Post #259,802
6/23/06 2:26:01 PM
|
It's contagious
The real computer security problem is a lack of persuasive authentication. If the Internet allowed default authentication and accountability for every packet and every program, from source to destination, hacking and malware would stop overnight. In a better world, if someone sent me a malicious program, I could track it back not only who sent the program to me, but who sent the program to them, and so on \ufffd back to the original creator, with nearly 100 percent certainty. Hacking would cease to exist. So the only reason we have hacking is because we don't know who's behind it? Tell that to the anti-spam company that just got shut down by spammers because they were too effective. Anyone who wants to know who's behind this shit can find out if they really want to. The problem is that law enforcement doesn't care. And when they do care, they quickly reach the end of their jurisdictional leashes and throw their hands up. But let's say the problem really is that we don't know who's sending what. (Which it's not.) How might we "solve" that? It all starts with trusted hardware components, to prevent software from manipulating and invalidating the trust routines situated in the hardware. Currently, many hardware and CPU vendors are building TPM (trusted platform module) chips onto the motherboard. Linux and Microsoft are already starting to use the chips; enterprise versions of Windows Vista will use the TPM chips to store encryption keys that lock up the hard drive prior to booting to prevent boot-around attacks.
Once the hardware is secure, vendors can build trusted and authenticated operating systems that rely on the trusted hardware. Then application vendors can rely on the OS for trust and allow people to send trusted data content back and forth to each other. First problem: If I write my own software, how do I get the hardware to recognize it as trusted? If I can't, then I can't write my own software. If I can, then so can the bad guys. Second problem: The bad guys have money. They can use that money to acquire hardware that doesn't have these chips on it, or that have chips that are open to them. You might knock out the script kiddies, but studies are showing lots (most) of the traffic is from a few well-funded sources. In the future, it is highly likely that the Internet Version 2 will require default authentication on all messages, from source to destination. For example, in order for your e-mail server to send an e-mail to my e-mail server, it must authenticate to my e-mail server first. Your e-mail server will authenticate that your e-mail came from you and that you meant to send it. Your operating system will ensure that your e-mail client isn\ufffdt being controlled by a worm or spybot. Wow. They've got a chip that can read minds and/or perform incredible feats of artificial intelligence. They must be using that new 500GHz chip from IBM. For hackers to attack the trusted Internet, they will need to compromise the persuasive authentication mechanisms. And they will, because humans will code the authentication mechanisms and we are imperfect. But we will be able to install one patch and immediately remove that attack threat -- which is the opposite of what we do now. Today, we cure one symptom while ignoring the underlying disease. And when the flaw is in the hardware? Oh shit, I guess we can't just patch it. Unless you can install a patch that circumvents the output from the hardware. But this whole house of cards is based on the idea that you can't circumvent the "opinion" of the hardware. And even if it is a flaw in software, wouldn't the first goal of this system be self-protection? Users shouldn't be able to update the TCP software. The solution to our security problems isn\ufffdt a particular product or vendor, but persuasive authentication, which will probably only happen after multiple catastrophic e-commerce events and forced government regulation. We know what the fix is, but we are reactive sheep, waiting to be forced to the real solution. Or we could prosecute the people making money off the crap. Oh, and let's not forget the other "real" solution: Stop using Microsoft products. They're insecure by design. You don't need to lock up the hardware to fix that. And if you locked up the hardware but not the software it wouldn't really matter, would it? ===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #259,815
6/23/06 5:01:11 PM
|
Trusted applications
First problem: If I write my own software, how do I get the hardware to recognize it as trusted? If I can't, then I can't write my own software. If I can, then so can the bad guys. Technically, that's not a problem, or at least for the application layer. Application writers can submit their software to operating system vendors, who then verify it and use a secret hash algorithm to verify it at run-time. It'll be slow and costly but it will be trustable. Might be too expensive for niche and bespoke applications but it does lock out the bad guys. As for trust of the OS vendor: fortunately, such vendors maintain a strict, Chinese wall between OS and application divisions, do not copy then destroy products that might undermine their monopoly, do not insert odd code to generate spurious error messages and do not subvert system protocols to be incompatible with rival OSes. We can be certain they would not deliberately delay, needlessly query or create spurious rejection reasons. I see no technical problem at all. Matthew Greet
Choose Life. Choose a job. Choose a career. Choose a family. Choose a fucking big television, choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol, and dental insurance. Choose fixed interest mortgage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace yourself. Choose your future. Choose life... But why would I want to do a thing like that? I chose not to choose life. I chose somethin' else. And the reasons? There are no reasons. Who needs reasons when you've got heroin?
- Mark Renton, Trainspotting.
|
Post #259,816
6/23/06 5:04:23 PM
|
For about five seconds ...
... I was thinking, "What the fuck have you been smoking?" Then you got more obvious.
I still think the biggest problem is that the only way this system can possibly work is if all the pieces work flawlessly, and none of the "good guys" are intentionally subverting the system for their own aims.
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #259,818
6/23/06 5:41:33 PM
|
Companies sticking to standards: SQL anyone?
Matthew Greet
Choose Life. Choose a job. Choose a career. Choose a family. Choose a fucking big television, choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol, and dental insurance. Choose fixed interest mortgage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace yourself. Choose your future. Choose life... But why would I want to do a thing like that? I chose not to choose life. I chose somethin' else. And the reasons? There are no reasons. Who needs reasons when you've got heroin?
- Mark Renton, Trainspotting.
|
Post #259,819
6/23/06 5:41:38 PM
6/23/06 5:42:24 PM
|
DPM
Matthew Greet
Choose Life. Choose a job. Choose a career. Choose a family. Choose a fucking big television, choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol, and dental insurance. Choose fixed interest mortgage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace yourself. Choose your future. Choose life... But why would I want to do a thing like that? I chose not to choose life. I chose somethin' else. And the reasons? There are no reasons. Who needs reasons when you've got heroin?
- Mark Renton, Trainspotting.
Edited by warmachine
June 23, 2006, 05:42:24 PM EDT
|
Post #259,825
6/23/06 6:41:04 PM
|
You see no technical problem because you're an idiot
Suppose that I write a program whose job, when executed, is to emulate running other programs. If the hardware trusts my program, then anyone who wants can write programs on top of it.
Seems like a strange thing to do, huh? Easy enough to avoid it, let's just ban such programs.
Congratulations, you've just banned Java, Perl, .NET, Python, PHP, JavaScript, Smalltalk, Lisp, etc, etc, etc.
Incidentally the idea that application writers have to submit their software to operating system vendors is laughable. No intelligent company wants to do that. Competitors of said vendors might as well shoot themselves in the head, it will be marginally faster and substantially less painful. Normal companies don't want the development overhead and will be understandably unhappy about having to submit their code for third party inspections.
I'm with Drew. What are you smoking, and would you mind shipping a good supply to Mr Patient's house by next Friday?
Regards,
Ben
The great masses of people ... will more easily fall victims to a big lie than to a small one. -- Adolf Hitler
|
Post #259,830
6/23/06 6:59:00 PM
|
Your sarcasm detector is broken.
|
Post #259,831
6/23/06 7:02:36 PM
|
D'oh
The great masses of people ... will more easily fall victims to a big lie than to a small one. -- Adolf Hitler
|
Post #259,834
6/23/06 7:06:52 PM
|
Severely.
Especially since Drew talked about the sarcasm in his post.
*boggle* :-)
Regards,
-scott anderson
"Welcome to Rivendell, Mr. Anderson..."
|
Post #259,838
6/23/06 7:29:41 PM
|
I'm tired. It happens.
The great masses of people ... will more easily fall victims to a big lie than to a small one. -- Adolf Hitler
|
Post #259,841
6/23/06 8:04:47 PM
6/24/06 7:04:35 AM
|
Emulators and SDKs only run trusted, signed code...
except on developer versions of the OS. Non-developer OSes won't talk to developer OSes. Except for specific, license activations of the developer OS by the vendor servers. And no self-signing by anyone.
To prevent hackers changing code and fooling hash signature detectors, the hash algorithm must be secret. Therefore, OSes don't share hash algorithms. Portable, Java code, for example, must be submitted to the vendor of each OS it might run on. That includes the libraries you're using.
I can see a pool of trusted, code inspection companies, which notify all the vendors. To avoid the potential scandals of application writers paying their inspectors, the vendors must pay them. To avoid OS vendors stealing from the system by watching what other application vendors sign, all vendors must pay. To avoid the smaller OS vendors subsidizing the larger ones, the payment is in proportion to the number of deployed, signed programs on each OS. The products of payers will refuse to talk the products of non-payers. And for anti-terrorism purposes, code inspectors must be vetted by any country's secret service that cares.
Independent code inspectors avoids the danger of larger OS vendors delaying inspection to damage other companies. An OS vendor can withold all payments if they believe the code inspector is being lax and allowing unstable or malicious junk. After all, it is their reputation on the line as they're signing the software. With OS competition, the cash flow of inspectors should survive one vendor witholding payment. In the event of a dispute, it goes to court under contract laws.
As I said before, I see no technical problems.
Matthew Greet
Choose Life. Choose a job. Choose a career. Choose a family. Choose a fucking big television, choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol, and dental insurance. Choose fixed interest mortgage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace yourself. Choose your future. Choose life... But why would I want to do a thing like that? I chose not to choose life. I chose somethin' else. And the reasons? There are no reasons. Who needs reasons when you've got heroin?
- Mark Renton, Trainspotting.
Edited by warmachine
June 24, 2006, 07:04:35 AM EDT
|
Post #259,846
6/23/06 8:49:29 PM
|
He wasn't being sarcastic!
He was being stupid.
So you've just decided to destroy all home brew software.
All of it.
|
Post #259,847
6/23/06 8:56:49 PM
|
He was too!
|
Post #259,848
6/23/06 9:00:30 PM
|
He's doing it very deadpan if he is
|
Post #259,849
6/23/06 9:04:08 PM
|
Well, Duh.
|
Post #259,851
6/23/06 9:43:47 PM
|
Peter's right. Americans don't get sarcasm.
He was being VERY sarcastic and very dry. But obviously so in my opinion.
Regards,
-scott anderson
"Welcome to Rivendell, Mr. Anderson..."
|
Post #259,865
6/23/06 10:17:30 PM
|
So we need a sarcasm compiler
Which would be cool.
-----------------------------------------
Impeach Bush. Impeach Cheney. Do it now.
|
Post #259,872
6/23/06 10:28:12 PM
|
ICLRPD (new thread)
Created as new thread #259871 titled [link|/forums/render/content/show?contentid=259871|ICLRPD]
Smile,
Amy
[link|http://kevan.org/brain.cgi?Amy%20Rathman|Pics of the Family]
|
Post #260,287
6/28/06 2:24:53 PM
|
And, of course, you'll submit it to the OS vendor...
jb4
"So don't pay attention to the approval ratings that say 68% of Americans disapprove of the job this man is doing. I ask you this, does that not also logically mean that 68% approve of the job he's not doing? Think about it. I haven't."
— Stephen Colbert, at the White House Correspondent's Dinner 29Apr06
|
Post #259,894
6/24/06 6:44:19 AM
|
Course I was being sarcastic!
I stated that there are no technical problems right after describing a logistical, commercial and political nightmare scenario. How can anyone possibly think that this is a viable solution, let alone think that I meant it? Is this not 'Run! Get out while you can!' material (accepting that it can never happen)?
That reminds me - I need to add a bit more about how OS vendors won't subvert the process.
Matthew Greet
Choose Life. Choose a job. Choose a career. Choose a family. Choose a fucking big television, choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol, and dental insurance. Choose fixed interest mortgage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace yourself. Choose your future. Choose life... But why would I want to do a thing like that? I chose not to choose life. I chose somethin' else. And the reasons? There are no reasons. Who needs reasons when you've got heroin?
- Mark Renton, Trainspotting.
|
Post #259,895
6/24/06 6:48:50 AM
|
Don't forget Homeland Security.
|
Post #259,896
6/24/06 7:05:59 AM
|
Send it to InfoWorld when you're done.
|
Post #259,897
6/24/06 7:09:56 AM
|
No thanks. Anyone is free to steal my scenario.
Matthew Greet
Choose Life. Choose a job. Choose a career. Choose a family. Choose a fucking big television, choose washing machines, cars, compact disc players and electrical tin openers. Choose good health, low cholesterol, and dental insurance. Choose fixed interest mortgage repayments. Choose a starter home. Choose your friends. Choose leisurewear and matching luggage. Choose DIY and wondering who the fuck you are on a Sunday morning. Choose sitting on that couch watching mind-numbing, spirit-crushing game shows, stuffing fucking junk food into your mouth. Choose rotting away at the end of it all, pishing your last in a miserable home, nothing more than an embarrassment to the selfish, fucked up brats you spawned to replace yourself. Choose your future. Choose life... But why would I want to do a thing like that? I chose not to choose life. I chose somethin' else. And the reasons? There are no reasons. Who needs reasons when you've got heroin?
- Mark Renton, Trainspotting.
|
Post #260,020
6/26/06 10:34:03 AM
|
Now you *are* smoking something
How can anyone possibly think that this is a viable solution, let alone think that I meant it? Ever since the government started treating 1984 as a playbook instead of a warning, I think we lost any chance to believe "no one could think X is viable". ===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #260,022
6/26/06 10:50:09 AM
|
"Surprise Attack" covered this.
[link|http://times.discovery.com/tvlistings/episode.jsp?episode=1&cpi=109122&gid=0&channel=DTC|Why Intelligence Fails: Suprise Attack] on the Discovery Channel. The biggest reasons why it fails are: 1) Refusal to consider new threats, and 2) Hubris.
"Japan won't attack us, because ..." "Egypt won't attack us, because ..." "Bin Laden won't use airplanes to attack us, because ..."
Cheeers,
Scott.
|
Post #260,023
6/26/06 11:02:18 AM
|
Time to rename CIA to CDA
You don't gather intelligence, you gather data. You use intelligence to analyze the data and decide what to do with it. (Okay, you should do that.) To talk about "the latest intelligence on Iraqi weapons capabilities" makes no sense.
Now that I've thought about this some -- I noticed it a while ago, but didn't attach too much significance -- I'm probably going to notice how badly it skews our interpretation of public statements from those in the "intelligence community".
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #259,844
6/23/06 8:44:30 PM
|
Make it part of the compile process.
|
Post #259,861
6/23/06 10:08:54 PM
|
Like what Kernigan did with his self fixing compiler?
That'd be a good one.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwetheyFreedom is not FREE. Yeah, but 10s of Trillions of US Dollars? SELECT * FROM scog WHERE ethics > 0;
0 rows returned.
|
Post #259,873
6/23/06 10:34:40 PM
|
Nope
It would have to submit the code to the approving authority before allowing the next step. Give 6 months for security review before continuing.
|
Post #259,878
6/23/06 10:48:56 PM
|
Wonderful idea!
Who wanted short code-compile-run-debug cycles during development anyways?
Cheers,
Ben
The great masses of people ... will more easily fall victims to a big lie than to a small one. -- Adolf Hitler
|
Post #259,890
6/24/06 4:04:44 AM
|
<muntz>Ha ha</muntz>
Peter
[link|http://www.no2id.net/|Don't Let The Terrorists Win]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
[link|http://kevan.org/brain.cgi?pwhysall|A better terminal emulator]
|
