O
ON 190
Guest
kiwifarms.net
I like that you can select all three if you want!
And it's totes adorbs that mrz changed his stupid signature image to include explanations for his bizarre pictographs.
And it's totes adorbs that mrz changed his stupid signature image to include explanations for his bizarre pictographs.
- Joined
- Dec 28, 2014
It's so like an autist to use a really complicated, incomprehensible graphic like that to explain himself when all he really needs is this:
heilsa
kiwifarms.net
- Joined
- Jun 28, 2015
- Joined
- May 21, 2015
And I still don't understand it.
- Joined
- Feb 3, 2013
its how autists think. if they understand it and no one else does, it must be genius
example:
http://sonichu.com/cwcki/August_2013_Facebook_Posts#The_Riddle
http://sonichu.com/cwcki/Paintingatree#Seriously.3F_No_one_wants_to_finish_Chris.27_Puzzle.3F
O
ON 190
Guest
kiwifarms.net
I have a friend who works in networking, and I showed him that image. I swear he just about slapped me before he said "This is dumb as hell and makes no sense."
So there you go.
- Joined
- Feb 18, 2015
That and it looks like it was done in ms-paint and not a real diagram tool. It's obvious MRZ has never had to make a topology diagram in any professional sense.
DrChristianTroy
kiwifarms.net
- Joined
- Feb 3, 2013
Well I don't know computers for shit and I could tell you it was retarded. If for no other reason than mrz called it a success.
O
ON 190
Guest
kiwifarms.net
B-b-but it has a crying Magneto! That means it's for real!
J
JU 199
Guest
kiwifarms.net
O
ON 190
Guest
kiwifarms.net
WOMEN WILL GIVE ME WHAT?! I NEED TO KNOW.
- Joined
- May 21, 2015
- Joined
- May 21, 2015
If I had to guess, the answer would be, "The time of the day." I need to spend less time in the Kent thread.
isolationwins
kiwifarms.net
- Joined
- Jul 27, 2015
This isn't particularly related to networking, though it does touch on it. It's more related to infosec. It's using layers of a technique called isolation. It's pretty simple to understand, it's really not that advanced of security. To understand it you will need a little bit of background information I suppose.
I will start by saying that Tor is an anonymizer that routes your traffic through various nodes on the internet before it exits to the destination you're going to on the internet. This makes it hard for the destination to know who you really are, because they only get the IP address of the last Tor node on the circuit. Tor protects very well from the website you go to knowing what your real IP address is.
To get around this, the FBI has taken to doing application layer attacks against firefox. There is a type of vulnerability called a remote code execution vulnerability. This sort of vulnerability can be exploited such that an attacker can execute arbitrary code on the target system. So even if you are routing your firefox traffic through Tor, if firefox itself has a remote code execution vulnerability exploited, the attacker can force your system to run their payload code with the same privileges as the user that ran firefox. So what the FBI does is they compromise an illegal hidden service, and then they put attack code on it that exploits remote code execution vulnerabilities in firefox, to make the systems of the people who visit the websites "phone home" around Tor, pretty much they inject a payload that sends traffic around Tor to an FBI controlled server, and then the FBI doesn't need to break the security of Tor they just go around it. This class of attack is also known as a proxy by pass attack, though not all proxy by pass attacks are remote code execution attacks.
My signature is demonstrating how isolation can be used to reduce the risk of remote code execution attacks when it comes to protecting your external IP address. I will first give a little background information on what isolation is.
I'm not sure if you are familiar with virtual machines like virtualbox, but pretty much they are software programs that pretend to be hardware so that you can run operating systems on them. So you could have a Windows host machine on physical hardware, but then use a virtualization solution to virtualize new hardware in software, and then run a different operating system on the virtual hardware. For the most part, the guest operating system isn't aware that it is running on virtual hardware.
So you can run a guest operating system in a virtual machine, and then run firefox in that virtual machine. Let's say you download a virus from the internet and execute it in the virtual machine. As far as the virus can tell (in general) the guest operating system is running on physical hardware. The virus will infect the guest operating system, but it might not even be aware that there is a host operating system, and in any case it can't infect the host operating system because the virtualization solution has a hypervisor that separates the guest operating system from the host operating system. This property is called isolation, and you could say that the virus is isolated in the guest operating system, away from the host operating system.
So in a basic configuration, you could run firefox in a virtual machine and not give the virtual machine access to a networking device that is aware of an external IP address. Now firefox can't route directly to the internet, and the virtual machine / guest OS isn't even aware of what your external IP address is. However, you can virtualize a networking card and connect it to the virtual machine. This networking card may only be aware of an internal IP address, something similar to 192.168.0.1, not something that can be used to identify you (unlike an external IP address). Then you can run Tor on the host operating system, and configure it to listen to a port on the virtual networking card (the host and the guest both have access to the virtual networking card). Now you can configure firefox to send its traffic through Tor on the host, and it can connect to the internet over Tor. Now if firefox is exploited with a remote code execution vulnerability, the attacker still can do anything the firefox user can do, but the firefox user cannot send traffic around Tor, and additionally is not aware of an external IP address in the first place, so the attacker cannot deanonymize the user unless they break out of the hypervisor with a jail breaking vulnerability.
This is a basic implementation of isolation for the goal of protecting your external IP address from an attacker who compromises you through firefox.
There are numerous other ways to implement isolation though, they don't all require the use of virtualization. Another implementation, called physical isolation, uses two hardware computers, but otherwise is configured just like in the virtualization based implementation. Firefox runs on one computer, and Tor runs on another computer. The two computers are networked together with two NICs, and Tor is configured to listen to traffic on a certain port on the hardware NIC attached to the system it is running on. Firefox is configured to route traffic over that internal IP address and port, from its own hardware NIC attached to the system it is running on. Now if the attacker compromises firefox as previously described, they are isolated to the physical machine that firefox is running on, which once again is not aware of an external IP address, and is only able to route over Tor on the other physical machine.
Physical isolation is superior to virtual isolation from a security perspective, because with virtual isolation there is an attack surface in the virtual machine software, an attacker that can jailbreak through the virtual machine software by exploiting another vulnerability can get to the host environment through the virtual machine software (hypervisor). Also, since Tor and Firefox are actually running on the same physical hardware, the attacker can also use physical layer attacks to break out of the virtual machine, a recent such attack being Row Hammer, which hammered on bits in physical RAM until the electrical charge leaked into surrounding bits of physical RAM to be able to manipulate physical bits despite being logically isolated from them.
Physical isolation reduces the TCB, Trusted Code Base, by doing away with the hypervisor, and additionally it prevents physical layer attacks (if an attacker on the firefox machine hammers bits in RAM, they cannot flip bits in the RAM of the Tor machine, versus in a virtualization configuration, where the attacker can hammer bits in RAM from the firefox physical machine to flip bits on the Tor physical machine, since there is only one physical machine despite being two virtual machines).
There are other ways to implement isolation as well. Access controls are indeed a form of isolation. If you
chmod 700 filename
you just set that file as read-write-execute by the owner only, so now other users don't have permission to read write or execute that file. This is a form of isolation from what are called discretionary access controls. When a program is executed, it inherits the permissions of the user that executed it. An attacker who exploits a remote code execution vulnerability in a running program inherits the permissions of the user that executed the program they just exploited. We can use discretionary access controls and permissions systems like this in order to isolate firefox to some extent as well. To do this, we would run a Firewall as one user, Tor as another user, and Firefox as another user. We would configure the firewall to drop all traffic that isn't routed over Tor. Now if an attacker exploits firefox with a remote code execution vulnerability, they can do anything the firefox user can do, but they can't do anything the Tor user or the Firewall user can do, so if they try to phone home outside of Tor, their traffic will be dropped. However, such an attacker can still get real physical hardware serial numbers and similar, and phone them home over Tor to an attacker controlled server. Of course, in physical isolation the attacker can do the same thing. However, in virtual isolation the attacker is not capable of doing this, because the virtual machine only has access to virtual hardware rather than physical hardware. In order to break out of this access control form of isolation the attacker needs what is called an EoP exploit, escalation of privileges.
There are more advanced access control systems, typically called Mandatory Access Controls or Role Based Access Controls, that typically allow for more advanced and fine grained rule sets than standard discretionary access controls. With these more sophisticated access control systems, we could without even using a firewall isolate firefox such that it can only route over Tor.
Another sort of isolation can be obtained through the use of remote viewer programs such as VNC. In these client server programs, you run a server on one system and a viewer on another system, the viewer/client connects to the server and gets graphical feedback from it, and also allows for sending keystrokes and mouse positioning/click data to the remote server. So pretty much you are remotely controlling another system. If you run firefox on the remote system that you are controlling over the VNC style program, and firefox is exploited with a remote code execution vulnerability, the attacker is isolated to the remote server, obviously their virus isn't going to spread to the system running the remote viewer program. To exploit the system running the remote viewer program, the attacker would need to exploit the remote viewer program itself (or some other attack surface presented to them).
My signature is merely showing that we can layer these forms of isolation, namely:
Virtual isolation on all systems to prevent access to hardware serial numbers
Mandatory access controls beneath the virtual isolation to further restrict the virtual machines capabilities (other than Tor physical machine in my signature, which is running in Xen, which can't be restricted with mandatory access controls due to running on bare metal)
physical isolation between a VNC viewer and Tor, with the VNC viewer forced to route over Tor
to connect to a remote VNC server, that displays a system running Firefox in a mandatory access control restricted virtual machine (which isolates firefox from a direct path to the VNC viewer, other than through the graphics it causes to be displayed).
This is many layers of application isolation, and is far beyond what we have ever observed the FBI to break out of, indeed I'm sure the FBI is rather shitting their pants that people from the underground even have these capabilities, because it is far outside of their skillset to compromise configurations like this, in practice we have only ever observed them compromising single layers of application logic using non-zero day exploits via attack vectors that are trivial to disable, typically javascript attack code on compromised websites.
The reason I added some text descriptions to my signature is because a user on lookism said that my proposed configuration was worse than Whonix, and I just pointed out that my configuration is actually mostly just an extension of Whonix that adds an additional layer of physical isolation and several additional layers of logical isolation.
I will start by saying that Tor is an anonymizer that routes your traffic through various nodes on the internet before it exits to the destination you're going to on the internet. This makes it hard for the destination to know who you really are, because they only get the IP address of the last Tor node on the circuit. Tor protects very well from the website you go to knowing what your real IP address is.
To get around this, the FBI has taken to doing application layer attacks against firefox. There is a type of vulnerability called a remote code execution vulnerability. This sort of vulnerability can be exploited such that an attacker can execute arbitrary code on the target system. So even if you are routing your firefox traffic through Tor, if firefox itself has a remote code execution vulnerability exploited, the attacker can force your system to run their payload code with the same privileges as the user that ran firefox. So what the FBI does is they compromise an illegal hidden service, and then they put attack code on it that exploits remote code execution vulnerabilities in firefox, to make the systems of the people who visit the websites "phone home" around Tor, pretty much they inject a payload that sends traffic around Tor to an FBI controlled server, and then the FBI doesn't need to break the security of Tor they just go around it. This class of attack is also known as a proxy by pass attack, though not all proxy by pass attacks are remote code execution attacks.
My signature is demonstrating how isolation can be used to reduce the risk of remote code execution attacks when it comes to protecting your external IP address. I will first give a little background information on what isolation is.
I'm not sure if you are familiar with virtual machines like virtualbox, but pretty much they are software programs that pretend to be hardware so that you can run operating systems on them. So you could have a Windows host machine on physical hardware, but then use a virtualization solution to virtualize new hardware in software, and then run a different operating system on the virtual hardware. For the most part, the guest operating system isn't aware that it is running on virtual hardware.
So you can run a guest operating system in a virtual machine, and then run firefox in that virtual machine. Let's say you download a virus from the internet and execute it in the virtual machine. As far as the virus can tell (in general) the guest operating system is running on physical hardware. The virus will infect the guest operating system, but it might not even be aware that there is a host operating system, and in any case it can't infect the host operating system because the virtualization solution has a hypervisor that separates the guest operating system from the host operating system. This property is called isolation, and you could say that the virus is isolated in the guest operating system, away from the host operating system.
So in a basic configuration, you could run firefox in a virtual machine and not give the virtual machine access to a networking device that is aware of an external IP address. Now firefox can't route directly to the internet, and the virtual machine / guest OS isn't even aware of what your external IP address is. However, you can virtualize a networking card and connect it to the virtual machine. This networking card may only be aware of an internal IP address, something similar to 192.168.0.1, not something that can be used to identify you (unlike an external IP address). Then you can run Tor on the host operating system, and configure it to listen to a port on the virtual networking card (the host and the guest both have access to the virtual networking card). Now you can configure firefox to send its traffic through Tor on the host, and it can connect to the internet over Tor. Now if firefox is exploited with a remote code execution vulnerability, the attacker still can do anything the firefox user can do, but the firefox user cannot send traffic around Tor, and additionally is not aware of an external IP address in the first place, so the attacker cannot deanonymize the user unless they break out of the hypervisor with a jail breaking vulnerability.
This is a basic implementation of isolation for the goal of protecting your external IP address from an attacker who compromises you through firefox.
There are numerous other ways to implement isolation though, they don't all require the use of virtualization. Another implementation, called physical isolation, uses two hardware computers, but otherwise is configured just like in the virtualization based implementation. Firefox runs on one computer, and Tor runs on another computer. The two computers are networked together with two NICs, and Tor is configured to listen to traffic on a certain port on the hardware NIC attached to the system it is running on. Firefox is configured to route traffic over that internal IP address and port, from its own hardware NIC attached to the system it is running on. Now if the attacker compromises firefox as previously described, they are isolated to the physical machine that firefox is running on, which once again is not aware of an external IP address, and is only able to route over Tor on the other physical machine.
Physical isolation is superior to virtual isolation from a security perspective, because with virtual isolation there is an attack surface in the virtual machine software, an attacker that can jailbreak through the virtual machine software by exploiting another vulnerability can get to the host environment through the virtual machine software (hypervisor). Also, since Tor and Firefox are actually running on the same physical hardware, the attacker can also use physical layer attacks to break out of the virtual machine, a recent such attack being Row Hammer, which hammered on bits in physical RAM until the electrical charge leaked into surrounding bits of physical RAM to be able to manipulate physical bits despite being logically isolated from them.
Physical isolation reduces the TCB, Trusted Code Base, by doing away with the hypervisor, and additionally it prevents physical layer attacks (if an attacker on the firefox machine hammers bits in RAM, they cannot flip bits in the RAM of the Tor machine, versus in a virtualization configuration, where the attacker can hammer bits in RAM from the firefox physical machine to flip bits on the Tor physical machine, since there is only one physical machine despite being two virtual machines).
There are other ways to implement isolation as well. Access controls are indeed a form of isolation. If you
chmod 700 filename
you just set that file as read-write-execute by the owner only, so now other users don't have permission to read write or execute that file. This is a form of isolation from what are called discretionary access controls. When a program is executed, it inherits the permissions of the user that executed it. An attacker who exploits a remote code execution vulnerability in a running program inherits the permissions of the user that executed the program they just exploited. We can use discretionary access controls and permissions systems like this in order to isolate firefox to some extent as well. To do this, we would run a Firewall as one user, Tor as another user, and Firefox as another user. We would configure the firewall to drop all traffic that isn't routed over Tor. Now if an attacker exploits firefox with a remote code execution vulnerability, they can do anything the firefox user can do, but they can't do anything the Tor user or the Firewall user can do, so if they try to phone home outside of Tor, their traffic will be dropped. However, such an attacker can still get real physical hardware serial numbers and similar, and phone them home over Tor to an attacker controlled server. Of course, in physical isolation the attacker can do the same thing. However, in virtual isolation the attacker is not capable of doing this, because the virtual machine only has access to virtual hardware rather than physical hardware. In order to break out of this access control form of isolation the attacker needs what is called an EoP exploit, escalation of privileges.
There are more advanced access control systems, typically called Mandatory Access Controls or Role Based Access Controls, that typically allow for more advanced and fine grained rule sets than standard discretionary access controls. With these more sophisticated access control systems, we could without even using a firewall isolate firefox such that it can only route over Tor.
Another sort of isolation can be obtained through the use of remote viewer programs such as VNC. In these client server programs, you run a server on one system and a viewer on another system, the viewer/client connects to the server and gets graphical feedback from it, and also allows for sending keystrokes and mouse positioning/click data to the remote server. So pretty much you are remotely controlling another system. If you run firefox on the remote system that you are controlling over the VNC style program, and firefox is exploited with a remote code execution vulnerability, the attacker is isolated to the remote server, obviously their virus isn't going to spread to the system running the remote viewer program. To exploit the system running the remote viewer program, the attacker would need to exploit the remote viewer program itself (or some other attack surface presented to them).
My signature is merely showing that we can layer these forms of isolation, namely:
Virtual isolation on all systems to prevent access to hardware serial numbers
Mandatory access controls beneath the virtual isolation to further restrict the virtual machines capabilities (other than Tor physical machine in my signature, which is running in Xen, which can't be restricted with mandatory access controls due to running on bare metal)
physical isolation between a VNC viewer and Tor, with the VNC viewer forced to route over Tor
to connect to a remote VNC server, that displays a system running Firefox in a mandatory access control restricted virtual machine (which isolates firefox from a direct path to the VNC viewer, other than through the graphics it causes to be displayed).
This is many layers of application isolation, and is far beyond what we have ever observed the FBI to break out of, indeed I'm sure the FBI is rather shitting their pants that people from the underground even have these capabilities, because it is far outside of their skillset to compromise configurations like this, in practice we have only ever observed them compromising single layers of application logic using non-zero day exploits via attack vectors that are trivial to disable, typically javascript attack code on compromised websites.
The reason I added some text descriptions to my signature is because a user on lookism said that my proposed configuration was worse than Whonix, and I just pointed out that my configuration is actually mostly just an extension of Whonix that adds an additional layer of physical isolation and several additional layers of logical isolation.
Last edited by a moderator:
- Joined
- May 21, 2015
Mrz, you wasted all that time writing this wall of text that no one will read when you could've been fucking your dog more. You need to get your priorities straight.
- Joined
- May 21, 2015
Nobody believes you, dogfucker.
O
ON 190
Guest
kiwifarms.net
Congratulations, you can copy and paste from various technical manuals you found on Google.
What breed was the dog that you forced to suck your micropenis?
isolationwins
kiwifarms.net
- Joined
- Jul 27, 2015
I was actually the first one to introduce virtual isolation of firefox to the non-hacker underground, even before Whonix was implemented. Certainly nobody from the drug scene did it before my tutorials found their way to them.
- Joined
- May 21, 2015
O
ON 190
Guest
kiwifarms.net
Get your hacker friends to tell us this, please. We need confirmation.