xmikos
commented
8 years ago It would be great if it could also detect QUANTUM INSERT attacks, see here: Deep dive into QUANTUM INSERT (configuration for Bro, Snort and Suricata IDS here: https://github.com/fox-it/quantuminsert/tree/master/detection).
Not only NSA, but now even Chinese, Malaysian and Indian malware and ad networks seems to be doing QUANTUMINSERT-style man-on-the-side attacks: Website-Targeted False Content Injection by Network Operators
thestinger
It would be cool to have optional built-in IDS support. It's not possible to do this well without it being built into the OS due to lack of privileges, especially as the app sandbox is hardened. It's an area where CopperheadOS could provide a real edge. Android has SafetyNet, but that's meant to protect the ecosystem as a whole, not individuals.