Proof isn't always possible

Investigating intrusions has challenges beyond normal Blue Team or even Red Team interests. However, an alert system administrator may become aware of an intrusion while it is STILL IN PROGRESS: At that time, the old DOS command "fflush," which instructs the D(omain) N(ame) S(erver) to REASSIGN ALL IP addresses, would be of assistance to him. After the server followed the instruction (which can take fifteen minutes or so,) the bad guys would be faced with searching many local IP addresses to identify the admin's address, before the bad guys could resume the assault. This is less useful to a webmaster since his IP address is available by presenting his site name to DNS outright, as soon as it is re-assigned. Likewise, many applications require a static IP address. To assist the situation, we can point out that "flush" (note: only one -1- "f") deletes all local DNS cache info. This can assist network requests in obtaining correct IP info to communicate o...

I can remember suggesting a theoretical Operating System that requires object code to be compiled in such a way that a decryption key is required for a program object to execute. The program object itself would execute unencrypted in RAM.  I cannot find the entry at the moment, but I have also suggested an OS that uses an RSA key for program installation. Separately, I have contemplated a Linux user, organized such that the encrypted home folder appeared as an UNMOUNTED container over IP, while operating as a MOUNTED container locally, for the profile user. This would defeat some purposes of SSH, but would harden the installation against data theft over IP.  Now, with the development of an offline username/password for a program, I am asking myself if I cannot effectively suggest a practical (as opposed to theoretical) arrangement, whereby the program presents a credential (or two - username/password) to the OS, for permission to execute. Clearly, multiple program objects w...

We log in online and are accustomed to being refused service if we supply an incorrect username/password combination.  We persecute "plain-text offenders" and rightly expect to benefit from comparing a hash fingerprint of the credential presented online to a list of hash fingerprints, each paired with a username. Even better if the username is hashed as well. The knowledge gained from online handshakes can benefit us in digital rights management.  It has long been the case that we could obfuscate a password literal in source code by compiling it into object code. However, decompilers provide assembler code that can reconstruct the source code without descriptive variable names and make string values stand out. Now, we can construct a creative solution. We can designate a username/password combination to COMPILE SOURCE UNIQUELY FOR EACH USER. To hide it in the object code, we hash the username and password with a published hash algorithm and use the hash-fingerprint literal in...