This still makes no sense. Unless you are proposing rolling hourly reboots, then you need to be detected before taking action and resetting to a known good state, right?
-
-
Replying to @taviso @dwizzzleMSFT
Not proposing hourly reboots :) But some device classes (phones, for example) do get restarted more than others (old-school monolithic web servers).
1 reply 0 retweets 0 likes -
Replying to @JasonGeffner @dwizzzleMSFT
Sure, perhaps weekly maybe daily at a stretch, isn't being compromised that long bad enough? I know I wouldn't feel much better if you told me an attacker had kernel code exec, but only for a few days!
1 reply 0 retweets 0 likes -
Replying to @taviso @dwizzzleMSFT
Depends on the attacker's objectives. If it's stealing your browser's current cookies then a few seconds is more than enough. But if objective is capturing conversations or waiting for corporate earnings numbers to become available then attacker needs to focus on long-term.
1 reply 0 retweets 0 likes -
Replying to @JasonGeffner @dwizzzleMSFT
Right, this is an example of a minor change in approach - you recompromise after the phone is rebooted, or wait until you knew earnings are about to be released. Would you agree that lack of long term persistence does not prevent those two attacks?
1 reply 0 retweets 0 likes -
Replying to @taviso @dwizzzleMSFT
If attacker can recompromise at will without detection or prevention then persistence doesn't really matter anymore. But if attacker only gets a single chance to compromise victim and objective data is not yet on victim's device then persistence does matter.
1 reply 0 retweets 0 likes -
Replying to @JasonGeffner @dwizzzleMSFT
In your opinion, is that a common issue? Attackers only having a single chance to compromise, and only want data that doesn't exist yet, and won't exist before the next normal reboot (let's say, a month for patch Tuesday) - and no other way to leverage a full compromise?
1 reply 0 retweets 1 like -
Replying to @taviso @dwizzzleMSFT
Common enough in the APT space to make non-persistence a worthwhile defense-in-depth measure.
1 reply 0 retweets 0 likes -
Replying to @JasonGeffner @dwizzzleMSFT
Hah, it was rhetorical, it's not common at all. This kind of minor inconvenience happens literally all the time, some patch breaks some technique - exploitation still continues, attackers simply adjust.
1 reply 0 retweets 0 likes -
Replying to @taviso @dwizzzleMSFT
If the defender can force the attacker to have to use a different technique then that's still a win for the defender.
1 reply 0 retweets 1 like
Disagree, mitigations are attack surface too, they add complexity and technical debt, so their value must be carefully considered. It's trivial to force attackers to incur one time costs, but it's not free for defenders. The benefit here is pretty negligible.
-
-
Replying to @taviso @dwizzzleMSFT
Right, not all mitigations are created equally. Most all mitigations have some cost/risk so defenders must choose carefully.
1 reply 0 retweets 0 likes -
Replying to @JasonGeffner @dwizzzleMSFT
Right, it sounds like we agree on that. How about this - don't you think we can do better than randomly interrupting persistent attacks, if we're choosing security boundaries to get supported?
2 replies 0 retweets 0 likes - 18 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.