| |||
| bsd | dude, where's my code? | ||
| code | hacking for the masses | ||
| contact | solo sex does not qualify as reaching out and touching someone | ||
| gnu | what it means to be free | ||
| history | what state of mental health? | ||
| microsoft | on the lack of innovation | ||
| mrt | get out of school, do drugs, don't drink milk | ||
| phil | an ode to my favorite groundhog | ||
| religion | i am write and you are wrong | ||
| schismtracker | what makes good software great | ||
| secure | tightrope walking without a net | ||
( home : secure ) do you like this page? yes (0%) / no (0%)
THE SECURITY MANTRA
Security is achieved only through the following six steps
- ``i am not secure, but i want to be.''
- ``ignorance will not make me more secure''
- ``no product available will make me completely secure''
- ``if i cannot understand the entirety of my system, i can make no claims to it's security''
- ``just because knowledge is denied, does not mean that knowledge is protected.''
- ``i am not secure, but i want to be.''
who contradicts the above mantra is selling the proverbial ``snake oil'' and should not be trusted on principal.
- Microsoft.com - It's time to end Information Anarchy
- Microsoft's terms of use prohibit me from mirroring this content. Please make sure to save your own copy.
If anyone finds a flippant company-statement contradicting the above mantra, please contact me, and i'll post it here.
System administrators have a very tough job: They must constantly be aware of the above mantra. I know many admins that go through the motions, but don't understand what these steps truly mean: since no product is completely secure, you are not secure. if you claim you don't want to be, tack photocopies of your creditcard wherever you can.
Everyone wants to pretend that they are secure, or rather: secure enough.
Ignorance is no excuse. If you kill someone, no matter what country you live in, you can never use the defense: ``I didn't know murder was illegal here!''
The same applies to security. If you don't know how it works, how CAN it be secure? You reverse-engineer it to make absolutely certain. If you can't do this, or would prefer to see the code, then go get code. The open-source community should promote the infinitely greater security of open-source software when compared to ANY proprietary and closed counterpart.
Of course, having the source code available does not increase the security of it, nor does it decrease the bugs in it. But it does improve your trust in it, which I'll go into in a few minutes.
There is no 100% security. Even locking your server inside a fireproof safe, powered down, dropped into the grand-canyon, filled with cement isn't secure. Who knows? there could be a device that strips data right off your hard-drive while it's off. (and why not? TEMPEST can do nasties that people didn't think was economically feasable...)
Finally, you must never RESELL snake oil. If you don't know it's secure, by no means should you bluff. Security is a very serious thing, and I believe that anyone that lies about security should be considered a criminal.
- Microsoft has repetedly stated and boasted it's alleged "security" -- recently they refer to this as trustworthiness. Microsoft is neither. Perhaps it is because they are an illegal monopoly that so many people have bore scrutiny into reverse engineering and hacking at Microsoft products. Or perhaps they actually employ unintelligent programmers. Remember that the more someone says "trust me", the more rigid those hairs on the back of your neck should become. Make them prove it - not with a track record, but with math.
- Recently, Some Company announced "unbreakable" encryption, and was willing to guarantee 100% security. Remember that crypto does not equal security BECAUSE crypto is a tool- not a product. For the record, their claim is impossible and unsubstantiated. Ignore any company that will give you a percentage on security.
These simple notes are all intuitive, and you say: ``This makes sense. Why are you even telling us about it?''
However, despite how I intuit a problem, this problem does NOT make sense, because systems continue to be insecure, and other pople (usually owners or administrators) continue to ask why.
EVIL SOFTWARE DOES EXIST
For the technically minded, I have outlined the top five insecure things.
- any product, by any company that slanders the security of another company
- sendmail, and anything written by ISC (bind, dhcpd, etc)
- almost anything setuid root
- almost anything closed-source or "secret" technology
- anything RUNNING on windows
That first one really scares me, because it means one of two things: One, they divide their technical resources between finding bugs in their competition, NOT FIXING THEM, and looking for bugs in their own, or: Two, they don't have the resources to solve the bugs in their own software, so they're doing the marketing push.
Oddly enough, DJB would seem to badmouth other peoples' software, AND his software has never had a security-related problem. So after writing excellent code, he can go off and help others find bugs. I find DJB an extreme third case, and I do not know any others...
Sendmail has more bugs than any other piece of software that I am aware of (excluding Windows). The ISC has been known to charge for bugfixes (including security-related ones). setuid-root applications run in a very dangerous environment: and yet, people tend to not take them very seriously...
on the subject of setuid: why is [setuid] worse than a long-running process running as root? the simple answer is that it's FAR EASIER to fix bugs in your own code than it is to fix bugs in other peoples code. setuid programs can be exploited EVEN IF THERE IS NO BUG IN YOUR OWN CODE; the C library, the resolver, and anything else bound to the setuid executable could have bugs in them, and very well could be exploited
TRUST
Trust is very important in software. It's actually important any time security is mentioned. Encryption only makes it difficult for two anonymous participants to be eavsedropped on without changing the communication. trust makes it possible to believe you are talking to the participant that you believe.
Trust does NOT mean secure: only non-malicious. Microsoft delivers many packages via Authenticode - but this does not make authenticode safe, nor does it mean their software is safe. All it means is that these bugs came direct from Microsoft.
CONCLUSION
my ongoing search will end when i am dead. i urge you to urge others to take a similar stance. Security is more important than Identity, or Anonymity. Whether your government is communist, socialist, or just plain pissed: their job is to make your life secure. Make certain that they are doing it.
⠄⠵