Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: "Death" of Internet Services - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
"Death" of Internet Services

No, we're not talking about 1940's literature today - I've been reading, as have many, that Microsoft is planning to finally stop the venerable MSN Messenger Chat service. I find it interesting that the press is touting that MSN has few users left.¬† This might be true in our community, and I wouldn‚??t doubt that almost every demographic has moved away from MSN to other chat services like SMS on phones, Facebook, Skype, Twitter or whatever.

But maybe Toronto is an internet backwater or something ‚?? for every IPS stand up or egress filter I configure, in any company I‚??ll still find a handful of MSN Messenger users.¬† While we're seeing generally low activity on the main port used by MSN (1863) , we still see spikes in traffic - https://isc.sans.edu/port.html?port=1863

Do internet services ever die naturally?¬† It seems to me that folks hang on to what they know like grim death, and only give up services when they‚??re terminated forcibly. ¬†

As a penetration tester, these older services can be a gold mine.  To me, older services (not to pick on any one service in particular) quite often are clear-text, so if you can get a clean packet capture then you've got a very good shot at harvesting credentials.  And we know for a fact that folks will tend to re-use credentials - userid's are easy to derive, but if you can harvest passwords on one service, you've got an excellent chance at re-using them to compromise another application or service.

Again, I'm not sure if it's just me, but I also tend to see that users of these older "consumer" type applications like this for some reason seem to be clustered in the upper echelons of many companies.  In other words, some of the best targets (politically at least) are using some of the most easily compromised applications.

Password re-use, prefering old/known applications to new ones, and "user clustering" around older apps - are you seeing this same trends?  

Did xkcd get it right?  http://xkcd.com/1305/

Please, use our comment form and let us know what you're seeing, both on MSN messenger or on other "old" internet applications!

===============
Rob VandenBrink
Metafore

Rob VandenBrink

499 Posts
ISC Handler
Usually, as you stated- it's a difficult, grim death. The reason is that users of these services have built little communities of contacts (friends, relatives, and others) all within the chat application. Moving to a new application is not just a matter of uninstalling the old and installing the new - it's a matter of:

1) Deciding which new application to migrate to.
2) Getting agreement and consensus within your community of contacts to move to THIS new application instead of THAT new application.
3) Getting everyone within your community of contacts to migrate to the new application around the same time, in order to maintain continuity.

Doing the above is more difficult than herding cats, as you'll know if you've had to do it before. Even something as simple as changing your email address is a process that can last years. Case in point: I changed my email address early last year (Jan, 2013). I emailed all of my contacts when I switched with my new email address. I kept the old email address active, just in case I forgot to email someone with my new address, and also to see who hasn't made the update in their address book. Even as early as yesterday, I still had some of my contacts emailing me at that old email address. And coincidentally just yesterday, I replied to those contacts with my new email address yet again. I then proceeded to delete the old email address - for good this time.

It's ironic: in the digital age when everything happens so quickly, migrating to a new email address or chat application can take years.

So yes, old accounts services die hard... and will always be a security weakness due to human nature... Windows XP anyone?
da1212

69 Posts
What we see here is a (more or less) slight drop in the usage of HTTP in favour of HTTPS.

A while ago (before heartbleed - but maybe in the wake of Snowden) facebook switched to HTTPS.

And we are seeing clearly this trend in the HTTP(S) usage of our university.
Jens

42 Posts
Taking the "curmudgeon" viewpoint....

I tend to be one of those people who hangs on the old, with a skeptical eye toward the new, because of mainly one reason: There seems to be a recent trend, with many software developers, as they upgrade and rewrite their products, to strip out what many users consider useful features, or they switch to a different GUI for no other reason than "everyone else is doing it". It seems more and more to be the case that as time goes by, and new or updated software is released, it's "one step forward, two steps back".

Can people be blamed for wanting to hang on the old, when the new is increasingly seen as inferior? Even if it's only a perceived inferiority, and not a real one, that perception is a strong influencing factor.

As as example, Adobe Reader had a way for a user to export a PDF document to Word or Excel - on choosing this option (to Excel for example), he would choose a file name and path, save the Excel file, and then open it up in Excel for further editing. Now, in a recent "upgrade", that functionality has been changed to "Export to Word or Excel online", losing the ability to create easily a local Word or Excel document, and forcing me to create yet another online account to keep track of.

We tell our users to make sure they have the latest updates, but when this kind of thing happens, can we blame them for not wanting to update? For some of my users, "upgrade" is a derogatory term. Where does the fault for that lie? Is it with the IT departments? Or is it with the software developers? Or just human nature's aversion to change? Probably it is a combination of all three. But I feel that this aversion is based largely on the recent trends to put out new or updated software that is sometimes no better than, and sometimes inferior to, current or older versions of that software.
Marko

7 Posts
Totally agree with the "users of these older "consumer" type applications like this for some reason seem to be clustered in the upper echelons" part.
Michael

32 Posts

Sign Up for Free or Log In to start participating in the conversation!