Difference between revisions of "Talk:2166: Stack"

Explain xkcd: It's 'cause you're dumb.
Jump to: navigation, search
(Addition of comment to the discussion)
 
(13 intermediate revisions by 8 users not shown)
Line 5: Line 5:
 
:I would say that the thin layers are actually boundaries between major parts of the stack. The lower one seems to be a boundary between hardware/firmware and (system & application) software, the upper one a boundary between a software product/system/framework as released/sold and the same system as installed/configured at a particular site (the "customer" layer suggests that to me) -- [[User:Malgond|Malgond]] ([[User talk:Malgond|talk]]) 16:17, 21 June 2019 (UTC)
 
:I would say that the thin layers are actually boundaries between major parts of the stack. The lower one seems to be a boundary between hardware/firmware and (system & application) software, the upper one a boundary between a software product/system/framework as released/sold and the same system as installed/configured at a particular site (the "customer" layer suggests that to me) -- [[User:Malgond|Malgond]] ([[User talk:Malgond|talk]]) 16:17, 21 June 2019 (UTC)
 
::I was thinking something along those lines, but I thought it was strange there was one inserted between the compromises by a current and a past employee. (A compromise by a past employee was likely implemented while they were employed, maybe as a backdoor they can access after leaving the company.) [[User:Ianrbibtitlht|Ianrbibtitlht]] ([[User talk:Ianrbibtitlht|talk]]) 17:34, 21 June 2019 (UTC)
 
::I was thinking something along those lines, but I thought it was strange there was one inserted between the compromises by a current and a past employee. (A compromise by a past employee was likely implemented while they were employed, maybe as a backdoor they can access after leaving the company.) [[User:Ianrbibtitlht|Ianrbibtitlht]] ([[User talk:Ianrbibtitlht|talk]]) 17:34, 21 June 2019 (UTC)
 +
:::I think this stack is most supposed to be some form of website. The customer (a site visitor/user) is exploiting a Javascript vulnerability. The former employee is exploiting a deeper vulnerability but still through the browser/otherwise through the web (e.g. an URL-based exploit, like adding "/../"s to url to access files that aren't supposed to be part of the site) that they know about because they worked on it. The current employee is compromising using their access to the code, the database, or the server, hence the division. [[User:Schpeelah|Schpeelah]] ([[User talk:Schpeelah|talk]]) 17:58, 21 June 2019 (UTC)
 +
::::I agree that the stack likely represents a website (maybe '''''all''''' websites), and your point about the top two using only the browser being the reason for the separation bar makes perfect sense! Thanks for sharing your thoughts. [[User:Ianrbibtitlht|Ianrbibtitlht]] ([[User talk:Ianrbibtitlht|talk]]) 18:35, 21 June 2019 (UTC)
  
 
Not to be confused with the [https://www.explainxkcd.com/wiki/index.php/1636:_XKCD_Stack XKCD Stack]. --[[Special:Contributions/162.158.182.232|162.158.182.232]] 15:52, 21 June 2019 (UTC)
 
Not to be confused with the [https://www.explainxkcd.com/wiki/index.php/1636:_XKCD_Stack XKCD Stack]. --[[Special:Contributions/162.158.182.232|162.158.182.232]] 15:52, 21 June 2019 (UTC)
 +
 +
Isn't the title text a reference to [https://www.bleepingcomputer.com/news/security/open-mongodb-databases-expose-chinese-surveillance-data/ when china had some surveillance databases publicly visible]? [[User:Rerere284|Rerere284]] ([[User talk:Rerere284|talk]]) 17:48, 21 June 2019 (UTC)
 +
 +
 +
we seem to be missing compromised by anti virus software - but that aside I want the t-shirt[[Special:Contributions/162.158.34.206|162.158.34.206]]
 +
:It's probably not a Windows-based server, so no anti-virus software is needed! [[User:Ianrbibtitlht|Ianrbibtitlht]] ([[User talk:Ianrbibtitlht|talk]]) 23:44, 21 June 2019 (UTC)
 +
 +
I think the stack resembles an 8-layer wedding cake! [[User:Ianrbibtitlht|Ianrbibtitlht]] ([[User talk:Ianrbibtitlht|talk]]) 02:24, 22 June 2019 (UTC)
 +
 +
I don't think labeling the layers by the OSI layers makes much sense.  There is no indication in the comic that the OSI model is intended.  If going to cover OSI, maybe put in a table with the OSI model levels as one column (to clearly separate that interpretation from others).  [[Special:Contributions/162.158.107.79|162.158.107.79]] 08:00, 23 June 2019 (UTC)
 +
: I disagree. There's a clear link, with hardware exploits on the bottom, and the "foreign government" layer is likely a reference to the US-Huawei situation. [[Special:Contributions/172.68.141.52|172.68.141.52]] 13:01, 24 June 2019 (UTC)
 +
:: It is not so clear. First of all there's no mention of OSI; moreover there's eight layers in the picture, not seven. "Foreign government" may still be at ISO Layer 1, e.g. at a chip fab, or somewhere higher such as in factory-installed firmware or OS image. "Own government" may be anything starting from installing hardware implants via interdiction, through firmware/OS/crypto compromise (planted vulnerabilities), 0-days (discovered vulnerabilities) to traffic capture/analysis - and so on. My personal take on layers' meanings is: HW design shortcomings; malicious firmware installed at foreign factories; NSA-planted APTs (low-level); malware infections; Javascript (or trojan app) mining code; backdoors planted in app code by a current employee; vulnerabilities in app code exploited by a former employee; user-inflicted problems such as misconfiguration or installation of questionable software -- [[User:Malgond|Malgond]] ([[User talk:Malgond|talk]]) 17:51, 24 June 2019 (UTC).
 +
::: This is where I'm at on the question as well. It seems that connecting each tech stack layer to an OSI model layer is a too bit restrictive. [[User:Ianrbibtitlht|Ianrbibtitlht]] ([[User talk:Ianrbibtitlht|talk]]) 18:35, 24 June 2019 (UTC)
 +
:::: Just wanted to add my thoughts, but I saw the eighth "user layer" as representing the human element, e.g. social engineering, and the fact its narrower than the other layers might indicate its supposed to not be standard.  In my mind, this would make sense as most companies have a support desk that doesn't realise its own role in security, and can therefore be compromised by a customer with little technical skill.  Maybe I'm clutching at straws to fit in in with the OSI model, but what other model is there that's well known enough? [[Special:Contributions/162.158.158.149|162.158.158.149]] 05:25, 4 July 2019 (UTC)

Latest revision as of 05:25, 4 July 2019

I wasn't sure how to format the transcript, but I put in something for starters - feel free to adjust as needed. I don't think the arrow directions for each layer are significant and are just random. Ianrbibtitlht (talk) 14:53, 21 June 2019 (UTC)

Is there any significance to the two thin layers inserted between the larger labels in the stack? I don't think so, but I'm not sure either way! Ianrbibtitlht (talk) 15:08, 21 June 2019 (UTC)

I would say that the thin layers are actually boundaries between major parts of the stack. The lower one seems to be a boundary between hardware/firmware and (system & application) software, the upper one a boundary between a software product/system/framework as released/sold and the same system as installed/configured at a particular site (the "customer" layer suggests that to me) -- Malgond (talk) 16:17, 21 June 2019 (UTC)
I was thinking something along those lines, but I thought it was strange there was one inserted between the compromises by a current and a past employee. (A compromise by a past employee was likely implemented while they were employed, maybe as a backdoor they can access after leaving the company.) Ianrbibtitlht (talk) 17:34, 21 June 2019 (UTC)
I think this stack is most supposed to be some form of website. The customer (a site visitor/user) is exploiting a Javascript vulnerability. The former employee is exploiting a deeper vulnerability but still through the browser/otherwise through the web (e.g. an URL-based exploit, like adding "/../"s to url to access files that aren't supposed to be part of the site) that they know about because they worked on it. The current employee is compromising using their access to the code, the database, or the server, hence the division. Schpeelah (talk) 17:58, 21 June 2019 (UTC)
I agree that the stack likely represents a website (maybe all websites), and your point about the top two using only the browser being the reason for the separation bar makes perfect sense! Thanks for sharing your thoughts. Ianrbibtitlht (talk) 18:35, 21 June 2019 (UTC)

Not to be confused with the XKCD Stack. --162.158.182.232 15:52, 21 June 2019 (UTC)

Isn't the title text a reference to when china had some surveillance databases publicly visible? Rerere284 (talk) 17:48, 21 June 2019 (UTC)


we seem to be missing compromised by anti virus software - but that aside I want the t-shirt162.158.34.206

It's probably not a Windows-based server, so no anti-virus software is needed! Ianrbibtitlht (talk) 23:44, 21 June 2019 (UTC)

I think the stack resembles an 8-layer wedding cake! Ianrbibtitlht (talk) 02:24, 22 June 2019 (UTC)

I don't think labeling the layers by the OSI layers makes much sense. There is no indication in the comic that the OSI model is intended. If going to cover OSI, maybe put in a table with the OSI model levels as one column (to clearly separate that interpretation from others). 162.158.107.79 08:00, 23 June 2019 (UTC)

I disagree. There's a clear link, with hardware exploits on the bottom, and the "foreign government" layer is likely a reference to the US-Huawei situation. 172.68.141.52 13:01, 24 June 2019 (UTC)
It is not so clear. First of all there's no mention of OSI; moreover there's eight layers in the picture, not seven. "Foreign government" may still be at ISO Layer 1, e.g. at a chip fab, or somewhere higher such as in factory-installed firmware or OS image. "Own government" may be anything starting from installing hardware implants via interdiction, through firmware/OS/crypto compromise (planted vulnerabilities), 0-days (discovered vulnerabilities) to traffic capture/analysis - and so on. My personal take on layers' meanings is: HW design shortcomings; malicious firmware installed at foreign factories; NSA-planted APTs (low-level); malware infections; Javascript (or trojan app) mining code; backdoors planted in app code by a current employee; vulnerabilities in app code exploited by a former employee; user-inflicted problems such as misconfiguration or installation of questionable software -- Malgond (talk) 17:51, 24 June 2019 (UTC).
This is where I'm at on the question as well. It seems that connecting each tech stack layer to an OSI model layer is a too bit restrictive. Ianrbibtitlht (talk) 18:35, 24 June 2019 (UTC)
Just wanted to add my thoughts, but I saw the eighth "user layer" as representing the human element, e.g. social engineering, and the fact its narrower than the other layers might indicate its supposed to not be standard. In my mind, this would make sense as most companies have a support desk that doesn't realise its own role in security, and can therefore be compromised by a customer with little technical skill. Maybe I'm clutching at straws to fit in in with the OSI model, but what other model is there that's well known enough? 162.158.158.149 05:25, 4 July 2019 (UTC)