Comments on: Client-side attacks: protecting the most vulnerable http://www.tssci-security.com/archives/2007/12/05/client-side-attacks-protecting-the-most-vulnerable/ top secret/secure computing information Sat, 11 Oct 2008 13:04:20 +0000 http://wordpress.org/?v=2.2.3 By: Reuben Kincaid http://www.tssci-security.com/archives/2007/12/05/client-side-attacks-protecting-the-most-vulnerable/#comment-2835 Reuben Kincaid Thu, 06 Dec 2007 13:49:58 +0000 http://www.tssci-security.com/archives/2007/12/05/client-side-attacks-protecting-the-most-vulnerable/#comment-2835 Very interesting comments. I know of both the companies you mention at the bottom of your commentary, Palo Alto Networks and Trusteer, and they are focused on two totally different problems. Palo Alto is focused identifying and applying policies on unknown traffic WITHIN your network - basically a next-generation firewall that actually does something useful other than port blocking. Trusteer focuses on solving the problem of consumers face when banking or conducting commerce online over the Internet - basically transaction security that protects credentials and sessions from the simple attacks like phishing to the most sophisticated like man-in-the-browser. Very interesting comments. I know of both the companies you mention at the bottom of your commentary, Palo Alto Networks and Trusteer, and they are focused on two totally different problems. Palo Alto is focused identifying and applying policies on unknown traffic WITHIN your network - basically a next-generation firewall that actually does something useful other than port blocking. Trusteer focuses on solving the problem of consumers face when banking or conducting commerce online over the Internet - basically transaction security that protects credentials and sessions from the simple attacks like phishing to the most sophisticated like man-in-the-browser.

]]> By: Christofer Hoff http://www.tssci-security.com/archives/2007/12/05/client-side-attacks-protecting-the-most-vulnerable/#comment-2827 Christofer Hoff Thu, 06 Dec 2007 05:12:00 +0000 http://www.tssci-security.com/archives/2007/12/05/client-side-attacks-protecting-the-most-vulnerable/#comment-2827 Hey Dre! Briefly: 1) Honestly, I don't think Thom "proved" anything other than the current viability of such an attack (given the current chipsets and VMMs he's exposed to) might make this improbable. Given the fact that we have 3-4 new Hypervisors on the market now in conjunction with these chipsets, the issue requires additional attention esp. when you consider that Joanna is now working with Phoenix and submits that Blue Pill is no longer a rootkit but rather an ultra-slim VMM... 2) In regards to the social sites and the current state of privacy (or lack thereof)...you ain't seen nothing yet. The more "open" these become, the worse it's going to become. I'm not talking about Beacon or the odd bit of disclosure thanks to cross-contamination, I'm talking wholesale credential leakage and compromise in an automated fashion. 3) I used EVDO as an example. I should have clarified what I meant with what you alluded to...to include GPRS, EDGE, UMTS, or HSDPA because that's exactly what I'm getting at. I really enjoyed reading your post and I'm going to get another beer and go link-hopping with all the references you made. Thanks bro! /Hoff Hey Dre!

Briefly:

1) Honestly, I don’t think Thom “proved” anything other than the current viability of such an attack (given the current chipsets and VMMs he’s exposed to) might make this improbable. Given the fact that we have 3-4 new Hypervisors on the market now in conjunction with these chipsets, the issue requires additional attention esp. when you consider that Joanna is now working with Phoenix and submits that Blue Pill is no longer a rootkit but rather an ultra-slim VMM…

2) In regards to the social sites and the current state of privacy (or lack thereof)…you ain’t seen nothing yet. The more “open” these become, the worse it’s going to become. I’m not talking about Beacon or the odd bit of disclosure thanks to cross-contamination, I’m talking wholesale credential leakage and compromise in an automated fashion.

3) I used EVDO as an example. I should have clarified what I meant with what you alluded to…to include GPRS, EDGE, UMTS, or HSDPA because that’s exactly what I’m getting at.

I really enjoyed reading your post and I’m going to get another beer and go link-hopping with all the references you made.

Thanks bro!

/Hoff

]]>