VoodooShield discussion

Status
Not open for further replies.
F

ForgottenSeer 58943

Cool, thank you for your insight! Yeah, if https accounted for 75%+ of the traffic, and was the industry standard, then our temporary site would be https as well.

From my understanding, https is subject to BGP hijacking as well, so in the end, it probably does not make a difference anyway, right? I mean, an attacker who is that sophisticated surely will not have an issue either way. And besides, as you mentioned, this type of attack is not exactly stealth.

Any serious attacker probably isn't swayed by SSL, which is why secure systems and compliance audit requirements do not rely on SSL alone, it's always combined with a secondary encryption algorithm like AES256 blobs over SSL.

Aside from the pxfire and nbu redirects ISP's use on HTTP.. Unfortunately for all of us the NSA is performing widespread QI attacks on TCP streams on HTTP, this freaks people out so they demand SSL when possible, especially for security applications. I have documented QuantumSky attacks used against me on my network for example. The injection is done by observing HTTP requests by means of eavesdropping on non-SSL network traffic. When an interesting target is observed, another device, the shooter, is tipped to send a spoofed TCP packet. In order to craft and spoof this packet into the existing session, information about this session has to be known by the shooter. All the information required by the shooter is available in the TCP packet containing the HTTP request.

So yeah, while in general its not a massive issue, the NSA is really into QI attacks in the last few years on a scale much wider than you'd expect. So paranoid folks are paranoid around HTTP.. I really should be more paranoid over HTTP than I am at this point because of the well documented attacks against my network and systems. But all of my sensitive data traverses encrypted blobs within SSL pipes anyway.. So they can see I ordered a Pizza, but they won't see a photo of me eating the pizza I snapped with my camera and put on my cloud drive. :D
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
fwiw, I fixed my vpn app killing vs_4.03b by keeping vs in training mode for awhile while the vpn was connecting. vs has learned, and it seems to be aok now, and not seeing any other issues with 4.03b on win7_64 running SUA. :D
Very cool! What were the paths of the items that were being blocked?
 
  • Like
Reactions: _CyberGhosT_

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Any serious attacker probably isn't swayed by SSL, which is why secure systems and compliance audit requirements do not rely on SSL alone, it's always combined with a secondary encryption algorithm like AES256 blobs over SSL.

Aside from the pxfire and nbu redirects ISP's use on HTTP.. Unfortunately for all of us the NSA is performing widespread QI attacks on TCP streams on HTTP, this freaks people out so they demand SSL when possible, especially for security applications. I have documented QuantumSky attacks used against me on my network for example. The injection is done by observing HTTP requests by means of eavesdropping on non-SSL network traffic. When an interesting target is observed, another device, the shooter, is tipped to send a spoofed TCP packet. In order to craft and spoof this packet into the existing session, information about this session has to be known by the shooter. All the information required by the shooter is available in the TCP packet containing the HTTP request.

So yeah, while in general its not a massive issue, the NSA is really into QI attacks in the last few years on a scale much wider than you'd expect. So paranoid folks are paranoid around HTTP.. I really should be more paranoid over HTTP than I am at this point because of the well documented attacks against my network and systems. But all of my sensitive data traverses encrypted blobs within SSL pipes anyway.. So they can see I ordered a Pizza, but they won't see a photo of me eating the pizza I snapped with my camera and put on my cloud drive. :D
Yeah, it is a crazy world ;)

If you ask me, the key to all of this is to limit as much as possible, what data and personal information is utilized in the first place, which is exactly what we do.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Cool, thank you... I was half joking. I am really curious if 4.04 is going to fix the 2-3 non-english bugs or not. We will find out soon ;).
I know that feeling using English websites with tips and tricks for Windows and applying that on a Dutch Windows version. It's not always easy.
Will try 4.04 when you release it and we will find out...
Do you still have plans for other language versions / translations of VS ?
 

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
Finally managed to resolve major problems I've been having with all the VS 4 betas on my laptop.

It was my Sophos AV, preventing VS from writing to its data files, and generally messing with anything VS tried to do.

All working normal after creating an exclusion for the "Voodooshield.exe" and "Voodooshieldservice.exe" processes; the "Program Files\Voodooshield" folder; and the "c:\ProgramData\Voodooshield" folder.

Now looking forward to testing 4.04.
 

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
Dan
Thanks for taking your time explaining things.
FYI Still having autostart issues and the log out-log in fix did not always work this past two days. Just thought to let you know.
No other issues.
Looking forward to next beta.
 
  • Like
Reactions: _CyberGhosT_
F

ForgottenSeer 58943

Yeah, it is a crazy world ;)

If you ask me, the key to all of this is to limit as much as possible, what data and personal information is utilized in the first place, which is exactly what we do.

Right on brother.. The less crap going out, the less reason to intercept it. I wish more companies did this.
 

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
772
I am not running the free version Dan. Because it should be a secure site to manage the endpoint. What gives?
 

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
Finally managed to resolve major problems I've been having with all the VS 4 betas on my laptop.

It was my Sophos AV, preventing VS from writing to its data files, and generally messing with anything VS tried to do.

All working normal after creating an exclusion for the "Voodooshield.exe" and "Voodooshieldservice.exe" processes; the "Program Files\Voodooshield" folder; and the "c:\ProgramData\Voodooshield" folder.

Now looking forward to testing 4.04.
I normally create mutual exclusions for security softs, but hadn't thought of Programdata folders. I don't currently have problems, but may do that also now.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Finally managed to resolve major problems I've been having with all the VS 4 betas on my laptop.

It was my Sophos AV, preventing VS from writing to its data files, and generally messing with anything VS tried to do.

All working normal after creating an exclusion for the "Voodooshield.exe" and "Voodooshieldservice.exe" processes; the "Program Files\Voodooshield" folder; and the "c:\ProgramData\Voodooshield" folder.

Now looking forward to testing 4.04.
Hmmm, interesting, thank you for letting me know!
 
  • Like
Reactions: askmark

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
I am not running the free version Dan. Because it should be a secure site to manage the endpoint. What gives?
The final site will be https, the same way voodooshield.com is currently. We need to work a few things out before we add the certificate.

The reality is that https is subject to BGP hijacking as well, so the only real concern is if a beta tester running VS goes to a coffee shop with public wifi, and there happens to be a mitm attacker who is interested in logging in to your VoodooShield Management Console to change your VoodooShield settings or edit your whitelist. If you ask me, that is being way paranoid.

Since I do not specialize in web security, if there are other risks that I am unaware of, please let me know, because we will need to shut down the beta test asap until we add the certificate to the server.
 
  • Like
Reactions: vtqhtr413

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Here is 4.04... you should be able to install over the top of 4.03b, but if you run into problems, please uninstall, reboot and reinstall.

http://www.voodooshield.com/Download/beta4/InstallVoodooShield404beta.exe

I believe most of the bugs are fixed, but there will most likely be a few small bugs over the next couple of weeks that we will need to fix.

Thank you guys!
 

DotNet

Level 1
Verified
Sep 4, 2017
34
Clean install VS 4.04, same problems previously reported. Going back to 3.59 & works like it should.
 
Last edited:
P

plat1098

OK, 4.04 cleanly installed together with HMP Alert 6.04 release :censored: and EAM beta updates. Alert and VS start up at the same time and over four restarts/shutdowns, so far so good The 4.03 was a problem. Still getting a messy shutdown unless VS is exited prior, unless browsing session has been very brief. Also, installed 4.04 after removing 3.59.

VS hmpa startup.png

danb: this is not coming at a great time, but if you can spare a second sometime, I sent you a personal message describing password discrepancy between my web account and VS interface (which is still using the old password for reg.) and also machine name discrepancies. When you can spare the time. :)
 

madirish

Level 1
Sep 13, 2017
14
Just installed 4.0.4b over 4.0.3b-rebooted and everything is good.Still registered,running in SMART mode.No errors in event logs (y)
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
installed 4.04b over 4.03b from my admin acct. seemed smooth enough but it asked for my registration again? rebooted into SUA and VS started ok but again asked for my registration, ie, is this "normal", ie, VS thinks each user on same pc is a different registration? not a problem, just asking. otherwise all seems normal. also no problem with my vpn. dan, not sure which vpn related processes were problematic when VS was crashing, I looked at logs and did not see it.

PS the RAM usage seems normal comparable to 3.59. hardly any cpu.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Clean install VS 4.04, same problems previously reported. Going back to 3.59 & works like it should.
Oops, my bad, sorry. I was assuming that the fix for the rules in VS 4.04 would cover your issue as well, but I guess not. I will look at your post again and see if I can reproduce the error on my end for 4.05.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
Right on brother.. The less crap going out, the less reason to intercept it. I wish more companies did this.
Cool, I forgot to mention that VS has its own encryption for traffic post LAN, and it encrypts what needs to be encrypted... Alex is extremely cognizant of security and he is our web dev.

For example, if an attacker outside the LAN were to obtain my password, here is what they would see (okay, I changed one character, but you get the point):

Password Hash: 0xAF6790BA3CE4EA9CAA52C10BBA74F76C26CD863A4B08607221588161ACBFA281
Password Salt: 0xEAE01C413FF7F0773EFF0E277D1A3022

So if you ask me, I would say that is more secure post LAN than HTTPS, since https is subject to BGP hijacking.

Truly, the only issue we have is if there is an attacker on the inside of the LAN, trying to obtain your VS account info, which will be fixed once we install the certificate.

I guess what I am saying... HTTPS is okay, but if you do your own encryption, you are light years ahead of the game, especially if you implement https as well.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top