The off switch

Published: 2011-12-21
Last Updated: 2011-12-21 11:14:46 UTC
by Chris Mohan (Version: 1)
10 comment(s)

The holidays are upon us and that means fixing all the trouble ridden IT equipment belonging to all those we visit. Family IT security consultancy is a full time occupation, as those of us that will be providing ad-hoc technical support to friends, family and random neighbours during the holiday break will find out or know already.
Being that interface between them, their online gadgets and the internet means that they miss protecting online systems is like a full contact sport; well, at least in a digital sense. Anyone who looks at logs or watches packet captures can see the sharp elbow of a bunch of crafted packets, a wickedly aimed knee of drive by downloads or the full on head butt of a port scan on all 65353 - UDP and TCP!

The average person, like those near and dear to you, isn’t going to be aware of this non-stop, unrelenting pitched battle our connected, online devices face from being part of a global network. Sure they have been told about firewalls, anti-virus and this newfangled thing called patching, which is a bit like being encasing the in body armour to ward off the blows, but why not opt for something  a simple, clean, environmental-friendly and cost saving method approach?

I submit this holiday break we suggest something radical to offer an unparalleled level of protection from online attacks to our less technically aware family, friends and even the crazy neighbour across the road that like using WEP.

Tell them to:

Switch off your router at night.
Then turn off your computer.

Only turn them back on when you need to use them.

I realise this may be an insane statement to make to the multitude out there reading this, those need no sleep and capture every bit that enters or leaves their systems but does the rest of humanity’s really need to be a target while they sleep or are out at the shops? Flipping the off switch or having a timer killing the power on the IT gadgets before going to bed is going to provide the normal person a base of eight hours of being off the internet, and that equates to eight hours of not being pinged, poked, prodded, and outright attacked. Best fights are the ones we avoid [1].
We still need tell people to not click on links, to keep everything patched, check credit card statements and up to date any anti-malware software but sometimes applying common sense and offering the simple option is the best option. Turning off the computer and then the home router is something everyone can do, is easy to introduce to the bed time routine and is a great security principle of reducing the attack surface without any technical ability required [2].

Remember: This is only aimed at home users. If you decide to turn off your corporate router serving a couple of thousand staff when you go to bed, well, I guess that’s one way reducing the company’s attack surface. This will probably lead to increasing your free time by a sudden ejection from your day job.


[1] Mr. Han, Karate kid 2010 – Mr Miyagi’s “Wax on... wax off. Wax on... wax off.” just didn’t cut it here.

[2] The off switch. It's like a free security gift to all and it's already built in. No extra charge or upgrades required!

Chris Mohan --- Internet Storm Center Handler on Duty

Keywords: holiday tips
10 comment(s)
Firefox 9 has been released patching known vulnerabilities
ISC StormCast for Wednesday, December 21st 2011

New Vulnerability in Windows 7 64 bit

Published: 2011-12-21
Last Updated: 2011-12-21 01:11:12 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

A person known by the alias of "w3bd3vil" on twitter released an HTML snippet that will cause the 64 bit version of Windows 7 to blue screen if viewed under Safari. The underlying vulnerability is however not a flaw in Safari but rather a flaw in the Windows kernel mode device driver, win32k.sys.

The proof of concept code by w3bd3vil only triggers a system crash. However, the system crash is the result of memory corruption and there is a possibility that this flaw could be used to execute arbitrary code. In order to accomplish this, the attacker would also need to work around the Windows 7 protection like DEP and ASLR. How to bypass these protections has been shown for other exploits. 

A successful code execution would be very serious in this case. Win32k.sys, as kernel mode code, runs with system privileges and an attacker would obtain full access, exceeding the privileges of the user triggering the code.

Quick summary: Watch out for more on this over the next days. This could evolve either into a local privilege escalation issue or a remote code execution as admin problem. In particular if triggered by more popular browsers (Internet Explorer, Firefox, Chrome).

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

3 comment(s)


Diary Archives