Slashdot Mirror

← Back to Stories (view on slashdot.org)

BugTraq's Elias Levy Talks Security

Posted by timothy on from the how-apropos dept.

LiquidPC writes: "UnderLinux.com.br has an interview with the BugTraq moderator, Elias Levy or Aleph1. Questions ranging from what he thinks of 'Hacking Exposed' to whether BSD is more secure than Linux. Kind of short, but interesting nonetheless." He notes the interesting difference between the approaches to security taken by FreeBSD (which he praises) and Linux -- lots of projects vs. a single unified one, and emphasizes that security is ongoing, not defeating any single problem.

137 comments

  1. OpenBSD, not FreeBSD by X-ViRGE · · Score: 5, Informative

    Um, just FYI, he said OpenBSD, not FreeBSD. I think most people would agree about the security of OpenBSD.

  2. FreeBSD != OpenBSD. by mattdm · · Score: 2

    Geez.

    And he doesn't really "praise" anything, although his comments are interesting.

  3. security by Lumpy · · Score: 3, Informative

    It's very true, Anything can be secured including windows NT/200/xp/zp/ww3p it just takes more time and more money to do it than BSD or linux. but many companies take the stance of hiring a security consultant, get's an audit, fixes what's wrong and then believes that they've done what was needed and that they are secure now. They never think, or dont want to think that security is a moving target that requires full-time attention and trained people to take care of it. Send your IS/It staff to security training and seminars, keep the staff trained.

    unfortunately in today's economic world, those programs and positions will be among the first to be cut by the CEO's.

    --
    Do not look at laser with remaining good eye.
    1. Re:security by Yoko99 · · Score: 1

      > unfortunately in today's economic world, those
      > programs and positions will be among the first
      > to be cut by the CEO's.

      I have worked in a field related to security (more like crypto), and it is also a problem when HR's are first to filter out job applicants. A woman acquaintance of mine had such a job interview, which ended with her and the HR woman subtly bitchslapping each other about their dressing styles. No security talk whatsoever!

      It is as if the companies expect a security guru to have, before all, a nice personality (I know very few such people, realistically speaking).

      Yoko 99

    2. Re:security by mindstrm · · Score: 4, Interesting

      I don't even buy that it's 'easier' to secure BSD.

      It may take a few less keystrokes out of the box, on any particular version, but that's where it ends.

      Running *real* live systems, it takes the same amount of diligence and effort to keep them secured. You have to be aware of each new application you install, and how it impacts your security. It's no different on any OS.

      Win2k is not hard to secure; neither is any other MS system.

    3. Re:security by Simon+Brooke · · Score: 3, Insightful
      Win2k is not hard to secure; neither is any other MS system

      [simon@beesianum simon]$ cat /var/log/httpd/*access* | grep msadc | wc -l
      133

      Not bad for a worm that's been live for less than seven hours, and attacks an operating system that's 'easy to secure'.

      --
      I'm old enough to remember when discussions on Slashdot were well informed.
    4. Re:security by Anonymous Coward · · Score: 2, Informative

      I disagree. Win2K is hard to secure because Microsoft's policy regarding security is to release a patch once a vulnerability is identified. Furthermore, a multitude of services are enabled per default, and in a sea of product updates, it can be difficult, if not impossible, to determine which update applies to the system at hand.

      Contrast this with OpenBSD. Their approach is much more pro-active. Regular code audits leads to a more secure codebase. However, if something slips through the cracks, a patch is released. Since OpenBSD is "secure by default" it is a simple matter to determine if the patch applies to your system, becase the administrator must enable services as the need arises.

      Both systems can be secured, certainly, but Microsoft's security policy is shit, so I'd rather not have to try and secure a windows box when there are better options available.

    5. Re:security by Error27 · · Score: 2

      >>Win2k is not hard to secure; neither is any other MS system.

      Well, actually Windows 98 is pretty difficult to secure.

      In particular, I would point out the large number of local root exploits.

    6. Re:security by MeowMeow+Jones · · Score: 3, Informative

      The worm might be new, but the patch for the exploit in question was released in October 2000. Here are some links that are of interest:

      http://www.microsoft.com/technet/treeview/defaul t. asp?url=/technet/itsolutions/security/tools/lockto ol.asp

      http://www.microsoft.com/technet/treeview/defaul t. asp?url=/technet/itsolutions/security/tools/iis5ch k.asp

      --

      Trolls throughout history:
      Jonathan Swift

    7. Re:security by rabidcow · · Score: 1

      Win2k is not hard to secure;

      Yep, there's this secure switch marked "I/O" right on the box!

    8. Re:security by coolgeek · · Score: 5, Informative
      the patch for the exploit in question was released in October 2000

      I don't want to harsh on you too roughly. Blaming the end user for not patching their systems is a bit like a programmer blaming a user for pressing that wrong key at that wrong time that crashes said programmers' code. They are innocent and ignorant. Insisting that they become clued about administering their computers is analagous to saying all motorists should be semi-proficient mechanics before climbing behind the wheel. Its just not practical, and it ain't never gonna happen.

      Microsoft sure seems to have money to spend when it comes to sicking the BSA on its paying customers, or lobbying various public officials to look the other way while they break the law, yet seems to have $0 when it comes to educating the masses about the flaws in its products. Why not some full-page ads and television spots: "We're sorry we made a boo-boo. Please visit windowsupdate.microsoft.com to repair your Windows installation, and help keep The Internet safe for all of us." (and I have my doubts about whether that plugs these leaks) How about just putting some "Free MSN and Windows Repair CDs" next to the free AOL CDs you see everywhere. Instead, Microsoft seems to be quite content to allow the rest of us to pick up the tab for their follies in the form of lost productivity, upstream bandwidth fees, law enforcement investigations, etc. I would speak to their possible motives as to why they might want us all to waste our time and money, but I've sworn off the flamebait for a while.

      --

      cat /dev/null >sig
    9. Re:security by MajroMax · · Score: 1
      Well, actually Windows 98 is pretty difficult to secure.

      In particular, I would point out the large number of local root exploits.

      Uhm... Windows 98 is a local root exploit. With no user permission levels, local roots become meaningless.

      More interesting would be the number of remote roots (probably fairly small, as only NetBIOS runs normally IIRC), or remote DOS'es (fairly large, IIRPingOfDeathC).

      --
      "Evil company X is threatening to restrict our rights! Let's all get together to stop--OOOH! SHINEY!!!" -- AC
    10. Re:security by Webmonger · · Score: 2

      MS DOS is easy to secure? What are you smoking? And can I have some?

      Sure MS DOS isn't subject to worms or IP spoofing, but that's 'cause it doesn't ship with and IP stack. You may be amazed to hear that my toaster is also secure from Internet attacks! And these days, my toaster is more useful than MS DOS. The hot, buttery toast I'm chewing is testament to that. Why, the last time I saw the DOS command prompt was when I installed Windows 98.

      What about Windows 3.1, 95, 98 or ME? They didn't have a very firm grasp on the notion of multiple users. Anyone could read anyone else's files, for crying out loud! That's not secure, that's Swiss cheese. My apologies to the Swiss. I like that cheese.

      I've never touched Windows CE. I hear it sucks less now, which is good. I wonder how many IPAQs it would take to run a medium-sized web site? How many would it take to weather the Slashdot effect?

      Windows NT, I grant, is far more secure than any MS System. But I shouldn't really mention NT and 2000 separately, since I lumped 95 in the same pile as ME. Even Windows 2000 has a nasty habit of lying to you about certain file extensions. It can also hide files and directories from the administrator.

      As for other products, well-- When you say "system", you must mean operating system, 'cause we can't go around comparing Linux to Microsoft Word. That would be silly.

      Shall we compare compare Word and Outlook to VI and Mutt?

    11. Re:security by kz45 · · Score: 0

      Shall we compare compare Word and Outlook to VI and Mutt?

      as silly as comparing MS outlook to various linux mail clients.

    12. Re:security by TaoJones · · Score: 1
      mindstrm wrote:
      I don't even buy that it's 'easier' to secure BSD.

      It may take a few less keystrokes out of the box, on any particular version, but that's where it ends.


      Nope, completely different worlds. When I update an app (say, pine for example) on my *nix box, that one app is all that changes. If I switch over to the latest and greatest version of Outlook on a Windows box I have to check to make sure that Windows Scripting Host or IIS hasn't automagically been installed too.

      Running *real* live systems, it takes the same amount of diligence and effort to keep them secured. You have to be aware of each new application you install, and how it impacts your security. It's no different on any OS.


      So where is the source code or documentation that tells me that this particular service pack installes completely unrelated software that is installed without even asking me if I want to install it?

      Win2k is not hard to secure; neither is any other MS system.


      Uhm, Code Red was based on an exploit that was how old? There is IMHO a difference in the mindset of *nix admins vs. MSCSEs. *nix admins want to control their boxes, MCSEs just want them to work.



      "Anyways, you are precisely right - the best admin is at heart a lazy, worthless bastard who will do anything, script anything, to get out of work." danheskett

      --
      "Fear is the rootkit of democracy.." Blarkon
    13. Re:security by Anonymous Coward · · Score: 0

      "They are innocent and ignorant."

      You might have a point about IE or Outlook bugs, but IIS is server software and comes in a fairly expensive package.

      The mass outbreaks of CodeRed and the worm of the hour would not be so dire if it was limited to commercial installations and if a large percentage of cable/dsl users didn't also use pirated operating system software. They're "innocent and ignorant" enough to not know that they are a viral host, but at the same time they know enough to want to install "Advanced Server" on their game box.

    14. Re:security by foo+fighter · · Score: 0

      All motorists are at least licensed to drive. Also, they are expected to know how to check their oil, change a flat, and refill their vehicles fuel even if those tasks aren't part of the licensing test.

      I think those tasks are very analogous to basic system configuration and administration. I would think basic administration tasks would include knowing that you need to go to Windows Update and also do an update to your antivirus software every couple weeks.

      Actually, and this is getting way off topic, I have a little theory: a new draft will be started to help the war against terrorism. Most of these draftees won't be taught how to kill people, but how to break into computers, capture information/evidence, and secure computers.

      After this war we will have a large population of people who know how to properly secure systems and who will be well aware of the costs of not securing them.

      --
      obviously no deficiencies vs. no obvious deficiencies
    15. Re:security by heybrakywacky · · Score: 2, Interesting
      Come on! Look, I'll be the first to admit that Microsoft could do a better job with many aspects of the securing of their operating systems (like other people have mentioned, things like not turning on every last service under the sun by default, that kind of thing).


      But as for your argument, windowsupdate.microsoft.com is about the easiest method I've come across for any operating system to keep your system up to date. I do hold the end user responsible for that reason, because in the age of the internet and high-speed home connections, as a user, you have an elevated responsibility over days past to keep your systems secure. It's simply a fact of life.


      Every OS has holes. Linux, BSD, Solaris, Win[92XM]*, they all have 'em. Very few operating systems are designed and implemented with security as a top priority. In addition, MS OSes enjoy the massive user base and visibility, not to mention the low entry-level of computer knowledge, of no other OS, which means they're going to be more vulnerable, to some extent.


      But it's definitely not rocket science to keep your MS OS patched. They make it really easy. Could they be more visible about it? Perhaps. Could everyone else? Just as arguably, yes. Does anyone else out there have better visibility for security issues/updates for their OS? With very few exceptions, I'd say no.

      --
      I'm sorry sandwich! --Brak
    16. Re:security by Tony-A · · Score: 2, Informative

      I'd say yes.

      Try redhat.com/errata
      In addition to links to Errata for 7.1 going back to 4.0,
      Notable Security Exploits

      Red Hat Linux users who have applied all Red Hat security updates are usually not vulnerable to worms and other security exploits. Click on the links below to read about each recent exploit and what you can do to prevent being affected.
      The Adore Worm
      Discovered April 3, 2001
      The Lion Worm
      Discovered March 23, 2001
      Bind Exploit
      Discovered January 29, 2001
      The Ramen Noodle Worm
      Discovered January, 2001

      http://openbsd.com/errata.html
      even better organized

      http://www.freebsd.org/releases/4.3R/errata.html

    17. Re:security by snake_dad · · Score: 2

      In particular, I would point out the large number of local root exploits.

      Like, pressing ESC at the login prompt? :->

      --
      karma capped .sig seeking available Slashdot poster for long-term relationship.
    18. Re:security by Balp · · Score: 1

      Well actually al least NT is HARD to secure, I have been working with this form some years before I got to fustrated and left of the nice stabile Unix world again. Installing NT and securing the box is actually pretty easy, well it takes a loot more time that the same work with OpenBSD but...

      As every installation needs software, yet it does saidly but thats true. We soon run into problems with the NT enviroment as almost every program assuems that it's running in a Windows 9x enviroment it also assumes that it could write anyware on c:. It dosn't care about looking for the nice multiuser features of NT, I can write to C:\WINDOWS\MyConfig.dat without problems. (or maybe C:\Program Files\MyApp\Config.cfg, this is nice and works in a simple singeluser enviroment or maybe on a trused server looked in a nice server room. But actually we have computers standing on the desktop of users, and some of them may even be used by several persons.

      Securing a NT machine produces bugs in software packages as office to be exposed. It take a loot more effort to secure the applications in Windows that in the unix world (most Unix developers are developing where they don't have root access to any disk, that is not the case of windows developers.)

      / Balp

    19. Re:security by budgenator · · Score: 2
      Thats the problem, its turned on by default, most users of MS systems don't have a clue what going on in their machine, therefore no due diligence is involved. My site sever logs were showing codeRed probes as lately as 9/10/01. There is so much flying arround on the web today that no one can keep on top of it all.

      Come on People you have to get out and contact those "six pack Joe computer users" you know your non-geek friends and start to teach'em a little bit about security. It the simple stuff they need, like running anti-virus, running a firewall, downloading updates from MS or where-ever and simple Email security. The internet is much more a community than ever before, when one get sick they either need to be quarentined or cure period. All of the silly stuff flying arround makes it harder to see the dangerous stuff.

      Some one need to write a MS versoin of top so it easy see average people to see what thier machine are doing. Maybe that way Joe might notice that he has 100 threads of codeRed trying to run in 32K of memory, and a easy way to do something about it.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
    20. Re:security by MeNeXT · · Score: 1
      Win2k is not hard to secure; neither is any other MS system.


      I have to disagree with you here. I also have to disagree with most of the comments in this thread. As far as windows 2K it has come a long way but there are still alot of undocumented holes. But this is not the issue. The problem is that W2K is being marketed as an easy to administer system. I have come across so may system admins who know windows only, but have no clue about security. Clients who purchase windows systems are under the impression that we need not train windows admins or just place the most knowledgable person in the company to create user accounts and reboot. Microsoft is selling a false sense of security in all levels of their marketing. Windows is NOT easy to use (ever have a problem that you know what needs to be corrected but it just doesn't allow you, plug and pray for one). True Windows administrators cost the same as UNIX admins, they only admins who settle are those that are not able to truely administer a system. /RANT


      I am tired of reading how great windows is. I'd like to experiance it, unfortunately every OS out of Microsoft has easy to use 'WIZARDS' that fail to acomplish simple tasks but make people feel that they have administered the system.

      --
      DRM? No thanks, I'll just get it somewhere else...
    21. Re:security by Sloppy · · Score: 2

      Insisting that they become clued about administering their computers is analagous to saying all motorists should be semi-proficient mechanics before climbing behind the wheel.

      A motorist does know that periodic oil changes are needed, even if they don't know how to change the oil themselves. Everyone who has a car, either changes their own oil, or has someone else (e.g. a pro) do it for them. If they put their head in the sand and just assume that the car will work forever w/out needing maintenance, then they are destined for disappointment.

      MS Windows and IIS are no different. There have been repeated incidents and stories in then news for years about this stuff. Anyone who buys them without the expectation that they're going to have to spend some time on maintenance (or hire someone) is denying reality.

      I'm not saying this is a desirable situation; it isn't. But the buyer knew about it before he signed the check. He knew what he was getting into and he decided to proceed anyway. That's not a Microsoft victim, that's a self victim, or maybe a gambler at best.

      Microsoft seems to be quite content to allow the rest of us to pick up the tab for their follies

      Users are apparently content to pick up that tab too; all they have to do is Just Say No. Microsoft's attitude will change after users' attitudes change.

      Just Say No. It solves most of life's problems.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    22. Re:security by coolgeek · · Score: 2

      I would cast the analogy between fueling and oiling ones car to proper file management, labelling floppies/cds and making backups. Patching the system, to me, is more analogous to changing spark plugs, etc. which most motorists don't know how or simply won't do themselves. As with spark plugs too, a mistake during installation can go unnoticed, and creating new drains on resources.

      --

      cat /dev/null >sig
    23. Re:security by coolgeek · · Score: 2
      windowsupdate is very easy to use, I am not arguing that. My points are:

      1) M$ really lags when it comes to posting security updates on windowsupdate
      2) The unwashed masses of computer users are unaware that windowsupdat exists.
      3) windowsupdate is really practicial only for people that have bandwidth. Most people still use 56K or less. (At least that's what they are saying)

      When it comes to applying security patches, and one wishes to do so in a timely fashion, I do not consider it trivial. All those Qxxxxxx.exe files one needs to download from the M$ Security Center, and the Rube Goldberg add-ons that are needed to apply more than one Qxxxxxx.exe per reboot are not "easy to use", especially not for an end user. Personally, I find it easier to download new kernels and Apache source and recompiling from scratch to maintain the Linux boxes than running the Qxxxxxx.exe files from M$.

      You make a good point about their relative visibility compared to other OSs. I argue due to M$ monopolistic market share, especially in the workstation market, they have an implied duty to do far more than other OS vendors to make this stuff available.

      --

      cat /dev/null >sig
    24. Re:security by mindstrm · · Score: 2

      I'm sorry, but from a realistic point of view, the fact that Windows ships with some services that need to be disabled does not equate to being 'hard to secure'.

      A simple procedure applied to new systems fixes it up quickly.

      Unix systems have traditionally been no different. Certainly, the openbsd distribution ships with nothing enabled. Fine.... but in the hands of someone unskilled, it becomes just as unsecure as anything else if they start enabling services they need without the proper diligence.

      I don't dispute that OpenBSD, indeed, most of the free unixes are basically secure out of the box, where windows & IIS and stuff are not.. but that does not mean they are 'hard to secure', it just means you have to actually take some measures to secure it.

    25. Re:security by mindstrm · · Score: 2

      Nope! I'm sorry.. The unix world is no different. You have to update your code when patches become available as vulnerabilities are discovered. The exact same argument would apply.

      Having an unpatches system months later.. fair enough you say it might not be the users fault.. or not fair to blame them. but it's not microsoft's fault.. what more can they do than publish and make available the fix?

    26. Re:security by mindstrm · · Score: 2

      No. They are NOT expected to know that, though most drivers probably do.
      Some drivers go to service stations for all of the above, and call their local auto-association to change flats.

      You are correct in that most people DO know basic automotive maintenance, even though they are not rquired to. I would expect, also, that most computer administrators would know some basic maintenance.

      Of course, with computers & internet access being so cheap and easily available.. what do you expect.

  4. Most Secure Language by Bonker · · Score: 2

    From the article: While we can place great efforts into teaching people how to avoid buffer overflows in languages such as C it is likely they will introduce them into their programs anyway. It makes more sense from a security perspective to replace the language with one that makes buffer overflows difficult.

    This is why you shouldn't use an MS designed languages like VB or C#.

    Seriously, I understand what he's saying about C. It allows low level access to a computer's hardware, and can be easily broken at that low level... Thus the need for garbage collection and careful avoidance of Stack-overflow conditions.

    On the other hand, we have Java, which trades convenience for security. Sure, it's easy to get started coding in Java, but heaven help you if you want to distribute a Java-based application to everyday (non-hacker) computer users. A webpage is the only medium in which Joe-sixpack is very likely to view any given Java application, giving full-scale Java applications a somewhat more limited potential user base.

    Seriously, then, what is the best application and system language in terms of security, power, and convenience?

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
    1. Re:Most Secure Language by devphil · · Score: 3, Interesting


      Agreed, to an extent. Whenever I see coders beginning to argue about "secure languages" and programming languages that "don't allow" security holes, I have to laugh and recall what Bjarne Stroustrup said about C++'s (and C's) approach to such things.

      I assume that a sufficiently skilled programmer can do anything not explicitly prohibited by hardware.

      (I'm quoting from memory.) The "protections" of the C family of languages are meant to prevent accidents, not fraud. Y'all might check out something like libsafe, originally from Bell Labs, and released under the LGPL.

      --
      You cannot apply a technological solution to a sociological problem. (Edwards' Law)
    2. Re:Most Secure Language by Anonymous Coward · · Score: 0

      It allows low level access to a computer's hardware

      Yes, let's prevent any low level access to a computer's hardware. That will be useful. It's all Microsoft's fault. We should coddle the programmer, and prevent him from doing anything useful.

    3. Re:Most Secure Language by dcntd · · Score: 1

      As far as I know one of the intents when designing C was to make a language that doesn't forbid you doing anything, eg no internal checking and bla-bla-bla, thus not sacrificing performance btw the /. effect sucks - Warning: Too many connections in /home/underlinux/htdocs/mainfile.php on line 17 Unable to select database

    4. Re:Most Secure Language by Peaker · · Score: 1

      Python, LISP variantes (CL, Scheme pop to mind), Smalltalk, and even relatively-safe C++ programming (never using C arrays, but rather using safe array classes such as vectors, etc.)..

      Perhaps a little offtopic, but I'm currently pondering a language where one proves his code correct via logic-code that is written side-by-side with the existing code, with mechanic(compiler)-testing of the proof, verifying it is indeed correct. This ofcourse will not work for all programs, where low-level thread control is required, and proof of correctness is near-impossible, but mostly a side-effect-less style can be used (not completely functional though), allowing high-level control of threading, or sometimes avoiding threading altogether. Achieving 100% compatability with a rather-simple mathamatical specification of a server, guarantees the server will work for all cases and never fail. This is obviously useful for many other software fields.

    5. Re:Most Secure Language by opus · · Score: 2

      I'm personally a big admirer of perl's taint-checking feature. When you run perl with the -T flag, it marks data from external sources as "tainted", which will produce a fatal error if that data is used for certain operations deemed insecure, such as shelling out or opening a file for writing. If you want to use external data to open a file for writing, or shell out, you have to first "lauder" the data by matching it against a regular expression you've constructe.

      It would be nice if there were more granular control over what operations are deemed insecure. E.g. so you could deem opening a file for reading insecure, or execution of SQL statements in a database.

    6. Re:Most Secure Language by scrytch · · Score: 3, Insightful

      This is why you shouldn't use an MS designed languages like VB or C#.

      Show me a buffer overflow attack on the VB VM. Just one. Attacks on the system? Watch me write "rm -rf $HOME /" in perl, python, and ruby. MS ships IIS in a bloody awful configuration for security, and it may not be possible to totally secure it, but the herring you're waving around is redder than Kruschev (there's a dated joke).

      --
      I've finally had it: until slashdot gets article moderation, I am not coming back.
    7. Re:Most Secure Language by Tomun · · Score: 1

      On the other hand, we have Java, which trades convenience for security. Sure, it's easy to get started coding in Java, but heaven help you if you want to distribute a Java-based application to everyday (non-hacker) computer users. .

      GCC compiles Java. Im sure other compilers do too. Dont confuse the language with the virtual machine.
      A Java-written program can be distributed in binary format in an rpm, deb, or zip file. We are no longer limited to java applets running in our browsers virtual machines. We no longer limited to running Java applications in a sandbox.
      So if you feel that java (the language) protects you from making mistakes, then by all means use it, but dont think you are limited to producing crappy effects on a web page.
      But do have a look at Haskell too.

    8. Re:Most Secure Language by Tomun · · Score: 1

      Show me a buffer overflow attack on the VB VM

      I'm pretty sure you are talking about vbscript, correct me if I'm wrong. A buffer overflow is generally used to elevate privileges on an os. It seems that usually any process you can get to run on a windows machine has the highest privileges available. You dont need to break out of the scripting language if it allows you to act like a nimda worm.

    9. Re:Most Secure Language by Tomun · · Score: 1

      You are pondering creating such a language or using one ? Anyway have a look at Haskell and other functional programming languages.

    10. Re:Most Secure Language by xenyz · · Score: 1

      Sure, it's easy to get started coding in Java, but heaven help you if you want to distribute a Java-based application to everyday (non-hacker) computer users. A webpage is the only medium in which Joe-sixpack is very likely to view any given Java application, giving full-scale Java applications a somewhat more limited potential user base.

      Hey check out LimeWire, it's written in Java and joe-six pack probably wouldn't even know!

    11. Re:Most Secure Language by Anonymous Coward · · Score: 0

      This is why you shouldn't use an MS designed languages like VB or C#.


      I did not know it was possable to cause a buffer overflow in VB

    12. Re:Most Secure Language by thrig · · Score: 1

      Safe - Compile and execute code in restricted compartments

      perldoc Safe for more information on the module-- probably does some of what you outlined above, though I've never used the module personally.

    13. Re:Most Secure Language by dkemist · · Score: 1

      It would be nice if there were more granular control over what operations are deemed insecure. E.g. so you could deem opening a file for reading insecure, or execution of SQL statements in a database.

      Ruby exposes that functionality to the programmer. There are defined $Safe levels that define what actions can happen on "tainted" objects. Additionally, objects have the "taint" and "tainted?" methods which mark an object as tainted, or tells if an object is tainted, respectively.

      By either changing the Safe level, or making explicit calls to object.tainted, you can make taint checking as granular as you want.

    14. Re:Most Secure Language by abo · · Score: 1

      Language wars... cool!

      Military safety people will tell you "Ada, nothing else". As a professional Ada programmer who has made money out of this attitude, I can tell you Military safety people are wankers.

      My current favorite language is Python, because its quick to develop working programs with, and helps you avoid many mistakes. It doesn't really rate as a system language though.

      However, if I had a choice and safety was of the utmost importance, I'd have to rate Eiffel as the winner. It's the only language that has "Design by Contract" built in, right down to pre/post conditions and invariants being inherited. The whole librarys are DBC'd, so mistakes are much easier to detect and avoid.

      Unfortunately, in any development project, tools and support are more important than the actual language. This is why C wins hands down.

      --
      ABO
    15. Re:Most Secure Language by Anonymous Coward · · Score: 0

      How does C's complete freedom to point a pointer to anything anywhere help prevent accidents?

    16. Re:Most Secure Language by Anonymous Coward · · Score: 0

      I'm pretty sure he's talking about the VB VM as he said.

      Just so you know, IIS runs as 'LocalSystem' so that it can change process ownership and run the scripting language/ISAPIs/CGIs under non-elevated privleges. It's all in the help file, check it out. Unix demons have been bitten by the same type of bug a million times. I can't think of any other common NT application that requires elevated privs.

    17. Re:Most Secure Language by Peaker · · Score: 1

      Functional languages are inherently inefficient and not "computer-scientific" (changing an array item is O(n), for example, instead of O(1)).

      Functional languages do NOT mechanically test the proof for correctness.

  5. let's not be blind now. by laserjet · · Score: 1

    We as linux/unix/bsd users need to come together and stop blaming security hole on the operating system. While some OSes come more secure out of the box, virtually any OS out there can be made secure with some time and effort. it's not the OS, it's the sysadmin who runs the machine. Corporate America needs to provide admins time and money to cover these bases, rather than just putting it on the 'todo' list, it needs to be made a priority.

    --
    Moon Macrosystems. Sun's biggest competitor.
    1. Re:let's not be blind now. by Anonymous Coward · · Score: 0
      virtually any OS out there can be made secure with some time and effort. it's not the OS, it's the sysadmin who runs the machine

      My time and effort are worth money. Why should I bother spending the time and effort to secure a windows machine when I can install OpenBSD in a heartbeat and be done with it?
    2. Re:let's not be blind now. by cdraus · · Score: 1

      The problem is that with linux a new type of user has entered the UNIX(like) OS space. 15 years ago you'd not have found all that many "non-expert" people running a *NIX on their home computer. Hence, what I see happening is a lot of semi-capable people running linux without the experience or knowledge or motiviation to make and keep it secure... heck, why bother making it secure at all? Nobody can hax0r a linux box (ahem).

    3. Re:let's not be blind now. by laserjet · · Score: 1

      That's true, but now just with linux. The next big operating system will likely have the same problem. It's not linux's (or w2k's or winnt's) fault that many of their users are less-than-skilled, it's just the way it works. Thankfully there is a variety of linux distro's, and many make it easy for the newbie to at least have a somewhat secure OS by giving them a choice during the install (i.e. How secure do you want your computer to be? [ ] very secure [ ] somehwat secure [ ] no security)

      Things are getting better, and the more exploits there are (hopefully) the more people will learn and the less they will take for granted about security.

      --
      Moon Macrosystems. Sun's biggest competitor.
  6. Slashdotted... by rkischuk · · Score: 1

    Elias Levy, or Aleph1 is the bugtraq moderator one of the most important security mailing list of the world.

    UnderLinux : In a general focus what is more secure Gnu/Linux or OpenBSD ? Or other OS ?
    Aleph1 : That is a pointless question without some context. For example, certainly the OpenBSD folks have done an incredible job creating a secure and stable operating system - an effort that should be emulated by others - but the application you are looking to run many not be supported under it. The most secure OS depends on your requirements.

    Even with OpenBSD's success the UNIX security model is very simplistic. You can certainly write secure applications - see qmail and postfix for examples - but they require a lot of effort. Linux is interesting because the are so many groups exploring alternative security models: privileges, acls, subdomain, SELinux, etc.

    UnderLinux Team.

    NT had potential. It has an interesting security model, but the legacy code, insecure defaults, complexity, and lack of security savvy by application programmers used to the Windows and DOS world have left it with a rather bad track record.

    You must also take into account how well the people administrating the system knows the technology. You can have the most secure OS but if its misconfigured it will be useless. Conversely, a good admin is capable to hardening a sloppy OS.

    UnderLinux: One time surfing on the web I see this phrase : "Wanna defeat hackers..think like a hacker.. work like a security expert". What you think about this ?
    Aleph1 : A cliche, but a valid one. When creating defensive security technologies you must test them by attempting to defeat them before others do. Therefore you do not only require a defensive mindset but also an offensive one. Not only that but you must be better and more through than the ones you are defensing from. As a defender you must find and fix all possible avenues of attack. As an attacker you must only find and exploit one.

    UnderLinux: Can you tell us something about the book Hackers Exposed ?
    Aleph1 : I believe you mean Hacking Exposed. Its a good book. I recommend it. It does a good job at describing the methodology of penetrations. Its a technical book that shows you how to use the tools available for the job. Sadly this means that is likely to become outdated after a while. Luckily the publisher seems to be doing a good job at keeping it up to date. A second edition is out. Nonetheless, the basic techniques it teaches are independent of specific technologies.

    UnderLinux : Nowadays what kind of documents and programs cause you more expectative and interest ?
    Aleph1:Those that make it difficult for people to shoot themselves in the foot. Security today is to fragile. Take for example buffer overflows. While we can place great efforts into teaching people how to avoid buffer overflows in languages such as C it is likely they will introduce them into their programs anyway. It makes more sense from a security perspective to replace the language with one that makes buffer overflows difficult.

    Similarly I am interested in areas that help you encapsulate knowledge about computer security and help users do the right thing instead of letting them guess what is the right thing. For example, configuring a firewall correctly can be quite complicated and the are many nuances. We need to make it easier for folks to configure securely.

    UnderLinux: Do you think that problems like spoofing and DDoS will be defeat in the next 10 years ? Can you preview any solution for this problems ?
    Aleph1:I believe we'll find and deploy ways to mitigate them but not to do away with them. Denials of service and inherent in any finite system. The Internet architecture has made them even easier by its lack of authentication and resource allocation. In the future we'll have mechanism that make detecting and tracking network based denials of service easier. It's likely that some areas of the Internet will support resource allocation which will minimize some of the DoS effects.

    UnderLinux : What suggestions you can give to whom that wanna be a security expert ?
    Aleph1:Do a broad survey of the security landscape. They are many areas of interest out there. After you've gained a general understanding of the security world select an area you'd like to specialize in. Repeat ad infinitum. Bonus point of standing back after a while and trying to find ways to fit all the pieces together into a coherent and interoperable whole.

    --
    Seen any BadMarketing lately?
    1. Re:Slashdotted... by Peaker · · Score: 1

      Linux is interesting because the are so many groups exploring alternative security models: privileges, acls, subdomain, SELinux, etc.
      This can't be a serious effort without any exploration of Pure capability systems. To me, that is the obvious security model.
      Shapiro has done extensive work documenting it, and even proving related stuff (I'm not into the exact details of his proof, but he proved part of his EROS design mathematically correct). EROS is a pure capability system, and I hope that in the future, people will utilize it as the obvious security solution.

  7. FreeBSD? Try OpenBSD by Anonymous Coward · · Score: 0

    FreeBSD is not even mentioned by name in the interview....

  8. Re:yup by pmz · · Score: 0, Redundant

    Nope. You are incorrect.

    --
    Healthcare article at Kuro5hin
  9. script to stop this new @!#%#@! bug by Micah · · Score: 2, Interesting

    Anyone know if something like this might be possible or easy:?

    Have a script that reads the Apache log in realtime. Whenever something gets cmd.exe or XXXX or NNNN or something like that, immediately block all communication with their IP with iptables?

    This is getting annoying...

    1. Re:script to stop this new @!#%#@! bug by WasterDave · · Score: 2

      You run the danger of blocking a request that's coming via a transparent proxy. Blocking it would block everyone behind that proxy.

      Comments?
      Dave

      --
      I write a blog now, you should be afraid.
    2. Re:script to stop this new @!#%#@! bug by Uller78 · · Score: 1

      A few lines of Perl would do it. Very easy, but as stated previously, the implications are worth thinking about.

    3. Re:script to stop this new @!#%#@! bug by Anonymous Coward · · Score: 0

      The other problem is, with IP filter type firewalls, every single filter rule is processed on a given interface. If you have 2^n filter rules, then the packet will have to be compared to every rule for that interface. The problem here is that if you go tacking on a whole hell of a lot of IPs (like you would do by suggesting this), that it takes time to treverse the rule sets, and more processor time, not to mention memory. filter type firewalls are really best for blanketed type rule sets that allow/disallow access to certian ports/protocols.

      Not to say it wouldn't work, but it may not be worth it.

  10. more good security interviews @ antioffline.com by Ken+Williams · · Score: 1

    http://www.antioffline.com/ has interviews with the following. not as serious in nature, but funny and interesting if you're in the security industry.

    Attrition
    Dugsong
    Ghetto Hackers
    Hackweiser
    K2
    Lance Spitnzer
    Mixter
    Obecian
    Rain Forest Puppy
    ShadowVX
    s0ft Project
    Technotronic
    w00w00

    --
    -- ken williams
  11. Re:yup by cdraus · · Score: 1, Interesting

    Using UNIX for a desktop is a fricken moronic idea.

    I've heard this before and really don't understand it, so I'll take this opportunity to maybe get some clarification.

    Maybe it comes down to the definition of desktop... I'm not sure, but I use SCO Unix at work (on my desktop, not on the floor) and a Unix like OS at home (linux), also on my desktop. I've tried using Windows(R)(TM)(C)(!GNU) many times but I always end up frustrated. Surely an OS should be chosen with what you want to do with it in mind, rather than a definition like desktop OS, whether it's on your desk or your fridge or on the floor, or in your ceiling... makes no difference.

  12. Defeating a single problem by Peaker · · Score: 1

    and emphasizes that security is ongoing, not defeating any single problem.

    I agree this is true on *nix/Windows-like systems. But what about a system where every piece of code runs with a simple environment allowing it only the minimal privelege it needs? (EROS)
    What about a system that extends this idea further, and makes sure that all code is compiled from a safe language? A system with no buffer overflows or pointer errors/overruns? (Vapour)

    I believe that a system like EROS would make actual breakins/control of a distant computer practically impossible.
    I believe that a system like Vapour would make ANY remote malicious operation practically impossible, if implemented right.

    Note that if you break into an EROS system's web server and even if you get some of your code to run on the remote host - the worst you can do is read HTML's and distribute content on port 80 (or whatever ports the server had access to), but nothing else.
    You can't really get any mailicious code to remotely run on a Vapour system at all.

    True Security IS defeating a single problem - that problem is the *nix fail-open design, and the lack of principle of least privelege. (In terms of security, Windows is a very similar design, both using ACL-type security, of attaching lists of "user"-based access to objects).

    1. Re:Defeating a single problem by Anonymous Coward · · Score: 0

      Trust me, if anyone actually starts using using EROS in the real world, people will break into it.

      No one writes stuff saying, ya there will be 3 remote exploits found for this in the next 6 months but oh well i'm just gonna leave em in.

      Well maybe closed source vendors...but you know what i mean...

    2. Re:Defeating a single problem by Peaker · · Score: 1

      The idea is that EROS, by design, cannot be broken into.

      If you break into a unix or Windows webserver - you have access to network sockets. You have access to the file systems. You have access to communicate with other processes. You have far more access than the webserver really needs. You can use this access to control the machine, and you can use this access to gain control of other processes.

      This is practically impossible in a pure capability system - where the webserver merely has access to read HTML's, get timer ticks, write to the system logger, and write to port 80. Break into the webserver - and you can corrupt the site's website. Break into any other process - and you get the little access that process required.
      In Vapour - you cannot buffer overflow the processes. You cannot generate any pointer/buffer-errors. There is nothing you can do to maliciously touch memory/code in any way not explicitly expressed by source. I would say this means loss of all hope of ever breaking into Vapour.
      These systems are not just better-implemented *nix boxen, they are fundamentally different.

  13. This is about as bogus as it gets .... by Zero__Kelvin · · Score: 1


    Apparently Aleph1 never heard of lint, bounds checker, and the like. Changing languages to make your apps more secure just shows your not much of a programmer to begin with. The right tool for the right job. C is often the right tool. Whether you shoot yourself in the foot with a Smith & Wesson or C, don't complain about the quality of the gun. Next time, stop pointing at your foot and you will be fine.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    1. Re:This is about as bogus as it gets .... by erroneus · · Score: 2

      Apparently Aleph1 never heard of lint, bounds checker, and the like. Changing languages to make your apps more secure just shows your not much of a programmer to begin with. The right tool for the right job. C is often the right tool. Whether you shoot yourself in the foot with a Smith & Wesson or C, don't complain about the quality of the gun. Next time, stop pointing at your foot and you will be fine.

      I think Aleph1's approach is a bit more sound. Your approach preaches that all programmers should collectively change their [bad] programming habits and methods. While I agree with you that it's the "best" solution, I have to remind you and anyone else in your camp that it's also the least likely to occur.

      IMO, improvements in gcc that help compensate for such buffer overflows (read: improvements in the compiler/language) would go a lot further in clearing up all of these problems.

      Again, asking the world to change their methods is about as likely as asking the world to stop smoking cigarettes. The useless slobs ALREADY KNOW it's bad for them and all those around them. They simply do no care.

    2. Re:This is about as bogus as it gets .... by Zero__Kelvin · · Score: 1


      "I think Aleph1's approach is a bit more sound. Your approach preaches that all programmers should collectively change their [bad] programming habits and methods. While I agree with you that it's the "best" solution, I have to remind you and anyone else in your camp that it's also the least likely to occur."

      Of course your assumption is that everyone who is programming should be. The truth is only about 20% of those who program are competant enough to create commercial quality, secure apps. Those are the people 'in my camp.' Let the rest eat cake, seriously.

      "Again, asking the world to change their methods is about as likely as asking the world to stop smoking cigarettes. The useless slobs ALREADY KNOW it's bad for them and all those around them. They simply do no care. "

      And as a smoker, I hope you know what you are talking about elsewhere, because you have no clue what you are talking about here. This "lazy slob" is like most other smokers ... we would love to quit if we weren't addicted to Nicotine, which the AMA recognizes is a more difficult habit to quit than Heroin.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    3. Re:This is about as bogus as it gets .... by Anonymous Coward · · Score: 0

      Well, if someone would have banned everyone not "competant enough to create commercial quality, secure apps", then we would have never gotten the UNIX operating system to begin with. Ho Ho.

  14. *nix admins are different by lowflying · · Score: 3, Insightful
    In a previous lifestyle, I flew helicopters for the Army. As a newbie admin, other admins have seemed impressed by how paranoid I am that some box I am responsible for is going to get cracked. This has always been my explanation:
    The thing is, helicopters are different from planes. An airplane by it's nature wants to fly, and if not interfered with too strongly by unusual events or by a deliberately incompetent pilot, it will fly. A helicopter does not want to fly. It is maintained in the air by a variety of forces and controls working in opposition to each other, and if there is any disturbance in this delicate balance the helicopter stops flying; immediately and disastrously. There is no such thing as a gliding helicopter.

    This is why being a helicopter pilot is so different from being an airplane pilot, and why in generality, airplane pilots are open, clear-eyed, buoyant extroverts and helicopter pilots are brooding introspective anticipators of trouble. They know if something bad has not happened it is about to.
    -Harry Reasoner, February 16, 1971

    I just wonder what is different about the training of *nix admins that makes them recognize that vigilance must be eternal, while the admins of other OSes seem to assume everything will go right when that is clearly not the case.

    Dave
    1. Re:*nix admins are different by SEWilco · · Score: 1
      • The Unix security philosophy is isolation except where allowed. The DOS security philosophy is that you can reboot when something goes wrong.
      • Unix admins are used to multi-user environments where users have to be isolated from each other.
      • Unix admins are used to permissions which allow control over inter-user capabilities.
      • Unix admins have been learning about and doing configuration of network servers for decades, so have more security awareness and skills.
      • Unix admins have more tools, so can more easily adjust their configuration because they're not dependent upon someone else having written a point-and-click tool which can do a desired change.
      • Unix admins more experienced and know that nobody and nothing is invulnerable.
    2. Re:*nix admins are different by Anonymous Coward · · Score: 2, Interesting

      Unix admins may have had a grasp of multiuser systemffor decades, but they were blissfully unaware of Internet security issues until relatively recently. Protocols like NFS and NIS belie a far more trusting attitude than even MS's stuff from the late 80s, not to mention Novell. Standard demons like sendmail were essentially unmaintained until recently. It took an enormous amount of work for some people (including those who started BugTraq) to change the lazy security culture bred into the fat academic maintainers of Unix. You might like to believe that Unix has a 20 year headstart over Microsoft, but it's more like a 5 year headstart. They'll catch up.

    3. Re:*nix admins are different by (void*) · · Score: 2

      Sorry. Since the Morris worm happened in the 1980's, it is a 20 year headstart.

    4. Re:*nix admins are different by Anonymous Coward · · Score: 0

      Don't apply rounding so generously. Morris worm happened in '88, 13 years ago.

    5. Re:*nix admins are different by benb · · Score: 1

      > I just wonder what is different about the training
      > of *nix admins

      They need to learn a lot to get a Unix system going well. They are forced to read documentation. In that documentation, the author has a chance to tell the admin about security and its importance.

  15. Aleph1.... by carlos_benj · · Score: 1

    Is that Hebrew for "steak sauce"?

    --

    --

    As a matter of fact, I am a lawyer. But I play an actor on TV.

  16. Elias Levy? Eliphas Levi? by Sloppy · · Score: 1

    From H.P. Lovecraft's "The Case of Charles Dexter Ward":

    It ran as follows, and experts have told Dr. Willett that its very close analogue can be found in the mystic writings of "Eliphas Levi", that cryptic soul who crept through a crack in the forbidden door and glimpsed the frightful vistas of the void beyond:
    'Per Adonai Eloim, Adonai Jehova,
    Adonai Sabaoth, Metraton On Agla Mathon,
    verbum pythonicum, mysterium salamandrae,
    conventus sylvorum, antra gnomorum,
    daemonia Coeli God, Almonsin, Gibor, Jehosua,
    Evam, Zariatnatmik, veni, veni, veni.'

    Eliphas Levi? Elias Levy? The name is just too similar, sounds like someone who came back from Beyond ye Spheres as his own grandson or something. I bet this Levy guy is over 300 years old.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  17. As long as you're on a tirade... by dave-fu · · Score: 1

    ...what mailing lists would you recommend?
    There aren't exactly any corporate-agnostic mailing lists out there with quite the distribution of Bugtraq. From my posts to Bugtraq (granted, nothing to do with any "powerful, monied" companies' software), there was a minimal lag-time.

    --
    Easy does it!
    This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
  18. EROS? Vapour? Solutions without a problem? by Anonymous Coward · · Score: 0
    If you break into a unix or Windows webserver - you have access to network sockets.

    This is because a web server has to have access to sockets...or how would it communicate via a network? Of course, from what you say EROS has the capability to restrict access to communication facilities. Of coure, it is possible for a webserver to drop root priviliedges after binging to port 80. At this point it is restricted to accessing only those sockets which ALL applications/processes have access to. EROS may be able to go further and explicitly allow access to individual sockets, but that may be a disdavantage .

    You have access to the file systems. You have access to communicate with other processes. You have far more access than the webserver really needs.

    Can you say CGI? It allows a web server to serve up something other than static content. All of those "security holes" are basically mandatory for CGI. Of course, EROS can probably limit file access and IPC facilities on a process by process basis. However, by running a websrever as a non-root user/group and setting permissions properly, you can prevent a lot of file system access. As far as limiting IPC, only processes which want to communicate would allow communication (or they would be able to communicate) and the same permissions restrictions apply.

    You can use this access to control the machine, and you can use this access to gain control of other processes.

    Only are uninformed on how to secure the system, be it windows or unix. The problem is not with the systems 90% of the time, but the administrators of said systems.

    In Vapour - you cannot buffer overflow the processes. You cannot generate any pointer/buffer-errors. There is nothing you can do to maliciously touch memory/code in any way not explicitly expressed by source. I would say this means loss of all hope of ever breaking into Vapour.

    I have been working on "play hacking" at www.hackerslab.org and the latest challenge is to exploit a buffer overflow. As far as I can gather this involves "stack smashing": overwriting the stack with executable code and having the code jumped to to give something like a root shell for example. An easy solution to this is to make the stack (and all other data segments in a process) non-executable and make code segments read-only (non-modifiable). Some systems HAVE taken such measures and I think one MAY be Solaris. The paper I read states up front that it won't work on all systems, so I expect that there is a unix variant out there that buffer overflows won't work on to gain access and/or execute arbitrary code. No need for Vapour (thats also a good pun). However, those capabilities are great for programmers too lazy/busy to think about buffer overflows when writing their code.

    These systems are not just better-implemented *nix boxen, they are fundamentally different.

    And none of these systems are proven as the original AC commenter was trying to suggest. While some things are proveable secure (as in theory can show that it is secure e.g. some encryption algorithms), sometimes the IMPLEMENTATION is flawed. Now since these systems were written by people in academia and are not in widespread use, no one knows how well implemented they are, even if there are SECURE CONCEPTUALLY.

    One question I DO have is this: how does EROS have such fine grained control over EVERY SINGLE thing a process may do WITHOUT lots and lots of overhead? With thousands of processes in a system, ACLs could potentially grow to enormous sizes and incur long delays while verify that the process has access to certain priviledges. Nothing is for free. This is why the UNIX model is simplistic: because security cannot make the system unusable. If the system is too SLOW there is no point in having it at all. Getting rid of said system would be the ultimate security: nothing to break into...but would there be a point?

    And what about systems more archaic like: OS/390, OS/400, VMS? Don't they have the same ACL stuff as EROS (wasn't EROS designed as an improvement with os/390 in mind)?

    1. Re:EROS? Vapour? Solutions without a problem? by Peaker · · Score: 2, Informative

      This is because a web server has to have access to sockets...or how would it communicate via a network? Of course, from what you say EROS has the capability to restrict access to communication facilities. Of coure, it is possible for a webserver to drop root priviliedges after binging to port 80. At this point it is restricted to accessing only those sockets which ALL applications/processes have access to. EROS may be able to go further and explicitly allow access to individual sockets, but that may be a disdavantage .
      You are missing the point. Sure there are tricks and trickery to make your webserver limit access to things, but there are fundumental problems in the *nix approach to such limitations:
      A) You trust the webserver to correctly limit access (fail-open), whereas in EROS you only give the webserver the access it requires (a capability to the specific port/etc).
      Even if the webserver is malicious, in EROS its not a problem.
      EROS does NOT require a superuser or has such fail-open facility.
      B) In *nix boxen, the restrictions are placed and implemented as a chains of if-conditionals (ACL-type security), which are very error-prone (as we all know by reading bugtraq) and very hard to debug, and about 15 if's in a chain are required if you want to get close to correspondence to the principle of least privelege. In EROS, keys identifying objects and the rights to access them are held by processes, and a single test is required for every activation of a facility (if(key-is-valid) ...).

      This is because a web server has to have access to sockets...or how would it communicate via a network? Of course, from what you say EROS has the capability to restrict access to communication facilities. Of coure, it is possible for a webserver to drop root priviliedges after binging to port 80. At this point it is restricted to accessing only those sockets which ALL applications/processes have access to. EROS may be able to go further and explicitly allow access to individual sockets, but that may be a disdavantage .
      In EROS/Vapour/pure cap. systems, each process has a pool of capabilities it can use. A capability is a reference to an object, that allows accessing this object. The only test for an operation's execution is that the capability to operate it is valid. This is very safe, and can be mathematically proven. Try to mathematically prove *nix boxen if-conditional chains.

      And none of these systems are proven as the original AC commenter was trying to suggest. While some things are proveable secure (as in theory can show that it is secure e.g. some encryption algorithms), sometimes the IMPLEMENTATION is flawed. Now since these systems were written by people in academia and are not in widespread use, no one knows how well implemented they are, even if there are SECURE CONCEPTUALLY.
      These systems are so much simpler, that implementing them correctly is much much easier.
      Making flaws in the security implementation of capability protection is much more difficult than flaws in the if-chains of *nix, and even if the implementation is flawed, it shall be fixed in a constant amount of time, as the security system is of a small constant size (the code implementing capabilities, that is), whereas in *nix, security is an ever-lasting huge pile of code that grows with the rest of the code, with new if-chains written for every new piece of code.

      One question I DO have is this: how does EROS have such fine grained control over EVERY SINGLE thing a process may do WITHOUT lots and lots of overhead? With thousands of processes in a system, ACLs could potentially grow to enormous sizes and incur long delays while verify that the process has access to certain priviledges. Nothing is for free. This is why the UNIX model is simplistic: because security cannot make the system unusable. If the system is too SLOW there is no point in having it at all. Getting rid of said system would be the ultimate security: nothing to break into...but would there be a point?
      This is exactly what you're missing! EROS does NOT use ACL's. ACL's are what EROS is fighting against and trying to replace. EROS uses the capability model, which is of HIGHER performance, of mathamatically provable security, AND much more flexibility!

      And what about systems more archaic like: OS/390, OS/400, VMS? Don't they have the same ACL stuff as EROS (wasn't EROS designed as an improvement with os/390 in mind)?
      NO. Eros does NOT use ACL's. ACL's are the root of all security problems.

  19. Hacking Exposed & hacking methodology by Nate+Fox · · Score: 2

    One of the most interesting reads I've ever come across was the PC Week crack. Just cool to see what he went through, his thoughts/ideas, and especially his thought process.

    1. Re:Hacking Exposed & hacking methodology by kiwaiti · · Score: 1
      If Bill Gates had a nickel for every time Windows crashed...
      ..oh wait, he does.

      He's rich, but he isn't that rich.

      Kiwaiti

      --
      Member of the Legion Of Microsoft Haters
  20. patching bugs & pumping gas by adturner · · Score: 1
    Now, it's not really that bad. Things would be a whole lot better in the world of Windows security if two things happened:

    1) Microsoft shipped their OS in a reasonably secure-by-default configuration. Now, I realize that if they did the OpenBSD and shipped with everything turned off their users would scream, but the reality is that MS has enabled a lot of things that the average user really doesn't need.

    2) People actually patch their systems regularly. People go to gas stations and pump their own gas (well in most areas of the world), and it really isn't that much more difficult to install security patches. Just go to the MS web site, download, and install. Honestly, part of me feels that people should have to get a computer license to connect a computer on the public Internet, just like driving a car on public streets.

    I'll be the first to admit, that neither of these are going to completely solve for the problem, but either would definately make a rather dramatic impact to these sorta things.

    1. Re:patching bugs & pumping gas by el_nino · · Score: 2
      Now, I realize that if
      they did the OpenBSD and shipped with everything turned off their users would scream


      If they can't even start the web server service on the machine then perhaps they shouldn't be running a web server in the first place?

    2. Re:patching bugs & pumping gas by WNight · · Score: 2

      1) Microsoft could easily turn services off by default. No user needs a webserver unless they have content to serve. If they don't know where the content goes, they don't need the server. They could have put a 'Web Server' config pluggin in the control panel. People are capable to using the control panel (or the shortcuts) to change the screen background, or at least don't raise hell when they can't. They'd be able to turn on a webserver, or wouldn't realize that it was there...

      2) MS's patches are often worse than the hole. Service pack 2(?) for NT was called the SP-of-death. SP6 rendered Lotus Notes unusable (maybe just the notes server...) No admin worth the title would blindly install MS patches without waiting a month or so to see if any problems were reported. Patches released as the result of an exploit are worse... MS code is unstable at best, when rushed, you're trusting your server to alpha-level code.

      MS could learn a lot from IBM, or other mainframe makers, before trying to enter the server market. IBM had mainframes with decade-long uptimes, they didn't do that by rushing untested code onto client machines.

      I really think someone needs to sue MS for incompotence. Some of their blunders are so bad it's amazing they went through testing. (I don't think MS should be ruined for it, but if they had to pay out anything in this kind of case, they might be more careful to avoid a larger settlement in the future.)

  21. Or even worse... by ananke · · Score: 1

    Well, I'm the unfortunate user of earthlink [I don't pay for the service, my roomate does, so I don't complain too much]. Here's my situation, which in a way doesn't allow me to do start blocking with iptables. I get a new IP every 12 hours or so, and majority of the infected machines are on earthlink/mindspring's networks. Blocking that would mean I could run into the possibility of blocking an IP which I could get assigned next, or my other machines were supposed to get. Yes, I could flush the iptables everytime I loose an IP, but wouldn't that be a bit pointless?

    --
    --- d'oh
  22. Major Linux Distro Comparison? by ll5 · · Score: 1

    Anyone know of a site listing the various linux distro's default settings from a typical install? You know the install I mean, the one performed by newbies that lets inetd fire off multiple servers for no good reason. It should be an interesting comparison, maybe even worthwhile if it is up to date and accurate. I think that would actually be a decision point for newbies who look before they leap, they certainly do not need to run a ton of servers that they do not understand.

    --
    Wanna get high?
  23. Buffer Overflows in VB by MarkusQ · · Score: 2
    I did not know it was possable to cause a buffer overflow in VB

    It was, at least about two years ago. We reported the problem to MS, so it may well be fixed by now. IIRC, by giving a long string to GetHostByName (e.g., working with an e-mail address like "Bob@NoneOfYourDaaaaaaaaaaaaa[lots more "a"s]aaaaamnBeeswax.edu"--I think this was the actual address that did it) you could make it go south for the winter. So far south under Win98 that your screen turned blue. Under NT it just got a belly ache.

    It turned out to be a limit of 384 characters or so (don't depend on my memory at this level of detail--I don't), which was easy enough to check for, once we knew about it.

    -- MarkusQ

    1. Re:Buffer Overflows in VB by jdh28 · · Score: 1

      Yeah, but that doesn't look like a buffer overflow in VB, but in Windows and so exploitable from any language that can call Windows APIs.

      john

    2. Re:Buffer Overflows in VB by Tony-A · · Score: 1

      It's not a buffer overflow in just VB. It's a buffer overflow in VB, in C, in C++, in C# or any language on Windows that can call the API. Should be a lot of them.

  24. Programmers vs. sysadmins. by fernand0 · · Score: 1

    I found his replies a bit contardictory:
    "Conversely, a good admin is capable to hardening a sloppy OS."
    while
    "...we can place great efforts into teaching people how to avoid buffer overflows in languages such as C it is likely they
    will introduce them into their programs" anyway.

  25. too late? by slashkitty · · Score: 3, Informative
    Wouldn't that be too late? Apache logs the request after it is successful. Some request for /path/to/shell/sh?rm+-rf+/ would only need one request, were that a real hole. Your log analysis would detect it, if the log file was even still there.


    Instead, your script would have to be a module or proxy that filters all incoming requests. And stops them before the trouble.

    --
    -- these are only opinions and they might not be mine.
  26. For once, I agree with a paid MS troll. by twitter · · Score: 2
    mindstrm, it's been a while. I thought you had suffered a Slashdot death penalty or something.

    Win2k is not hard to secure; neither is any other MS system.

    OK, I agree all you have to do is remove the modem, network card and keyboard. That is easy, cheap too!

    Otherwise, MSJVM, VB and other trash that has full access to your file system as root will trash you. Duh. M$ designed their OS around marketing, so they can shove whatever software they want onto and extract whatever info they want from their users. This is not going to change, ever, and M$ will always be impossible to secure.

    --

    Friends don't help friends install M$ junk.

    1. Re:For once, I agree with a paid MS troll. by mindstrm · · Score: 2

      Sorry, I was busy changing continents yet again....

      That wasn't a troll. I dispute being called a paid MS troll. I avoid using MS wherever possible, and I dislike them in general.

      But having run many, many systems... I'll grant that MS is slightly harder to secure.. in that it's harder to get the information you need.... and that it may not come 'as secure' out of the box....but any sufficiently busy or large server has the same problem. You install software, you have to be aware of what the impact is on the system.

      Yes, lots of people are talking about how MS is 'marketed to a different audience'. Or about how the presence of these new 'worms' shows that it's harder to secure... blah blah blah.

      To the guy talking about MSDOS and Win98 being 'insecure locally'.. get a grip. That's not the discussion here.

      Running windows boxes securely is no harder than running unix boxes securely, I'm sorry. You have to take different factors into account, and you have to get your information from different sources, yes...
      And yes, MS policy on publishing patches for exploits might be bad....

      But still: blaming home users for not having secure web servers? It's because they were ignorant of how to properly run them, in most cases. Saying that is because it's supposed to be 'easy' to use.. well.. why did the user pick it in the first place?

      I've *never* had a problem with any of my boxes.

    2. Re:For once, I agree with a paid MS troll. by twitter · · Score: 1
      I've *never* had a problem with any of my boxes.

      That must be because of this:

      I avoid using MS wherever possible, and I dislike them in general.

      Why would you ever run MS stuff? You must be aware that they continue to ignore basic security requirments such as unprivalidged user accounts, and all of the reprocusions. Surely you would never run a browser that automatically executed code as root? How do you secure such a beast and why would you go to all that effort?

      --

      Friends don't help friends install M$ junk.

  27. Elias Levy by Anonymous Coward · · Score: 0

    This guy is a fucking retard.

  28. Wow. Nice logic. by mindstrm · · Score: 2

    None of my machines have been infected. I follow standard, easy to find methods for securing my systems. Hmmm.....

    Many, many people who run the OS have not done *anything, whatsoever* to secure their system out of the box. THey haven't even TRIED.

    The presence of this worm is indicative of the average knowledge and aptitude of those running the infected systems... and NOT an indicator of the quality of the OS.

    Oh.. I'll agree that it's easier to find information about how to secure unix systems... and the admin generally has a better knowledge of how a new application affects his security.. but in general, this is the case with windows too.

  29. Wow.. by mindstrm · · Score: 2

    You got me there. I should clarify, for people like you, that we obviously aren't talking about MS DOS here. Or WinCE. I'd imagine you are just in a bad mood or something?
    I'd think most readers would find it obvious what we were discussing. Apparently you need some assistance.

    Win2k can't hide anything from the administrator if you set it correctly. Neither will it lie about file extensions if you set them correclty. Neither of those has anything to do with network security, either.

    And when I say 'system'.. what the hell did you think I meant? I meant a system involving Microsoft products. You can quabble over the exact definition all you like. NT is a product, so is Windows 2000. NT is also a kernel. Linux is a kernel, and also a product. Blah blah blah..

  30. Overbroad statements by Webmonger · · Score: 1

    You said, "Win2k is not hard to secure; neither is any other MS system." What you apparently meant was "Win2k is not hard to secure; neither is Windows NT."

    The first statement is way too broad for any sane person to make, so I went on a sarcastic rant to show how silly it was.

    And in my opinion, an operating system should never hide anything from the administrator, if the administrator tries to see it. I recently tried to determine what was taking up so much space on a Windows 2000 server. I had to resort to an alternative program, because Windows Explorer hid the Exchange subdirectory from me completely.

    I also understand that there are some file extensions that are hidden unless you edit the registry. That's just wrong.