Slashdot Mirror
OpenSSH Gets Even More Suspicious
If you remotely administer any computers, or need to check your email over an untrusted network, odds are you're already familiar with the wonders of OpenSSH. Markus Friedl yesterday posted a release announcement for the newest version, OpenSSH 3.3. Privilege separation in OpenSSH is now enabled by default, another sign of the entire OpenBSD project's appropriate paranoia.
1st Official Slashdot to English Translator-matic
"Me and a bunch of people got drunk, thought we could code, submitted the idea and produced a fancy web page. It's now two years later and the project has no files to download and is STILL on Stage 1, Planning."
"I've been reading UNIX in a Nutshell for SVR4 and fuck knows what any of this flags stuff is about"
"I can install Red Hat from a bootable CD. The machine is not connected to a network and all I do all day is type ps, pwd and ls. I'm so l33t."
"My folks are rich enough to send me off for further education. I am now in an uber-elite crowd of know-it-alls and I am here to belittle you. Fear me."
"I've spent the last two years being subjected to biased slashdot propaganda. I couldn't hack into a properly configured windows system if my life depended on it."
"I've spent far too much time absorbing bullshit ideals from anarchists. The truth of the matter is, I just don't want to pay for anything whatsoever. Britney CDs should be free because I think that somehow the constitution protects my illegal copying and distribution under some freedom of speech law or fair use act. Even though I don't have to go out and buy luxury items, I'm gonna whinge and bitch anyway"
"I've only been using it for a week, and now my hardcore wannabe techno friends think I'm a guru. I now recommend it to everybody based upon what I've read at slashdot."
"Somebody please shoot me several times in the head. I am fucking clueless."
"I'm too fucking dense to realise that this has been going on for over 15 years already, and I've just finished reading 1984. Go figure."
The way I read the headline, "OpenSSH Gets Even More Suspicious", it sounded like we're supposed to be more suspicious of OpenSSH.
:P
What has the world come to, where we can't even trust OpenSSH?
Oh, OpenSSH is more suspicious of its environment! That makes more sense!
Open Source software continues to impress me after so many years. This again proves, how much better software can be, if you remove management, lawyers, sales department etc. and make good programmers work together without short-term profit in mind.
+1 for using left hand to press [Ctrl-C/V]
+1 for using right hand to move mouse
-3 for redundancy and trying to act clever.
Tournament Management Online &
When I first started using linux, I was absolutely blown away by telnet, and the capabilities for remote administration.
Then came SSH... Not only is the grade of encryption absolute phenomenal, but the extras above and beyond remote shell's are astounding!
X Forwarding, SCP, FTPs, etc... they all rock! I can't remember the last time I coped a file over any protocol other than SSH's scp command. WinSCP has replaced puTTY as my favorite WIN32 application, and combined with puTTY and secure shells it's now wonder how I've managed to keep my home router/server up for 180 days w/o even having a monitor plugged into it!
Thanks OpenSSH team!
dmarien
upgrade to Apache 1.3.26 or 2.0.39, it's an Apache problem and it is on their home page.
http://httpd.apache.org/
The OpenBSD folks gave a patch for the OS before the new Apache binaries were released as a work around.
The Final Word
Trust old telnet works fine, unless you are worried about people seeing your passwords, and everything you are doing. That is the point of ssh; it encrypts what you do, including passwords so it can not be seen by people on the same network segment. Telnet send your password and everything you do right over the wire without encoding it at all. A difficult password is just as important on telnet as in is on ssh because they can still be cracked either way.
Yes, portability is...
Of the 3 major BSD's, NetBSD's goal is to run on as many platforms as possible, FreeBSD's goal is to create a reliable, free UNIX (it may not meet your definition of free, but that's another story), and OpenBSD's goal is to provide the most secure distro possible.
"I won't mod you down - I feel the need to call you a twit explicitly, rather than by implication."
You mean they didn't accept the patch you wrote for them!? Ludicrous. Maybe they're too busy being whipped along by people who don't give anything back to the OS community to evaluate your code. ;) I mean... You obviously feel strongly about it so you HAVE to have written a patch, no?
If they KNOW about it, and I'm sure they do, then they'll patch it. They're not Microsoft, afterall. In the meantime, if you're not a developer, lay off the whip. Like you said- the bug is recent, if they let a few months fly by without doing anything then you can start complaining.
-Sara
Except telnet does zero encryption. It is a trivial matter to sniff passwords from an unencrypted link, and inserting data is not much harder. Changing passwords frequently is kind of pointless if you are setting your new password over an insecure link.
One-time passwords are better, but they are still vulnerable to TCP insertion attacks.
Yes, these things have been exploited in the wild. SSH exists for a reason.
If security problems in SSH itself worry you (and they should), privilidge-seperated ssh is the answer. By seperating the privilidged code from the code that talks to the client and defining a good interface between them, it limits the amount of stuff that can go wrong and the quantity of code that needs to be audited.
For those of us without much experience in the encryption and networking fields, anyone mind explaining exactly what this does? I read the page but I'm not sure I understand exactly what's going on.
using namespace slashdot;
troll::post();
It's totally different. If you run sshd from inetd, you are still processing network data as root. If someone finds a buffer overflow (or whatever) they can execute arbitrary code as root on your system. This strategy uses an unprivileged user to do most of the network data processing, with a privileged parent process for verification and authentication. At worst, a remote attacker could only get access as the unprivileged user.
Free Mac Mini
Is there a tool that allows you to force the switch to forward ethernet frames so they can be sniffed without switch administrator access? Please offer some information on how this is done as I'd like to have a better understanding on how this works. What platforms does the tool run on, and on what switch platforms would it work against?
-Pat (a CCNP and MCSE)
Apparently, the OpenBSD team is announcing it as a "possible remote crash"... It's only a matter of days before someone is going to drop a new worm!
Wow. If you can figure out how to exploit a remote crash to spread a worm, you're a lot smarter than I am, dude.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Everyone should know better than to accept advice from random slashdot comments!
;)
Like this one?
There is also a tool to permit packet sniffing, see ettercap on Sourceforge.
Ettercap is actively being used by the "black hat" community, and has been found on compromised systems on switched LAN segments "in the wild".
I do not deploy Linux. Ever.
Trouble is, it isn't just a remote crash. See http://online.securityfocus.com/news/493
/Styx
One issue with password cracking and sniffing is that it is critical to have a unique password for every site you have accounts at.
Under SSH, I can set up systems so that password logins only work on the physical console, not over the network. I can create a strong private key (passphrase protected) and install my public key on the remote servers, using the same key for many different servers without the security issues that come from using the same password across disparate sites.
I do not deploy Linux. Ever.
It is Timothy that we don't trust.
When a request comes in, it hands it to a subroutine that handles requests for the server to do different functions, including authentication.
For some services, such as SSH and FTP, the server may set up multiple connections for things like transferring files, etc.You can write a server like this as one big single-threaded process, or as one big process with multiple threads if your operating system and programming environment support it, but it's more common, especially on Unix, for the main process to spin off several child processes to do the work and go back to listening for new incoming requests. In this case, it spins of one process to handle the control channel communications and that process spins off other processes to handle specific tasks like file transfers, after checking that the connection and the request are authenticated. In a simple-minded implementation, the control channel process runs as root, and any task channel processes start off as root, and maybe change their privileges to an individual user's privileges if they need to (for instance if you're using SSH to log in to a remote system.)
The problem with this is that if there are any bugs that let a remote connection send messages with unexpected data in ways that break or take over the server process, the server is running as root so it can do anything it wants, however evil or dangerous (or if it's a minor bug that doesn't lead to a complete takeover, it may still be able to burn critical resources and stall the system or do some other denial of service attack.) Two popular kinds of attacks are sending a message that overflows a field (the result of bad protection in the C language combined with careless programming), or sending a message that asks the process to do something that the programmer didn't expect and protect against, such as setting permissions on a system file or making a user's program privileged, so that it can be exploited later, either by another communication from the attacker or by routine activities by the system or the user.
What the new OpenSSH implementation does is takes the bottom two server processes (the control channel server and the task servers) and splits each of them into two parts that communicate with each other. One part of each processes is a master, that keeps running privileged if it needs to, and the other is a slave process that runs as a non-privileged user (either the user who's requesting the service, for tasks like logins, or as the "nobody" user) and does most of the actual work, passing messages back and forth to the master process to communicate about status and request anything that still requires privileges. This gives you a bunch of security advantages:
The rest of it is basically detail about which functions they separated into which programs, how they made sure that each piece has enough capabilities to do the job without giving it too much power that could be exploited by an attacker, and some stuff about how they validated the pieces. It's adding more complexity to the total system, but each piece is more limited in function, and the security-critical pieces are much easier to validate against bugs and malicious input.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The usual complaint from people favoring the GPL is that it's not Copyleft, so it's free even for people not interested in freedom for anyone but themselves, but I think nobody - from the FSF to Microsoft - would say it is not free itself.
Programming can be fun again. Film at 11.
Um, you do realize that a patch is available?
Programming can be fun again. Film at 11.
The problem is that it doesn't appear that anyone has been able to make the alleged remote root exploit work. I haven't read misc@openbsd.org this weekend, but the consensus of the list as of yesterday was that it was not a legitimate root exploit.
And generally, since apache is not running by default, the OpenBSD team would tend to be of the mindset that if you are going to turn it on, you better stay up to speed on it.
not speaking for the team of course,
ostiguy
I agree. IP over SSH is a bad idea for the same reasons why TCP over TCP is a bad idea.
I think the GPL people would say that FreeBSD isn't Free in the "Free Willy" sense... GPL software cannot be captured back into proprietary software and made non-free again, whereas BSD licensed software can be (and often is). So while Linux code will always roam the wild plains, BSD code spends some of its time laboring in the Microsoft prison camps.... or something like that.
I don't care if it's 90,000 hectares. That lake was not my doing.
Technically, you're correct, but in the larger view, there is a historical pattern where free code gets 'adopted' by a company, and the company adds lots of functionality to the free code, so that eventually the free code is no longer competitive, and everyone switches over to using the closed-source product. At that point, the code is no longer free (except for the "old" code which is no longer useful or used, and thus doesn't count). This is what happened to Unix in the 70's and 80's, leading to Unix's fragmentation and irrelevance as a platform. With GPL code, you don't have to worry so much about v2.0 coming out as closed-source, leaving you with a choice between staying with v1.0 or losing the benefits of open source.
I don't care if it's 90,000 hectares. That lake was not my doing.
It seems to me that the entire GPL vs BSD debate is nothing more than a pastime for those with nothing better to do. Just think about it, a bunch of non programmers standing around bickering about licenses they'll never put anything out under anyway. Arm-chair quarterbacking for geeks.
As for actual developers, well there too the debate, or at least an ongoing never-ending squabble, is essentially pointless. Each programmer or team of programmers is going to choose and use the license they like best for the reasons they consider important. They have EVERY right to make this choice as they are the one's doing the work. Whether anyone else likes it or not is completely irrelevant.
Personally I like both licenses, but for different reasons. I see the GPL as a munition, a weapon. Putting high quality implementations of key tools and programs out under the GPL makes sure that the Microsofts of the world play nice by not being too greedy and/or abusing their customers. The downside to the GPL is that you're not going to obtain any financial gain from the products you release under it. There are rare exceptions such as RedHat, but then that company's product is a delivery system for GPL's software more than the software itself. Ultimately the value of GPL'd software is strategic, not directly economic. The GPL is most suitable for fundamental technologies that NEED to be kept absolutely open to ensure that incompatibilities don't creep in due to proprietary implementations. The BSD license is good because the code can be included in commercial programs. Now some people might start foaming at the mouth at the mere mention of commercial software. Of course these same people are usually in high school, college, or 35 and still living in their parent's basement.
Commercial software is what makes products that don't enjoy a wide following possible. Open Source is like socialism in a way. (Actually I don't think that my comparing Open Source to socialism was a very polite thing to do. Socialism is a system by which the abilities of one person are forcibly exploited to fulfill the needs of another. It and communism are but two points along the same continuum.) The base needs of the many are fulfilled, but what about the needs of the few? Does it make sense to try and organize a project to create an open source program to track oil deposits? How about an open source medical imaging system? There are some products for which there is a very small need in terms of how many people need the product. These same people are more often than not willing and able to pay good money to see that these products get created however. Also there is the question of expertise. Programmers are not experts on the best way to do everything possible with a computer. Imagine if someone tried to create an open source implementation of SPSS. Now what if I told you that such a project existed (PSPP) and that it hasn't gone ANYWHERE. The reason is that programmers are not statisticians. Their ability to verify the correctness of their own software's out put is next to nil.
At the end of the day both the GPL and BSD licenses have a useful function to perform. So does commerical software. Anyone who continuously argues about the role these three should play doesn't understand them in the first place.
Lee
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
Do you have a link?
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
No, you are out to lunch.
Sorry, but Telnet is a severe security hole.
Take a look at this link. The program Hunt can crash through a Telnet session and steal it. It is also possible to use a simililar attack on systems using SSH 1, which is why you should not use it.
Also, if you have ever heard of anything such as dsnifff you know that Telnet is practically useless in terms of security. Combine dsniff and hunt and you have one crappy method of defense. I don't care how strong your password is if I can:
1) Read it and capture it. (dsniff)
or
2) Simply steal the sesion, and thus have no need to type the password at all. (hunt)
Don't take anything in security for granted. For example I know of an admin who recently decided to implement backups to a remote NFS system, thus he opened up NFS, and thus portmap (port 111) to the world through his firewall. He still has no idea why this is bad, which explains why I will be completely reinstalling his servers in a few days.
You might not know why portmap is bad - but it is - you might also assume Telnet is ok. It is not. I have watched over 25 machines get compromised by Telnet, and I was the one who had to fix them. (I always get called in AFTER the fact - never before which I think is dumb.)
So, operate like OpenBSD - trust no one. Trust no protocol until you have a reason to trust it to some degree. And if you don't know why portmap / port 111 is bad, you may want to look that up at the same time.
Try to hack my 31337 firewall!
You must be root to bind to any port <1024 as a form of "security" however this stupid rule has been the way in for most internet based security problems in the Unix world. Some systems (like Soalris) allow you to turn it off and that lets any process bind to any port but that has issues as well.
The correct solution is you let a process bind to any port >1024 and any port where the port number is in its group list. This means you put apache process owner in group 80 and 443 and then it can bind it its needed ports no matter who it runs as. Wiht the linux 2.0 kernal this required changing some of one line.
As far as the other problem of becoming someone else, there are no clean solutions to that but I think it would make sense to allow any process id 10 to become someone else. You also need to allow for some id's to give away files. The problem with this is that it intoduces magic numbers into the system which is bad.
Based in this, you could set up the ssh user as uid 1 in group 22 and it could bind to port 22 and then become any other user (or maybe any userid > 100). Bind would be running as user 53 with group 53 and have no special privs. The Apache user id would be in group 80 & 433 and its version of suexec would be uid 2 so it could change ownership to any user > 100 to run their cgis.
One of the primary tenets of OpenBSD and NetBSD is security, correct? This is just another little bit of bytecode that improves security even more...
;))
Absolutely. Now if only we can get Microsoft to use unprivilaged children for IIS, we might be getting somewhere.
Not that I am advocating child labor (well, children of Daemons maybe
LedgerSMB: Open source Accounting/ERP
If your *nix doesn't use ssh by default for remote logins, maybe it's not worth using that *nix, if that is a measure of their security policies.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Blowfish is inherently insecure, ANY FILE LARGER THAN 1024KB YOU TRANSFER CAN BE DECRYPTED BY ANY 13 YEAR OLD WITH A POCKET CALCULATOR!
Hmmm... I tried that out, but it didn't work for me. I'm pretty sure the calculator is okay, do you think my 13 year old is faulty?
If you are going to make a blanket statement comparing security and reliability of open vs. closed source software, then I think you should compare the best of both Worlds.
I'll start with the open source World and suggest OpenBSD, 5 years without a remote hole in the default install. You can read that as, an extremely secure kernel, with an extremely secure network stack and general system layout.
I'll leave the closed source contender up to you to present to us. ; )
Anyone idiot can look at "Open Source Done Wrong (tm)" and then say look, OSS is shite, but then any idiot can be a source of open source (or closed for that matter).
The best of breeds should be shown before the average and worst.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
1. OpenBSD does not start httpd by default.
2. The exploit opens up a terminal that appears to be a root term, but is actually a fake. It only has nobody privs.
If you don't read the lists, then look at the archives. The exploit is humorous, but against Apache. The OpenBSD crew don't write Apache, they just fix it when it breaks.
The most stable OS to be running it on, would be OpenBSD.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Yeah, a fake root term that is actually run as nobody via a service they don't enable by default.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Many of us who transfer large amounts of data over the internet (TBytes worth) don't care about people decrypting our files. (To you my files would like random numbers anyway.)
We only really care about safegaurding the authentication process. In fact I would love to see a feature in scp where only the authentication is encrypted and all other data transfers are not.
Would you like to elaborate and become the first person with cryptanalysis which shows a weakness in Blowfish and thus enjoy the spoils of your elite mental power? You are about to knock Bruce of his pedestal and render his works suspect?
No? I thought not.
PS, moderators, the parent post is not "Insightful", it is one of either "Funny" or "Troll" depending on your mood and knowledge of Blowfish and typical Slashdot Anonymous Coward posts. I would lean towards Troll and moderate him down into the rest of the noise.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
And it's done, for example in MicroBSD - http://www.microbsd.net
They have already told you what modification they recomend. Go make them and patch them yourselve :) That'sanother bonus of open source. You don't have to wait for someone else, you can do it yourself.
But SSH is fine, nobody will steal your password unless they know they can profit well from it. (Furthermore, plain bugs are more easily exploitable than cryptography weaknesess).
unfinished: (adj.)
Helps spread the bits of "randomness" a little further. Why would you like it the other way around? Sounds insane.
The problem is that ssh can change to any user it wants. That's the PROBLEM, that's the reason that bit was seperated out and away from the network traffic bit. It's not a solution.
Making it where the process id X (Where X is supposed to be sshd), can change to anyone else, is pretty much a negative solution to the problem, because now people can get root even after it's dropped privs. Not to mention now you cannot restart sshd if you need to, because it has to be pid X. And god help you when the kernel people come up with yet another 'fake' process that runs when the kernel starts, using no memory but taking up a pid.
And there is functionally no difference between being able to change to any user except root and being able to change to root. If you can change to the sysadmin's non-root account you can get root trivially by trojaning 'su', or, if he's very paranoid, by trojaning his shell.
If corporations are people, aren't stockholders guilty of slavery?
Security? A comparison of 2001 CERT advisories shows that closed source software constituted 72%.
Stability? Netcraft shows that the web servers with the top 10 average and the top 19 maximum uptimes are Open Source.
Open source allows people who are passionate about coding to code great things in large groups. They get great stability and security through honest desire and mass co-operation.
Closed source allows people who are passionate about money to code profitable things in small groups. They get money through marketing. Being closed allows them to brush problems under the carpet in the hope that they won't get noticed until after that products lifetime. Or even claim that problems are merely "theoretical", until someone posts a "BeSysAdm.exe".
source availability has little to do with the security or reliability of software.
I have been supporting closed source software for the past 9 years and I've been using open source software for about 5 years, supporting for about 3.
Linux, FreeBSD and OpenBSD has NEVER crashed on me in normal circumstances (I have managed to make Linux crash when tweaking and building custom kernels). I could never say this about any closed source software I've supported. Netware is pretty stable, but can't touch FreeBSD from what I've seen.
OpenBSD is secure because Theo and friends
Of course, but plenty of fixes and alerts come from people who are simply able to read the source and "friends" come into the stable due to being able to read it in the first place.
this security comes at a steep cost ((re)training, missing features, maintenance).
Learning OpenBSD for someone who is knowledgable about network security is far from steep learning.
Very few machines can be made useful running only the "default install".
Even in light of the recent vulnerability, Apache actually has a good security history. The last time it was mentioned in a CERT advisory was 1996. IIS has been mentioned 8 times since. Then there's Qmail...
Compare, what?
Oh I don't know, compare the comparative?
IIS? NT/2000?
Open source also allows fixes to come very quickly. Often the person who was able to find the exploit, also supplies a patch to fix it. If not, it often comes within a day or even hours. Can you find a closed source hole that was fixed in hours?
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
So what? That might mean that closed source software has wider deployment.
.sig for my opinion of Linux MM. My primary OS of choice is OpenBSD, but Linux has been very reliable for me, even with occasional broken MM, much more reliable than I have experienced with closed source OS'.
It is actually a statistic of holes, not a statistic of reported exploits.
It might mean that closed source software is scrutinized more closely.
Open source is an easier target to find holes but also to fix holes. Closed source gets security via the wrong reasons. Obscurity.
It might even mean that closed source software is used in more places where security matters.
Once again, it is a statistic of holes, not a statistic of reported exploits.
The bottom line is that the distinction closed/open should make very little difference when evaluating the security aspect of any particular installation.
And guns don't kill people, it just makes it easier for people to kill people. Open source doesn't make security, it just makes it easier for people to make secure code. Do you think hundreds of thousands of eyes reviewing code is not better than a typical corporate team of eyes?
alldas.org defacement statistics [alldas.org] per OS place Linux, an open source OS, at 22%, while Solaris, which is closed source, clocks in at 4%.
These are incidents and worst case ones at that. Anyone can baddly admin a server and chances are that those that do are doing it with Linux more than Solaris. You can after all, accidentally get into Linux from a visit to your local newsagent.
The numbers I have been giving show capabilities of software. Unless the admins fixed broken code without giving it back, the admins here are irrelevant. You are showing worst cases which can easily be bad admin.
I also note that you failed to answer my question: if open source makes for secure software, then why do we need something like OpenBSD at all? Why are not all open source OS's as secure as OpenBSD?
Not all open source projects are focused on security to those levels. I firmly beleive that the average open source software is more secure and has less bugs than closed source, it does not need OpenBSD, some people do though because OpenBSD takes security to a step above everything else. OpenBSD is an extra move forward in security.
The bottom line is that the distinction closed/open should make very little difference when evaluating the security aspect of any particular installation.
Any particular installation that uses open source, has the source to scrutinize and fix. Any particular installation that uses closed source, has to hope there are no holes and then when holes do become apparent they have to hope for a quick fix, which rarely happens.
Again, irrelevant. It might mean that open source people will go to great lengths to avoid rebooting their machines.
If those systems were exploitable, they would have been exploited. A server with almost 4 years uptime shows stability if you ask me.
It might even mean that open source software is conservative/stagnant.
Conservative as in putting security before features? They get the jobs done. Mail gets relayed, web pages get served, files get downloaded. Yet they don't get owned anywhere near as much.
Unless the reboots actually hurt business there is no inherent advantage to long uptimes.
Some installations required stable systems 24/7.
Great stability and security are achieved by paying a lot of attention to stability and security.
Of course.
The development method is strictly secondary.
The development method can either make the job easy or hard.
What can I say. Try harder. For example take a look at how Linux MM will happily let a process run amok with a high probability of wrecking the box.
Are we still speaking comparitively? If you choose a worst case I will choose Microsoft. But please, look at my
That might be true, but is hardly any consolation if OpenBSD does not do what you need it to do.
OpenBSD is a secure foundation for running some open source services that have shown to be more secure than their closed source counterparts.
What about the 13 Apache vulnerabilities [apacheweek.com] since 1999?
33% were Win32 specific, how interesting that an open source project has a hard time becoming secure running in a closed source environment.
40% were specific to modules or other support programs.
27% were Apache itself.
Easy. Ping of death was fixed within 48 hours on Windows. I'll grant that the Linux fix got there faster.
Most people take "hours" to mean hours less than 24, since 24 becomes "days".
So what?
You're either exposed or out of action until the hole is fixed. Thats what.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Ok...this is just wrong. Early unix was proprietary, not free software.
With GPL code, you don't have to worry so much about v2.0 coming out as closed-source, leaving you with a choice between staying with v1.0 or losing the benefits of open source.
This is not entirely correct. Granted, someone can't just take GPL'd code and make a new proprietary version of it w/out the original author's permission, but it /can/ be done by the author, or it could happen through the author dual-licensing the product.
Example: Author writes Software and licenses version 1.0 under the GPL. Six months later, he releases version 2 binary only, new proprietary license.
Or: he dual licenses it under BSD and GPL. Now it is subject to the same risks as BSD software.
Or: He licenses it under some custom license to a specific company in exchange for some compensation.
Obviously, using the GPL doesn't guarantee a free version 2.0. Just a free version 1.0, and the ABILITY to have a free 2.0 through someone else forking the code if nothing else. Guess what, a BSD 1.0 guarantees the same thing.
"No nation could preserve its freedom in the midst of continual warfare."
--James Madison
Considering your later name-calling one would think you'd take the time to get a clue before spouting off.
First, not everyone uses switches. And even when they do, it is largely only at the local and remote points. intermediate hops happen at ROUTERS. Regardless, it is not all that difficult to sniff on a switched network either. Switches are not impervious to network attacks. Do some research.
And for that matter, there is encrypted telnet.
Encrypted telnet doesn't even come close to providing the features ssh does. Encrypted telnet is better that straight telnet, but not by much.
"No nation could preserve its freedom in the midst of continual warfare."
--James Madison
I have every reason to believe that this kind of review never actually happens.
I watch it happen regularly in the mailing lists I am subscribed to.
Linux, which has far more people working on it than OpenBSD, is not more secure than OpenBSD
You are comparing two open source systems, one which is focused on security and the other which is not. Two very different code bases. You need to ask why Linux is not as secure as OpenBSD? You should be asking why the Microsoft World is regularly damaged by viruses and exploits and the open source World is less so.
Which shows that proper administration is much more important to the security of a system than the question whether that system runs open or closed source software.
Of course admin is the most important aspect of any sites security and stability. But choosing systems that you need to assume to be secure is not a good admin choice.
Personally I believe that even if this were true, closed source software easily makes up for it in features and support (e.g. documentation).
OpenBSD has great docco. Pitty people don't use it.
Does that "average" include all the stillborn projects at Sourceforge?
Obviously it includes mature projects that mirror closed source applications.
You want to posit this kind of argument that there is such as thing as "perfect security", and that OpenBSD (and other open source software) exemplifies this.
I have never stated anything that slightly suggests that I beleive there is any such thing as "perfect security". There is no such thing.
But that is bunk. Unix security is lackluster at best. It is the typical "good enough" type system. Windows NT, Solaris and AIX offer far more flexible and powerful security models -- if you need them.
Does this mean that you put OpenBSD and/or Linux under the umbrella of "Unix" but not Solaris and AIX?
Would you like to elaborate on these more flexible and powerful security models?
Does Windows crash when you load in Mozilla?
Windows networks come crashing to their knees when a user receives an infected email. You have got to be joking.
Like, such as, irony of ironies, with the current OpenSSH hole? Did you check the source to see where the alleged vulnerability is at? Do you know people who did? I'd be interested to hear.
Rare occurance. Yes. Yes. And it has been fixed quick smart too.
Furthermore it is interesting to note that SSH, the topic under discussion, was originally conceived and delivered as a commercial product. Not a strictly "open source" one.
And looking at the track record, perfected by the OpenBSD crew via open source.
Not because I "believe" it to be secure, or even because I necessarily think it is "best of breed".
Closed systems at my local stock exchange proved to be unreliable while I supported their backup site. I don't think or believe (in the religious sense) in OSS security or stability, I know it from experience.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
You are the one who claimed security and open source go hand in hand. But apparently they don't.
I never said OSS is a guarantee of security. My stance is that open source allows security and stability to be easier to implement than closed source. Unless you include obscurity as a security measure, which I don't.
It means that there is no open source software that is certified for use in some of the most security-conscious environments, despite your insistence that open source development must lead to more secure software.
Yeah, and NT4 was certified to the point where it could not be connected to any network, must have no removable media and have the POSIX layer removed! Software gets certified through payment for that certification. Who has paid to have a free BSD or a Linux distro certified? Lack of this does not show lack of security.
The point is, what is the cost of having your network go down once every so often,
It's not just network downtime, it could be corporate IP loss or exposure, public embarassment, loss or exposure of customer property leading to liability, etc.
versus lacking all the features Outlook & Office provide in the mean time.
People and companies serious about security, who use MS products for example, end up disabling and avoiding many of these "features".
Well, tell me about it. This is all about sharing, right?
I actually do read through source, along with books like Applied Cryptography (I've been into digital electronics since the 80's, starting with Navy Weapon systems) and have an unhealthy interest in building hardware pseudo random number generators. I read the source because I am interested. I didn't find the hole because software security is not my forte, but I am but one person. Someone did find the hole, which is easy to close.
No, it was perfected via painstaking attention to detail. In all those years nobody ever found the bug, which pretty much kills your "hundreds of thousands of eyes" theory.
But it was found, outside of the OpenBSD developers. We are looking at a single uncommon incident here too. Though the hole is uncommon, the discovery, quick workaround and subsequent fix is not.
Here's a single incident that also proves nothing... Windows NT Cripples US Navy Cruiser
My stance is that open source makes finding and fixing bugs easier and I have seen it first hand as a beta tester of open source video card drivers. Where people outside of the developers where submitting code or pointers to broken code. John Carmack made an extended visit to our list, fixed code and made the drivers faster. He was not invited personally, he just dived in to open code. Something he or anyone else would not have been able to do if they were not a part of it as a closed source project. I've heard he did this for other cards which have open source drivers also.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Maybe not, but the lack of even fairly rudimentary auditing and event monitoring tools and the lack of software to make sense of this data does.
SWATCH, NOCOL/NetConsole, LogSurfer, Netlog, Analog, Snort, HostSentry, Shadow, MOM, The Hummingbird System, AAFID.
Are you serious?
"living on the fringe"
Have you used Star Office 6 or open office? I have used SO6 beta, it is pretty amazingly just about there. All we need now is decent groupware and I think an MS free World will be much easier to swallow for people who "need" the features.
I am confident that they will initially run into similar security issues.
You are confident. I am confident. I don't think the open guys will fall into traps that allow a document to execute (via interpretation or otherwise) code not related to the app that document is intended for.
So maybe you can point me in the right direction.
I'm sure you've seen the goings on by now.
People like him are exceptional, not the norm.
Yes, however there are a lot of exceptional coders in this World who do look at open source. The types who tend to read code and contribute patches, tend to be above the norm anyway. There are plenty of them.
The point is it happens on the closed source side of the fence as well, and there is less of a dependance on Great Leaders there.
The point is, that the exceptional video driver developers who normally write closed drivers for Windows of one of the largest most respected video card makers, had their open source driver improved by an uninvited outsider, thanks to the driver being open source.
It wasn't just Carmack stamping out bugs either.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Yes, I like open source as well. But whether it leads to better products in any particular aspect depends on a person's needs and wants
As an example I'm sure you've probably already seen, here is an example of open source software being more secure than closed source, where convenience is not hurt.
Open source on top.
Security here, is basically ranked as highest to lowest, which turns out to be open to closed. Naturally, as one would expect, the open source project which focuses on security is at the top of the lot.
In the open source world, someone might implement a PRNG thinking it is strong. One day, someone discovers that it is not very strong by looking at the source or looking at the output statistically. They might complain that it is not strong, leading to a better PRNG being written by the original author, or as is typical with open source, someone with greater expertise may submit code that is stronger, which gets used.
In the closed source world, someone (or a team) might typically be hired to program a PRNG as an "expert" of math programming. So his expertise is trusted, he implements his expertise, his random streams turn out to be VERY pseudo, as analysed, spoofing attack tools become available and the admins and closed source programmers scratch their heads in wonder at these attacks. Finally, after it becomes publicly known that the closed source is weak (usually through open source advocates who present analytical evidence), the closed source programmers embrace the BSD license as a "God send" and then proclaim industry leadership through innovation. ; )
This is just a bag of disjointed tools that might, with effort, be coaxed into doing what needs to done -- I say this as a user of some of the tools you've mentioned.
Because most of them do an excellent job without graphs? : ) I kinda prefer getting SMS paged with critical alerts and emailed with all alerts greater than "odd behaviour". Sitting looking a graphs 24/7, or having some team paid to do this is not my idea of effective event monitoring.
For example, Windows NT (just to give an example) allows you to monitor the behaviour of virtually every kernel object and graph them against time. I am not aware of similar capabilities in any of the tools you have mentioned
Some people who go further than waiting for the next service pack, don't need graphs. Where they are useful, they are usually present.
Or what about auditing trails, such as who accessed what how when?
Proper admin would advocate the usage of sudo, which logs nicely and proper usage of file permissions. If you're sufficiently concerned about security then logs can be made impossible to tamper with electronically. Printing logs to line printers is very common in Bank and Stock Exchange data centers. Been there, done that. Or if this is over the top for your systems, you might like to log to an OpenBSD syslog server which is configured to only allow appending to logs even for the root user. Doing that via a serial connection that does not accept logins for that little extra security? Or perhaps logging to WORM is more your style?
It's already happened. We started the whole #!/bin/sh thing after all. All we need now is a a convenient way of preserving file attributes and a convenient way of opening email attachments and we are in a world of hurt.
If a Unix user logs in as a normal user on a system that has been kept up to date with security patches, little can be damaged. Perhaps some of their own files will be lost or exposed if they use an insecure mail reader. If they're logging in as root, on a system that is not up to date security wise, while reading mail with an insecure mail reader, then they deserve what they get. I'm guess the point between discovery of this weak mail reader and the fix would be a very thin slice of time if the history of open source security is anything to go by.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?