←back to thread

Cyber Scarecrow

(www.cyberscarecrow.com)
606 points toby_tw | 5 comments | 18 Jun 24 08:08 UTC | HN request time: 0s | source
Show context
scosman ◴[18 Jun 24 08:25 UTC] No.40715334[source]
Fun concept.

If the creators read this, I suggest some ways of building trust. There’s no “about us”, no GitHub link, etc. It’s a random webpage that wants my personal details, and sends me a “exe”. The overlap of people who understand what this tool does, and people who would run that “exe” is pretty small.

replies(7): >>40715364 #>>40715425 #>>40715446 #>>40715473 #>>40716059 #>>40716538 #>>40723731 #
vmfunction ◴[18 Jun 24 08:32 UTC] No.40715364[source]
It is a cat and mouse game. And security by obscurity practice. Not saying it won't work, but if it is open sourced, how long before the malware will catch on?

Here is one on github:

https://github.com/NavyTitanium/Fake-Sandbox-Artifacts

replies(7): >>40715392 #>>40715530 #>>40715603 #>>40715668 #>>40716144 #>>40716690 #>>40716934 #
port19 ◴[18 Jun 24 10:44 UTC] No.40716144[source]
I'd be willing to bet good money that 99% of malware authors won't adapt, since 99% (more like 99.999%) of the billions of worldwide windows users will not have this installed.

For the cat to care about the mouse it needs to at least be a good appetizer.

replies(2): >>40716926 #>>40717629 #
1. ferfumarma ◴[18 Jun 24 12:19 UTC] No.40716926[source]
I think this is a same thing as betting on your own failure: "not enough people will use this for it to be an important consideration for hackers".
replies(1): >>40717449 #
2. Sebb767 ◴[18 Jun 24 13:13 UTC] No.40717449[source]
I've worked in companies with horrendous security, where someone with just a bit of SQL injection experience could have easily carried out the data. Yet, since this was a custom in-house application and your off-the-shelve-scanners did not work, this never happened; the only times the servers were hacked was when the company decided to host an (obviously never updated) grandfathered Joomla instance for a customer.

But even more simply, just setting your SSH port to something >10000 is enough to get away with a very mediocre password. It's mostly really not about being a hard target, not being the easiest one is likely quite sufficient :)

replies(1): >>40720545 #
3. giobox ◴[18 Jun 24 18:11 UTC] No.40720545[source]
> But even more simply, just setting your SSH port to something >10000 is enough to get away with a very mediocre password.

Given how easy and free tools like Wireguard are to setup now (thanks Tailscale!), I really don't understand why folks feel the need to map SSH access to a publicly exposed port at all anymore for the most part, even for throw away side projects.

replies(1): >>40736115 #
4. port19 ◴[20 Jun 24 07:57 UTC] No.40736115{3}[source]
I say leave it at 22 and use public key authentication. If a hacker can crack that, they deserve my server!
replies(1): >>40740927 #
5. giobox ◴[20 Jun 24 17:10 UTC] No.40740927{4}[source]
I mostly agree, but even this leaves you exposed to new bugs found in SSH in the future etc if on an unpatched/forgotten server. I still think its best (and really, really easy now with tools like tailscale) to simply never expose the software to the wide world in the first place and only access over Wireguard.

Fundamentally, it makes no sense to expose low level server access mechanisms to anyone other than yourself/team - there is no need for this to sit listening on a public port, almost ever.