"The home computer is the new front line of war."

Re: The next gen

I have to totally agree with you. I am working on a research paper abt technology-based Information Warfare and cyberterrorism. As computers and other electronics begin to replace the "traditional" ways of doing things, the same will be true for how IW is conducted.

The next gen

This is rather a bold statement, but I think that all war is fought on an information front. computers obviously ARE the going to take over the Information warfare front. Our next Gen is moving into this Era. The new US Pres sees this change and is taking the according actions. (making a department for cyber Security)

As for the fix to your problem its happening very slowly on a national basis (for the US atleast)

BTW First post :D

Re: "The home computer is the new front line of war."

Well I fore one believe that all this is pretty much overrated.

Re: "The home computer is the new front line of war."

I, for one, welcome our new robot overlords.

Re: "The home computer is the new front line of war."

I have to say that I think your off mark with your comments AgentDarkApple. OSes in general are getting better with security. Microsoft (I am not a fan) has gotten better over the past years. They have made security a priority in there development process. Yes there are still flaws but it is getting much better. Linux has it's far share of bugs as well and can be pwned just as easily if the admin never patches the kernel.

The issue is 3rd party software running on these systems. Any of these apps that run service accounts as administrator/root that have rolled out to production untested. This is the happy hunting ground for attack. And many of these company's are content with allowing this bad code to just sit unpatched until your site is compromised.

Next, there is no way that the government can force anyone to write good code. How can they audit such a system? How would they fine someone? If your app gets compromised, well you get a fine in the mail. Have a nice day. Who would get the money from the fines? The Government? Well... they need to fix there code before policing everyone elses code. This Orwellian concept will never fly. And if we look at legislation like PCI or GLBA where company's are fined or closed for data loss this also has had it's share of issues. Many company's are still not in complaince with PCI reg's and yet are not getting fined. I say, make the reg's we have have more teeth. Start sending out fines and getting CEO's into court. This will send a message. No more laws... just enforce the one's we have.

The bottom line is the Internet has grown to a point that we will never be able to fully protect ourselves from it in the office. Home networks are now a HUGE source for botnets and this will only continue to grow in the coming years. Our best bet is to wait and let our robot masters figure our the problem for us. They will have the answer.

ALL HAIL ROBOTRON

Re: "The home computer is the new front line of war."

We used St. Bernard to block access. Pretty good system. It's a subscription based web blocking device, so the proxy sites get added pretty quickly. This site is blocked there (Hacking), but the computer tech accounts had bypass rights.

Re: "The home computer is the new front line of war."

That is a great idea, and I hope you're able to do that! I am pretty concerned about some of the older people - unless their jobs required them to have some sense of security awareness or unless they're tech savvy on their own, it seems that a lot of them are clueless. I've had to play tech support for two of my uncles and had to get rid of a lot of spyware and garbage on one uncle's computer. I think some of the most vulnerable people are grandma-aged adults who are learning to use the computer to communicate with family members long-distance and can barely check their email, much less maintain security. I'm not dissing them, but it is a bit easier for people who have worked with computers for a long time (like my dad is 56 but is a systems admin) or who grew up with computers like me (I'm 25) to grasp the concept.

Re: "The home computer is the new front line of war."

That would be really helpful, teaching a free class. You could get in touch with your adult education community and possibly do it through there. Expect dumb questions.

I've considered starting up a computer club in my small little town, but I'm not sure how to go about it. We're too small to run a DCG or a 2600 group, but a computer or a LAN club would be cool, something to get the kids around here motivated to try new things. Enrich the community, etc.

Re: "The home computer is the new front line of war."

Speaking of instant gratification, I remember being so amazed in college. It was my sophomore year, and one of the guys in my frat had just installed BlackICE. We would spend hours going over those logs. I had read about hackers in HS, I took CS classes in HS and was a CS major at the time, but that was my first real experience with people who were trying to break into other people's computers! It was amazing!

Speaking on the subject of making it boring, you could run it as a game. As a class project, put an unpatched computer on a direct line to the internet. Watch what happens. Use some of the simpler tools to crack passwords and SHOW the students what weak passwords do.

And considering the older crowd, I've actually been considering giving free presentations at the library about computer security. Looks like it's something that needs to be done.

Mel

Re: "The home computer is the new front line of war."

True, but luckily, we controlled the usernames and passwords not the teachers. We did have an incident where a teacher left his computer for a few minutes and some kids hopped onto it while he was away and changed grades, but it didn't matter.

What I'm getting at is that kids are retarded with Myspace. I had to constantly check the weblogs for new CGI proxy sites that these kids were using. Myspace is an easy way to phish or install spyware. We also had an incident where a girl was talking to a pedo on Myspace on my network through a CGI proxy. It is a mess. While the younger crowd might know a lot about computers and are very savvy, it doesn't stop them from being dumb and getting phished or getting viruses installed.

We never had any teachers accidentally install a virus or open up weird emails, because they were either a) too old to want to use the computer or b) young enough to know wtf they are doing. Luckily we had awesome group policy and NIDS so even if someone clicked on a malware link we were safe, but not all places are lucky like that (see: my current job)

but I digress from the topic: Kids want instant gratification. Damned the consequences.

Re: "The home computer is the new front line of war."

I highly doubt such broad generalizations apply. I spent a couple years teaching, and just as in all groups, ability and inclination varied. True, the younger generation is more comfortable with technology, but that comfort does not come with knowledge about security. Just because they can log on the computer, and spend hours with their iPod and iTunes doesn't mean they know anything about password complexity, not to click on links sent over IMs, or how to tell a phishing email from the real thing.

Our school attempted to block flash games and youtube. It wasn't a week before someone was using iGoogle to get around the block on flash games. Once that was blocked, it was the old standby, proxy servers. I don't think it was the average student who was finding those work arounds. It was a small cadre of knowledgeable students who spread the word.

I don't disagree that the older generation will need something as well, but don't confuse familiarity with knowledge.

Mel

Re: "The home computer is the new front line of war."

The biggest problem in schools isn't the students, it's the teachers. I've found teacher's username/password laminated to their desks. I've had teachers make student passwords all the same because "the kids can't remember the passwords you give them", more like "I don't want to have to think when I log into a kid's account". If you want a way around some type of security, give it to a middle school student, or the whole school, they'll figure it out. We need to educate the current 35-60 year old population, the 13-34 age group pretty much have it under control, or at least know better....

Re: "The home computer is the new front line of war."

This sounds like a cookie problem. You might not have cookies enabled for defcon.org and subdomains, or you may have something setup to purge cookies. Some parts of the forums support logins without cookies, but others do not. This provides an illusion that cookies don't look like they are needed for the forums. They are needed.

Re: "The home computer is the new front line of war."

While I like the idea for high school, you have already described the problem. Sure, it will fix problems in the future, but we have rampant problems right now. A lot of them are the over 45 crowd and the under 20 crowd. I like to think my generation little more on the up and up (I'm in my mid-twenties), but there are exceptions to my grandeur thoughts as well. Like I said, I did work IT in a school, most of the kids were pants-on-head retarded when it came to this kind of stuff. If they can access myspace, they are good. I ran with some unscrupulous folks last year who did myspace phishing scams, and the majority of the hijacked accounts were kids under 20. And while this may seem to fit into your "fix the future" scheme, it might be too late before something like this is even talked about in a school role and then eventually implemented before some major attack of American zombie computers take out our own infrastructure lead by THREATENING COMMUNIST NATION hackers.

I'm passionate about this idea because like I said, I worked in schools as well. When I went to high school, we had a helpdesk program where us nerds can congregate and learn2helpdesk. I learned a lot from that program, but unfortunately it was underfunded. When I ended up working at my highschool as a computer janitor, the program was almost completely gutted. They did not have a proper lesson plan or a proper teacher to teach the kids. I stepped in and taught them when I had free time, and I got more people interested, but last I heard the program was going to be canceled.

You know how schools work. To convince them to do something like this is a little like running around in circles.

Re: "The home computer is the new front line of war."

No matter the end users intelligence, if you can create an ingrained habit of complex passwords, regular software updates, and updated firewalls and AV software, I think you would go a long way to solving this problem. And that's the sort of thing that grade school was made for.

I certainly agree about the software side, but I can't see the government legislating that. How do legislate secure? 1 bug or less per thousand lines of code? One exploit released per year? I did see a prediction somewhere, and I disremember where I saw it, about the future involving insurance for software companies against financial loss due to insecurity. His prediction was that companies were going to start being held financially liable for losses incurred due to bugs and security holes. That would certainly make the software companies sit up and take notice. It would likely be unworkable as a solution though....one loss might bankrupt a smaller software company. And who is to blame when it's a large combination of factors?

That was why I was saying Education might be the most cost effective solution. It won't cost hardly anything to add a unit to an existing class. Agreed that it won't be the most effective, but in these days of government overruns and budget shortfalls, expensive means that it won't get done at all.

EDIT: g3k, the idea of high school as a platform was so that you would eventually get to everyone, since almost everyone goes through HS at some point in life. Admittedly, there's a very large percentage of people already out, but this is a problem that will involve long term solutions.

And adding those capabilities into home routers would be an excellent part of the solution. I know I don't run AV or a firewall at home, and I haven't had ANY trouble. I ran wireshark for awhile and had no random incoming connections through my router. I was disappointed, actually. The NAT from the firewall solves most of my issues concerning incoming attacks. Of course, I also don't download anything I see, and check out sketchy sites from that computer (I have a sacrificial computer for those sorts of things lol). For the average user though, I can see that being a huge boon.

Mel