Security on Nits?
I do wish that Nokia had thought of a product name that led to a better acronym, btw...
Anyway. As I understand - based on nothing but googling - the situation on security is this: - There are such things as linux software keyloggers, and in theory any app you install on your Nit could install one? App's aren't run in a sandbox mode, or secured in any other way? - There's no firewall software for the Nit, so a keylogger wouldn't have a problem getting your paypal password and whatever other details it could steal out to the world once it had them? - There's no sign of this or anything like this ever having happened? although it seems to be much on the mind of Nokia's legal dept, judging from the warnings about non-Nokia sw App Mgr provides - Virus and logger attacks on Linux systems are extremely rare in the wild (possibly because Linux systems are assumed to be competently firewalled? which, of course, the Nit's aren't, and can't be) In summary, security seems to be based on "We hope no one ever bothers to attack." Which may well be the case, and will probably work given the (regrettably) low profile the platform has, but it still means that I won't be using the thing to access my regular mail accounts, but only the backups I keep for accessing on hotel machines, etc. Anyway, *if* the above is true, then my biggest wish for OS2009 is a firewall. (I remember seeing a Nokia site with advice on security on the Tablets, but every time I've clicked it, it failed to work.) |
Re: Security on Nits?
Quote:
A software firewall only protects you from software outside trying to get in, it can only provide minimal protection the other way (well, it could provide more, but that would be irritating). Also the other disadvantage the firewall would have is if you can control it, something running as you can control it too and switch it off. I would say it would offer you the worst of all worlds - it would give you an sense of security that just wasnt true. Better to make sure you know what is running on your NiT |
Re: Security on Nits?
Its important to note that while software like keyloggers could be installed on an nit it would require the user to install it. This is why one should only install software from trusted sources. One of the advantages of open source software is that if you have the skills you can look at what the software does, so you could find out if it had maliscious code in it.
Its also important to note that because of the linux architecture no software can be automatically be installed from visiting a website as you have to set any file downloaded as executable. |
Re: Security on Nits?
Also how many armel keyloggers do you find? ;p
Actually, one arm keylogger elf was compiled for my sony ericsson w810.... |
Re: Security on Nits?
Quote:
Quote:
Otoh, switching off a firewall probably means GUI interaction (or certainly the firewall can be designed that way) so the effort for the virus writer has gone way up. Or his job may be impossible, doing on what the OS allows. Quote:
(Hint: do you drive through stop lights because you are wearing a seatbelt? Employing a safety measure doesn't flip a magical switch in the human mind to forget about a problem - it just means that the person has taken a step to reduce the threat level. If you believe otherwise, good luck with the campaign to ban seat belts, motorcycle helmets, firearm safeties, safe sex education, tetanus shots, safety shoes, parachutes, and fire extinguishers and exits.) Quote:
|
Re: Security on Nits?
Quote:
Quote:
The real security advantage of Open Source is the hope that enough people are looking at the code for a project so nastiness will be revealed by one of the people on the project. I have my doubts that development is active enough on the platform for this to work. However I would agree with openness as a crude heuristic for greater trustworthiness: if I was an attacker, I'd write a useful non-open source program for the platform - probably a good PIM. Quote:
|
Re: Security on Nits?
Yes, checking source, signatures,chksums of packages is always a good practice. clamav-for virus checking works well ,also rkhunter for rootkit checks ,denyhosts for blocking ssh connections if you do leave port 22 open; and am sure other open source security tools should work well on the IT.
|
Re: Security on Nits?
Quote:
Of course the easier vector is just to dump all the plaintext passwords store in the NIT as well as MicroB and cookies. Installing the malware is easy as most .install files are downloaded over http. and could easily be be subverted with additional code. Easier yet is just to add code to pidgin. Reallistically it's not worth the time... even code that subverted 50% of the NIT's thats still less systems than code that subverted .001% of the windows boxen out there. |
Re: Security on Nits?
Quote:
Quote:
Quote:
Quote:
But no, employing a safety measure does statistically flip a switch to reduce the thought about the problem. Ok, you are not going to go into your daft example, but many studies have shown that people employing safety mechanisms do actually think less about a problem. Especially when that safefy mechanism is more of a placebo. A hardware firewall is a fantastic thing. A software firewall is better than nothing from protecting you from the outside, and gives you some protection from the inside. Quote:
|
Re: Security on Nits?
Quote:
|
Re: Security on Nits?
There is the built in linux firewall which is controlled by /sbin/iptables. Very powerful, and very difficult to configure, if you have never used it before. It is an excellent way to block tcp/udp ports.
I hope this helps, Craig... |
Re: Security on Nits?
A keylogger trojan would just push the data out through the email program. Can't block that in any easy way.
I know Windows firewalls (at least the good ones) can specify not only port, but also application, and say "the browser can go out to port 80, any other app can't". And so on. This isn't easy to do on Linux or Unix. It wouldn't be that useful either, even if iptables could do it, because on Windows it's much more common that every application do their input/output directly, while on *nix you can often just communicate through the daemon or service that usually handles that kind of traffic (e.g. for sending email you almost never try to send data directly on port 25, instead you use the sendmail (or equivalent) program)). Out of the box there's almost nothing listening to any TCP/IP or UDP port on the NIT, so someone breaking their way into your NIT isn't much of an issue. However, if you install something that happens to be a trojan there's very little you can do to avoid it doing whatever harm it wants. This is such a serious situation that the only thing that helps is "don't do that". On any platform. |
Re: Security on Nits?
Lets also look at it this way.
Coding is complex. The internet tablet is a custom kernel on an armel processor. A very very very very small nitch of the linux users out there. Some one would have to write, or compile the app to run, you would have to install it... its actually a much rarer thing than most people imagine. |
Re: Security on Nits?
Quote:
That said it's all about risk. I have a pre-school daughter. Do I fret about "sexual predators"? Not really, day to day I'm more worried about her falling down the stairs or running into the street. In the case of the NIT's there are much bigger fish to fry before I'm going to become worried about malware. Oh and iptables can block by process, uid, gid, and other criteria. If it's blocking is not good enough it can shunt the connections through a userspace daemon to do more complex actions. |
Re: Security on Nits?
iptables can do that, yes, but if you send your emails through sendmail/exim/whatever, as is easiest anyway, it won't help..
|
Re: Security on Nits?
Installing packages is done as root; no matter what you set up (other than rejecting packages before installation), a malicious package can disable or circumvent the firewall. Same as on any UNIX system; if you don't trust the software, don't do a system-wide install.
After installing, you can check sudoers, as it's reasonably likely that malware would put itself in there to permit any malicious activities that require root. All depends on the payload, of course. A keylogger can get by quite fine by itself, as long as some usable process (ssh, mail, etc.) is able to access the outside world. Things you can do to check software you're considering installing: Check the file-list. Check the install scripts. That should make the scope of things it can do clear; but even with no SUID or sudoers entries, you can do a lot. |
Re: Security on Nits?
Yep, if malicious software gets installed, no firewall or anything else would help. So, this is what must be avoided.
|
Re: Security on Nits?
Quote:
Wait: TA's post makes MUCH more sense when I look at one of his earlier ones too: Quote:
|
Re: Security on Nits?
Quote:
I'm tempted to do it myself. Quote:
Quote:
Nokia do seem have to have designed an inherently insecure device, unfitted for most users. If I was them, I'd have firewalled the machine and given it a virtual machine with a sandbox mode, and required special effort and passwords to install apps that bypassed this. Btw, is there a mode that stops users from being able to install apps? |
Re: Security on Nits?
Quote:
Anyway, very useful - or at least very interesting, as I don't know if I'll make that much effort. Might be much simpler to carry out my extra email account plan and limit my use of the N800 to fun stuff. |
Re: Security on Nits?
Quote:
|
Re: Security on Nits?
Quote:
Imperfect != inherently insecure. |
Re: Security on Nits?
Quote:
And the programming would take a lot less time as well. The NiTs I would put as so far under the radar it wouldn't be worth the overhead of programming for them. |
Re: Security on Nits?
Quote:
Likely the most bang for the buck will come from organizing a central repository of software that is simple to submit code to, where the source code is actually audited and the apps are built with a trusted compiler so that your source -> binary -> distribution chain is trusted. For those who want to stay in the protective bubble, they can just have that repo enabled. I think Nokia has come part of the way but is not completely there yet. I am not sure if this goal is even on their radar. All other Linux distros do this is some way so that trojan programs don't slip in and their users have a safe harbour. For those who are more daring, third party repos abound. There is very little that can be done to secure those who don't care to be. The biggest weakness in computer security is generally between the keyboard (or the touch-screen in this case) and the chair. |
Re: Security on Nits?
Quote:
Anyway, leaving this aside, you're still wrong: the security tools on decently configured PC's will pickup a naughty application being naughty in the first few days. After which the app will be removed from download sites, before it has time to spread. You might say that the app could wait six months to build decent user numbers before doing naughty things, but a lot of people delete this things every couple of weeks or so. Which is why the world economy isn't collapsing because of $50M videogame thefts, in case you were wondering. In the real world, investing serious effort in a free game would probably only yield a few hundred successful attacks. Quote:
Quote:
|
Re: Security on Nits?
Quote:
Quote:
Sandbox execution, otoh, can make the engineering effort for an attacker very high to impossible: that's the way I'd go. It's what Google are doing with Android, and it seems pretty bloody obvious as a solution. Edit to add: Nokia seem to going for a form of sandboxing on Symbian: http://www.forum.nokia.com/main/plat.../security.html |
Re: Security on Nits?
Quote:
Quote:
The trouble is giving a (clueless) user root, even for the limited purpose of installing packages. There's nothing that can (or should) stop a determined sysadmin from hosing a system, or a careless one from doing it by accident. |
Re: Security on Nits?
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Firstly, installing OS's should be an usual procedure that can have all sorts of special warnings and affordances (eg turning off the machine and following a special reboot procedure) to cue the user that he is performing an usual task and get him to read and think about warnings. I doubt many users could be persuaded to load a non Noka OS even without security warnings, but with them - forget it. Not a practical method of attack. Secondly, ***most potential users would be willing to give non-Nokia OSes to get better security!*** Otoh, I can't count on Nokia for decent apps - not even an ebook reader or a PIM. Quote:
The current security model (ie none) is a fairly good explanation why the Nit hasn't been picked up for vertical applications and other corporate development. Anyway, I suspect that Nokia will be ditching Maemo/ITOS for Android (which does use a sandboxed virtual machine) if they continue updating firmware after the next release. It's hard to see why they'd carry on with Maemo after this point. |
Re: Security on Nits?
Quote:
Quote:
Quote:
Quote:
Maemo tools have come on leaps and bounds in the last year from what I can see. Quote:
Its like anything. Yes, I could get blown up in a tube train by terrorists (or in my case in the UK, shot by the police thinking I was a terrorist) but it really isn't worth putting any effort worrying about because I am thousands of times more likely to be hit by a truck driver on the motorway who fell asleep. When I connect to my bank I have a hardware encrypted password generator, supplied by my bank. They can log every detail of my bank transaction, but without that hardware dongle it won't do any good. The rest of it? It doesn't work like you seem to think. it works by a low hanging fruit idea. However clever and complicated your scheme making this nokia key logger, your profits will always be dwarfed by those who put their effort into getting people to enter their passwords on your website by offering them money for nothing, claiming to be their bank or a request from ebay/paypal. A large number of people are fairly clueless, and that isn't going to change. It is much easier, and it works. I am going to carry on using my nokia without a firewall and I am not going to lose any sleep over it! |
Re: Security on Nits?
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
I didn't say new OSes, did I? I did mention the kernel rather than libraries, because it's possible to (at some cost) pack any library dependencies of an app into either an all-in-one sandbox, or an app-specific sandbox. (Major subversions are possible if I can replace shared libraries used by other apps with a modified version, but the latter means you might as well have everything statically linked.) But updating the kernel is not limited to "installing OSes". Xrandr, SDHC support on 770s, high-speed MMC, backlight control, DVB, various USB-OTG related modules... Lots of stuff here that requires root access. Quote:
Unless you suggest some sort of signing system or other lockdown for anything outside the sandbox (in which case Nokia can forget working with the F/OSS community to work through to step 5, as per their indicated plan), you still have that problem. Because it's "irrelevant to how a sandbox model works", a sandbox model can't fix it. Quote:
|
Re: Security on Nits?
I would reply to many of the above postings, but it's just too much - so I summarize:
Q) Why doesn't a firewall help (on any platform) if you install a trojan? A) Because the trojan (which, if it's an effective trojan) has root access and can thus simply deactivate whatever it wants in the firewall. Any security measures you have set up locally are useless if you install malicious software. The above is true for any platform where the firewall is on-board. EDIT: I should add, before someone comments, _yes_, I know about what's called 'capabilities' in Linux, and the feature called 'selinux'. With that it is possible to severely restrict what can be done on the system, it is for example possible to, at boot time, irreversibly turn off the possibility (or capability) of the root account to reconfigure the internal firewall. So, in _principle_, the NIT can be made a bit more tricky for trojans to do their dirty work (and tricky for you, as your own sysadm, to do what you want as well.. there's always a price). |
Re: Security on Nits?
Quote:
This the most basic thing to understand about the economics and psychology of security, and variants of TA's argument above have been repeated throughout the thread without anyone being willing to come to grips with the answer: all security is about raising the effort barrier to attackers. With Android (sandbox virtual machine) and Symbian (privilege and certification system), or even a decently configured Windows system (firewalls and virus checkers with daily updates) this barrier is enormously higher than for the Nit. In fact, Nokia don't seem to have thought about security at all with the Nit - and it should have been the starting point and key feature for a consumer device designed for accessing the Internet. Of course, Nokia haven't been alone in their mistakes. Apple have made exactly the same errors with the iPhone, and are now rushing to correct them: http://www.theregister.co.uk/2007/10/24/omtp_security/ *Very, very amusingly, there's a story about exactly this realization on Nokia's leader NIT developer's blog: Quote:
Shutting down a firewall - especially on a system with decent anti virus and malware - is not easy. It's much harder than merely adding a keylogger to a PIM; if its doable at all it will probably only be because of a temporary vulnerability that will get patched before 999 in 1000 attackers have a chance to use it. By comparison, the Nit is a house with no locks on its doors and a big "Come on in!" sign. |
Re: Security on Nits?
Quote:
|
Re: Security on Nits?
I think I'll abandon this discussion. meanwhile, in my opinion you don't know as much as you think you know about this. That it should be difficult to turn off a firewall is simply not true. At some point a user will end up installing a program with root (admin) access, simply because that particular application (whatever it says it's supposed to do) will have to be installed that way. For Windows, for example, there's almost nothing that installs without admin rights. From there on it's simple - you (the trojan) can do whatever you want.
But this is what I've been repeating, so I'll stop the repeat cycle there. Disagree if you want, I've said my piece. |
Re: Security on Nits?
Quote:
OK, lets go with your argument. Do you have the capability of walking through an unlocked door? Yes? good. Do you know anyone else who knows how to walk through an unlocked door? Good so far. ok. Do you know how to make a linux keylogger? Yes? Do you know anyone else who knows how to make a linux keylogger? yes? Do you know an equal amount of people who know how to walk through an unlocked door as can write a unix keylogger? yes? Good, that means your argument is valid. Whats that? You don't? hmm.. Do you know anyone who can write a unix keylogger who couldn't write an application to disable a software firewall? I certainly couldn't think of anyone. Quote:
You know when you are in a car and the brakes have failed and you are heading towards a truck? Closing your eyes doesn't actually work! Quote:
Quote:
Quote:
Quote:
|
Re: Security on Nits?
<< This is an argument that the Religious Right uses over condoms and Aids. The empirically observed result is death among believers. >>
I was interested in this topic and went to read your reply and saw this, now I have to wonder if you are a ***** or not. Why not stick to the facts and leave your social, political and religious stupidity at home where they belong? The thread is about security not condoms and aids, per you initial post. |
Re: Security on Nits?
I thought the advantage of Linux was that keylogers and viruses were rare to none existent? I know that doesn't, in itself, make people feel more secure. I am curious how someone would exploit the NIT in a meaningful way.
|
Re: Security on Nits?
kernel module or X extension could probably implement a keylogger although neither is exactly trivial to write. Using standard command line tools I could dump passwords for IM, Mail, and network access trivially. Grabbing cookies might allow for attacks on several sites like google as well.
But the user still has to install and run this malicious software so some amount of social engineering is required. |
Re: Security on Nits?
<< With Android (sandbox virtual machine) and Symbian (privilege and certification system), or even a decently configured Windows system (firewalls and virus checkers with daily updates) this barrier is enormously higher than for the Nit. In fact, Nokia don't seem to have thought about security at all with the Nit - and it should have been the starting point and key feature for a consumer device designed for accessing the Internet. >>
I didn't really think that Windows software firewalls were as good as you think or securing Windows wouldn't be the industry that it is. I've seen to many trojans disable the best Windows security, because it was just to easy for the user to accidently subvert system security. Maybe it's obscurity, but I have never really heard of this happening on a linux system - outside academic forum postings. I would imagine that just being a NIT raises the bar of irritation, as mentioned in another post, for a hacker. Where is the benefit to trying to create a NIT trojan? There is an endless sea of Windows boxes and tools that anyone can use to make quick money. Hacking a NIT via a trojan takes some skill and the pay off just doesn't seem obvious to me - how about you? |
Re: Security on Nits?
As far as security goes, I'd worry more about someone physically stealing my N800 (and the data on it) than it getting hacked or hit with a virus/worm/etc.
|
All times are GMT. The time now is 23:14. |
vBulletin® Version 3.8.8