Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

Summary: Poland is beautiful, the people are great, and hacker conferences rarely disappoint!

Here’s where I’m staying (an apartment located next to this square). The apartment itself is very European! My only complaint is that, being right on the main square, people don’t start quieting down until after 2am. Then again, I’m jetlagged, so it doesn’t matter.

The keynote this morning was Joanna Rutkowska. While I didn’t see her presentation at RSA (slides for that are here), I do think her session this morning was based on the same deck. The prototype her lab has done on nested hypervisors (http://bluepillproject.org) looks cool, as does the work they’re doing on Phoenix HyperSpace.

I had the unfortunate distinction of being the first speaker after her ;) Most noteworthy of my presentation was an informal poll I conducted at the beginning - namely, whether anybody travelled farther than me (Seattle is 12 hours of flight time to Krakow) in order to be here this week. The answer, out of approximately 350 people, appears to be ‘No’. I don’t think I should be proud of that, though …

I received good questions during my talk, such as why Vista to Vista IPsec uses 3DES by default, rather than AES, for example. Anyone know? I note that AES isn’t even available in the IPsec policy snap-in. My guess would be that this is dictated by the standard, or at least was at the time of implementation.

Also, why all installers automatically run as Administrator on Vista. This actually came up initially during Joanna’s talk, and was re-visited during mine. She correctly observed that the recommended behavior for Windows application installers is to place their binaries under “\Program Files”. Hence privileged access is required. The question is whether major application compatibility problems would be incurred by limiting installer privilege by default. For example, instead of full
admin, use an account with only append rights.

That suggestion is misleading, though. There will continue to be a need to allow at least some installers to run as admin. Thus, the bad guys will have an out. Whoever is configuring the system is going to have to make a “reputation” decision before installing software. As in, do I trust the company or person that provided me with this installation package? Professional system administrators are expected to make an informed decision and then lock down the environment (and, in theory, not grant users administrative access).

The majority of home users, on the other hand, remain susceptible, having to make the same judgments without the benefit of IT experience.

Permalink |

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment