bring your own dilemma oem laptops and windows 10 issues
play

Bring Your Own Dilemma: OEM Laptops and Windows 10 Issues Mark - PowerPoint PPT Presentation

Feb 08, 2024 •121 likes •282 views

Bring Your Own Dilemma: OEM Laptops and Windows 10 Issues Mark Loveless Introduction Sr Security Researcher @ Duo Security aka Simple Nomad from the Interwebz Not selling a book or consulting services Known as a soft sell talk

  1. Bring Your Own Dilemma: OEM Laptops and Windows 10 Issues Mark Loveless

  2. Introduction Sr Security Researcher @ Duo Security aka Simple Nomad from the Interwebz Not selling a book or consulting services Known as a “soft sell” talk

  3. Platforms Examined Three inexpensive laptops from Best Buy One inexpensive laptop via mail order in Canada Three inexpensive laptops from London All running Windows 8.1 or 10

  4. Attack Scenario - Public Wifi Employee accesses work resources from personal laptop Coffee shop or hotel near important conference or business headquarters Airplane wifi in/out of large business center (NYC, DC, etc)

  5. Methodology Used Network-centric discovery, use a sniffer as primary tool Note use of networking protocols, including insecure configurations Note privacy issues Document oddities such as strange server connections What is done correctly?

  6. Boring Stuff - What is Done Right Tries to patch itself out of the box OEM bloatware has updaters, so in theory they can patch Most privacy-related data appears to be encrypted during network transmission

  7. Hijackable/Leaky/ Predictable Protocols Link-local in general WPAD LLMNR Smart Multi-Homed Name Resolution Teredo tunneling ISATAP

  8. Fingerprinting Open ports OS and laptop brand identification via Microsoft and OEM vendor server access No OEM laptop user surfing, idle machine gives it up

  9. Determining Patch Levels Windows Update is in plaintext All data is signed, but determining patch level is possible

  10. OEM-Specific Issues The eDellRoot issue (google "duo edellroot") OEM bloatware does a lot of plaintext traffic Unsigned manifests and binary updates Numerous security issues found in updaters alone (co- workers found numerous CVE-able issues)

  11. Tags aka Web Bugs What tags are Used by Microsoft for ads in tiles Used by McAfee to gather platform data via forged Refered-By headers All tags done without user surfing, just idle machines

  12. Privacy Issues Lots of privacy-related traffic back to Microsoft servers, some traffic occurs even if all privacy settings are off After a Cumulative Update in Nov 2015, some privacy settings reverted back to "on" Signing up for live.com account results in HUGE amounts of traffic back to Microsoft servers All OEM vendors gathered data Data gathering starts from first boot before desktop is reached

  13. Mitigation Delete McAfee and use Windows Defender (nearly as good, perfect for home users) Tweaks to firewall Turn shitty protocols off Turn bothersome privacy settings off Involves registry tweaks because GUIs don't solve everything

  14. Proof Fire up a sniffer…

  15. Questions duo.sc/BringYourOwnDilemma mloveless@duo.com @simplenomad

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Technical guidelines for oral presentations All the lecture rooms will be equipped with PC laptops

Technical guidelines for oral presentations All the lecture rooms will be equipped with PC laptops

NLC2019 Presentation guidlines Technical guidelines for oral presentations All the lecture rooms will be equipped with PC laptops with Windows 7, data projectors and a large screen. Other formats for making presentations such as Overhead

504 views • 3 slides
dilettantes A DILEMMA THE AGE OF INNOCENCE CHAPTERS 14 - 18 Issues from MYE IRRELEVANT

dilettantes A DILEMMA THE AGE OF INNOCENCE CHAPTERS 14 - 18 Issues from MYE IRRELEVANT

LITERATURE PAPER ONE LECTURE SEVEN dilettantes A DILEMMA THE AGE OF INNOCENCE CHAPTERS 14 - 18 Issues from MYE IRRELEVANT NARRATION - Let me tell you about what happens in Ch 1! LACK OF ANALYSIS - Let me tell you what happens

719 views • 34 slides
Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box

Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box

Windows Not just for houses Windows 1-10 Windows Server Essentially a jacked up windows 8 box - Still GUI based - Still makes no sense - No start menu :( - (Install classic shell)... trust me... Windows Server What can it do? - Email

1.06k views • 37 slides
Outline Outline Overview of Windows Security Issues Overview of Windows Security Issues

Outline Outline Overview of Windows Security Issues Overview of Windows Security Issues

Outline Outline Overview of Windows Security Issues Overview of Windows Security Issues Windows Protocol Protocol Analysis: Analysis: Windows Various Protocols and Problems Various Protocols and Problems MSCHAP &

411 views • 6 slides
VOTE ABI FOR BSL!! DONT WRITE IT, TYPE IT!! WHY DO WE NEED LAPTOPS IN SCHOOL?? WHEN

VOTE ABI FOR BSL!! DONT WRITE IT, TYPE IT!! WHY DO WE NEED LAPTOPS IN SCHOOL?? WHEN

VOTE ABI FOR BSL!! DONT WRITE IT, TYPE IT!! WHY DO WE NEED LAPTOPS IN SCHOOL?? WHEN SCHOOLS PROVIDE LAPTOPS FOR EVERY STUDENT TO CREATE THESE ONE-TO-ONE COMPUTING ENVIRONMENTS, THEY ALLOW STUDENTS AND THEIR TEACHERS TO TAKE FULL

423 views • 7 slides
Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple

Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple

Windows Not Just For Houses Everyone Uses Windows! Versions of Windows 10 There are multiple different versions of Windows 10 that support different features The version of Windows that we will be using is Enterprise edition This

973 views • 53 slides
The Bioshield Bioshield Dilemma: Dilemma: The Developing New Technologies At an Affordable

The Bioshield Bioshield Dilemma: Dilemma: The Developing New Technologies At an Affordable

Introduction to Homeland Security Sept. 21, 2005 Lecture 4A: The Bioshield Bioshield Dilemma: Dilemma: The Developing New Technologies At an Affordable Price Stephen M. Maurer Goldman School of Public Policy Introduction The Need. The

522 views • 30 slides
Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8

Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8

Windows 8 Heap Internals Windows 8 Heap Internals Windows 8 Heap Internals INTRODUCTION Windows 8 Heap Internals Who Chris Valasek (@nudehaberdasher) Sr. Research Scientist Coverity Tarjei Mandt (@kernelpool) Vulnerability

1.33k views • 91 slides
AI and Big data in health the dilemma of Truth the dilemma of Truth christian.lovis@hcuge.ch

AI and Big data in health the dilemma of Truth the dilemma of Truth christian.lovis@hcuge.ch

AI and Big data in health the dilemma of Truth the dilemma of Truth christian.lovis@hcuge.ch medical information sciences AI in Musique Bach style chorale Experiences Emmy Vivaldi David Cope, The Emily Howell project Emmy Beethoven beg 2

726 views • 45 slides
Fetal exposure to EMF during maternal use of Laptops Fetal exposure of the fetus to EMF during

Fetal exposure to EMF during maternal use of Laptops Fetal exposure of the fetus to EMF during

Carlo Bellieni & Iole Pinto Siena Italy Fetal exposure to EMF during maternal use of Laptops Fetal exposure of the fetus to EMF during maternal use of Laptops The mother-fetus couple should receive safeguards from EMF exposure during

494 views • 16 slides
Legal Issues in the Parthenon Marbles conflict Tatiana Flessas LSE Law To send or bring

Legal Issues in the Parthenon Marbles conflict Tatiana Flessas LSE Law To send or bring

Legal Issues in the Parthenon Marbles conflict Tatiana Flessas LSE Law To send or bring someone, or sometimes money or other property, back to the country that he, she, or it came from (Cambridge Dictionary) Root: patria

319 views • 9 slides
mc-a ISSUED DATE McAlpine Architecture PC (T) E-mail: 34-26 Street 212.366 .0700

mc-a ISSUED DATE McAlpine Architecture PC (T) E-mail: 34-26 Street 212.366 .0700

WINDOWS TO BE REPLACED, APT. 508/509 UPPER SASH OF BATHROOM WINDOW WINDOWS TO BE REPLACED, APT. 508/509 WINDOWS TO BE REPLACED, APT. 508/509 WINDOWS TO BE REPLACED, APT. 508/509 WITH LOUVER IN PLACE OF GLASS FOR A/C mc-a mc-a mc-a mc-a

217 views • 8 slides
Windows NT Security Windows 95, 3.1, 3.11 are basically DOS and they have no security

Windows NT Security Windows 95, 3.1, 3.11 are basically DOS and they have no security

Windows NT Security Windows 95, 3.1, 3.11 are basically DOS and they have no security whatsoever. Windows NT has security features, especially as a computer in a network. Security of Windows NT should be understood correctly. In

592 views • 31 slides
Windows NT and Real-Time? Reading: I nside Microsof t Windows 2000, (Solomon,

Windows NT and Real-Time? Reading: I nside Microsof t Windows 2000, (Solomon,

CPSC-663: Real-Time Systems Operating Systems Issues Windows NT and Real-Time? Reading: I nside Microsof t Windows 2000, (Solomon, Russinovich, Microsof t P rogramming Series) Real- Time Systems and Microsof t Windows NT

306 views • 8 slides
Roadmap for Section B A Brief History of Windows and Linux Comparing the Windows and Linux kernel

Roadmap for Section B A Brief History of Windows and Linux Comparing the Windows and Linux kernel

Unit OS B: Comparing the Linux and Windows Kernels Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section B A Brief History of Windows and Linux Comparing the Windows and Linux

430 views • 25 slides
THE BANCASSURANCE DILEMMA THE BANCASSURANCE DILEMMA Should banks be brokers with higher

THE BANCASSURANCE DILEMMA THE BANCASSURANCE DILEMMA Should banks be brokers with higher

19 TH INDIA FELLOWSHIP SEMINAR 19 INDIA FELLOWSHIP SEMINAR JUNE 2013 THE BANCASSURANCE DILEMMA THE BANCASSURANCE DILEMMA Should banks be brokers with higher responsibility towards customers or should they continue as corporate agents? Bhavna

463 views • 29 slides
Application Training by David Noguera 1 Overview 1. Dissecting the Application 2. Program

Application Training by David Noguera 1 Overview 1. Dissecting the Application 2. Program

Urban Land Bank Demonstration Program Application Training by David Noguera 1 Overview 1. Dissecting the Application 2. Program Description 3. Program Uses 4. Lot Sales Price 5. Eligible Program Applicants 6. Program Requirements

432 views • 12 slides
LISTENING SESSION FY20 TEACH TECHNOLOGY INFORMATION INFRASTRUCTURE GRANT KERRY HAWKINS, GRANTS

LISTENING SESSION FY20 TEACH TECHNOLOGY INFORMATION INFRASTRUCTURE GRANT KERRY HAWKINS, GRANTS

FY20 TEACH INFRASTRUCTURE GRANT LISTENING SESSION FY20 TEACH TECHNOLOGY INFORMATION INFRASTRUCTURE GRANT KERRY HAWKINS, GRANTS ADMINISTRATOR WELCOME FY20 Infrastructure grants can now be awarded to eligible school districts and public

499 views • 23 slides
MACOMB COUNTY COMMUNITY MENTAL HEALTH Behavior Treatment Plan Review Committee Initial

MACOMB COUNTY COMMUNITY MENTAL HEALTH Behavior Treatment Plan Review Committee Initial

MACOMB COUNTY COMMUNITY MENTAL HEALTH Behavior Treatment Plan Review Committee Initial Presentation Worksheet DATE : HOME TYPE : NAME : AGENCY : PRESENTER(S) : CASE NUMBER : PRESCRIBING PHYSICIAN : SUPPORTS COORD/CASE MANAGER : DATE OF BIRTH:

307 views • 3 slides
Drug Market Intervention Gainesville Training October 23, 2019 Why A DMI Eliminate open-air

Drug Market Intervention Gainesville Training October 23, 2019 Why A DMI Eliminate open-air

Drug Market Intervention Gainesville Training October 23, 2019 Why A DMI Eliminate open-air drug dealing Remove the chaos and violence Reset community norms and enhance safety Strengthen community and law enforcement partnerships

348 views • 14 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
Product Manager 101: What Does A Product Manager Actually Do? Presented by Christopher Cummings

Product Manager 101: What Does A Product Manager Actually Do? Presented by Christopher Cummings

Product Manager 101: What Does A Product Manager Actually Do? Presented by Christopher Cummings http://www.christophercummings.com What Is A Product Manager? Product Management is a strategic and business-oriented role , focused on delivering

382 views • 14 slides
In tro d u c tio n to A s te ris k Mark Turner Siteseers Inc. www.siteseers.com 12

In tro d u c tio n to A s te ris k Mark Turner Siteseers Inc. www.siteseers.com 12

In tro d u c tio n to A s te ris k Mark Turner Siteseers Inc. www.siteseers.com 12 June 2004 G o a ls T o b eco m e fam iliar w ith A sterisk 's purpo se an d o rg an izatio n T o step th ro ug h co

437 views • 22 slides
Arch Linux Jack Rosenthal CSM Linux Users Group 10 September 2015 Slides available online at:

Arch Linux Jack Rosenthal CSM Linux Users Group 10 September 2015 Slides available online at:

Arch Linux Jack Rosenthal CSM Linux Users Group 10 September 2015 Slides available online at: https://github.com/jackrosenthal/lug-arch-presentation Jack Rosenthal Arch Linux What makes Arch different? Jack Rosenthal Arch Linux What makes

769 views • 52 slides

More recommend