BugTraq's Elias Levy Talks Security 137
LiquidPC writes: "UnderLinux.com.br has an
interview with the BugTraq moderator, Elias Levy or Aleph1. Questions ranging from what he thinks of 'Hacking Exposed' to whether BSD is more secure than Linux. Kind of short, but interesting nonetheless." He notes the interesting difference between the approaches to security taken by FreeBSD (which he praises) and Linux -- lots of projects vs. a single unified one, and emphasizes that security is ongoing, not defeating any single problem.
OpenBSD, not FreeBSD (Score:5, Informative)
FreeBSD != OpenBSD. (Score:2)
And he doesn't really "praise" anything, although his comments are interesting.
security (Score:3, Informative)
unfortunately in today's economic world, those programs and positions will be among the first to be cut by the CEO's.
Re:security (Score:1)
> programs and positions will be among the first
> to be cut by the CEO's.
I have worked in a field related to security (more like crypto), and it is also a problem when HR's are first to filter out job applicants. A woman acquaintance of mine had such a job interview, which ended with her and the HR woman subtly bitchslapping each other about their dressing styles. No security talk whatsoever!
It is as if the companies expect a security guru to have, before all, a nice personality (I know very few such people, realistically speaking).
Yoko 99
Re:security (Score:4, Interesting)
It may take a few less keystrokes out of the box, on any particular version, but that's where it ends.
Running *real* live systems, it takes the same amount of diligence and effort to keep them secured. You have to be aware of each new application you install, and how it impacts your security. It's no different on any OS.
Win2k is not hard to secure; neither is any other MS system.
Re:security (Score:3, Insightful)
[simon@beesianum simon]$ cat /var/log/httpd/*access* | grep msadc | wc -l
133
Not bad for a worm that's been live for less than seven hours, and attacks an operating system that's 'easy to secure'.
Re:security (Score:3, Informative)
http://www.microsoft.com/technet/treeview/defau
http://www.microsoft.com/technet/treeview/defau
Re:security (Score:5, Informative)
I don't want to harsh on you too roughly. Blaming the end user for not patching their systems is a bit like a programmer blaming a user for pressing that wrong key at that wrong time that crashes said programmers' code. They are innocent and ignorant. Insisting that they become clued about administering their computers is analagous to saying all motorists should be semi-proficient mechanics before climbing behind the wheel. Its just not practical, and it ain't never gonna happen.
Microsoft sure seems to have money to spend when it comes to sicking the BSA on its paying customers, or lobbying various public officials to look the other way while they break the law, yet seems to have $0 when it comes to educating the masses about the flaws in its products. Why not some full-page ads and television spots: "We're sorry we made a boo-boo. Please visit windowsupdate.microsoft.com to repair your Windows installation, and help keep The Internet safe for all of us." (and I have my doubts about whether that plugs these leaks) How about just putting some "Free MSN and Windows Repair CDs" next to the free AOL CDs you see everywhere. Instead, Microsoft seems to be quite content to allow the rest of us to pick up the tab for their follies in the form of lost productivity, upstream bandwidth fees, law enforcement investigations, etc. I would speak to their possible motives as to why they might want us all to waste our time and money, but I've sworn off the flamebait for a while.
patching bugs & pumping gas (Score:1)
1) Microsoft shipped their OS in a reasonably secure-by-default configuration. Now, I realize that if they did the OpenBSD and shipped with everything turned off their users would scream, but the reality is that MS has enabled a lot of things that the average user really doesn't need.
2) People actually patch their systems regularly. People go to gas stations and pump their own gas (well in most areas of the world), and it really isn't that much more difficult to install security patches. Just go to the MS web site, download, and install. Honestly, part of me feels that people should have to get a computer license to connect a computer on the public Internet, just like driving a car on public streets.
I'll be the first to admit, that neither of these are going to completely solve for the problem, but either would definately make a rather dramatic impact to these sorta things.
Re:patching bugs & pumping gas (Score:2)
they did the OpenBSD and shipped with everything turned off their users would scream
If they can't even start the web server service on the machine then perhaps they shouldn't be running a web server in the first place?
Re:patching bugs & pumping gas (Score:2)
2) MS's patches are often worse than the hole. Service pack 2(?) for NT was called the SP-of-death. SP6 rendered Lotus Notes unusable (maybe just the notes server...) No admin worth the title would blindly install MS patches without waiting a month or so to see if any problems were reported. Patches released as the result of an exploit are worse... MS code is unstable at best, when rushed, you're trusting your server to alpha-level code.
MS could learn a lot from IBM, or other mainframe makers, before trying to enter the server market. IBM had mainframes with decade-long uptimes, they didn't do that by rushing untested code onto client machines.
I really think someone needs to sue MS for incompotence. Some of their blunders are so bad it's amazing they went through testing. (I don't think MS should be ruined for it, but if they had to pay out anything in this kind of case, they might be more careful to avoid a larger settlement in the future.)
Re:security (Score:2)
Re:security (Score:2)
Some drivers go to service stations for all of the above, and call their local auto-association to change flats.
You are correct in that most people DO know basic automotive maintenance, even though they are not rquired to. I would expect, also, that most computer administrators would know some basic maintenance.
Of course, with computers & internet access being so cheap and easily available.. what do you expect.
Re:security (Score:2, Interesting)
But as for your argument, windowsupdate.microsoft.com is about the easiest method I've come across for any operating system to keep your system up to date. I do hold the end user responsible for that reason, because in the age of the internet and high-speed home connections, as a user, you have an elevated responsibility over days past to keep your systems secure. It's simply a fact of life.
Every OS has holes. Linux, BSD, Solaris, Win[92XM]*, they all have 'em. Very few operating systems are designed and implemented with security as a top priority. In addition, MS OSes enjoy the massive user base and visibility, not to mention the low entry-level of computer knowledge, of no other OS, which means they're going to be more vulnerable, to some extent.
But it's definitely not rocket science to keep your MS OS patched. They make it really easy. Could they be more visible about it? Perhaps. Could everyone else? Just as arguably, yes. Does anyone else out there have better visibility for security issues/updates for their OS? With very few exceptions, I'd say no.
Re:security (Score:2, Informative)
Try redhat.com/errata
In addition to links to Errata for 7.1 going back to 4.0,
Notable Security Exploits
Red Hat Linux users who have applied all Red Hat security updates are usually not vulnerable to worms and other security exploits. Click on the links below to read about each recent exploit and what you can do to prevent being affected.
The Adore Worm
Discovered April 3, 2001
The Lion Worm
Discovered March 23, 2001
Bind Exploit
Discovered January 29, 2001
The Ramen Noodle Worm
Discovered January, 2001
http://openbsd.com/errata.html
even better organized
http://www.freebsd.org/releases/4.3R/errata.htm
Re:security (Score:2)
1) M$ really lags when it comes to posting security updates on windowsupdate
2) The unwashed masses of computer users are unaware that windowsupdat exists.
3) windowsupdate is really practicial only for people that have bandwidth. Most people still use 56K or less. (At least that's what they are saying)
When it comes to applying security patches, and one wishes to do so in a timely fashion, I do not consider it trivial. All those Qxxxxxx.exe files one needs to download from the M$ Security Center, and the Rube Goldberg add-ons that are needed to apply more than one Qxxxxxx.exe per reboot are not "easy to use", especially not for an end user. Personally, I find it easier to download new kernels and Apache source and recompiling from scratch to maintain the Linux boxes than running the Qxxxxxx.exe files from M$.
You make a good point about their relative visibility compared to other OSs. I argue due to M$ monopolistic market share, especially in the workstation market, they have an implied duty to do far more than other OS vendors to make this stuff available.
Re:security (Score:2)
A motorist does know that periodic oil changes are needed, even if they don't know how to change the oil themselves. Everyone who has a car, either changes their own oil, or has someone else (e.g. a pro) do it for them. If they put their head in the sand and just assume that the car will work forever w/out needing maintenance, then they are destined for disappointment.
MS Windows and IIS are no different. There have been repeated incidents and stories in then news for years about this stuff. Anyone who buys them without the expectation that they're going to have to spend some time on maintenance (or hire someone) is denying reality.
I'm not saying this is a desirable situation; it isn't. But the buyer knew about it before he signed the check. He knew what he was getting into and he decided to proceed anyway. That's not a Microsoft victim, that's a self victim, or maybe a gambler at best.
Users are apparently content to pick up that tab too; all they have to do is Just Say No. Microsoft's attitude will change after users' attitudes change.
Just Say No. It solves most of life's problems.
Re:security (Score:2)
Having an unpatches system months later.. fair enough you say it might not be the users fault.. or not fair to blame them. but it's not microsoft's fault.. what more can they do than publish and make available the fix?
Wow. Nice logic. (Score:2)
Many, many people who run the OS have not done *anything, whatsoever* to secure their system out of the box. THey haven't even TRIED.
The presence of this worm is indicative of the average knowledge and aptitude of those running the infected systems... and NOT an indicator of the quality of the OS.
Oh.. I'll agree that it's easier to find information about how to secure unix systems... and the admin generally has a better knowledge of how a new application affects his security.. but in general, this is the case with windows too.
Re:security (Score:2, Informative)
Contrast this with OpenBSD. Their approach is much more pro-active. Regular code audits leads to a more secure codebase. However, if something slips through the cracks, a patch is released. Since OpenBSD is "secure by default" it is a simple matter to determine if the patch applies to your system, becase the administrator must enable services as the need arises.
Both systems can be secured, certainly, but Microsoft's security policy is shit, so I'd rather not have to try and secure a windows box when there are better options available.
Re:security (Score:2)
A simple procedure applied to new systems fixes it up quickly.
Unix systems have traditionally been no different. Certainly, the openbsd distribution ships with nothing enabled. Fine.... but in the hands of someone unskilled, it becomes just as unsecure as anything else if they start enabling services they need without the proper diligence.
I don't dispute that OpenBSD, indeed, most of the free unixes are basically secure out of the box, where windows & IIS and stuff are not.. but that does not mean they are 'hard to secure', it just means you have to actually take some measures to secure it.
Re:security (Score:2)
Well, actually Windows 98 is pretty difficult to secure.
In particular, I would point out the large number of local root exploits.
Re:security (Score:1)
In particular, I would point out the large number of local root exploits.
Uhm... Windows 98 is a local root exploit. With no user permission levels, local roots become meaningless.
More interesting would be the number of remote roots (probably fairly small, as only NetBIOS runs normally IIRC), or remote DOS'es (fairly large, IIRPingOfDeathC).
Re:security (Score:2)
Like, pressing ESC at the login prompt?
Re:security (Score:1)
Win2k is not hard to secure;
Yep, there's this secure switch marked "I/O" right on the box!
Re:security (Score:2)
Sure MS DOS isn't subject to worms or IP spoofing, but that's 'cause it doesn't ship with and IP stack. You may be amazed to hear that my toaster is also secure from Internet attacks! And these days, my toaster is more useful than MS DOS. The hot, buttery toast I'm chewing is testament to that. Why, the last time I saw the DOS command prompt was when I installed Windows 98.
What about Windows 3.1, 95, 98 or ME? They didn't have a very firm grasp on the notion of multiple users. Anyone could read anyone else's files, for crying out loud! That's not secure, that's Swiss cheese. My apologies to the Swiss. I like that cheese.
I've never touched Windows CE. I hear it sucks less now, which is good. I wonder how many IPAQs it would take to run a medium-sized web site? How many would it take to weather the Slashdot effect?
Windows NT, I grant, is far more secure than any MS System. But I shouldn't really mention NT and 2000 separately, since I lumped 95 in the same pile as ME. Even Windows 2000 has a nasty habit of lying to you about certain file extensions. It can also hide files and directories from the administrator.
As for other products, well-- When you say "system", you must mean operating system, 'cause we can't go around comparing Linux to Microsoft Word. That would be silly.
Shall we compare compare Word and Outlook to VI and Mutt?
Wow.. (Score:2)
I'd think most readers would find it obvious what we were discussing. Apparently you need some assistance.
Win2k can't hide anything from the administrator if you set it correctly. Neither will it lie about file extensions if you set them correclty. Neither of those has anything to do with network security, either.
And when I say 'system'.. what the hell did you think I meant? I meant a system involving Microsoft products. You can quabble over the exact definition all you like. NT is a product, so is Windows 2000. NT is also a kernel. Linux is a kernel, and also a product. Blah blah blah..
Overbroad statements (Score:1)
The first statement is way too broad for any sane person to make, so I went on a sarcastic rant to show how silly it was.
And in my opinion, an operating system should never hide anything from the administrator, if the administrator tries to see it. I recently tried to determine what was taking up so much space on a Windows 2000 server. I had to resort to an alternative program, because Windows Explorer hid the Exchange subdirectory from me completely.
I also understand that there are some file extensions that are hidden unless you edit the registry. That's just wrong.
Re:security (Score:1)
Nope, completely different worlds. When I update an app (say, pine for example) on my *nix box, that one app is all that changes. If I switch over to the latest and greatest version of Outlook on a Windows box I have to check to make sure that Windows Scripting Host or IIS hasn't automagically been installed too.
So where is the source code or documentation that tells me that this particular service pack installes completely unrelated software that is installed without even asking me if I want to install it?
Uhm, Code Red was based on an exploit that was how old? There is IMHO a difference in the mindset of *nix admins vs. MSCSEs. *nix admins want to control their boxes, MCSEs just want them to work.
"Anyways, you are precisely right - the best admin is at heart a lazy, worthless bastard who will do anything, script anything, to get out of work." danheskett
Re:security (Score:1)
As every installation needs software, yet it does saidly but thats true. We soon run into problems with the NT enviroment as almost every program assuems that it's running in a Windows 9x enviroment it also assumes that it could write anyware on c:. It dosn't care about looking for the nice multiuser features of NT, I can write to C:\WINDOWS\MyConfig.dat without problems. (or maybe C:\Program Files\MyApp\Config.cfg, this is nice and works in a simple singeluser enviroment or maybe on a trused server looked in a nice server room. But actually we have computers standing on the desktop of users, and some of them may even be used by several persons.
Securing a NT machine produces bugs in software packages as office to be exposed. It take a loot more effort to secure the applications in Windows that in the unix world (most Unix developers are developing where they don't have root access to any disk, that is not the case of windows developers.)
/ Balp
Re:security (Score:2)
Come on People you have to get out and contact those "six pack Joe computer users" you know your non-geek friends and start to teach'em a little bit about security. It the simple stuff they need, like running anti-virus, running a firewall, downloading updates from MS or where-ever and simple Email security. The internet is much more a community than ever before, when one get sick they either need to be quarentined or cure period. All of the silly stuff flying arround makes it harder to see the dangerous stuff.
Some one need to write a MS versoin of top so it easy see average people to see what thier machine are doing. Maybe that way Joe might notice that he has 100 threads of codeRed trying to run in 32K of memory, and a easy way to do something about it.
Re:security (Score:1)
I have to disagree with you here. I also have to disagree with most of the comments in this thread. As far as windows 2K it has come a long way but there are still alot of undocumented holes. But this is not the issue. The problem is that W2K is being marketed as an easy to administer system. I have come across so may system admins who know windows only, but have no clue about security. Clients who purchase windows systems are under the impression that we need not train windows admins or just place the most knowledgable person in the company to create user accounts and reboot. Microsoft is selling a false sense of security in all levels of their marketing. Windows is NOT easy to use (ever have a problem that you know what needs to be corrected but it just doesn't allow you, plug and pray for one). True Windows administrators cost the same as UNIX admins, they only admins who settle are those that are not able to truely administer a system.
I am tired of reading how great windows is. I'd like to experiance it, unfortunately every OS out of Microsoft has easy to use 'WIZARDS' that fail to acomplish simple tasks but make people feel that they have administered the system.
For once, I agree with a paid MS troll. (Score:2)
Win2k is not hard to secure; neither is any other MS system.
OK, I agree all you have to do is remove the modem, network card and keyboard. That is easy, cheap too!
Otherwise, MSJVM, VB and other trash that has full access to your file system as root will trash you. Duh. M$ designed their OS around marketing, so they can shove whatever software they want onto and extract whatever info they want from their users. This is not going to change, ever, and M$ will always be impossible to secure.
Re:For once, I agree with a paid MS troll. (Score:2)
That wasn't a troll. I dispute being called a paid MS troll. I avoid using MS wherever possible, and I dislike them in general.
But having run many, many systems... I'll grant that MS is slightly harder to secure.. in that it's harder to get the information you need.... and that it may not come 'as secure' out of the box....but any sufficiently busy or large server has the same problem. You install software, you have to be aware of what the impact is on the system.
Yes, lots of people are talking about how MS is 'marketed to a different audience'. Or about how the presence of these new 'worms' shows that it's harder to secure... blah blah blah.
To the guy talking about MSDOS and Win98 being 'insecure locally'.. get a grip. That's not the discussion here.
Running windows boxes securely is no harder than running unix boxes securely, I'm sorry. You have to take different factors into account, and you have to get your information from different sources, yes...
And yes, MS policy on publishing patches for exploits might be bad....
But still: blaming home users for not having secure web servers? It's because they were ignorant of how to properly run them, in most cases. Saying that is because it's supposed to be 'easy' to use.. well.. why did the user pick it in the first place?
I've *never* had a problem with any of my boxes.
Re:For once, I agree with a paid MS troll. (Score:1)
That must be because of this:
I avoid using MS wherever possible, and I dislike them in general.
Why would you ever run MS stuff? You must be aware that they continue to ignore basic security requirments such as unprivalidged user accounts, and all of the reprocusions. Surely you would never run a browser that automatically executed code as root? How do you secure such a beast and why would you go to all that effort?
Most Secure Language (Score:2)
This is why you shouldn't use an MS designed languages like VB or C#.
Seriously, I understand what he's saying about C. It allows low level access to a computer's hardware, and can be easily broken at that low level... Thus the need for garbage collection and careful avoidance of Stack-overflow conditions.
On the other hand, we have Java, which trades convenience for security. Sure, it's easy to get started coding in Java, but heaven help you if you want to distribute a Java-based application to everyday (non-hacker) computer users. A webpage is the only medium in which Joe-sixpack is very likely to view any given Java application, giving full-scale Java applications a somewhat more limited potential user base.
Seriously, then, what is the best application and system language in terms of security, power, and convenience?
Re:Most Secure Language (Score:3, Interesting)
Agreed, to an extent. Whenever I see coders beginning to argue about "secure languages" and programming languages that "don't allow" security holes, I have to laugh and recall what Bjarne Stroustrup said about C++'s (and C's) approach to such things.
(I'm quoting from memory.) The "protections" of the C family of languages are meant to prevent accidents, not fraud. Y'all might check out something like libsafe [avayalabs.com], originally from Bell Labs, and released under the LGPL.
Re:Most Secure Language (Score:1)
Re:Most Secure Language (Score:1)
Perhaps a little offtopic, but I'm currently pondering a language where one proves his code correct via logic-code that is written side-by-side with the existing code, with mechanic(compiler)-testing of the proof, verifying it is indeed correct. This ofcourse will not work for all programs, where low-level thread control is required, and proof of correctness is near-impossible, but mostly a side-effect-less style can be used (not completely functional though), allowing high-level control of threading, or sometimes avoiding threading altogether. Achieving 100% compatability with a rather-simple mathamatical specification of a server, guarantees the server will work for all cases and never fail. This is obviously useful for many other software fields.
Re:Most Secure Language (Score:1)
Re:Most Secure Language (Score:1)
Functional languages do NOT mechanically test the proof for correctness.
Re:Most Secure Language (Score:2)
It would be nice if there were more granular control over what operations are deemed insecure. E.g. so you could deem opening a file for reading insecure, or execution of SQL statements in a database.
Re:Most Secure Language (Score:1)
Safe - Compile and execute code in restricted compartments
perldoc Safe for more information on the module-- probably does some of what you outlined above, though I've never used the module personally.
Re:Most Secure Language (Score:1)
Ruby exposes that functionality to the programmer. There are defined $Safe levels that define what actions can happen on "tainted" objects. Additionally, objects have the "taint" and "tainted?" methods which mark an object as tainted, or tells if an object is tainted, respectively.
By either changing the Safe level, or making explicit calls to object.tainted, you can make taint checking as granular as you want.
Re:Most Secure Language (Score:3, Insightful)
Show me a buffer overflow attack on the VB VM. Just one. Attacks on the system? Watch me write "rm -rf $HOME
Re:Most Secure Language (Score:1)
I'm pretty sure you are talking about vbscript, correct me if I'm wrong. A buffer overflow is generally used to elevate privileges on an os. It seems that usually any process you can get to run on a windows machine has the highest privileges available. You dont need to break out of the scripting language if it allows you to act like a nimda worm.
Re:Most Secure Language (Score:1)
GCC compiles Java. Im sure other compilers do too. Dont confuse the language with the virtual machine.
A Java-written program can be distributed in binary format in an rpm, deb, or zip file. We are no longer limited to java applets running in our browsers virtual machines. We no longer limited to running Java applications in a sandbox.
So if you feel that java (the language) protects you from making mistakes, then by all means use it, but dont think you are limited to producing crappy effects on a web page.
But do have a look at Haskell too.
Re:Most Secure Language (Score:1)
Hey check out LimeWire, it's written in Java and joe-six pack probably wouldn't even know!
Buffer Overflows in VB (Score:2)
It was, at least about two years ago. We reported the problem to MS, so it may well be fixed by now. IIRC, by giving a long string to GetHostByName (e.g., working with an e-mail address like "Bob@NoneOfYourDaaaaaaaaaaaaa[lots more "a"s]aaaaamnBeeswax.edu"--I think this was the actual address that did it) you could make it go south for the winter. So far south under Win98 that your screen turned blue. Under NT it just got a belly ache.
It turned out to be a limit of 384 characters or so (don't depend on my memory at this level of detail--I don't), which was easy enough to check for, once we knew about it.
-- MarkusQ
Re:Buffer Overflows in VB (Score:1)
Yeah, but that doesn't look like a buffer overflow in VB, but in Windows and so exploitable from any language that can call Windows APIs.
john
Re:Buffer Overflows in VB (Score:1)
Re:Most Secure Language (Score:1)
Military safety people will tell you "Ada, nothing else". As a professional Ada programmer who has made money out of this attitude, I can tell you Military safety people are wankers.
My current favorite language is Python, because its quick to develop working programs with, and helps you avoid many mistakes. It doesn't really rate as a system language though.
However, if I had a choice and safety was of the utmost importance, I'd have to rate Eiffel as the winner. It's the only language that has "Design by Contract" built in, right down to pre/post conditions and invariants being inherited. The whole librarys are DBC'd, so mistakes are much easier to detect and avoid.
Unfortunately, in any development project, tools and support are more important than the actual language. This is why C wins hands down.
let's not be blind now. (Score:1)
Re:let's not be blind now. (Score:1)
Re:let's not be blind now. (Score:1)
Things are getting better, and the more exploits there are (hopefully) the more people will learn and the less they will take for granted about security.
Slashdotted... (Score:1)
UnderLinux : In a general focus what is more secure Gnu/Linux or OpenBSD ? Or other OS ?
Aleph1 : That is a pointless question without some context. For example, certainly the OpenBSD folks have done an incredible job creating a secure and stable operating system - an effort that should be emulated by others - but the application you are looking to run many not be supported under it. The most secure OS depends on your requirements.
Even with OpenBSD's success the UNIX security model is very simplistic. You can certainly write secure applications - see qmail and postfix for examples - but they require a lot of effort. Linux is interesting because the are so many groups exploring alternative security models: privileges, acls, subdomain, SELinux, etc.
UnderLinux Team.
NT had potential. It has an interesting security model, but the legacy code, insecure defaults, complexity, and lack of security savvy by application programmers used to the Windows and DOS world have left it with a rather bad track record.
You must also take into account how well the people administrating the system knows the technology. You can have the most secure OS but if its misconfigured it will be useless. Conversely, a good admin is capable to hardening a sloppy OS.
UnderLinux: One time surfing on the web I see this phrase : "Wanna defeat hackers..think like a hacker.. work like a security expert". What you think about this ?
Aleph1 : A cliche, but a valid one. When creating defensive security technologies you must test them by attempting to defeat them before others do. Therefore you do not only require a defensive mindset but also an offensive one. Not only that but you must be better and more through than the ones you are defensing from. As a defender you must find and fix all possible avenues of attack. As an attacker you must only find and exploit one.
UnderLinux: Can you tell us something about the book Hackers Exposed ?
Aleph1 : I believe you mean Hacking Exposed. Its a good book. I recommend it. It does a good job at describing the methodology of penetrations. Its a technical book that shows you how to use the tools available for the job. Sadly this means that is likely to become outdated after a while. Luckily the publisher seems to be doing a good job at keeping it up to date. A second edition is out. Nonetheless, the basic techniques it teaches are independent of specific technologies.
UnderLinux : Nowadays what kind of documents and programs cause you more expectative and interest ?
Aleph1:Those that make it difficult for people to shoot themselves in the foot. Security today is to fragile. Take for example buffer overflows. While we can place great efforts into teaching people how to avoid buffer overflows in languages such as C it is likely they will introduce them into their programs anyway. It makes more sense from a security perspective to replace the language with one that makes buffer overflows difficult.
Similarly I am interested in areas that help you encapsulate knowledge about computer security and help users do the right thing instead of letting them guess what is the right thing. For example, configuring a firewall correctly can be quite complicated and the are many nuances. We need to make it easier for folks to configure securely.
UnderLinux: Do you think that problems like spoofing and DDoS will be defeat in the next 10 years ? Can you preview any solution for this problems ?
Aleph1:I believe we'll find and deploy ways to mitigate them but not to do away with them. Denials of service and inherent in any finite system. The Internet architecture has made them even easier by its lack of authentication and resource allocation. In the future we'll have mechanism that make detecting and tracking network based denials of service easier. It's likely that some areas of the Internet will support resource allocation which will minimize some of the DoS effects.
UnderLinux : What suggestions you can give to whom that wanna be a security expert ?
Aleph1:Do a broad survey of the security landscape. They are many areas of interest out there. After you've gained a general understanding of the security world select an area you'd like to specialize in. Repeat ad infinitum. Bonus point of standing back after a while and trying to find ways to fit all the pieces together into a coherent and interoperable whole.
Re:Slashdotted... (Score:1)
This can't be a serious effort without any exploration of Pure capability systems. To me, that is the obvious security model.
Shapiro has done extensive work documenting it, and even proving related stuff (I'm not into the exact details of his proof, but he proved part of his EROS [eros-os.org] design mathematically correct). EROS is a pure capability system, and I hope that in the future, people will utilize it as the obvious security solution.
script to stop this new @!#%#@! bug (Score:2, Interesting)
Have a script that reads the Apache log in realtime. Whenever something gets cmd.exe or XXXX or NNNN or something like that, immediately block all communication with their IP with iptables?
This is getting annoying...
Re:script to stop this new @!#%#@! bug (Score:2)
Comments?
Dave
Or even worse... (Score:1)
Re:script to stop this new @!#%#@! bug (Score:1)
too late? (Score:3, Informative)
Instead, your script would have to be a module or proxy that filters all incoming requests. And stops them before the trouble.
more good security interviews @ antioffline.com (Score:1)
Attrition
Dugsong
Ghetto Hackers
Hackweiser
K2
Lance Spitnzer
Mixter
Obecian
Rain Forest Puppy
ShadowVX
s0ft Project
Technotronic
w00w00
Defeating a single problem (Score:1)
I agree this is true on *nix/Windows-like systems. But what about a system where every piece of code runs with a simple environment allowing it only the minimal privelege it needs? (EROS [eros-os.org])
What about a system that extends this idea further, and makes sure that all code is compiled from a safe language? A system with no buffer overflows or pointer errors/overruns? (Vapour [sourceforge.net])
I believe that a system like EROS would make actual breakins/control of a distant computer practically impossible.
I believe that a system like Vapour would make ANY remote malicious operation practically impossible, if implemented right.
Note that if you break into an EROS system's web server and even if you get some of your code to run on the remote host - the worst you can do is read HTML's and distribute content on port 80 (or whatever ports the server had access to), but nothing else.
You can't really get any mailicious code to remotely run on a Vapour system at all.
True Security IS defeating a single problem - that problem is the *nix fail-open design, and the lack of principle of least privelege. (In terms of security, Windows is a very similar design, both using ACL-type security, of attaching lists of "user"-based access to objects).
Re:Defeating a single problem (Score:1)
If you break into a unix or Windows webserver - you have access to network sockets. You have access to the file systems. You have access to communicate with other processes. You have far more access than the webserver really needs. You can use this access to control the machine, and you can use this access to gain control of other processes.
This is practically impossible in a pure capability system - where the webserver merely has access to read HTML's, get timer ticks, write to the system logger, and write to port 80. Break into the webserver - and you can corrupt the site's website. Break into any other process - and you get the little access that process required.
In Vapour - you cannot buffer overflow the processes. You cannot generate any pointer/buffer-errors. There is nothing you can do to maliciously touch memory/code in any way not explicitly expressed by source. I would say this means loss of all hope of ever breaking into Vapour.
These systems are not just better-implemented *nix boxen, they are fundamentally different.
Re:EROS? Vapour? Solutions without a problem? (Score:2, Informative)
You are missing the point. Sure there are tricks and trickery to make your webserver limit access to things, but there are fundumental problems in the *nix approach to such limitations:
A) You trust the webserver to correctly limit access (fail-open), whereas in EROS you only give the webserver the access it requires (a capability to the specific port/etc).
Even if the webserver is malicious, in EROS its not a problem.
EROS does NOT require a superuser or has such fail-open facility.
B) In *nix boxen, the restrictions are placed and implemented as a chains of if-conditionals (ACL-type security), which are very error-prone (as we all know by reading bugtraq) and very hard to debug, and about 15 if's in a chain are required if you want to get close to correspondence to the principle of least privelege. In EROS, keys identifying objects and the rights to access them are held by processes, and a single test is required for every activation of a facility (if(key-is-valid)
This is because a web server has to have access to sockets...or how would it communicate via a network? Of course, from what you say EROS has the capability to restrict access to communication facilities. Of coure, it is possible for a webserver to drop root priviliedges after binging to port 80. At this point it is restricted to accessing only those sockets which ALL applications/processes have access to. EROS may be able to go further and explicitly allow access to individual sockets, but that may be a disdavantage
In EROS/Vapour/pure cap. systems, each process has a pool of capabilities it can use. A capability is a reference to an object, that allows accessing this object. The only test for an operation's execution is that the capability to operate it is valid. This is very safe, and can be mathematically proven. Try to mathematically prove *nix boxen if-conditional chains.
And none of these systems are proven as the original AC commenter was trying to suggest. While some things are proveable secure (as in theory can show that it is secure e.g. some encryption algorithms), sometimes the IMPLEMENTATION is flawed. Now since these systems were written by people in academia and are not in widespread use, no one knows how well implemented they are, even if there are SECURE CONCEPTUALLY.
These systems are so much simpler, that implementing them correctly is much much easier.
Making flaws in the security implementation of capability protection is much more difficult than flaws in the if-chains of *nix, and even if the implementation is flawed, it shall be fixed in a constant amount of time, as the security system is of a small constant size (the code implementing capabilities, that is), whereas in *nix, security is an ever-lasting huge pile of code that grows with the rest of the code, with new if-chains written for every new piece of code.
One question I DO have is this: how does EROS have such fine grained control over EVERY SINGLE thing a process may do WITHOUT lots and lots of overhead? With thousands of processes in a system, ACLs could potentially grow to enormous sizes and incur long delays while verify that the process has access to certain priviledges. Nothing is for free. This is why the UNIX model is simplistic: because security cannot make the system unusable. If the system is too SLOW there is no point in having it at all. Getting rid of said system would be the ultimate security: nothing to break into...but would there be a point?
This is exactly what you're missing! EROS does NOT use ACL's. ACL's are what EROS is fighting against and trying to replace. EROS uses the capability model, which is of HIGHER performance, of mathamatically provable security, AND much more flexibility!
And what about systems more archaic like: OS/390, OS/400, VMS? Don't they have the same ACL stuff as EROS (wasn't EROS designed as an improvement with os/390 in mind)?
NO. Eros does NOT use ACL's. ACL's are the root of all security problems.
This is about as bogus as it gets .... (Score:1)
Apparently Aleph1 never heard of lint, bounds checker, and the like. Changing languages to make your apps more secure just shows your not much of a programmer to begin with. The right tool for the right job. C is often the right tool. Whether you shoot yourself in the foot with a Smith & Wesson or C, don't complain about the quality of the gun. Next time, stop pointing at your foot and you will be fine.
Re:This is about as bogus as it gets .... (Score:2)
I think Aleph1's approach is a bit more sound. Your approach preaches that all programmers should collectively change their [bad] programming habits and methods. While I agree with you that it's the "best" solution, I have to remind you and anyone else in your camp that it's also the least likely to occur.
IMO, improvements in gcc that help compensate for such buffer overflows (read: improvements in the compiler/language) would go a lot further in clearing up all of these problems.
Again, asking the world to change their methods is about as likely as asking the world to stop smoking cigarettes. The useless slobs ALREADY KNOW it's bad for them and all those around them. They simply do no care.
Re:This is about as bogus as it gets .... (Score:1)
"I think Aleph1's approach is a bit more sound. Your approach preaches that all programmers should collectively change their [bad] programming habits and methods. While I agree with you that it's the "best" solution, I have to remind you and anyone else in your camp that it's also the least likely to occur."
Of course your assumption is that everyone who is programming should be. The truth is only about 20% of those who program are competant enough to create commercial quality, secure apps. Those are the people 'in my camp.' Let the rest eat cake, seriously.
"Again, asking the world to change their methods is about as likely as asking the world to stop smoking cigarettes. The useless slobs ALREADY KNOW it's bad for them and all those around them. They simply do no care. "
And as a smoker, I hope you know what you are talking about elsewhere, because you have no clue what you are talking about here. This "lazy slob" is like most other smokers
*nix admins are different (Score:3, Insightful)
I just wonder what is different about the training of *nix admins that makes them recognize that vigilance must be eternal, while the admins of other OSes seem to assume everything will go right when that is clearly not the case.
Dave
Re:*nix admins are different (Score:1)
Re:*nix admins are different (Score:2, Interesting)
Re:*nix admins are different (Score:2)
Re:*nix admins are different (Score:1)
> of *nix admins
They need to learn a lot to get a Unix system going well. They are forced to read documentation. In that documentation, the author has a chance to tell the admin about security and its importance.
Aleph1.... (Score:1)
Elias Levy? Eliphas Levi? (Score:1)
From H.P. Lovecraft's "The Case of Charles Dexter Ward":
Eliphas Levi? Elias Levy? The name is just too similar, sounds like someone who came back from Beyond ye Spheres as his own grandson or something. I bet this Levy guy is over 300 years old.
Hacking Exposed & hacking methodology (Score:2)
Re:Hacking Exposed & hacking methodology (Score:1)
He's rich, but he isn't that rich.
Kiwaiti
Major Linux Distro Comparison? (Score:1)
Programmers vs. sysadmins. (Score:1)
"Conversely, a good admin is capable to hardening a sloppy OS."
while
"...we can place great efforts into teaching people how to avoid buffer overflows in languages such as C it is likely they
will introduce them into their programs" anyway.
Re:yup (Score:1, Interesting)
I've heard this before and really don't understand it, so I'll take this opportunity to maybe get some clarification.
Maybe it comes down to the definition of desktop... I'm not sure, but I use SCO Unix at work (on my desktop, not on the floor) and a Unix like OS at home (linux), also on my desktop. I've tried using Windows(R)(TM)(C)(!GNU) many times but I always end up frustrated. Surely an OS should be chosen with what you want to do with it in mind, rather than a definition like desktop OS, whether it's on your desk or your fridge or on the floor, or in your ceiling... makes no difference.
As long as you're on a tirade... (Score:1)
There aren't exactly any corporate-agnostic mailing lists out there with quite the distribution of Bugtraq. From my posts to Bugtraq (granted, nothing to do with any "powerful, monied" companies' software), there was a minimal lag-time.