Hal Flynn, 2003-10-15
The open-source community should abandon its piecemeal approach to securing Linux-- and soon.
Colapse all |
Post comment
A series of misconceptions
2003-10-16
Anonymous (1 replies)
Anonymous (1 replies)
You've added more misconceptions
2003-10-16
Anonymous (2 replies)
Anonymous (2 replies)
One of the key features of a "Trusted" OS is _not_ digitally signed binaries. Do some research. Trusted is a designation that generally relates to the TCSEC (Orange Book) levels of B1 or higher, which require mandatory access control (MAC). Apart from MAC, other trusted-type OS's have role-based a...
[ more ] [ reply ]
[ more ] [ reply ]
You've added more misconceptions
2003-10-17
Anonymous
Anonymous
You're both right. One of the purposes "Trusted Computing Group" is to implement digital rights management. "Trusted Computing" in this sense is misleading because it is not referring (at least not strictly) to a trusted OS such as those defined by DoD standards which have nothing to do with digita...
[ more ] [ reply ]
[ more ] [ reply ]
Looking like donkey's
2003-10-16
Anonymous (3 replies)
Anonymous (3 replies)
There could be a better way to patch things, MS's example is not an improvement.
The "Trustworth" model is a PR gimic. Nor has using the "Trustworthy" model enabled MS to avoid looking like donkeys. Nor has it stoped hacks.
Try compairing the publicity statments to the actions of the company ...
[ more ] [ reply ]
The "Trustworth" model is a PR gimic. Nor has using the "Trustworthy" model enabled MS to avoid looking like donkeys. Nor has it stoped hacks.
Try compairing the publicity statments to the actions of the company ...
[ more ] [ reply ]
Looking like donkey's
2003-10-16
Anonymous (1 replies)
Anonymous (1 replies)
Donkey's evolved so do operating systems...
Natural selection will eventually lead us back to Vax/VMS & just as Donkeys in time will return to being horses..
...
[ more ] [ reply ]
Natural selection will eventually lead us back to Vax/VMS & just as Donkeys in time will return to being horses..
...
[ more ] [ reply ]
Looking like donkey's
2003-10-20
Anonymous (2 replies)
Anonymous (2 replies)
Uhm.. no. A donkey can't return to being a horse when the offspring between a horse and a donkey creates a sterile mule. Not to mention, I only know of 1-2 places still using VMS/VAX machines, and they're desperately trying to phase them out....
[ more ] [ reply ]
[ more ] [ reply ]
Looking like donkey's
2003-10-22
Darwin
Darwin
MMmm yes...
Donkeys evolved from horses, in response to poorer enviromental conditions. Natural selection pure and simple.. Thus as conditions improve (as they are now) natural selection will move back to the better design and solution .... The horse or as in the computing world the stallion tha...
[ more ] [ reply ]
Donkeys evolved from horses, in response to poorer enviromental conditions. Natural selection pure and simple.. Thus as conditions improve (as they are now) natural selection will move back to the better design and solution .... The horse or as in the computing world the stallion tha...
[ more ] [ reply ]
Looking like donkey's
2003-10-25
Another Hobbit
Another Hobbit
Maybe that is why we should retain it. Most of the crackers will hit it and won't even know where to begin! But then again, Kevin Mitnick should be able to touch a keyboard again one of these days. Maybe it will have evolved so much in the interim he won't be able to do much with it any more... Tee-...
[ more ] [ reply ]
[ more ] [ reply ]
Looking like donkey's or a horse's
2003-10-16
Axe-2-Grind
Axe-2-Grind
To go even further, using the "trustworthy" evironment in a unix/linux world opens yourself to generic use faults. Example: How many of us actually stick to default load without injecting our own brand of changes. Therefore, "trustworthy" would only apply to crashes you can trust to happen. Been...
[ more ] [ reply ]
[ more ] [ reply ]
Looking like donkey's
2003-10-27
Anonymous
Anonymous
Nothing is a 100% secure. Even hardware solutions. Microsoft should know. For example the xbox is being hacked in public.
Microsoft, Intel, Compaq and the other companies involved in Palladium wil look like donkeys if they want to or not. Simpely cause their engineers are human (All tho some mit...
[ more ] [ reply ]
Microsoft, Intel, Compaq and the other companies involved in Palladium wil look like donkeys if they want to or not. Simpely cause their engineers are human (All tho some mit...
[ more ] [ reply ]
Too Many Hacks
2003-10-16
Anonymous (3 replies)
Anonymous (3 replies)
What the heck did any of this have to do with Open Source?!?
I see the same piecemeal methods used by closed source products as well. Simply because you can rattle off a couple of known holes in the architecture does not mean that the same does not exist in proprietary code. In fact, we know th...
[ more ] [ reply ]
I see the same piecemeal methods used by closed source products as well. Simply because you can rattle off a couple of known holes in the architecture does not mean that the same does not exist in proprietary code. In fact, we know th...
[ more ] [ reply ]
Thanks Anonymous
2003-10-16
Axe-2-Grind
Axe-2-Grind
why complain that this article had nothing to do with open source, when that was your only issue with the post.
Please don't use others columns as a rant against security focus, it just makes you look small.
Good thing you didn't sign that post. You are very dissapointing. Why bother complai...
[ more ] [ reply ]
Please don't use others columns as a rant against security focus, it just makes you look small.
Good thing you didn't sign that post. You are very dissapointing. Why bother complai...
[ more ] [ reply ]
misinformation
2003-10-16
Kelly Martin
Kelly Martin
Anonymous, in the past few days there have been two new Infocus Feature articles, two Guest Feature articles, two Columns, and a news story by Kevin published... in additional to regular news by The Register which has a content sharing deal with our site. Last week's content was quite similar, inclu...
[ more ] [ reply ]
[ more ] [ reply ]
New Editorial Direction for SF?
2003-10-16
Al Franken (1 replies)
Al Franken (1 replies)
New Editorial Direction for SF?
2003-10-16
Anonymous (3 replies)
Anonymous (3 replies)
You took the words right out of my mouth, Al.
Several years ago there were so many good security sites of one sort or another, but now most of them are gone or, worse yet, done like hackernews->@stake. It's getting to be like turning on the radio and finding nothing but 20 Clearchannel stations....
[ more ] [ reply ]
Several years ago there were so many good security sites of one sort or another, but now most of them are gone or, worse yet, done like hackernews->@stake. It's getting to be like turning on the radio and finding nothing but 20 Clearchannel stations....
[ more ] [ reply ]
Shatter
2003-10-17
Anonymous (1 replies)
Anonymous (1 replies)
No, they haven't rewritten Windows. They've said, "Don't let privilaged applications interact with the desktop." Which is reasonably sensible. They've also started patching the buggy controls piecemeal, but that's going to be a long process...
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Shatter
2003-10-17
Anonymous (1 replies)
Anonymous (1 replies)
New Editorial Direction for SF?
2003-10-18
Anonymous (1 replies)
Anonymous (1 replies)
P.S. -- Has Microsoft rewritten Windows to fix the "shatter" vulnerability yet, after 18 years? I thought not...
Yes, they have
http://archives.neohapsis.com/archives/sf/ms/2002-q4/0054.ht
ml...
[ more ] [ reply ]
Yes, they have
http://archives.neohapsis.com/archives/sf/ms/2002-q4/0054.ht
ml...
[ more ] [ reply ]
New Editorial Direction for SF?
2003-10-20
Anonymous (1 replies)
Anonymous (1 replies)
"P.S. -- Has Microsoft rewritten Windows to fix the "shatter" vulnerability yet, after 18 years? I thought not..."
Who cares? Has it been exploited yet? I never hear anything about it. Can it be exploited remotely? Probably not.
Stop making a big deal out of something this trivial....
[ more ] [ reply ]
Who cares? Has it been exploited yet? I never hear anything about it. Can it be exploited remotely? Probably not.
Stop making a big deal out of something this trivial....
[ more ] [ reply ]
Evolution, a necessary evil
2003-10-16
Axe-2-Grind (1 replies)
Axe-2-Grind (1 replies)
First, before I go on, as usual, I must make a totally useless statement. That is, doesn't Hal's picture here look remarkably like a "24" ID photo of Keifer Sutherland? IF that is his REAL name......
but anyway....
What Hal is pointing out, basically, is that evolution rules our ever changin...
[ more ] [ reply ]
but anyway....
What Hal is pointing out, basically, is that evolution rules our ever changin...
[ more ] [ reply ]
Evolution, a necessary evil
2003-10-17
Faust (1 replies)
Faust (1 replies)
Too Many Hacks
2003-10-17
Deven Phillips, CISSP
Deven Phillips, CISSP
There are some interesting concepts to the "Trusted Computing" concept from a security manager standpoint, but there is also the aspect that is you have to get software signed by a central authority for it to run, then that will likely slow down the already "too slow" patch and repair process. Altho...
[ more ] [ reply ]
[ more ] [ reply ]
Too Many Hacks
2003-10-17
A nonny mouse (1 replies)
A nonny mouse (1 replies)
I think you are all missing the point of this article....
So Hal, what happened after you fixed the tire................
[ more ] [ reply ]
So Hal, what happened after you fixed the tire................
[ more ] [ reply ]
Too Many Hacks
2003-10-17
Faust
Faust
Exactly the point! I'll bet the tire (buffer) overflowed, the bike blue screened, his buddy crashed to the blinking prompt.
As icons of limp windows encircled his scuffed and bleading head he realised that "Father knows best".
He therefore spent the rest of his life working on alternate OS'...
[ more ] [ reply ]
As icons of limp windows encircled his scuffed and bleading head he realised that "Father knows best".
He therefore spent the rest of his life working on alternate OS'...
[ more ] [ reply ]
Too Many Hacks
2003-10-17
David
David
H.A.L,
Your Dad don't let you change the tire by yourself as bill does.
Bill won't ask you : "why don't you try to solve the problem with all of your friends ?
you will learn together and share the solution"
And for sure, your dad finally gave you the appropriate patch for the tire as you ...
[ more ] [ reply ]
Your Dad don't let you change the tire by yourself as bill does.
Bill won't ask you : "why don't you try to solve the problem with all of your friends ?
you will learn together and share the solution"
And for sure, your dad finally gave you the appropriate patch for the tire as you ...
[ more ] [ reply ]
Too Many Hacks
2003-10-18
Anonymous Coward
Anonymous Coward
"[...] a hacker named Silvio Cesare, who proved with an alarming degree of success that one can patch a statically compiled kernel in memory. As time progresses, this will probably evolve into the standard means of putting a backdoor in a Linux system."
Since the publication of suckit and a detai...
[ more ] [ reply ]
Since the publication of suckit and a detai...
[ more ] [ reply ]
R u sure u r not a donkey yourself?
2003-10-20
Anonymous (2 replies)
Anonymous (2 replies)
U r supposed to be security focus Unix expert? And u claim what????!!!!!!! that modular kernels r bad for Linux's health? The feature that made Linux what it is today? The feature that makes Linux better than MS Win?(apart from the stability blah blah).
U dont seem much of an expert to me and to...
[ more ] [ reply ]
U dont seem much of an expert to me and to...
[ more ] [ reply ]
R u sure u r not a donkey yourself?
2003-10-20
Anonymous (1 replies)
Anonymous (1 replies)
Wow you seem really knowledgable on the subject and your use of "u" indicates to me that you're not a 25 year old living in your mother's basement. ...
[ more ] [ reply ]
[ more ] [ reply ]
R u sure u r not a donkey yourself?
2003-10-20
Anonymous (2 replies)
Anonymous (2 replies)
More like a 10 year old...
There should be a SecFocus requirement that, to post, you must at least be able to put a somewhat coherent sentence together.
Two words for this guy... 'Script' & 'Kiddy'....
[ more ] [ reply ]
There should be a SecFocus requirement that, to post, you must at least be able to put a somewhat coherent sentence together.
Two words for this guy... 'Script' & 'Kiddy'....
[ more ] [ reply ]
R u sure u r not a donkey yourself?
2003-10-20
Anonymous
Anonymous
I totally agree. I stopped reading after the second line of this terrible rubbish. I think whoever wrote that broke every rule in the book; 'u', 'r', 'ur', '????' etc. are all factors which make me think 'idiot, I'm not going to take this guy seriously at all'.
Learn to spell kid, then people may...
[ more ] [ reply ]
Learn to spell kid, then people may...
[ more ] [ reply ]
R u sure u r not a donkey yourself?
2003-10-20
Anonymous (1 replies)
Anonymous (1 replies)
And it's those same "ScriptKiddies" that put most of you to work.
Yes, the English is poor and the rant is obvious, but poo-pooing the younger folk is what got us in this mess to begin with.
Let's be careful and respectful here. After all, you are _supposed_ to be professionals.
...
[ more ] [ reply ]
Yes, the English is poor and the rant is obvious, but poo-pooing the younger folk is what got us in this mess to begin with.
Let's be careful and respectful here. After all, you are _supposed_ to be professionals.
...
[ more ] [ reply ]
R u sure u r not a donkey yourself?
2003-10-20
Anonymous Coward (1 replies)
Anonymous Coward (1 replies)
Nothing annoys me more than seeing people dismiss other people's opinions simply because of their use of English. Perhaps this person's native language is not English -- ever think of that?
Pick apart his comments, this is not a grammar rodeo.
As for the bitching related to 'u', 'ur', etc. Get...
[ more ] [ reply ]
Pick apart his comments, this is not a grammar rodeo.
As for the bitching related to 'u', 'ur', etc. Get...
[ more ] [ reply ]
R u sure u r not a donkey yourself?
2003-10-21
Anonymous
Anonymous
And you know, nothing annoys me more than people who defend those who post nothing more than holy war garbage on SecurityFocus that add absolutely nothing useful to the discussion at hand.
His writing is not the issue, his comments and lack of respect for everyone else is. I don't care if he's fr...
[ more ] [ reply ]
His writing is not the issue, his comments and lack of respect for everyone else is. I don't care if he's fr...
[ more ] [ reply ]
R u sure u r not a donkey yourself?
2003-10-27
penfold@dlofnep.com
penfold@dlofnep.com
"But even if what u r sayin its sound, at least I wont get hacked by a 15 yr old kiddie but by a very skilled hacker. And thats not the case with windoze which 100 hacks p/day happen by 15yr olds."
And where are you getting your figures from? Most linux distros have way more services running by d...
[ more ] [ reply ]
And where are you getting your figures from? Most linux distros have way more services running by d...
[ more ] [ reply ]
Too Many Hacks
2003-10-21
Anonymous
Anonymous
Sure, the Open Source community should change their patching model. After all, it WORKS, and there's no room for five levels of bureaucrats, lawyers and naysayers preventing it from working.
The proof of the pudding is in the eating, and it's not hard to see how successful the Unix approach is com...
[ more ] [ reply ]
The proof of the pudding is in the eating, and it's not hard to see how successful the Unix approach is com...
[ more ] [ reply ]
Wil-E-Coyote bridge design
2003-10-21
DWilliams (1 replies)
DWilliams (1 replies)
The message I received from the article is that it is better to do it right the first time than to do it wrong several times.
Everytime I see a patch that fixes a patch that resolves and issue with a feature that was released to correct...All I can think about is Wil-E-Coyote nailing one board on...
[ more ] [ reply ]
Everytime I see a patch that fixes a patch that resolves and issue with a feature that was released to correct...All I can think about is Wil-E-Coyote nailing one board on...
[ more ] [ reply ]
Wil-E-Coyote bridge design
2003-10-22
D McQuay (1 replies)
D McQuay (1 replies)
Wil-E-Coyote bridge design
2003-10-24
tycho
tycho
Hi all,
I think axe has it down. The system is made with many modules on different levels and flexibility is the key issue with all of the software/hardware/os developers out there trying to do it right the first time just gets you another oops somewhere else. Even IBM with the AS 400 names their...
[ more ] [ reply ]
I think axe has it down. The system is made with many modules on different levels and flexibility is the key issue with all of the software/hardware/os developers out there trying to do it right the first time just gets you another oops somewhere else. Even IBM with the AS 400 names their...
[ more ] [ reply ]
[ more ] [ reply ]