Security by ... too much honesty?

Tue Apr 21 02:50:25 UTC 2009

Mostly, a lot of things are supported and work just fine.  We live in
a decent enough world, usually you're not really a target for anything
bad, and we can ignore all the hype about most stuff because hey, it's
just unlikely.

...

I call BS.

If I wanted to get into your bank account, I would probably... hmm.  Let's see.

First I'd grab BackTrack or nUbuntu.  Then I'd snoop your wifi,
picking up your hidden network from the headers of some authentication
packets, and use aircrack-ptw to pull your WEP key in about 30 seconds
(if I want to be stealthy, I'll camp and pick up your key from your
P2P traffic).  Now I can use that key in a specially modified version
of Ethereal or tcpdump to snoop your activity, pick up your gmail
cookie, and read your e-mail.  I can authenticate with your wifi or
spoof your IP and mac now, use the WEP key to get on your network, use
your gmail cookie to log in as you, and read your message about your
online password.

Let's back up and try this again.

First, add a plug-in hook to network manager.  Write a plug-in that
snoops for hidden SSIDs, MACs on those networks, and tries to recover
WEP keys, all 100% passively.  Add an attack-with-intent to crack WEP
forcefully (noisy) or dictionary attack WPA (hell, WPA can be recorded
and dictionary attacked offline, this is one of its biggest
weaknesses).

Now, I know this has been done to death, but we just took the status
of "an elite hacker might..." (which we, of course, all understand as
"A 14 year old who can use Google might...") and said "Someone on a
normal desktop environment will have these just show up blatantly,
those wifi protections mean nothing."  Security by being too damn
honest:  you, normal unskilled user, sitting in front of a normal
desktop environment, have push-button autohacking at your fingertips.

I feel that the 100% quiet and automated mode should be a normal
desktop feature.  I don't mean by default of course, hell no; plug-in
hook to Network Manager means we can install this with, say,
hubuntu-desktop or hkubuntu-desktop.  The idea of a "hacking
distribution" should still be limited to those with intent and skill,
those who would otherwise pick up Backtrack or nUbuntu and use "magic
elite hacker super-pwnz tools" to get the job done; but the interface
should be changed to "everyday normal desktop environment."  I WANT TO
SCARE THE SHIT OUT OF THE USERS.

These sorts of integrations can continue easily enough.  Hash replay
attacks on Windows file shares, automatically, by snooping, via a
Nautilus plug-in.  Hamster/Ferret magic tricks, by such snooping and
combinations of tools in the background (that is, crack wep,
automatically start snooping it, pick up those cookies, notate the
network and MAC and IP), and a Firefox extension that can load and use
such cookies in one particular tab (not the whole browser).  Sniffing
for plaintext HTTP authentication.

I'm sure a bunch of people reading this are going to say, "We don't
want to do that.  Those tools should be complicated, so that only
really really REALLY intent bad guys can use them; normal badguys
don't bother and it keeps us secure."  Open your mouths, say it, you
know you want to.  My argument is the following:  The "really intent
badguys" are the ones that aren't too lazy to drive out to get food
instead of just calling delivery, and any idiot can pull these hacks
off; by delivering them, you are raising the bar for what we must do
for real security, and driving the point home that, no, this isn't
"enough to keep most people out," it's just a squishy feel-good
measure because you don't think most people are "that technically
savvy" (yeah guess what?  Those idiots aren't your threats, they have
no interest in you anyway).

Anyway, I'm not necessarily advocating merging such things directly
with Ubuntu (though there's potential there; an official security
auditing branch would be awesome, remember this stuff isn't just for
bankrobbers and angsty teenagers); but I am advocating that the
concept is a sound one and the wide distribution of such things would
be a good thing in the long term.