{"id":2289,"date":"2017-06-02T17:16:27","date_gmt":"2017-06-02T17:16:27","guid":{"rendered":"http:\/\/blog.paranoidprofessor.com\/?p=2289"},"modified":"2017-07-27T16:11:16","modified_gmt":"2017-07-27T16:11:16","slug":"security-in-homogeneous-systems","status":"publish","type":"post","link":"https:\/\/blog.paranoidprofessor.com\/index.php\/2017\/06\/02\/security-in-homogeneous-systems\/","title":{"rendered":"Security in homogeneous systems"},"content":{"rendered":"<p>The Central Intelligence Agency (CIA) has been quite industrious in creating a new way<a href=\"http:\/\/www.zerohedge.com\/news\/2017-04-28\/wikileaks-reveals-snowden-stopper-cia-tool-track-whistleblowers\">[1]<\/a> of tracking documents that could be &#8220;borrowed&#8221; from a person, business or government against the will of of that entity.<\/p>\n<p>This new document protection is the creation of a watermark that is also a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Web_beacon\" target=\"_blank\">web beacon<\/a>\u00a0in the document. \u00a0If you think about it, this is a pretty neat way of &#8220;bugging&#8221; a document to call home when it is opened.<\/p>\n<p>This particular trick works (at the moment) only on Microsoft Office files. \u00a0Not a very surprising choice considering the market penetration of MS office. \u00a0I cannot find any usage statistics for MS Office but it seems reasonable that Microsoft has at least 50% of the overall market including personal usage and business usage. \u00a0I would bet that the business usage for medium and large sized company&#8217;s is much much higher. \u00a0There are\u00a0some <a href=\"https:\/\/wiki.openoffice.org\/wiki\/Major_OpenOffice.org_Deployments\">big firms and governments that use open source office suites<\/a> but many more that use Microsoft Office solutions.<\/p>\n<p>However, those ambitious CIA fellows must have had a blind spot in considering that people would only use MS products. \u00a0This probably doesn&#8217;t work when you open these documents with other office suites. \u00a0Not only that this foreign intrusion may actually be visible. \u00a0Oops. \u00a0I guess once they think this through to the end they will realize that was a bit of a silly assumption on their part.<\/p>\n<h2>Heterogeneous for the win<\/h2>\n<p>It is really a lot easier to support a company or division when everything is the same. \u00a0You have a few default images for the few types of systems. \u00a0In this situation, setting up a computer is really easy. \u00a0Really easy is not always the best solution.<\/p>\n<p>All software has bugs and it is only a matter of time before some hacker or state agency finds a zero day bug they can exploit. \u00a0If all systems are using the same operating system then once a bug is found it would allow the hacker the ability to exploit it everywhere. \u00a0If some of the systems utilize a different operating system they would form type of firebreak against the exploit and help to make it safer.<\/p>\n<p>Having different systems or programs can make support a bit harder but it will add subtle layers security at the minimum.<\/p>\n<p>I thought that there were more articles about the dangers of homogeneous systems but Google cannot seem to find them.<\/p>\n<p>Well, other than this white paper.<\/p>\n<p>Read more: <a href=\"http:\/\/www.viryatechnologies.com\/what-we-are-up-to\/white-papers\/is-homogeneity-the-biggest-security-mistake-ever-made.html#ixzz4flzmbQJ4\">Whitepaper: Attack of the Clones &#8211; Is Homogeneity in a network environment safe?<\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>The Central Intelligence Agency (CIA) has been quite industrious in creating a new way[1] of tracking documents that could be &#8220;borrowed&#8221; from a person, business or government against the will of of that entity. This new document protection is the &hellip; <a href=\"https:\/\/blog.paranoidprofessor.com\/index.php\/2017\/06\/02\/security-in-homogeneous-systems\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[89],"tags":[73,78,14],"_links":{"self":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/2289"}],"collection":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/comments?post=2289"}],"version-history":[{"count":3,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/2289\/revisions"}],"predecessor-version":[{"id":2412,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/2289\/revisions\/2412"}],"wp:attachment":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/media?parent=2289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/categories?post=2289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/tags?post=2289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}