Slashdot Mirror


The Future of Security

Kvorgette writes "Scott Berinato in The Future of Security presents a very dark future of security in the years around 2010. Several computer security experts expect that a major security-related problem (a 'digital Pearl Harbour') will change software development procedures and remove the freedom in computer use we are striving for. The worst part is, most experts apparently think removal of software tools and access to information from the majority of computer and Internet users would be a good thing."

3 of 331 comments (clear)

  1. Charles in charge of our days and our nights by ObviousGuy · · Score: 4, Funny

    I know, different Charles Baio.

    Still, unless you count Buddy, Charles provided a great role model and environment for the kids to grow up in. Security through education, not necessarily obscurity or technological whizbangitry.

    To reiterate: 1) Security can only be achieved through education. 2) I would have liked to fuck the older sister on that show.

    --
    I have been pwned because my /. password was too easy to guess.
  2. Secure package management to avoid trojans by Debian+Troll's+Best · · Score: 4, Funny
    The 'experts' in the article seem to think that restricting access to the internet and to software applications would be a good thing for security in the long run. I'm only a humble system administrator, so it isn't for me to decide on high level policy, only to implement it. But where I feel I can comment is on a technical level. Possibly the biggest threat the average user faces today is that of the 'trojan'. No, not the prophylactic device, but the type of insidious security threat that you invite into your virtual home, where it then uncloaks into something altogether nastier. Devising systems to combat the spread of trojans is something which I devote a lot of my spare time to. Linux users think they may be immune to trojans, but that isn't true. 95% of Linux users trust their binary package managers implicitly, yet this is where the biggest hole is. I propose a solution: Trusted apt-get.

    Trusted apt-get is a fully secured, digital rights managed version of the popular package management system for Debian. However, Trusted apt-get differs in many ways. In order to avoid the situation of people being tricked into installing trojan-containing .deb files, all Trusted apt-get packages come from secured, trusted servers. Many of these are hosted in former Russian military data centres, and are easily identified by their '.ru' domain names. This is a mark of trust. Secondly, the Trusted apt-get source code has undergone a line-by-line security audit by Theo from OpenBSD. A lot of people believe that Theo isn't all that keen on Linux, but it's mostly been due to the lack of security focus. Trusted apt-get changes that. The final component is a DRM layer in apt-get, which allows for trusted, copyrighted closed source packages to be easily installed on any Debian system. This DRM layer is implemented using standard UNIX crypt() calls, so it's really portable, yet really secure.

    We can all look forward to the day when downloading trusted, trojan free software is as simple as issuing a 'trusted-apt-get install gator' command (followed by a reboot. Rebooting flushes insecure code from the processor execution stack, and is the only NSA-approved way to install software safely on a UNIX/Linux system). I believe Trusted apt-get will be available as the standard package manager from Debian 4.0 onwards. Until then, apt-get play it safe.

  3. Relative security of Linux distributions by Debian+Troll's+Best · · Score: 4, Funny

    With so much of the web's infrastructure now running on Linux systems, the question needs to be asked: "How secure is the average Linux distribution". If Linux is to continue its drive into the data center, with solid distributions like Debian and Mandrake at the spearhead, is it time for the Linux kernel to undergo the same type of rigorous, line-by-line security audit that OpenBSD has been built around? What is the opinion of Slashdot users out there who have had to implement a 'front line' Linux box, exposed to the day to day attacks that are part and parcel of an Internet exposed server? Are you wanting more security, or is Linux solid enough? Is OpenBSD really necessary, or is it mostly just hype? And are our current packaging systems robust enough to prevent the kind of trojan episodes which seem to grip the Windows 2000 Server community on an almost weekly basis. Can apt-get take us up to 2010 in secure confidence? I'd love to hear your opinions.