an obstacle in Dice's way.

    That is why they ignore the detailed feedback they have received in the months since they first revealed Beta. That is also why they now disregard our grievances. Their claims of hearing us are a deliberate snow job. It is only pretense, since at the same time they openly admit that Classic will be cancelled soon [slashdot.org]:

    "Most importantly, we want you to know that Classic Slashdot isn't going away until we're confident that the new site is ready.

    Don't hold your breath waiting for Dice to fix Beta. Their vision of Slashdot is a crippled shadow of the site as it is today. Don't let them pull the wool over your eyes. Dice doesn't need us, and it wants us out.

    Slashdice delenda est!

  • Beta listing (Score:0, Informative)

    by Anonymous Coward on Sunday February 09, 2014 @05:47AM (#46201359)

    Please post this to new articles if it hasn't been posted yet. (Copy-paste the html from here [pastebin.com] so links don't get mangled!)

    On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design. Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks the classic Slashdot discussion and moderation system.

    If you haven't seen Slashdot Beta already, open this [slashdot.org] in a new tab. After seeing that, click here [slashdot.org] to return to classic Slashdot.

    We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project.
    We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott [slashdot.org]

    Moderators - only spend mod points on comments that discuss Beta
    Commentors - only discuss Beta
      http://slashdot.org/recent [slashdot.org] - Vote up the Fuck Beta stories

    Keep this up for a few days and we may finally get the PHBs attention.

    -----=====##### LINKS #####=====-----

    Discussion of Beta: http://slashdot.org/firehose.pl?op=view&id=56395415 [slashdot.org]

    Discussion of where to go if Beta goes live: http://slashdot.org/firehose.pl?op=view&type=submission&id=3321441 [slashdot.org]

    Alternative Slashdot: http://altslashdot.org [altslashdot.org] (thanks Okian Warrior (537106) [slashdot.org])

  • by Tom (822) on Sunday February 09, 2014 @06:41AM (#46201519) Homepage Journal

    All good security is layered. This is one part of a complete security model, the part that prevents the hacker from uploading and using his own tools.

    Of course, you also need other parts. For example, runtime-patching is a reality, so unless you have additional protections in place to prevent it, there are plenty of ways that a hacker can still execute arbitrary code including entire programs.

    But the primary protection this offers is to finally solve the exe-cloaked-as-jpeg-or-zip-in-a-scam-email-that-users-click-to-open problem that Mickeysoft should've solved 10 years ago by simply fucking removing that idiocity from Outlook one day after it went live and people realized how trivial it is to abuse.

    Basically, the primary beneft of this will be that it prevents unintentional execution of code. It doesn't stop a dedicated attacker who already has root access, at least not by itself.

  • reddit how-to (Score:4, Informative)

    by Requiem18th (742389) on Sunday February 09, 2014 @07:35AM (#46201693)

    Reddit has a text-based, list-oritented design the way we want it. It suffers from a lack of article summaries though.

    How to cuztomize reddit to replace slashdot:

    Step 1: Singup on reddit.
    Step 2: Visit these subreddits and click the "subscribe" button in each one of them:
    http://www.reddit.com/r/games [reddit.com]
    http://www.reddit.com/r/gaming [reddit.com]
    http://www.reddit.com/r/pcgami... [reddit.com]
    http://www.reddit.com/r/privac... [reddit.com]
    http://www.reddit.com/r/politi... [reddit.com]
    http://www.reddit.com/r/openso... [reddit.com]
    http://www.reddit.com/r/techno... [reddit.com]
    http://www.reddit.com/r/law [reddit.com]
    http://www.reddit.com/r/space [reddit.com]
    http://www.reddit.com/r/scienc... [reddit.com]
    http://www.reddit.com/r/govern... [reddit.com]
    http://www.reddit.com/r/securi... [reddit.com]
    http://www.reddit.com/r/biotec... [reddit.com]
    http://www.reddit.com/r/censor... [reddit.com]

    Step 3: Go to your user profile and look for your personalized RSS feed, (should be in https://ssl.reddit.com/prefs/f... [reddit.com]) it will give you a digest of the best stories accross all your subscriptions.

  • Re:Hash (Score:4, Informative)

    by Predius (560344) <[josh.coombs] [at] [gmail.com]> on Sunday February 09, 2014 @10:58AM (#46202487)

    Exactly. Windows has a means of doing this built in from at least XP, but no app provided to automate it's management. You can setup the system so it will only execute binaries with approved hashes. Back around 2002/2003 we were playing with a program in house that would build a baseline of approved hashes on a clean system, then push that list out to our workstations. To get an app approved we would then fire up the clean box, install, update, push, etc. We never got it past the budget phase though, but it accomplishes exactly what OP is asking about. For point of sales terminals, etc that shouldn't be a moving target I'd say heck yes they should be in whitelist only mode.

"There is no distinctly American criminal class except Congress." -- Mark Twain

Working...