Living In an Unsecured World 112
GhostX9 writes "Charlie Miller, Accuvant Principal Research Consultant and keynote speaker at NATO's recent International Conference on Cyber Conflict, speaks with Alan Dang of Tom's Hardware about living in an unsecured world. He goes over his recent MacBook battery exploit and the challenges of computing security in the upcoming future. Quoting: '[W]hat we can do (and this is the approach the industry is sort of taking) is make it so hard and expensive to pull off attacks that it becomes economically infeasible for most attackers. ... The way we make it more difficult is to reduce the number of vulnerabilities and ensure users' software is up to date and "secure by default." Also, make the OS resilient to attack with things like stack canaries, ASLR, DEP, and sandbox applications so that multiple exploits are needed. We also need to better control the software loaded on our devices (i.e. Apple's App Store model). So, instead of having to write a single exploit, it takes three or four in order to perform an attack. This means most attackers won't be able to pull it off, and those who can will have to spend much more time working it out.'"
Unsecured world? (Score:5, Interesting)
When, if ever, has the world been secure?
Mankind is flawed, you cannot patch this flaw. You can only mitigate the flaws.
This Is The Wrong Way, Period. (Score:2, Interesting)
Yep with capitals on every word.
So you see every security researcher and their friend claim how good it is to have long, strong unremembered passwords for each of your 1000 services.
They also want to have a million software work-arounds to manage flaws in the current software and operating system design. Such as ASLR, canaries, what not - then make your believe your system is, I quote again, RESILIENT. Nothing less! Your OS fights back for you and has multiple layers of security! (which usually are all bypassed in one go.. sometimes 2 go.)
That's a lot of nice words. Slashdot readers should know by now that while all these features are integrated in all modern OS (yay Lion now has real ASLR...) it doesn't stop attacks at all, and barely makes the exploits code longer to figure out.
These people have had their mind programmed to think a certain way and they do think, since "security is a process" that it's the correct way to secure software in the future. Well, it looks pretty bad and full of holes doesn't it? Pretty crappy security if you ask me, even if that's way better than 10 years ago.
They've been programmed that way because many fear that their job and their precious antivirus software would be less relevant if the flaws were fixed. Oh I can't tell you how much hate posts such a statement generates. It's like saying 'Chrome sucks because there's Google behind it and they want your data' you know. The truth too many don't like to hear and will close their eyes as if nothing was going on
There is, and there are however true alternatives. It involves rewriting from scratch the current OSes to fix the design flaws.
Actual, real OS programmers know this very well. Even the people behind UNIX knew that and rewrote it, and called it Plan9 (which died for other reasons).
Even Microsoft knows that and wrote Singularity as well as Midori. Even Open source OS programmers know that and made their little spin offs.
Those OS are by design very secure (even if the 'nothing is 100% secure' still stand true). Every app is sandboxed in it's own memory space. Every driver too and kernel components too. The memory has automatic reference counting and garbage collection, and there is also no way to provoke overflows and any attack of that class. The core assembly is typed to avoid type errors leading to exploits in the core kernel. Its also kept very, very small as are all the critical sections.
All the message passing between the apps, the apps to the kernel, the driver to the kernel and so on go through a special, ultra fast messaging system and it is the sole and unique vector for communication and thus attacks. Every message is verified and must match a predetermined contract to pass through. The contract describe the kind of data with precision. No more injection of bad data. Not only that but the kernel overhead is actually lower than Windows, OSX or Linux and the apps actually run faster.
And there's a whole lot more. With today's computer speed we will be able to afford running those new OSes while running legacy apps in emulation mode.
Besides many applications being written into portable languages such as JS this will be less of an issue.