, 2005-04-08
No operating system is completely immune to security threats, and that includes Apple's OS X.
Expand all |
Post comment
How about OpenBSD and Zos?
2005-04-09
Janice (4 replies)
Janice (4 replies)
How about OpenBSD and Zos?
2005-04-10
Darwin Lopez (1 replies)
Darwin Lopez (1 replies)
Absolute Security is a Myth
2005-04-20
hans.y.blom@telia.com (1 replies)
hans.y.blom@telia.com (1 replies)
security to balance the the one on M$
(ref 10GSuperman.com "Security r1" download
at bottom of page).
Yes UNIX/Linux has "Dirty Laundry" security
issues just like M$.
Exhibit #1
Google: "Mac OS X" + Sendmail + Security
The last post on that soap drama was 4/13/05
Exhibit #2
Lance Spitzer did a now "famous" on root
kits in a Unix/Linux environment.
Exhibit #3
Back in the olden days (pre win3.1) UNIX
(SYS V and BSD) had a FTP shell that would
allow one to log into a remote machine
and do just about anything (after the
password was sent in the clear).
I've got some other juicy ones but need to
reserch them for the paper.
Exhibit #4
The lastest Exploits (phising and pharming)
are mostly Human related exploits that are
os independant.
Exhibit #5
IN the limit there is NEAR absolute security.
Any Computer inside a spin lock vault that
no-one has the combination to is an example
(tempest+ metal room, egress degauser, with external and perimeter security sensors,
guards and monitors up the wazoo and black helicopters flying over head daily looking
for stray signals).
Next, If I have the ONLY combo to the vault as the cleared program security officer that
machine and its data is as trusted as I am
(weekly lie detector tests might tend
to validate that) .,.
Finally, I've got to let other cleared
individuals in to do thier work. They (Users) will want to drag in software apps and data
O:==
It would be the Security Officers job to see that nothing comming in might compromise the
system. Couriers would (of course) come in pairs, literly handcuffed together.
Besides doing the obvious (running AV on the
apps, validating authorized checksums, etc.)
there would need for systems to be compartmentalized within the vault such that even if application software compromised the users working accounts (0r machine) there would be another TOP SECURITY machine that would contain backup work output but none of the possibly compromising executables.
Machines might be backed with a USB 2.0
DVD RW device. The DVDs and System
Journal would be kept in a spin lock safe
inside the room (with limited access).
The point of all this is that there can
be NEAR Absolute Security limited mostly
by Human Vulnerabilities.
Absolute Security is a un-useable system
(write once and never read).
With Compartmentalized Disaster Recovery (something like described in 10GSuperMAN.com) and with a deep enough mountain we can get
pretty close to absolute security.
I could go on and on about encryption and
authorizartion but feel the point has been
made. It "Aboslutle Security" is a
possibility but (like all things)at a much higher price (tunnels and helicopters are
not cheap).
Best Regards
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/313/31404#31404