Aviator
October 30, 2013 6:33 AM Subscribe
Aviator, a web browser from WhiteHat Security.
Aviator is the internal browser of the security firm WhiteHat. Their goal is great privacy and security while browsing the web. The blog post introducing the product goes into more detail about how it came about. Another post details some differences between this browser and Chrome/Chromium.
Aviator is the internal browser of the security firm WhiteHat. Their goal is great privacy and security while browsing the web. The blog post introducing the product goes into more detail about how it came about. Another post details some differences between this browser and Chrome/Chromium.
So the solution to privacy is to completely trust a closed-source product from a private company...?
posted by fifthrider at 6:45 AM on October 30, 2013 [51 favorites]
posted by fifthrider at 6:45 AM on October 30, 2013 [51 favorites]
Ha, My Mac wouldn't allow the install because I have my security settings such that I can't install apps from untrusted developers.
posted by emelenjr at 6:47 AM on October 30, 2013 [3 favorites]
posted by emelenjr at 6:47 AM on October 30, 2013 [3 favorites]
So the solution to privacy is to completely trust a closed-source product from a private company...?
Yeah, admittedly this is just at a glance but I don't see the improved security part. I can get a Chromium-based browser from Google, a major corporation based on advertising who can afford to hire top programming talent or I can get it from Some Guys with Good Intentions. Hate to say it, but I feel like the Google-developed browser is going to be more secure in the long run. This doesn't feel like something that increases security so much as something that decreases reduces your visibility to advertising. A noble and worthwhile goal, but not one that should be sold as making you "secure". I can do that with Chrome/ Firefox + extensions. Having a browser that hides from advertisers by default would be a step up for installing on non-technical relatives' computers, but only if it is 100% Chrome-compatible so they're not frustrated by extensions that don't work and give up on it.
posted by yerfatma at 6:51 AM on October 30, 2013 [2 favorites]
Yeah, admittedly this is just at a glance but I don't see the improved security part. I can get a Chromium-based browser from Google, a major corporation based on advertising who can afford to hire top programming talent or I can get it from Some Guys with Good Intentions. Hate to say it, but I feel like the Google-developed browser is going to be more secure in the long run. This doesn't feel like something that increases security so much as something that decreases reduces your visibility to advertising. A noble and worthwhile goal, but not one that should be sold as making you "secure". I can do that with Chrome/ Firefox + extensions. Having a browser that hides from advertisers by default would be a step up for installing on non-technical relatives' computers, but only if it is 100% Chrome-compatible so they're not frustrated by extensions that don't work and give up on it.
posted by yerfatma at 6:51 AM on October 30, 2013 [2 favorites]
WhiteHat Aviator is the best and easiest way to bank, shop, browse, and use social networks while stopping viruses, advertisers, hackers, and cyber-crooks.
Ok, but what about governments?
posted by Jon_Evil at 6:55 AM on October 30, 2013 [5 favorites]
Ok, but what about governments?
posted by Jon_Evil at 6:55 AM on October 30, 2013 [5 favorites]
It's not a security tool - it's just a browser with adblock/don't track turned on by default. Stacking a closed-source product on a closed-source OS isn't "security".
posted by Mary Ellen Carter at 7:03 AM on October 30, 2013 [9 favorites]
posted by Mary Ellen Carter at 7:03 AM on October 30, 2013 [9 favorites]
So this is just Chrome with:
posted by Inspector.Gadget at 7:04 AM on October 30, 2013 [3 favorites]
- different defaults and branding;
- a few bundled extensions;
- maybe some minor code tweaks around referrer information?
posted by Inspector.Gadget at 7:04 AM on October 30, 2013 [3 favorites]
Some Guys with Good Intentions
I browsed their leadership team and have worked with their VP of engineering in the past. I think it would be more appropriate to at least say "Some Good Guys with Good Intentions".
posted by plinth at 7:06 AM on October 30, 2013 [1 favorite]
I browsed their leadership team and have worked with their VP of engineering in the past. I think it would be more appropriate to at least say "Some Good Guys with Good Intentions".
posted by plinth at 7:06 AM on October 30, 2013 [1 favorite]
Hmmmm. On the subject of "why no built-in ad-blocking?". I don't think Apple and Microsoft rely on ad revenue. It's not "we need the ads!" that keeps ad-blocking out of Safari and Internet Explorer. Google and Firefox, yes.
Hmmmm again. Actually, why doesn't Microsoft Internet Explorer come with ad-blocking out of the box? Maybe it's something they can do without getting sued when/if their market share drops under, say, 20%...
posted by alasdair at 7:08 AM on October 30, 2013
Hmmmm again. Actually, why doesn't Microsoft Internet Explorer come with ad-blocking out of the box? Maybe it's something they can do without getting sued when/if their market share drops under, say, 20%...
posted by alasdair at 7:08 AM on October 30, 2013
I think most people don't understand the point of this. It is created to be inherently secure - this is about being less vulnerable to attacks commonly made on web frameworks. For example, the recent TOR "unmasking" was due to a configuration mistake in the browser often used for TOR browsing that lead to malware being placed on the TOR user's workstation - if they were using Aviator, there would not have been an issue.
Perhaps the point here is less to get everyone to use a new browser, and more of a statement about the state of security and privacy in current web browsers - mainly that their motivations and design do not have your security and privacy in mind.
Everyone's too busy getting caught up over minutiae, and they're missing the message.
It's not SUPPOSED to be impressive. It's supposed to show you that the browser companies are actively not doing what they need to be doing to protect their users. The fact that the changes don't require a total re-engineering of the product illustrates the fact that browsers are simply not being developed with privacy or security in mind.
posted by autobahn at 7:09 AM on October 30, 2013 [6 favorites]
Perhaps the point here is less to get everyone to use a new browser, and more of a statement about the state of security and privacy in current web browsers - mainly that their motivations and design do not have your security and privacy in mind.
Everyone's too busy getting caught up over minutiae, and they're missing the message.
It's not SUPPOSED to be impressive. It's supposed to show you that the browser companies are actively not doing what they need to be doing to protect their users. The fact that the changes don't require a total re-engineering of the product illustrates the fact that browsers are simply not being developed with privacy or security in mind.
posted by autobahn at 7:09 AM on October 30, 2013 [6 favorites]
Everyone's too busy getting caught up over minutiae, and they're missing the message.
"There's no way to verify that this does what it claims to do and at best this is just Chromium with some extensions packaged" isn't exactly minutiae. Good intentions do not good software make.
if they were using Aviator, there would not have been an issue.
How would you know? Aviator is closed-source. Put in the same position, the only difference would be that we would never have found out that there was a problem, unless they deigned to quietly fix it.
posted by fifthrider at 7:13 AM on October 30, 2013 [4 favorites]
"There's no way to verify that this does what it claims to do and at best this is just Chromium with some extensions packaged" isn't exactly minutiae. Good intentions do not good software make.
if they were using Aviator, there would not have been an issue.
How would you know? Aviator is closed-source. Put in the same position, the only difference would be that we would never have found out that there was a problem, unless they deigned to quietly fix it.
posted by fifthrider at 7:13 AM on October 30, 2013 [4 favorites]
I can get a Chromium-based browser from Google, a major corporation based on advertising who can afford to hire top programming talent or I can get it from Some Guys with Good Intentions. Hate to say it, but I feel like the Google-developed browser is going to be more secure in the long run.
So you're OK with Google hoovering up everything it can about what you do online? I guess we must agree to disagree, then.
posted by indubitable at 7:26 AM on October 30, 2013
So you're OK with Google hoovering up everything it can about what you do online? I guess we must agree to disagree, then.
posted by indubitable at 7:26 AM on October 30, 2013
I can think of certain use-cases for a browser like this. Like forcing it on the users of a very locked-down corporate network. Of course, in those situations the easiest way to prevent most malware infection is simply to refuse to let the users persist any changes to the virtual machine their desktop application suite is usually running in.
posted by snuffleupagus at 7:29 AM on October 30, 2013
posted by snuffleupagus at 7:29 AM on October 30, 2013
Hmmmm again. Actually, why doesn't Microsoft Internet Explorer come with ad-blocking out of the box? Maybe it's something they can do without getting sued when/if their market share drops under, say, 20%...
Bing?
unless I missed the sarcasm
posted by graphnerd at 7:30 AM on October 30, 2013
Bing?
unless I missed the sarcasm
posted by graphnerd at 7:30 AM on October 30, 2013
Actually, why doesn't Microsoft Internet Explorer come with ad-blocking out of the box?
It would kill off many thousands of websites and blogs that depend on ad revenue to survive. Like metafilter.
posted by qi at 7:33 AM on October 30, 2013 [2 favorites]
It would kill off many thousands of websites and blogs that depend on ad revenue to survive. Like metafilter.
posted by qi at 7:33 AM on October 30, 2013 [2 favorites]
So you're OK with Google hoovering up everything it can about what you do online?
I should have been clearer: I meant from the standpoint of being "secure" on the really important stuff like keeping site code running in a sandbox, etc I'd still feel more comfortable with Major Corporation* in spite of the fact they have a vested interest in being able to profile me for the purpose of advertising.
Actually, why doesn't Microsoft Internet Explorer come with ad-blocking out of the box?
It would kill off many thousands of websites and blogs that depend on ad revenue to survive. Like metafilter.
To me the most interesting part about this is what it means when we start to see Alternative Browsers. Not simply standard web browsers from a new company, but ones that have a different raison d'ĂȘtre. Flock was a really interesting browser based around social networking. Flock never hit critical mass, but it showed up at the dawn of the "real"** social networking era. I wonder if this browser means we'll start to see vendors actually care about security. I also wonder what that will mean for the evolution of web standards: much of the rapid innovation we've seen on the web recently has been thanks to vendors competing to be first to implement HTML5/ CSS3 features; they may be less willing to implement things that haven't been firmly spec'd in advance as security becomes more important.
* Offer not valid in Washington State and I'd be happy with Firefox as well.
** Which is to say, eff MySpace.
posted by yerfatma at 7:44 AM on October 30, 2013
I should have been clearer: I meant from the standpoint of being "secure" on the really important stuff like keeping site code running in a sandbox, etc I'd still feel more comfortable with Major Corporation* in spite of the fact they have a vested interest in being able to profile me for the purpose of advertising.
Actually, why doesn't Microsoft Internet Explorer come with ad-blocking out of the box?
It would kill off many thousands of websites and blogs that depend on ad revenue to survive. Like metafilter.
To me the most interesting part about this is what it means when we start to see Alternative Browsers. Not simply standard web browsers from a new company, but ones that have a different raison d'ĂȘtre. Flock was a really interesting browser based around social networking. Flock never hit critical mass, but it showed up at the dawn of the "real"** social networking era. I wonder if this browser means we'll start to see vendors actually care about security. I also wonder what that will mean for the evolution of web standards: much of the rapid innovation we've seen on the web recently has been thanks to vendors competing to be first to implement HTML5/ CSS3 features; they may be less willing to implement things that haven't been firmly spec'd in advance as security becomes more important.
* Offer not valid in Washington State and I'd be happy with Firefox as well.
** Which is to say, eff MySpace.
posted by yerfatma at 7:44 AM on October 30, 2013
The point of the browser is that it's secure by default. Clearly you can take Chrome and make it secure. I have Ghostery installed, and I can toggle over to private mode. Most people don't. And those that do might fuck it up, anyway. Insecure by default is a common attack vector for this sort of stuff.
That fact it's closed source is a shame. Maybe that will change.
posted by chunking express at 7:50 AM on October 30, 2013
That fact it's closed source is a shame. Maybe that will change.
posted by chunking express at 7:50 AM on October 30, 2013
I compile my own browser from hand-coded assembly every morning, and purge it every night. It's the only way to be sure.*
Unfortunately my code reviews take 25 hours, so I'm further behind every day.
posted by blue_beetle at 7:56 AM on October 30, 2013 [9 favorites]
Unfortunately my code reviews take 25 hours, so I'm further behind every day.
posted by blue_beetle at 7:56 AM on October 30, 2013 [9 favorites]
The term 'white hats' isin't that the name of the white knight "hackers" that will denounce you to the authorities like Adrian Lamo?
posted by CitoyenK at 8:04 AM on October 30, 2013 [1 favorite]
posted by CitoyenK at 8:04 AM on October 30, 2013 [1 favorite]
The term 'white hats' isin't that the name of the white knight "hackers" that will denounce you to the authorities like Adrian Lamo?
Lamo isn't a white hat. He's a Grey Hat who'll sell out his own.
White Hat - compromise computer systems ethically (at the invitation of the system owners, and without publishing the flaws publicly before a fix is in place)
Grey Hat - compromise computer security systems for the intellectual challenge and peer recognition, and are generally not destructive, but can cause damage inadvertently, are not invited to do so, and don't respect the confidentiality of those systems they compromise.
Black Hat - For teh LULZ. And money. But mostly lulz.
posted by Slap*Happy at 8:11 AM on October 30, 2013 [3 favorites]
Lamo isn't a white hat. He's a Grey Hat who'll sell out his own.
White Hat - compromise computer systems ethically (at the invitation of the system owners, and without publishing the flaws publicly before a fix is in place)
Grey Hat - compromise computer security systems for the intellectual challenge and peer recognition, and are generally not destructive, but can cause damage inadvertently, are not invited to do so, and don't respect the confidentiality of those systems they compromise.
Black Hat - For teh LULZ. And money. But mostly lulz.
posted by Slap*Happy at 8:11 AM on October 30, 2013 [3 favorites]
Isn't SRWare Iron already available to do basically the same thing?
posted by 1adam12 at 8:14 AM on October 30, 2013 [1 favorite]
posted by 1adam12 at 8:14 AM on October 30, 2013 [1 favorite]
thanks for the distinction, slap*happy,
I'd trust more a 'black hat' browser than a 'white hat' one, Lulz over Biz...
posted by CitoyenK at 8:18 AM on October 30, 2013
I'd trust more a 'black hat' browser than a 'white hat' one, Lulz over Biz...
posted by CitoyenK at 8:18 AM on October 30, 2013
I think a better way to promote client security would be to develop an extension that catalogues your settings and makes recommendations for improvement. You'd start from where you are and take small, comprehensible steps to where you should be, rather than exchanging one monolithic piece of software you don't understand for another.
Something like that may already exist, I don't know...
posted by klanawa at 8:24 AM on October 30, 2013 [2 favorites]
Something like that may already exist, I don't know...
posted by klanawa at 8:24 AM on October 30, 2013 [2 favorites]
White hat is a good company, I find this impressive, especially if they will connect the browser to AMD (advanced malware detection) feeds such as provided by trusteer, iovation an blue coat. Not sure if I'd want to be tapped into RSA's cybercrime labs feed, but it's some advanced stuff going on there.
Endpoint protection is the future, the browser itself is the attack surface. Harden that, connect it to cloud-based security services that are worth it, and you have a pretty kick ass solution to some very hard to solve problems.
Open-source security tools are way, way behind the curve. I guess you could come back with snort, but without sourcefire you are looking at a lot of effort just hope to keep up.
I think it's an interesting development, an MVP for sure, but maybe with enough valuable feedback it will become a better offering.
posted by Annika Cicada at 8:56 AM on October 30, 2013 [4 favorites]
Endpoint protection is the future, the browser itself is the attack surface. Harden that, connect it to cloud-based security services that are worth it, and you have a pretty kick ass solution to some very hard to solve problems.
Open-source security tools are way, way behind the curve. I guess you could come back with snort, but without sourcefire you are looking at a lot of effort just hope to keep up.
I think it's an interesting development, an MVP for sure, but maybe with enough valuable feedback it will become a better offering.
posted by Annika Cicada at 8:56 AM on October 30, 2013 [4 favorites]
Ha, My Mac wouldn't allow the install because I have my security settings such that I can't install apps from untrusted developers.
That should be a red flag, or at least a loud warning. While the download might be kosher, you can't say with any certainty where that app is coming from.
posted by Blazecock Pileon at 9:11 AM on October 30, 2013 [1 favorite]
That should be a red flag, or at least a loud warning. While the download might be kosher, you can't say with any certainty where that app is coming from.
posted by Blazecock Pileon at 9:11 AM on October 30, 2013 [1 favorite]
White hat is a good company, I find this impressive, especially if they will connect the browser to AMD (advanced malware detection) feeds such as provided by trusteer, iovation an blue coat. Not sure if I'd want to be tapped into RSA's cybercrime labs feed, but it's some advanced stuff going on there.
Endpoint protection is the future, the browser itself is the attack surface. Harden that, connect it to cloud-based security services that are worth it, and you have a pretty kick ass solution to some very hard to solve problems.
Open-source security tools are way, way behind the curve. I guess you could come back with snort, but without sourcefire you are looking at a lot of effort just hope to keep up.
If you're relying on signature-based detection, you've _already lost_ against anyone worth their salt. If you think a vendor feed is protecting you, you need to go spend some time working with a dedicated intrusion detection operations group or hire someone worth their salt to pentest your network.
Suggesting that open source tools are behind the curve is ridiculous and it sounds like you're talking more about signature feeds than actual product capabilities. The open source stuff by and large kicks the shit out of commercial offerings from a functionality perspective. You pay money for usability, not functionality with all but a few vendors.
Endpoint protection was the future, but the only product that got it right (Okena Stormwatch/Cisco Security Agent) was so damn hard for most folks to configure that it never got market share.
I think suggesting that hardening the browser is the way to go is naive. Web consumption is driven by bells and whistles, and that's never going to change. Users and standards bodies are going to choose rich media experiences over security in all but the most extreme cases.
The best paradigm I've seen for addressing this is app virtualization where you contain the damage a subverted application can do. App-V and VMWare's offerings are good. Qubes is a bit closer to the way I'd like to see things go.
posted by bfranklin at 9:35 AM on October 30, 2013 [3 favorites]
Endpoint protection is the future, the browser itself is the attack surface. Harden that, connect it to cloud-based security services that are worth it, and you have a pretty kick ass solution to some very hard to solve problems.
Open-source security tools are way, way behind the curve. I guess you could come back with snort, but without sourcefire you are looking at a lot of effort just hope to keep up.
If you're relying on signature-based detection, you've _already lost_ against anyone worth their salt. If you think a vendor feed is protecting you, you need to go spend some time working with a dedicated intrusion detection operations group or hire someone worth their salt to pentest your network.
Suggesting that open source tools are behind the curve is ridiculous and it sounds like you're talking more about signature feeds than actual product capabilities. The open source stuff by and large kicks the shit out of commercial offerings from a functionality perspective. You pay money for usability, not functionality with all but a few vendors.
Endpoint protection was the future, but the only product that got it right (Okena Stormwatch/Cisco Security Agent) was so damn hard for most folks to configure that it never got market share.
I think suggesting that hardening the browser is the way to go is naive. Web consumption is driven by bells and whistles, and that's never going to change. Users and standards bodies are going to choose rich media experiences over security in all but the most extreme cases.
The best paradigm I've seen for addressing this is app virtualization where you contain the damage a subverted application can do. App-V and VMWare's offerings are good. Qubes is a bit closer to the way I'd like to see things go.
posted by bfranklin at 9:35 AM on October 30, 2013 [3 favorites]
snuffleupagus: "I can think of certain use-cases for a browser like this. Like forcing it on the users of a very locked-down corporate network. Of course, in those situations the easiest way to prevent most malware infection is simply to refuse to let the users persist any changes to the virtual machine their desktop application suite is usually running in."
Except it doesn't allow intranet addresses and I use a few apps on my Linux install that require http access on localhost for the interface, like bliss. So I don't think it would be a good fit for that use case either.
posted by Samizdata at 10:09 AM on October 30, 2013
Except it doesn't allow intranet addresses and I use a few apps on my Linux install that require http access on localhost for the interface, like bliss. So I don't think it would be a good fit for that use case either.
posted by Samizdata at 10:09 AM on October 30, 2013
Oh, whoops, Mac only! (Which makes me wonder what sense it makes to offer a closed source project built on an open source project for one of the most locked down closed source OSes ever.)
posted by Samizdata at 10:13 AM on October 30, 2013 [4 favorites]
posted by Samizdata at 10:13 AM on October 30, 2013 [4 favorites]
Bfranklin: I am definitely *not* talking about signature-based detection, that fight was lost years ago.
I'm more interested in feeds from providers that are breaking into and fingerprinting known threat actor endpoints and providing reputation scores, stuff that's integrated directly into my web applications. I don't know of an open-source group that's reverse-engineering their way into known criminal rings in eastern bloc countries, then tagging, bagging and tracking physical nodes and intercepting communications.
Speaking of open source, I'd like to know what open-source tools you are talking about, everything I have found does not cut the mustard at all for what I need at the real-time prevention layer. Open source will play a huge part at the core of the data analytic engine, but that's more dealing with huge volumes of data as part of a long-term security research program.
And as far as being pentested, my network is pentested 24/7/365 by multiple groups, it's the most basic component of my security defense program. You wanna talk WAF's? XSRF? I deal with that all day long.
The most important reason for an endpoint malware detection solution on the corporate side of my house is getting in front of encryption, period. The only other solution I have beyond that is Blue Coat's SSL Visibility appliance, but that requires an internal PKI infrastructure in order to perform SSL MITM on web-bound traffic, something that I'd like to avoid if I can. If you have any ideas on how to deal with encryption, please let me know.
As far as application sandboxing goes, you are on the right track, there are some interesting developments, I've been looking into it as well but I have issues with it, mainly, how do I know something has gone wrong, and how do I stop it once it does? Just because the rogue app can't compromise other nodes or has been isolated from the accessing local resources means very little if I can't detect it has gone rogue and globally remove it from potentially thousand of nodes.
posted by Annika Cicada at 10:18 AM on October 30, 2013 [3 favorites]
I'm more interested in feeds from providers that are breaking into and fingerprinting known threat actor endpoints and providing reputation scores, stuff that's integrated directly into my web applications. I don't know of an open-source group that's reverse-engineering their way into known criminal rings in eastern bloc countries, then tagging, bagging and tracking physical nodes and intercepting communications.
Speaking of open source, I'd like to know what open-source tools you are talking about, everything I have found does not cut the mustard at all for what I need at the real-time prevention layer. Open source will play a huge part at the core of the data analytic engine, but that's more dealing with huge volumes of data as part of a long-term security research program.
And as far as being pentested, my network is pentested 24/7/365 by multiple groups, it's the most basic component of my security defense program. You wanna talk WAF's? XSRF? I deal with that all day long.
The most important reason for an endpoint malware detection solution on the corporate side of my house is getting in front of encryption, period. The only other solution I have beyond that is Blue Coat's SSL Visibility appliance, but that requires an internal PKI infrastructure in order to perform SSL MITM on web-bound traffic, something that I'd like to avoid if I can. If you have any ideas on how to deal with encryption, please let me know.
As far as application sandboxing goes, you are on the right track, there are some interesting developments, I've been looking into it as well but I have issues with it, mainly, how do I know something has gone wrong, and how do I stop it once it does? Just because the rogue app can't compromise other nodes or has been isolated from the accessing local resources means very little if I can't detect it has gone rogue and globally remove it from potentially thousand of nodes.
posted by Annika Cicada at 10:18 AM on October 30, 2013 [3 favorites]
The open source stuff by and large kicks the shit out of commercial offerings from a functionality perspective.
Not true when it comes to next generation security appliances with UTM. FOSS should be way out in front of the consolidation and virtualization game, like it is with server software, but it's just not. Firewalling especially seems stuck a decade back - it should be able to examine all of the OSI layers, right up to payload, and match against known and probable threats, and permit or deny or throttle access based on user identity and reputation.
On the other hand, a fancy UTM appliance is no substitute for a modern IDS infrastructure (where OSS is up against some sexy stuff) or host-based security measures. We need it all in this day and age.
posted by Slap*Happy at 10:32 AM on October 30, 2013 [1 favorite]
Not true when it comes to next generation security appliances with UTM. FOSS should be way out in front of the consolidation and virtualization game, like it is with server software, but it's just not. Firewalling especially seems stuck a decade back - it should be able to examine all of the OSI layers, right up to payload, and match against known and probable threats, and permit or deny or throttle access based on user identity and reputation.
On the other hand, a fancy UTM appliance is no substitute for a modern IDS infrastructure (where OSS is up against some sexy stuff) or host-based security measures. We need it all in this day and age.
posted by Slap*Happy at 10:32 AM on October 30, 2013 [1 favorite]
So - can we start labelling hackers based on D&D alignment instead of hat color? I think it would be a bit more accurate and easier to tell what I'm really supposed to think.
Like, does the NSA consider themselves white hat? Cuz to me, they're at the very least grey hat. I wonder what others consider the grey hat. And no offense if a "white hat" private company releases software and expects us to "trust them" with knowledge that there exist things like front-companies of the CIA, and pressure from the NSA upon companies. Nah, I'll pass.
posted by symbioid at 10:54 AM on October 30, 2013 [3 favorites]
Like, does the NSA consider themselves white hat? Cuz to me, they're at the very least grey hat. I wonder what others consider the grey hat. And no offense if a "white hat" private company releases software and expects us to "trust them" with knowledge that there exist things like front-companies of the CIA, and pressure from the NSA upon companies. Nah, I'll pass.
posted by symbioid at 10:54 AM on October 30, 2013 [3 favorites]
I'm more interested in feeds from providers that are breaking into and fingerprinting known threat actor endpoints and providing reputation scores, stuff that's integrated directly into my web applications.
This is fundamentally an operations thing, though. I don't think you can fault a development methodology for not providing continuous operational results.
Reputation is also of limited value against a worthwhile adversary. Breaking into C&C structures is great, but most of these things are running bots that I knew how to defend against 10 years ago.
I like what Mandiant does with the operational knowledge and moves to a compromise detection methodology with IOCs (which, incidentally, is an open framework).
The most important reason for an endpoint malware detection solution on the corporate side of my house is getting in front of encryption, period. The only other solution I have beyond that is Blue Coat's SSL Visibility appliance, but that requires an internal PKI infrastructure in order to perform SSL MITM on web-bound traffic, something that I'd like to avoid if I can. If you have any ideas on how to deal with encryption, please let me know.
What's the issue with MITM on your own stuff? Tearing down and rebuilding connections with protocol validation is one of the few ways to address reverse SSH tunnels over HTTPS.
Fundamentally, I'm opposed to heavy reliance on any technology that's premised on "we've seen this before and decided it's bad." It's a quick win, sure, but that's why I run antivirus. I run a Bluecoat SG moreso for policy enforcement and reporting than anything else. Reputation's nice, but I need to whitelist something weekly and their site categorization review automatons are a) lazy, and b) stupid.
how do I know something has gone wrong, and how do I stop it once it does? Just because the rogue app can't compromise other nodes or has been isolated from the accessing local resources means very little if I can't detect it has gone rogue and globally remove it from potentially thousand of nodes.
I 100% agree with you, and this is a big part of why I have a dim view of reputation services. Post-compromise behavior detection (and in particular, the time-to-detection metric) is the single most important operational metric you can have. As mentioned previously, the Mandiant IOCs are a good method, but actual detection, in my opinion, always needs to live on the network because you can subvert the host. The reference implementation, in my mind, is the collection stack Bejtlich laid out years ago in Tao of NSM.
I've had a lot of vendors tell me netflow is dead. Those vendors don't work on ISP-grade switches with shitloads of packets rolling through.
TL;DR: If you want to know when you're owned, find yourself a really good intrusion analyst and sit them in front of an event console on your network. A good packet monkey will tell you everything you want to know.
Not true when it comes to next generation security appliances with UTM.
I have yet to see one that isn't worthless. UTM is something that lives firmly in "marketing bullshit land" in my book.
posted by bfranklin at 10:58 AM on October 30, 2013 [1 favorite]
This is fundamentally an operations thing, though. I don't think you can fault a development methodology for not providing continuous operational results.
Reputation is also of limited value against a worthwhile adversary. Breaking into C&C structures is great, but most of these things are running bots that I knew how to defend against 10 years ago.
I like what Mandiant does with the operational knowledge and moves to a compromise detection methodology with IOCs (which, incidentally, is an open framework).
The most important reason for an endpoint malware detection solution on the corporate side of my house is getting in front of encryption, period. The only other solution I have beyond that is Blue Coat's SSL Visibility appliance, but that requires an internal PKI infrastructure in order to perform SSL MITM on web-bound traffic, something that I'd like to avoid if I can. If you have any ideas on how to deal with encryption, please let me know.
What's the issue with MITM on your own stuff? Tearing down and rebuilding connections with protocol validation is one of the few ways to address reverse SSH tunnels over HTTPS.
Fundamentally, I'm opposed to heavy reliance on any technology that's premised on "we've seen this before and decided it's bad." It's a quick win, sure, but that's why I run antivirus. I run a Bluecoat SG moreso for policy enforcement and reporting than anything else. Reputation's nice, but I need to whitelist something weekly and their site categorization review automatons are a) lazy, and b) stupid.
how do I know something has gone wrong, and how do I stop it once it does? Just because the rogue app can't compromise other nodes or has been isolated from the accessing local resources means very little if I can't detect it has gone rogue and globally remove it from potentially thousand of nodes.
I 100% agree with you, and this is a big part of why I have a dim view of reputation services. Post-compromise behavior detection (and in particular, the time-to-detection metric) is the single most important operational metric you can have. As mentioned previously, the Mandiant IOCs are a good method, but actual detection, in my opinion, always needs to live on the network because you can subvert the host. The reference implementation, in my mind, is the collection stack Bejtlich laid out years ago in Tao of NSM.
I've had a lot of vendors tell me netflow is dead. Those vendors don't work on ISP-grade switches with shitloads of packets rolling through.
TL;DR: If you want to know when you're owned, find yourself a really good intrusion analyst and sit them in front of an event console on your network. A good packet monkey will tell you everything you want to know.
Not true when it comes to next generation security appliances with UTM.
I have yet to see one that isn't worthless. UTM is something that lives firmly in "marketing bullshit land" in my book.
posted by bfranklin at 10:58 AM on October 30, 2013 [1 favorite]
Security is kind of the antithesis to privacy. I struggle with that.
posted by Annika Cicada at 10:59 AM on October 30, 2013 [1 favorite]
posted by Annika Cicada at 10:59 AM on October 30, 2013 [1 favorite]
I don't think so - are you really sure that you have privacy if you aren't secure in your communications? Ultimately, trust is the foundation of both.
posted by symbioid at 11:00 AM on October 30, 2013 [1 favorite]
posted by symbioid at 11:00 AM on October 30, 2013 [1 favorite]
As long as you only talk to yourself you're usually safe. Except if that left hand goes rogue again.
posted by yerfatma at 11:02 AM on October 30, 2013
posted by yerfatma at 11:02 AM on October 30, 2013
Except if that left hand goes rogue again.
Sinister bastard.
posted by bfranklin at 11:02 AM on October 30, 2013 [6 favorites]
Sinister bastard.
posted by bfranklin at 11:02 AM on October 30, 2013 [6 favorites]
Bfranklin: Thanks for the answer, you have given me some things to consider, I appreciate it.
I've looked at Mandiant, they have a compelling solution that's on the table for a POC. As far as SSL MITM goes, it's more about having 50+ liable egress points that need protection and at roughly 80k per box, well, that's $$ I don't have.
I hear ya on the SG box, it's a "have-to-have" more for stopping the obvious boulders. Stopping the fine grit targeted attacks, though, there are many hard problems to solve that will continue to keep me employed for some time. (Most of those problems are convincing people to give me the budget...)
At this point we are more focused on the mean time to detection (and the response) and building our capabilities around that. Enterprise prevention is nice, but at the end of the day that requires something like bit9, which is terse and ugly, but effective.
posted by Annika Cicada at 11:14 AM on October 30, 2013
I've looked at Mandiant, they have a compelling solution that's on the table for a POC. As far as SSL MITM goes, it's more about having 50+ liable egress points that need protection and at roughly 80k per box, well, that's $$ I don't have.
I hear ya on the SG box, it's a "have-to-have" more for stopping the obvious boulders. Stopping the fine grit targeted attacks, though, there are many hard problems to solve that will continue to keep me employed for some time. (Most of those problems are convincing people to give me the budget...)
At this point we are more focused on the mean time to detection (and the response) and building our capabilities around that. Enterprise prevention is nice, but at the end of the day that requires something like bit9, which is terse and ugly, but effective.
posted by Annika Cicada at 11:14 AM on October 30, 2013
This seems very similar to SRWare Iron, another Chromium fork.
If they're serious about security, it should come bundled with TOR.
posted by anemone of the state at 11:17 AM on October 30, 2013
If they're serious about security, it should come bundled with TOR.
posted by anemone of the state at 11:17 AM on October 30, 2013
I think bfranklin and Annika Cicada totally own this thread. I wish I understood even a smidgen of what you guys are discussing, but I love it regardless. Cheers!
posted by buffalo at 11:20 AM on October 30, 2013
posted by buffalo at 11:20 AM on October 30, 2013
Anyone billing their browser as 'built for security' should consider not just advertising companies, but also nation-states to be among potential user adversaries- and build the browser and inform their users accordingly.
As well, you should never trust closed software. Aviator may be based on open-source, but because it's BSD license they don't have to release the code.
posted by anemone of the state at 11:23 AM on October 30, 2013
As well, you should never trust closed software. Aviator may be based on open-source, but because it's BSD license they don't have to release the code.
posted by anemone of the state at 11:23 AM on October 30, 2013
As far as SSL MITM goes, it's more about having 50+ liable egress points that need protection and at roughly 80k per box, well, that's $$ I don't have.
Sounds like an architecture issue moreso than a security issue :) That's a sticky one, though. Are you able to discuss more details of your network architecture? I'd really just be throwing things at the wall without a better understanding of what you're facing.
Even if not, my first question would be if the architecture allows you to move the proxy closer to the users, rather than out to the (multiple) edges?
If they're serious about security, it should come bundled with TOR.
TOR doesn't make you more secure; when properly used it makes you anonymous.
I wish I understood even a smidgen of what you guys are discussing
Ask questions!
posted by bfranklin at 11:24 AM on October 30, 2013
Sounds like an architecture issue moreso than a security issue :) That's a sticky one, though. Are you able to discuss more details of your network architecture? I'd really just be throwing things at the wall without a better understanding of what you're facing.
Even if not, my first question would be if the architecture allows you to move the proxy closer to the users, rather than out to the (multiple) edges?
If they're serious about security, it should come bundled with TOR.
TOR doesn't make you more secure; when properly used it makes you anonymous.
I wish I understood even a smidgen of what you guys are discussing
Ask questions!
posted by bfranklin at 11:24 AM on October 30, 2013
Anonymity is a part of good security, and a browser built for security should make anonymity an option.
posted by anemone of the state at 11:27 AM on October 30, 2013
posted by anemone of the state at 11:27 AM on October 30, 2013
Gonna wait for Schneier to weigh in on this one before installing ...
posted by kcds at 11:30 AM on October 30, 2013
posted by kcds at 11:30 AM on October 30, 2013
And moving back a bit from this digression, one of the best things I've seen out of the Snowden leaks is a much more public and continuous discussion of what constitutes best practice for everyday security and for political dissident security.
Red team work is inherently more sexy than blue team work, but I feel like the past few months have had some great discussion of how to best glue tools together on the blue team side to achieve a goal. The debate on the merits of this browser and its particular feature set is just one more example of that.
posted by bfranklin at 11:46 AM on October 30, 2013
Red team work is inherently more sexy than blue team work, but I feel like the past few months have had some great discussion of how to best glue tools together on the blue team side to achieve a goal. The debate on the merits of this browser and its particular feature set is just one more example of that.
posted by bfranklin at 11:46 AM on October 30, 2013
FOSS should be way out in front of the consolidation and virtualization game, like it is with server software, but it's just not.
I dunno, I'm dealing with a business split that is going to call for re-architecting our network and migrating data, and I'm considering ditching Citrix for Ulteo, going the direction of a ZFS SAN, and using open source based networking gear. But of course, you have to ask about these things, vendors don't generally try and sell them to you and are often not especially excited about it (especially at our altitude and in our industry).
posted by snuffleupagus at 11:56 AM on October 30, 2013
I dunno, I'm dealing with a business split that is going to call for re-architecting our network and migrating data, and I'm considering ditching Citrix for Ulteo, going the direction of a ZFS SAN, and using open source based networking gear. But of course, you have to ask about these things, vendors don't generally try and sell them to you and are often not especially excited about it (especially at our altitude and in our industry).
posted by snuffleupagus at 11:56 AM on October 30, 2013
snuffleupagus: "I dunno, I'm dealing with a business split that is going to call for re-architecting our network and migrating data, and I'm considering ditching Citrix for Ulteo, "
All I can say is I have a little experience with Citrix I wish I didn't have.
posted by Samizdata at 1:49 PM on October 30, 2013 [1 favorite]
All I can say is I have a little experience with Citrix I wish I didn't have.
posted by Samizdata at 1:49 PM on October 30, 2013 [1 favorite]
These are all excellent modifications for the browser, but ultimately one cannot trust closed source software. All these modifications look fairly straightforward though :
1) Isn't Incognito Mode in Chrome/Chromium already? FireFox's "never remember history" seems effective.
2) Intranet IP address blocking is trivial to implement, not sure who does it though.
3) All browsers have good open source plugins that block ads and trackers, especially Ghostery.
4) Vanilla cookie manger provides this for Chrome, not sure about FireFox.
5) All browsers have plugins that change the default search options.
6) Referer leaks are easy to block, but not sure if any plugins do so.
7) All browsers have plugins that make flash click-to-play only, not sure about other plugins.
8) Do-not-track is easy.
So what's the big deal besides nicely packaging all this together? Answer : There are some really strange design features of Chrome/Chromium that make advertising and tracking blockers quite difficult. So there are deep concerns about web pages circumventing anti-tracking tools like Ghostery under Chrome. I'd imagine all WhiteHat's work went into doing this at the source code level in Chromium.
Why bother with Chromium when FireFox extensions do all this more effectively? Chromium provides an overall better framework for sandboxing, which you need for incognito mode. There is ongoing discussion in the Tor community about modifying Chromium for HTTPSEverywhere, AdBlocks, etc. for the Tor Browser Bundle. At present, the Tor browser uses "never remember history" instead of attempting a Tor aware incognito mode.
Aviator might inspire an open source browser based on Chromium that provides these security enhancements and more, hopefully angled towards the needs of the Tor Browser Bundle.
posted by jeffburdges at 4:43 PM on October 30, 2013 [1 favorite]
1) Isn't Incognito Mode in Chrome/Chromium already? FireFox's "never remember history" seems effective.
2) Intranet IP address blocking is trivial to implement, not sure who does it though.
3) All browsers have good open source plugins that block ads and trackers, especially Ghostery.
4) Vanilla cookie manger provides this for Chrome, not sure about FireFox.
5) All browsers have plugins that change the default search options.
6) Referer leaks are easy to block, but not sure if any plugins do so.
7) All browsers have plugins that make flash click-to-play only, not sure about other plugins.
8) Do-not-track is easy.
So what's the big deal besides nicely packaging all this together? Answer : There are some really strange design features of Chrome/Chromium that make advertising and tracking blockers quite difficult. So there are deep concerns about web pages circumventing anti-tracking tools like Ghostery under Chrome. I'd imagine all WhiteHat's work went into doing this at the source code level in Chromium.
Why bother with Chromium when FireFox extensions do all this more effectively? Chromium provides an overall better framework for sandboxing, which you need for incognito mode. There is ongoing discussion in the Tor community about modifying Chromium for HTTPSEverywhere, AdBlocks, etc. for the Tor Browser Bundle. At present, the Tor browser uses "never remember history" instead of attempting a Tor aware incognito mode.
Aviator might inspire an open source browser based on Chromium that provides these security enhancements and more, hopefully angled towards the needs of the Tor Browser Bundle.
posted by jeffburdges at 4:43 PM on October 30, 2013 [1 favorite]
Please use the Tor Browser bundle, and fully activate noscript, if you need real security though.
"Everybody that I've taught anything other than Tor to is in jail."
posted by jeffburdges at 4:51 PM on October 30, 2013 [1 favorite]
"Everybody that I've taught anything other than Tor to is in jail."
posted by jeffburdges at 4:51 PM on October 30, 2013 [1 favorite]
Corporte security groups typically want to block known anonymous proxies, so I'm not sure if white hat feels compelled to build TOR into their product as that would immediately build mistrust with the companies they work with. At least it would where I work.
This I what I mean when I say security and privacy are at odds with each other. Most security appliances and feeds track TOR proxies and are configured out of the box to automatically block them.
One could say that's pissing in the wind and I might be inclined to agree.
posted by Annika Cicada at 7:49 PM on October 30, 2013
This I what I mean when I say security and privacy are at odds with each other. Most security appliances and feeds track TOR proxies and are configured out of the box to automatically block them.
One could say that's pissing in the wind and I might be inclined to agree.
posted by Annika Cicada at 7:49 PM on October 30, 2013
Annika Cicada: "Corporte security groups typically want to block known anonymous proxies, so I'm not sure if white hat feels compelled to build TOR into their product as that would immediately build mistrust with the companies they work with. At least it would where I work.
This I what I mean when I say security and privacy are at odds with each other. Most security appliances and feeds track TOR proxies and are configured out of the box to automatically block them.
One could say that's pissing in the wind and I might be inclined to agree."
Especially if I take the time to fire up a spare box and set up my own.
posted by Samizdata at 1:31 AM on October 31, 2013
This I what I mean when I say security and privacy are at odds with each other. Most security appliances and feeds track TOR proxies and are configured out of the box to automatically block them.
One could say that's pissing in the wind and I might be inclined to agree."
Especially if I take the time to fire up a spare box and set up my own.
posted by Samizdata at 1:31 AM on October 31, 2013
TOR doesn't make you more secure; when properly used it makes you anonymous.
But that seems to be the kind of security this browser is talking about.
posted by yerfatma at 7:06 AM on October 31, 2013
But that seems to be the kind of security this browser is talking about.
posted by yerfatma at 7:06 AM on October 31, 2013
I think, but could be wrong, their attempt is more about blocking ad-based malware and defeating attempts to fingerprint and track your machine than attempting to provide true anonymity and cloaking.
posted by Annika Cicada at 9:58 AM on October 31, 2013
posted by Annika Cicada at 9:58 AM on October 31, 2013
« Older The Science of a Great Subway Map | I don't wanna go but I gotta go. Newer »
This thread has been archived and is closed to new comments
posted by anotherpanacea at 6:43 AM on October 30, 2013 [1 favorite]