Slashdot Mirror
Domain: wirex.com
Stories and comments across the archive that link to wirex.com.
Comments · 193
-
Re:Sardonix: Auditing Open Source SoftwareWe're working on ranking expressions that accomodate all of those factors. The trick is to design it such that the expressions encourage all the right behaviors, discourage all the wrong behaviors, and aren't so complex that the auditors can't figure out what it is they're supposed to be doing
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Artificial Restrictions
Cynical? Not really; I'm being realistic based on years of experience in activism.
But that is cynicismCrispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Artificial Restrictions
Cynical? Not really; I'm being realistic based on years of experience in activism.
But that is cynicismCrispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Is this Snake Oil Still Around?They've been pushing this crap for years, and it is still crap: It fails to stand up to an y reasonable threat model.
- If it is truly meant to make incriminating e-mail disappear, it will fail. Recipients of incriminating e-mail are likely to make durable storage copies, with a camera if nothing else. The crypto software cannot possibly prevent this.
- If it is only meant to make casual e-mail disappear, then it is a great deal of fuss for something that can be handled by simpler means, such as corporate policy, leaving e-mail on mail server spools, and having the system administrators delete it.
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Is this Snake Oil Still Around?They've been pushing this crap for years, and it is still crap: It fails to stand up to an y reasonable threat model.
- If it is truly meant to make incriminating e-mail disappear, it will fail. Recipients of incriminating e-mail are likely to make durable storage copies, with a camera if nothing else. The crypto software cannot possibly prevent this.
- If it is only meant to make casual e-mail disappear, then it is a great deal of fuss for something that can be handled by simpler means, such as corporate policy, leaving e-mail on mail server spools, and having the system administrators delete it.
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Hmmmm...I would really like to see that 1991 set of predictions claimed to be 85% accurate. IMHO, some of his current predictions are on crack. The goofiest one I've found yet: AI entity gains PhD 2016. I'll be impressed if an AI entity can parse a dissertation well enough to answer trivial questions about it by 2016.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Hmmmm...I would really like to see that 1991 set of predictions claimed to be 85% accurate. IMHO, some of his current predictions are on crack. The goofiest one I've found yet: AI entity gains PhD 2016. I'll be impressed if an AI entity can parse a dissertation well enough to answer trivial questions about it by 2016.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Sardonix: Auditing Open Source SoftwareThe Sardonix project is intended to address some of this problem. "Many eyes make bugs shallow" but only if many eyes are actually looking. Sardonix seeks to encourage source code review with an auditor rating system based on performance. Programs will also be rated, according to who has audited them. Naturally, we provide a set of resources for people to use in their auditing.
Wanna make security better? Come do something about it.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Sardonix: Auditing Open Source SoftwareThe Sardonix project is intended to address some of this problem. "Many eyes make bugs shallow" but only if many eyes are actually looking. Sardonix seeks to encourage source code review with an auditor rating system based on performance. Programs will also be rated, according to who has audited them. Naturally, we provide a set of resources for people to use in their auditing.
Wanna make security better? Come do something about it.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Benefit?!?!Benefit? Benefit?! There was no "benefit"; digital projection in a theatre sucked ass. It was very similar in quality to what you get when you hook up a DVD to an InFocus projector, i.e. visible grain, far, far worse than 35mm.
When I read two years ago that Lucas was going all digital for Clones, I thought he should put down the crack pipe. I'm now more convinced than ever.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Benefit?!?!Benefit? Benefit?! There was no "benefit"; digital projection in a theatre sucked ass. It was very similar in quality to what you get when you hook up a DVD to an InFocus projector, i.e. visible grain, far, far worse than 35mm.
When I read two years ago that Lucas was going all digital for Clones, I thought he should put down the crack pipe. I'm now more convinced than ever.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
LameWell, that's lame. There are several examples of more attractive micro-PCs at more attractive prices. Here's some:
- EZAV: smaller form factor, similar power, about $900 configured reasonably. Advantage: has a video port. Disadvantage: only one NIC.
- American Portwell: little server appliances. No video, but three NICs, two USBs, and a serial port.
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
LameWell, that's lame. There are several examples of more attractive micro-PCs at more attractive prices. Here's some:
- EZAV: smaller form factor, similar power, about $900 configured reasonably. Advantage: has a video port. Disadvantage: only one NIC.
- American Portwell: little server appliances. No video, but three NICs, two USBs, and a serial port.
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Um, fund a non-profit, Uncle SamClue: DARPA funds lots of for-profit companies. The vast majority of them give back far less to the community than WireX does.
They've already had their DARPA contracts, and what have they contributed? No-exec patches for Linux. That's about it.
Brilliant. Completely, precisely wrong. The non-executable stack patch is by Solar Designer. WireX has contributed StackGuard, FormatGuard, and the Linux Security Module project, with more on the way.They need to be actively involved in the security community; not just post a message when they get funding. I think we'd see much greater success.
- 114 moderator-approved posts to securityfocus.com mailing lists.
- 48 publications and citations to our work on the USENIX site.
- I served on the USENIX Security 1999 program committee.
- I was the publicity chair for the New Security Paradigms Workshop for three years.
- My first post to the Linux Security Audit Project in 1998.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Um, fund a non-profit, Uncle SamClue: DARPA funds lots of for-profit companies. The vast majority of them give back far less to the community than WireX does.
They've already had their DARPA contracts, and what have they contributed? No-exec patches for Linux. That's about it.
Brilliant. Completely, precisely wrong. The non-executable stack patch is by Solar Designer. WireX has contributed StackGuard, FormatGuard, and the Linux Security Module project, with more on the way.They need to be actively involved in the security community; not just post a message when they get funding. I think we'd see much greater success.
- 114 moderator-approved posts to securityfocus.com mailing lists.
- 48 publications and citations to our work on the USENIX site.
- I served on the USENIX Security 1999 program committee.
- I was the publicity chair for the New Security Paradigms Workshop for three years.
- My first post to the Linux Security Audit Project in 1998.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
So What's the Problem?So what, excactly, is the problem with heavy users paying their own way?
What's the point of high speed broadband access if you can't use it to full potential without having to start selling organs to pay the bills?
HmmmLook, all they're doing is changing the bundling of their service to more closely reflect the usage patterns of two groups of customers. To insist that they do otherwise is to demand that the light-usage customers subsidize the heavy users. And this is exactly what happens in the DSL market anyway, where service providers charge different rates for different bandwidths.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
So What's the Problem?So what, excactly, is the problem with heavy users paying their own way?
What's the point of high speed broadband access if you can't use it to full potential without having to start selling organs to pay the bills?
HmmmLook, all they're doing is changing the bundling of their service to more closely reflect the usage patterns of two groups of customers. To insist that they do otherwise is to demand that the light-usage customers subsidize the heavy users. And this is exactly what happens in the DSL market anyway, where service providers charge different rates for different bandwidths.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:so?
That it's the only job they can get doesn't justify telemarketing any more than it justifies prostitution, contract hits, or crack dealing.
Hey, watch what you say about prostituion and crack dealing. Those professions are far more legitimate than telemarketing.Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:so?
That it's the only job they can get doesn't justify telemarketing any more than it justifies prostitution, contract hits, or crack dealing.
Hey, watch what you say about prostituion and crack dealing. Those professions are far more legitimate than telemarketing.Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Project Moneypot :-)Cousin to the Honeypot idea, meet the Moneypot
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Project Moneypot :-)Cousin to the Honeypot idea, meet the Moneypot
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Maybe Due To Different TopologyIt occurs to me that mostly CableModem companies have this bizzarre fetish about "abusing" your service by using NAT, running "VPNs", etc., while most DSL providers do not. I also observe that my friend (who has CableModem) gets much higher peak BW than I get on my DSL, and that he gets it often because he lives in a podunk small town without a lot of competing users.
So now it occurs to me that the CableModem providers may be rabid about creative ways to use more bandwidth because their infrastructure is more fundamentally shared: their peak BW is higher, but users have to share the cable to the CO. In DSL, they can clamp my line if they want to.
Thus "nothing more than the bandwidth for which they are paying" may be the crux of the issue. DSL providers actually can limit you to your paid BW, but CableModem operators have a much harder time doing that.
Not that I actually support an ISP that wants to ban my NAT box. I would immediately switch to an alternate provider who lets me do what I want with my bits. Oh wait, I already did
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Maybe Due To Different TopologyIt occurs to me that mostly CableModem companies have this bizzarre fetish about "abusing" your service by using NAT, running "VPNs", etc., while most DSL providers do not. I also observe that my friend (who has CableModem) gets much higher peak BW than I get on my DSL, and that he gets it often because he lives in a podunk small town without a lot of competing users.
So now it occurs to me that the CableModem providers may be rabid about creative ways to use more bandwidth because their infrastructure is more fundamentally shared: their peak BW is higher, but users have to share the cable to the CO. In DSL, they can clamp my line if they want to.
Thus "nothing more than the bandwidth for which they are paying" may be the crux of the issue. DSL providers actually can limit you to your paid BW, but CableModem operators have a much harder time doing that.
Not that I actually support an ISP that wants to ban my NAT box. I would immediately switch to an alternate provider who lets me do what I want with my bits. Oh wait, I already did
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Quick question for you:
claim to be a Ph.D
"claim"?! How hard can it be to look up someone named "crispin"?If the Earth's magnetic field alternated its polarity 60 times a second, do you think ALL of the flourescent lighting in the world would glow?
Yes, they would. That's because a static magnetic field does not convey any energy, and an alternating field does. You can only induce power from moving EM fields.It's an inference from there to the assumption that static magnetic fields are harmless while various alternating EM fields may cause damage. I'm pretty comfortable with the idea that the Earth's magnetic field is harmless to us
I'm somewhat more on the fence about whether EM radiation causes health hazards. It seems plausible that any field with lots of energy (such as lighting up a florescent tube, or microwaves that melt chocolate) stand a stronger chance of being dangerous than weak fields (such as cell phone or radio towers).
Note that there have been cases in the past where something was thought to be safe and turned out to be very dangerous. In the 1950's, shoe stores had these X-ray devices for checking out your shoe fit. Put your feet over the emitter, put your face above the view plate, and lookit your tooties in the shoes. Small problem: loads of X-ray rems hitting you in the face
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Quick question for you:
claim to be a Ph.D
"claim"?! How hard can it be to look up someone named "crispin"?If the Earth's magnetic field alternated its polarity 60 times a second, do you think ALL of the flourescent lighting in the world would glow?
Yes, they would. That's because a static magnetic field does not convey any energy, and an alternating field does. You can only induce power from moving EM fields.It's an inference from there to the assumption that static magnetic fields are harmless while various alternating EM fields may cause damage. I'm pretty comfortable with the idea that the Earth's magnetic field is harmless to us
I'm somewhat more on the fence about whether EM radiation causes health hazards. It seems plausible that any field with lots of energy (such as lighting up a florescent tube, or microwaves that melt chocolate) stand a stronger chance of being dangerous than weak fields (such as cell phone or radio towers).
Note that there have been cases in the past where something was thought to be safe and turned out to be very dangerous. In the 1950's, shoe stores had these X-ray devices for checking out your shoe fit. Put your feet over the emitter, put your face above the view plate, and lookit your tooties in the shoes. Small problem: loads of X-ray rems hitting you in the face
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Oh no! Certain doom!Then you calculated wrong. Experiment: go get a 3 or 4 foot florescent tube light bulb, go stand under a high voltage line at night, and point the bulb at the high voltage line. The bulb will light up. I have personally verified that this works.
In a related anecdote, some guy (IIRC in the UK) was busted for stealing power from the power company. He did this buy winding a large quantity of copper coil around his garage, which was situated underneith a high voltage line. The garage full of coil was sufficient to induce enough power to run his house. Unfortunately, I can't find a link to the story.
Caveat: I still think the people trying to shut down the school radio are nuts. I just wanted to point out that short-range EM from high voltage lines is a much different situation than EM from cell towers.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Oh no! Certain doom!Then you calculated wrong. Experiment: go get a 3 or 4 foot florescent tube light bulb, go stand under a high voltage line at night, and point the bulb at the high voltage line. The bulb will light up. I have personally verified that this works.
In a related anecdote, some guy (IIRC in the UK) was busted for stealing power from the power company. He did this buy winding a large quantity of copper coil around his garage, which was situated underneith a high voltage line. The garage full of coil was sufficient to induce enough power to run his house. Unfortunately, I can't find a link to the story.
Caveat: I still think the people trying to shut down the school radio are nuts. I just wanted to point out that short-range EM from high voltage lines is a much different situation than EM from cell towers.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Security?Dunnow about what IMASS did, but the equivalent WireX server appliance protects itself with the suite of Immunix security tools.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Security?Dunnow about what IMASS did, but the equivalent WireX server appliance protects itself with the suite of Immunix security tools.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Security?Dunnow about what IMASS did, but the equivalent WireX server appliance protects itself with the suite of Immunix security tools.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
But There are LOTS of These Server Appliances ...Why does yet another server appliance rate a slashdot story? There are many companies selling this kind of SOHO (Small Office/Home Office) server appliance, starting with the venerable Cobalt Qube.
WireX (my company) has been selling this kind of product for a long time now. The WireX web-based management interface (as provisioned on Dell PowerApp servers) even won an "Emperor Class" award from Linux Magazine. And the WireX servers have the additional benefit of being protected with Immunix security, something which is especially needed by the kinds of users who choose "easy to use" server appliances.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
But There are LOTS of These Server Appliances ...Why does yet another server appliance rate a slashdot story? There are many companies selling this kind of SOHO (Small Office/Home Office) server appliance, starting with the venerable Cobalt Qube.
WireX (my company) has been selling this kind of product for a long time now. The WireX web-based management interface (as provisioned on Dell PowerApp servers) even won an "Emperor Class" award from Linux Magazine. And the WireX servers have the additional benefit of being protected with Immunix security, something which is especially needed by the kinds of users who choose "easy to use" server appliances.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
But There are LOTS of These Server Appliances ...Why does yet another server appliance rate a slashdot story? There are many companies selling this kind of SOHO (Small Office/Home Office) server appliance, starting with the venerable Cobalt Qube.
WireX (my company) has been selling this kind of product for a long time now. The WireX web-based management interface (as provisioned on Dell PowerApp servers) even won an "Emperor Class" award from Linux Magazine. And the WireX servers have the additional benefit of being protected with Immunix security, something which is especially needed by the kinds of users who choose "easy to use" server appliances.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
But There are LOTS of These Server Appliances ...Why does yet another server appliance rate a slashdot story? There are many companies selling this kind of SOHO (Small Office/Home Office) server appliance, starting with the venerable Cobalt Qube.
WireX (my company) has been selling this kind of product for a long time now. The WireX web-based management interface (as provisioned on Dell PowerApp servers) even won an "Emperor Class" award from Linux Magazine. And the WireX servers have the additional benefit of being protected with Immunix security, something which is especially needed by the kinds of users who choose "easy to use" server appliances.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:You're caught
I admitted that we shared code, only because we had shared ideas and had all come to the solution together.
You cheated, plain and simple. Busted. Quit yer bitchin'.When we poked our heads in his office he was in his chair - asleep. If that isn't enough - he completely forgot to show up for the final exam.
So the prof was lame. Granted. Doesn't make what you did non-cheating. Suck it up, and if you don't like your school, change to a different one. To be really helpful, tell us the name of your school, so that other people can avoid going there.Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
The Olympic Games: A Century of Corruption and Graft/center -
Re:You're caught
I admitted that we shared code, only because we had shared ideas and had all come to the solution together.
You cheated, plain and simple. Busted. Quit yer bitchin'.When we poked our heads in his office he was in his chair - asleep. If that isn't enough - he completely forgot to show up for the final exam.
So the prof was lame. Granted. Doesn't make what you did non-cheating. Suck it up, and if you don't like your school, change to a different one. To be really helpful, tell us the name of your school, so that other people can avoid going there.Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase
The Olympic Games: A Century of Corruption and Graft/center -
Just Say ".No" :-)
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Just Say ".No" :-)
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Where'd the Microsoft Spike Come From?IMHO, more significant (to say nothing of distrubing) than the domain name reduction is the huge spike in use of Microsoft web servers starting last June. The spike continues unabated through the summer of Code Red and Nimda.
What is it that caused this surge in Microsoft web servers? And what is it that causes these clueless dweebs to ignore the substantial risks of employing Microsoft web servers?
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Where'd the Microsoft Spike Come From?IMHO, more significant (to say nothing of distrubing) than the domain name reduction is the huge spike in use of Microsoft web servers starting last June. The spike continues unabated through the summer of Code Red and Nimda.
What is it that caused this surge in Microsoft web servers? And what is it that causes these clueless dweebs to ignore the substantial risks of employing Microsoft web servers?
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Rights of authors to control their works (i.e.The main problem with this is that DRM without mandated hardware is fundamentally impossible. DRM without controlling hardware amounts to cute watermarks and obfuscation. You cannot prevent bits from being copied, you can only build machines that will refuse to play copied bits. While I agree that functional DRM may well be a boon to independent artists, it is about as helpful as observing that functional antigravity devices would be a boon to transportation, i.e. a pipe dream.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Rights of authors to control their works (i.e.The main problem with this is that DRM without mandated hardware is fundamentally impossible. DRM without controlling hardware amounts to cute watermarks and obfuscation. You cannot prevent bits from being copied, you can only build machines that will refuse to play copied bits. While I agree that functional DRM may well be a boon to independent artists, it is about as helpful as observing that functional antigravity devices would be a boon to transportation, i.e. a pipe dream.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Why yet another CWM/B1 effort?...what Linux really needs are capabilities (which we have, we just need to start using them by default) and a functioning audit subsystem...
Its a pity that LSM in its current form is not going to support ACLs, Audit and fully-fledged capabilities, however the door has been left open, we are just going to have to wait a bit longer.
-
Re:Why yet another CWM/B1 effort?...what Linux really needs are capabilities (which we have, we just need to start using them by default) and a functioning audit subsystem...
Its a pity that LSM in its current form is not going to support ACLs, Audit and fully-fledged capabilities, however the door has been left open, we are just going to have to wait a bit longer.
-
ImmunixImmunix is our security-hardened Linux system. Immunix offers a security confinement mechanism called SubDomain which is similar to SELinux and HP's Virtual Vault technology, which is what is incorporated into their HP-LX product. SubDomain is "in between" SELinux and HP-LX, in the following ways:
- Complexity and Flexibility: The more complex a product is, the more flexible it can be. SubDomain is less complex to manage than SELinux, but offers more flexibility than HP-LX.
- Price: SELinux is free, Immunix Systems are $90 each, and HP-LX is $3000 each.
- StackGuard: resists most buffer overflow attacks.
- FormatGuard: resists most printf format bug attacks.
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
ImmunixImmunix is our security-hardened Linux system. Immunix offers a security confinement mechanism called SubDomain which is similar to SELinux and HP's Virtual Vault technology, which is what is incorporated into their HP-LX product. SubDomain is "in between" SELinux and HP-LX, in the following ways:
- Complexity and Flexibility: The more complex a product is, the more flexible it can be. SubDomain is less complex to manage than SELinux, but offers more flexibility than HP-LX.
- Price: SELinux is free, Immunix Systems are $90 each, and HP-LX is $3000 each.
- StackGuard: resists most buffer overflow attacks.
- FormatGuard: resists most printf format bug attacks.
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
ImmunixImmunix is our security-hardened Linux system. Immunix offers a security confinement mechanism called SubDomain which is similar to SELinux and HP's Virtual Vault technology, which is what is incorporated into their HP-LX product. SubDomain is "in between" SELinux and HP-LX, in the following ways:
- Complexity and Flexibility: The more complex a product is, the more flexible it can be. SubDomain is less complex to manage than SELinux, but offers more flexibility than HP-LX.
- Price: SELinux is free, Immunix Systems are $90 each, and HP-LX is $3000 each.
- StackGuard: resists most buffer overflow attacks.
- FormatGuard: resists most printf format bug attacks.
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
ImmunixImmunix is our security-hardened Linux system. Immunix offers a security confinement mechanism called SubDomain which is similar to SELinux and HP's Virtual Vault technology, which is what is incorporated into their HP-LX product. SubDomain is "in between" SELinux and HP-LX, in the following ways:
- Complexity and Flexibility: The more complex a product is, the more flexible it can be. SubDomain is less complex to manage than SELinux, but offers more flexibility than HP-LX.
- Price: SELinux is free, Immunix Systems are $90 each, and HP-LX is $3000 each.
- StackGuard: resists most buffer overflow attacks.
- FormatGuard: resists most printf format bug attacks.
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Interesting review, but...For a good book on security and programming, try "Building Secure Software" by John Viega and Gary McGraw. I am going to use this book as the course text in the next offering of my graduate security course.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase -
Re:Interesting review, but...For a good book on security and programming, try "Building Secure Software" by John Viega and Gary McGraw. I am going to use this book as the course text in the next offering of my graduate security course.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase