Slashdot Mirror


A Secure OS For the Dalai Lama?

Jamyang (Greg Walton) writes "I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here." (More below.) Jamyang continues: "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot. People should choose a platform based on their productivity requirements instead of purely security. Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux. What do you think?

(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"

27 of 470 comments (clear)

  1. Huh? by khasim · · Score: 4, Insightful

    "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot."

    First off, yes, that is a single sentence.

    Secondly, exactly who is it who says (or can demonstrate) that cracking a Mac or Linux box is easier than a Windows box? My experience is exactly the opposite.

    1. Re:Huh? by cjfs · · Score: 4, Insightful

      Secondly, exactly who is it who says (or can demonstrate) that cracking a Mac or Linux box is easier than a Windows box? My experience is exactly the opposite.

      The language is vague enough to be pointless. Does he mean when run by the user as root? Does he mean remote exploit vs something in the full install of ___ distro? Does he mean windows makes you click yes more times to run it?

      Now half the comments will be off-topic due to that sentence.

    2. Re:Huh? by maz2331 · · Score: 5, Insightful

      Especially if the sysadmins take an active role in:

      A. Customizing and minimizing the installed packages.
      B. Configuring a very restrictive set of firewall rules.
      C. Configuring a very tight SELinux policy.

      The key to Linux is to not think of it as on Operating System so much as an "OS Toolbox" that lets you build just what is needed.

    3. Re:Huh? by dangitman · · Score: 5, Insightful

      Your windows install has at least been verified by a known party.

      Yes, a known incompetent party, which has very little concern for security or the vetting of source code, but has rather different interests foremost.

      --
      ... and then they built the supercollider.
    4. Re:Huh? by J+Story · · Score: 5, Insightful

      There are thousands of attack vectors into linux, far more than there are into any windows software.

      How do you know this? A claim this large needs to be supported by something more than mere assertion.

    5. Re:Huh? by gmuslera · · Score: 3, Insightful

      Not sure on what are you on, but must be strong. You seriously suggest Microsoft, the I-included-government-backdoor-in-every-windows Microsoft, the one that will do almost anything to enter into the chinese market, to provide the "secure" OS to the Dalai Lama?

      I almost can hear a child saying "but... the emperor is naked!". The track of successful attacks on the windows platform, even to secure savvy people, is too long. And some of those attacks were discovered long after the fact just because tiny discrepancies.

      No, not sure if there are "formal" auditing into code that goes into kernel or major pieces of the puzzle that is open source, but from there to say that noone checks another's work at all goes a bit of distance. And there is some strenght into the "puzzle" part.

      Yes, could be an infiltration in open source software if you take an army of skilled programmers for that task, that could eventually could be busted or not (the many eyes theory is not a guarantee, but is a posibility that exist).

      But what if a closed source company wants to put something intended in their OS? Remember how easy was to the security experts to decipher what Conficker will do? And that wasnt even from the maker of the OS.

      My recommendation would be something open source, not so edgy, that passed the test of time, but secure and functional.

    6. Re:Huh? by putaro · · Score: 4, Insightful

      I don't need to because there are hundreds of code reviews ongoing on the Linux kernel code all the time.

      The key word here is Open Source. There are enough paranoids out there using the Linux kernel that I'm sure just about everything gets plenty of scrutiny. If you are a party with something to worry about, like the Tibetan Gov't in Exile you could get a few people together to vet the code that goes into your own build and monitor the patches that go in. That is something you cannot do with Windows or any other closed source product (that include Mac OS X, really, as what comes from Apple has a bunch of closed source extensions). Doing your own security review would be difficult but it is possible.

      If I had to bet my life on something it sure wouldn't be Windows.

    7. Re:Huh? by Anonymous Coward · · Score: 5, Insightful

      There are thousands of attack vectors into linux, far more than there are into any windows software.

      How much source code have you verified on your linux install ? Your windows install has at least been verified by a known party. Anyone wanting to get into your system will have to get past microsoft first.

      Microsoft verify its software so well that it doesn't even know what it's privileged services do. They had to create an "archaeological" team to discover how their CIFS redirector works, just to be able to write the documentation the EU antitrust mandated them to write as a remedy.

      It is well known that they historically never created. much less used extensive test suites.
      Proof is the number of regressions you can see in their server software from one release to the other. Their testing method has always just been to run a battery of clients with Office and other "important" application to make sure they did not "break".

      Now in theory getting into a linux system would require getting past redhat or canonical.

      In practice, as several breaches have demonstrated, compromising ANY widely used project (who accept volunteers as full comitting members merely for showing a bit of ability) would be sufficient.

      And yet there is no evidence that any reasonably popular Linux distribution is compromised.

      It's easy to fantasize on what could happen, but empirical evidence shows this is mere speculation.

      How many chinese spies are working on the linux kernel. Improving it, yes, but also ...

      And how many have been working for Microsoft, with the added "benefit" that nobody can review the code outside of said organization? (which as mentioned above has already demonstrated it doesn't know its own code?)

      Do you dare to bet your life on the answer being zero ?

      As much as I can bet my life on any other hw/sw system.

      A full linux install being trustworthy is dependant on tens of thousands of coders all being trustworthy (since in practice, nobody checks one another's work, and no "real" security audits are being conducted. Checking personnel is considered heresy, refusing code based on lack of credentials is something that cannot ever be mentioned).

      Man so much FUD in a single sentence is staggering.

      1) any major (and certainly any security sensitive project) is checked. Every single checking is normally reviewed by at least another developer. This is true both for the kernel and many other projects. So the idea that nobody checks one another work is total bullshit.

      2) not only code is checked by automatic checkers for defects, a lot of cryptographic and security software is routinely certified (FIPS and others) and reviewed both internally and by external organizations.

      3) There is no need to refuse code on the basis of lack of credentials, because the code is *reviewed* first. So if you do something that is not simply stupid but that is malicious you can bet none of your code will never be reviewed again, much less committed.

      4) Obviously you have never developed any major FOSS software ...

      You want to be secure against chinese interference ? Go to microsoft or ibm. Not because they do not have chinese spies in their organisations, but because they most likely do not have 1000 chinese spies in them.

      1,10,100,1000, does it make any difference?
      What you need is 1, and only 1.

      Also, those spies have to get past at least a single code review (one hopes) before compromising all customer's security.

      Ya, rly ?

      Sorry to break the news to you : open source software, in it's current form, cannot defend against a concerted attack by any large groups of individuals. It can't be done. It doesn't have to be the chinese. It's a matter of time before isla

    8. Re:Huh? by SanityInAnarchy · · Score: 3, Insightful

      Can you say the same for linux kernel contributors ?

      It doesn't matter where an idea came from -- that's why Ad Hominim is a fallacy.

      It matters whether it's valid.

      So yes, I can say the same for the part that matters:

      I'm sure that were one to dig deep enough, you'd find that the xp kernel (like some central parts of the linux kernel) has been vetted by NSA experts.

      There you have it -- some central parts of the Linux kernel have been vetted by NSA experts.

      --
      Don't thank God, thank a doctor!
    9. Re:Huh? by exponential · · Score: 5, Insightful

      Oh that wonderful little drama again.

      Had you followed that event a bit more closely, you would have known that little snippet of code had zero (yes, none, zilch) possibility of getting into Linus' branch, where all the public releases are made. In fact judging from your post I'd say you have no idea of what really happened at all.

      Do you seriously think they only introduced one problematic piece of code ?

      No. I think it's one less than that. It might surprise you, but unlike some proprietary software, the big oss projects aren't big piles of mysterious crap, the developers really do understand their code.

      News of successful incursions will, for obvious reasons, not be released until untold damage is done

      With countless diligent people like you keeping a watchful eye, I'm sure any news of successful incursions into free/open source software will be promptly released when it happens. Or perhaps even earlier than that!

    10. Re:Huh? by Bill,+Shooter+of+Bul · · Score: 3, Insightful

      Why are you trusting Massachusetts,or the US Government? I'm not sure I understand why. Especially, Massachusetts seems weird. Do they have some elite code review department I am unaware of?

      --
      Well.. maybe. Or Maybe not. But Definitely not sort of.
  2. First thoughts by FooAtWFU · · Score: 4, Insightful

    it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot.

    As opposed to the anti-exploitation frameworks which were present in UNIX systems from the moment they were conceived? and continually updated since? You've been listening to too much Microsoft advertising if you think they're Superior. (Competitive? Maybe. Superior? Not a chance).

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
  3. Practical considerations and philosophical ones by funkapus · · Score: 5, Insightful

    First of all, converting the Dalai Lama to Linux is about the coolest IT project I've ever heard of, so congratulations

    That aside, there are practical considerations and there are philosophical ones you'll want to consider. Practically speaking, no platform is 100% secure. Linux has historically been more secure than Windows. MS has made a lot of progress in the last decade or so.

    The question is, do you prefer the closed-source approach or the open-source one? Would you rather the problems be hidden away, or laid out for all to find? In the closed-source scenario, knowledge of exploits may be less common, but that cuts two ways. Less attackers will be aware of an exploit, but less defenders will be aware of it as well. That may well result in the exploits that do occur being much more severe.

    Beyond those practical considerations, which approach fits better with the values of the Tibetan community and the Dalai Lama in particular? In my mind, open source is the embodiment of non-attachment.

  4. Bias by Tubal-Cain · · Score: 4, Insightful

    A Secure OS For the Dalai Lama?

    I have absolutely no idea what Slashdot will say to a question like that.

  5. Re:If the only thing they run is windows... by edsousa · · Score: 5, Insightful
    I would focus on teaching them security practices:
    • do not open attachments you don't know
    • don't store your confidential data on your laptop
    • keep and check if auto-updates are working
    • report any suspect of breach to IT

    Most of all, make sure that anyone that uses a computer is aware of the risks. Even more sure with higher clearance levels.

  6. Re:A secure OS for the office of HH the Dalai Lama by cpghost · · Score: 3, Insightful

    That should give you 20,000 apps to leverage

    And each one with its own set of vulnerabilities.

    --
    cpghost at Cordula's Web.
  7. Re:Lack of font? Design your own! by belmolis · · Score: 3, Insightful

    Actually, designing a Tibetan font is rather difficult. Tibetan letters combine in complicated ways (somewhat like Devanagari, but worse), meaning that it is either necessary to produce very sophisticated rendering software/info or necessary to create a large number of pre-combined glyphs.

  8. Re:Lack of font? Design your own! by erroneus · · Score: 3, Insightful

    And failing the thousands of monks having nothing better to do than to spend hours with FontForge, they could just import (read: infringe upon copyright) the fonts they like under Windows and place them into Linux.

    The original notions put forward do mirror my initial concerns when moving from Windows to Linux. Among those concerns were a good Japanese language interface and input method, good fonts and printer support. The first two were addressed with some heavy pushing in that direction with SCIM and whatever it was that came before it... then it became as good or better than Windows. The other was just opening up some man pages or simply giving it a try... turned out not to be difficult in the slightest.

    Moving to a different operating system is a seemingly daunting task to those who have never done it before and they are required, then, to think of computing in terms of what you need to do and how you might accomplish it... not something most people are accustomed to thinking about. (The same can be said about moving from Word Perfect to Microsoft Word and it was a BIG deal!)

    Moving away from Windows is simply necessary judging by the kinds of attacks described. Another option might be Deep Freeze... has that been defeated yet?

    One thing is for certain: one should not be stopped from performing a necessary task merely because it is "difficult." Just do it. If it seems impossible, give it a try anyway. But moving the religious leader and all his followers to Linux is definitely a workable thing to do.

  9. I smell bacon! by Dreadneck · · Score: 3, Insightful

    This entire article smells like flamebait to me. I'm going to sit back and watch it burn.

    --
    Power does not corrupt - power attracts the corrupt.
  10. Re:Lack of font? Design your own! by Kaboom13 · · Score: 4, Insightful

    I know purists will hate this, but another solution would be to create a standardized way to display tibetan without the letter combination. Just like japanese has a more or less standardized process for displaying japanese words in the roman alphabet, a way to do something simliar in Tibetan would be useful. Spending a ton of time modifying all western software to use advanced typography to display Tibetan "correctly" could well backfire. The end result would be the effort required would result in few programs being translated at all, and another language becoming the defacto standard for computer savvy Tibetans. That road leads to youth with minimal skills in their own cultural language.

  11. Re:It is about the process.... by Creepy+Crawler · · Score: 3, Insightful

    ---One of the ways that I manage my systems is to create a zone where hackers may go, and not go.

    The only way to guarantee that is by an air gap. If data can travel in both directions, it can gone to.

    ---For example, I use a good firewall. That firewalls is allowed to communicate to another firewall. Between the two firewalls is my take down zone. This means if they happen to break through the firewall all they will get are servers that can be taken down anyways.

    ---These take down servers are virtual machine based. So if a machine goes down, who shives a ghit because you just shut down the VM, copy the old one and restart it.

    Lets assume what you say is correct. First, what protections do you have vs the hypervisor running the VMs? How do you prevent starvation of resources by de-fragmenting ill formed packets? If you don't "correct broken packets", then what prevents a fragrouter-like attack right through your network?

    As per your answer of shutting down and reloading, that is not an answer to bad rules that can almost never work, for they will persist until you fix them. Then, when you bring them up, they will be hopped over again.

    (trimmed gobbledegook about unhackable firewalls)

    You can think that you have an unhackable setup. Fine. Perhaps you will investigate what I said, and might take action to test what I claim. But aside that you are probably just as vulnerable as the rest. All that has to really be done is your border router feed bad updates to machines requesting OS updates. Of course, crypto signatures will catch that they don't sign, but that's where we use old packages with known vulnerabilities. I'm sure in your course of duty you don't check the package date, nor do most update programs. Or, perhaps somethings watching for passwords on your external firewall. There's a nice tool called dsniff that does just that.

    In the real world, if you want an unhackable network, you build the network with no external connections. It's as simple as that. The military understands that. Power companies understand that. Industrial control designers understand that. If you want to have a facade that you somehow can super-firewall so that no hacker can get in, so be it. Whatever you put on the internet can potentially end up everywhere. Just look at Wolverine Workprint or multitudes of sex tapes or other media. I'm sure there's some Presidential Helicopter schematics going around in Islamic areas right now, according to my sources.

    --
  12. Re:Lack of font? Design your own! by Microlith · · Score: 3, Insightful

    Just like japanese has a more or less standardized process for displaying japanese words in the roman alphabet

    Mashing everything into the roman alphabet isn't necessarily the best thing. The Japanese don't use romaji at all in any real contexts. So it's a more complex script? Make sure Unicode supports it. Update the rendering engines to handle it. No sense in forcing people to give up part of their language just to use software.

    another language becoming the defacto standard for computer savvy Tibetans

    In case you hadn't noticed, English was already the worldwide de-facto standard for computing. It isn't computing professionals these programs are localized (properly) for in most cases. Also, changing your society to match the capabilities of some software is -always- the wrong way.

  13. My god, you drunk deep from the koolaid by SmallFurryCreature · · Score: 4, Insightful

    Remind me again please which OS the botnet runs on? Thank you.

    MS embeds all kinds of code from third parties. Drivers, libraries etc etc. It has been shown time and time again that there are huge security holes in MS code, holes that are actively exploited. It ain't for nothing that when the NSA wanted to make a proof of concept secure OS they choose linux.

    You got a point, how can you trust any OS if you have not checked the code. Where you take a dive of the deep end is that you then suggest that MS can be trusted to check the code for you. Not trusting say Red Hat blindly that they checked all the code is sensible, trusting Microsoft that they checked all theirs is just plain silly. If they had, they wouldn't have so many bugs. And your fate in your goverment is bordering on the insane.

    Anyway, that same goverment checks linux code. So either both are to be trusted or neither is.

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

  14. Rather than choosing a secure OS ... by gd · · Score: 5, Insightful

    ... you need to choose a competent admin. Remember, security is a process, not a product ...

    --
    gd
  15. Re:Oh, so you're playing Devil's Advocate? by likecheese · · Score: 3, Insightful

    when the Chinese invaded. He has consistently supported democracy, equality, and human rights.

    The Dalai Lama may "consistently" espouse such views in public, but his behavior outside the (western) public eye tells a different story. Even for Tibetans now residing on free soil in places such as the US, UK, Germany, and Switzerland, he behaves as a dictator-for-life and demands that they follow his decrees in order to receive travel papers, work permits, food and living allowances, etc. His regime unapologetically practices religious apartheid. Unbelievable? Check out the information and first-hand accounts provided by http://www.westernshugdansociety.org/ and make up your own mind.

  16. You're utterly missing the point. by obarthelemy · · Score: 4, Insightful

    It's not about the OS. I've had Windows servers remain safe for years, and Linux servers be subverted in days.

    Security is an eco-system, not an OS, for example:
    - granting and removing access rights, in a very conservative and up-to-date manner
    - keeping an audit trail of every access
    - locking confidential info so it never gets onto a laptop's HD
    - having backups
    - securing every cog and wheel of the system: client PCs, routers, servers, backups, admin stations...
    - locking down the weakest point: users (weak passwords, copied files, printouts, espionage...)
    - and many more issues.

    In the big picture, the OS is fairly irrelevant. It's only a very small part of the whole system. The whole "we need to be safe - let's switch to Linux" is wrong and shows a tremendous lack of understanding of the issues.

    --
    The Cloud - because you don't care if your apps and data are up in the air.
  17. Re:Lack of font? Design your own! by speedtux · · Score: 3, Insightful

    Combining letters aren't an intrinsic necessity in any language, they are an affectation and a mechanism for keeping people illiterate. European languages used to have them and got rid of them because the only purpose they serve is to restrict access to reading and writing.

    Tibetan can be written just fine in an alphabetic style. It would be prudent for the Dalai Lama to make that the standard for the Tibetan community.