Slashdot Mirror
A Secure OS For the Dalai Lama?
Jamyang (Greg Walton) writes "I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here." (More below.)
Jamyang continues: "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot. People should choose a platform based on their productivity requirements instead of purely security. Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux. What do you think?
(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"
(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"
It is clear that if an entire community has a requirement for a certain font designing a new one is the most easy thing to do. Release it as free and you have a problem solved. Don't any Tibetan Typographers exist? So with a bit of Googling they do exist and can be found here: http://www.thdl.org/
Support Eachother, Copy Dutch Property!
First off, yes, that is a single sentence.
Secondly, exactly who is it who says (or can demonstrate) that cracking a Mac or Linux box is easier than a Windows box? My experience is exactly the opposite.
With purchase of Tibet of equal or lesser value.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
As opposed to the anti-exploitation frameworks which were present in UNIX systems from the moment they were conceived? and continually updated since? You've been listening to too much Microsoft advertising if you think they're Superior. (Competitive? Maybe. Superior? Not a chance).
The World Wide Web is dying. Soon, we shall have only the Internet.
Talk to the Bhutanese Govt. They're now using a Debian variant with localised scripts for Dzongha. Debian includes some Tibetan fonts.
That should give you 20,000 apps to leverage :) Christian Perrier who co-ordinates some of the Debian translation work may know more.
The only exploits they're going to discover are windows exploits. I hope you've made them well aware exploits exist for every platform, and if someone is directly targeting them rather than just being hit by run-of-the-mill worms, they're going to get in. You should focus your efforts on limiting the amount of damage someone can do once they do get in.
The mac doesn't have ASLR, so don't use that.
Linux has selinux, which is now (finally!) easy to use, and very strong.
No contest really.
If *I* was in charge of the DL's computer, I wouldn't put on *only* Linux or *only* Windows or what have you. I think the DL needs a multiboot machine, and would really appreciate it if you tried to make him one with everything.
Do daemons dream of electric sleep()?
http://paranoidlinux.org/ is a project to create a distribution which assumes the user is under assault from the government. Right now, it's a vaguely locked down version of Ubuntu, but someday this might be pretty cool.
In the meantime, just run NetBSD and full-disk encryption.
From wikipedia:
NetBSD provides various features in the security area. The Kernel Authorization framework (or Kauth) is a subsystem managing all authorization requests inside the kernel, and used as system-wide security policy. It allows external modules to plug-in the authorization process. NetBSD also incorporates exploit mitigation features, ASLR, MPROTECT and Segvguard from PaX project, and GCC Stack Smashing Protection (SSP, or also known as ProPolice) compiler extensions. The Verified Executables (or Veriexec) is an in-kernel file integrity subsystem in NetBSD. It allows the user to set the digital fingerprints (hashes) of files in the system to monitor by the Veriexec, and prevent the execution of them. For example, one can allow Perl to run only scripts that match the fingerprints. The cryptographic device driver (CGD) provides functionality which allows using the disks or partitions (including CDs and DVDs) for encrypted storage in NetBSD.
Not encryption or top secret stuff.
Any of the major linux distros should work fine., unicode tibetan is supported.
First of all, converting the Dalai Lama to Linux is about the coolest IT project I've ever heard of, so congratulations
That aside, there are practical considerations and there are philosophical ones you'll want to consider. Practically speaking, no platform is 100% secure. Linux has historically been more secure than Windows. MS has made a lot of progress in the last decade or so.
The question is, do you prefer the closed-source approach or the open-source one? Would you rather the problems be hidden away, or laid out for all to find? In the closed-source scenario, knowledge of exploits may be less common, but that cuts two ways. Less attackers will be aware of an exploit, but less defenders will be aware of it as well. That may well result in the exploits that do occur being much more severe.
Beyond those practical considerations, which approach fits better with the values of the Tibetan community and the Dalai Lama in particular? In my mind, open source is the embodiment of non-attachment.
Monkeytreats
...we got white Tibet, black Tibet, spanish Tibet, yellow Tibet, we got hot Tibet, cold Tibet, we got (snuuuf) smelly Tibet, hairy Tibet, bloody Tibet, we got snappin' Tibet. We even got horse Tibet, dog Tibet...CHICKEN Tibet, c'mon you want Tibet, ? C'mon in Tibet-lovers, if we don't got you don't want it....
If you quote this signature there'll be 72 copies of Windows ME waiting for you in Heaven.
I am Suleman , IT Manager of Zenith Bank, Lagos, Nigeria. I have urgent and very confidential business proposition for you. On June 6, 1997, a Foreign IT consultant/contractor with the Nigerian National IT Corporation, Mr. Barry Kelly made a numbered time (Fixed) request for twelve calendar months, for a secure OS. Upon maturity, I sent a routine notification to his forwarding address but got no reply. After a month, we sent a reminder and finally we discovered from his contract employers, the Nigerian National IT Corporation that Mr. Barry Kelly died from an automobile accident. On further investigation, I found out that he died without making a WILL, and all attempts to trace his next of kin was fruitless. I therefore made further investigation and discovered that Mr. Barry Kelly did not declare any kin or relations in all his official documents, including his Bank Deposit paperwork in my Bank. This sum of US$26,500,000.00 has carefully been moved out of my bank to a security company for safe-keeping. Consequently, my proposal is that I will like you as an Foreigner to stand in as the owner of the money I deposited it in a security company in two trunk boxes though the security company does not know the contents of the boxes as I tagged them to be photographic materials for export. This is simple. I will like you to provide immediately your full names and address so that the Attorney will prepare the necessary documents which will put you in place as the as the owner of the boxes. The money will be moved out for us to share in the ratio of 60% for me and 40% for you. There is no risk at all as all the paperworks for this transaction will be done by the Attorney and this will guarantees the successful execution of this transaction. If you are interested, please reply immediately via my email address.And also send your Telephone and fax numbers so that we can have a smooth communication. Upon your response, I shall then provide you with more details and relevant documents that will help you understand the transaction. Awaiting your urgent reply via my email. PLS REPLY TO MY PRAVATE BOX suleman775@mailsurf.com Thanks and regards. Dr.Suleman .
A Secure OS For the Dalai Lama?
I have absolutely no idea what Slashdot will say to a question like that.
It is not 'easier' to exploit Linux/UNIX than it is windows. If that were true you wouldn't see the number of exploits, and security advisories that you do every day. Just because the Microsoft CTO says it does not make it true.
Also the German government would be interested.
A very similar penetration was detected on IT infrastructure of several German govt. agencies no long ago.
Lots of internal information where uploaded to the internet before it was detected and stopped
An the trail seemed to lead... you know where.
This interview seems to indicate Linux is currently on an equal footing with OS X Leopard, though they could have got the Linux bit wrong.
In any case Snow Leopard is due this year which will also resolve that issue. And in either case it still does not really address the biggest issue which is trojan attacks, it mainly helps prevent web based attack vectors.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux." The vast majority of webserver hacks have nothing to do with the OS. The most common attacks are remote file include, cross site scripting, and sql injection, all of which are platform independent.
Apparently this Vista thing is the most secure os on the planet.
Mac OSX might be more secure than windows and may be easier for non technical people (if the TGIE is lacking expertise) to get up and running. Alternatively, use openBSD - quite hard to get fully functional, but the expertise to get it there means anyone who does should have requisite skills to keep the Tibetan Government safe from certain foreign governments. Also, you may find the openBSD people will gladly help with this poltical agenda. Z/
What other people think of me is none of my business
Boot always from an trusted, read only media, like CD/DVD or locked USB thumb drive.
Media should contain not only OS but applications in trusted configuration. No updates allowed from outside trusted entities
Use only boot media provided from trusted entity
Maybe use also something like tripwire to detect change in the OS/applications files checking changes by comparing sensitive file
Full encryption on sensitive data/drives
The obvious solution is Yellow Hat GNU/Linux.
Seriously, this is a great project. Surely the appropriate solution is a version of either GNU/Linux, such as SELinux, or OpenBSD. No system is entirely secure, but the idea that MS Windows could be as secure as GNU/Linux or BSD is wild.
If that happens, it will propel Linux onto hundreds of thousands of desktops world wide!
Judging from all the "Free Tibet" bumper stickers I see around here.
Oh, wait ... this is Mendoland, forget it.
If it don't GO... chrome it. ~ Frank Banks
Correct me if I'm wrong but I thought one of the major reasons Linux was more secure than Windows, was because the community worked together in a co-operative way. Their is a lot of good will in the community, writing a worm to hack into a Linux system is not top priority for a hacker, they'd much rather hack into a Windows system: they'd find that more rewarding.
But what if the all the resources of the Chinese government were put into writing worms to infiltrate Linux systems? I would think they would have some success certainly, but I would also anticipate that the Linux community would work together fairly effectively to combat the new challenge.
Conservation of angular momentum makes the world go round.
If it were up to me to decide, I would go for the broadest possible range of OSes: Windows, Mac, Linux, Unix, BSD, BeOS....
The reason is simple: if an outside attacker can't predict what they will meet, it's much harder to get in.
And if you can get the various OSes to masquerade as each other when replying to outside queries, so much the better: an attacker could be trying to use known Mac vulnerabilities to enter a machine that from the outside looks and behaves like a Mac, but actually runs Windows or Linux.
Call him Dalai Lama. What's with all these his holy, etc.? Do we call the pope his holy whatsit? Or the English Queen? Even The One is simply The One.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
I'm a little surprised to hear that there is no good Tibetan font. Here is a list of Unicode-encoded Tibetan fonts, mostly both free and libre. Do none of them meet the need?
It doesn't matter a huge amount what OS you install. You just need people to be educated. It doesn't matter how secure you are. If someone sends a e-mail saying "Click here to see topless..." Wait scratch that, hmmm Dalai Lama... "Click here to become one with the universe.exe" then you are screwed. Don't waste your time teaching people Linux or some other OS (feel free to switch for other reasons). Instead teach them self-restraint and discipline.... Which you think they would have. That and get a couple semi-decent admins to keep your servers updated/clean.
Why would it be more difficult to "write" (aka implement) exploits for one operating system than another? You should be worried about how hard it is to find exploits and how quickly they're fixed.
Assuming for the moment all you care about is the actual security of your software (excluding implementation details, mis-configurations, etc), the real metric you want to be looking at is the frequency of discovery of serious vulnerabilities and the span of time from first (non-public) discovery (which may not be knowable) and the appearance of a patch you could use. Looking merely at "remote root exploits / year" and "mean time to patch remote root exploit" might not be a bad place to start.
Also, you need to think about the actual design of the operating systems in question. Without tipping my hand too much, some might say that the Unix user/superuser distinction is something Microsoft could learn from.
That being said, though, I'll tell you my opinions.
Netbsd has one of the best track records in the industry with regards to server security. The security of *nix, in general, scales directly with the intelligence of the people managing it. You can get decently far with Windows and just doing things 'by the book,' but it's got all the typical problems of monoculture and a well-deserved poor reputation.
A group of very intelligent, very technical network admins are nearly unstoppable given linux and sufficient control. A group of very intelligent people can probably make do with Windows too. Windows configured by average people may in some cases be better than Linux configured by average people.
In any event, just from reading your question, I doubt you are technical enough to undertake this at a nuts-and-bolts level. You kind of came here asking "Is Linux or Windows more secure?" You bet your ass I have an opinion on the matter, but the problem is, so does everyone else. You need to find highly intelligent people, and then use your common sense and analytical thinking to weigh their arguments. In short, stop thinking as if the answer to your question would provide security; find smart people experienced in securing things and then evaluate the tools (operating systems) as they relate to your immediate ends.
Upgrade to Vista, install the latest updates, leave auto-updates on, enable DEP for all processes adding exceptions to the DEP exception list if necessary (i.e. app crashes occur) - use IE8, lock down the internet zone so that all active-x and .net stuff is disabled, add trusted sites to the trusted sites zone that need those things, enable IE 'protected mode' for all zones, run users as standard users.
Use strong passwords, teach users basic computer security, including no clicking on email links, no downloading anything from the web. Tell them to trust no one (and no web page,) make sure they understand that they are under siege from one of the most powerful governments on the planet, and so on. Give users 'tests' on this stuff, to make sure they understand it.
There may also be security apps for windows that do more than signature scanning, something that cryptographically signs files and checks signatures, and alerts users/admins to any new processes that auto-start. Or perhaps writing/contracting one might be something you may want to look into.
That's enough to get started, but the key thing is update to Vista, it has so many security features added that it's very hard to break into relative to most other feasible OSes.
"...I think the Microsoft hatred is a disease." - Linus Torvalds
Assuming that Linux is chosen, it might be extremely good publicity (especially that "free and open" sounds vaguely Buddhist anyways.
On the other hand, I can't think of a better way for Chinese hackers to start searching for holes in desktop Linux than this.
After all, this is the worst possible article in which to lose karma.
Red Flag Linux ? ;)
"However, one of the more controversial moves being actively debated"
Settle this controversy: is it more important that mindless boobies have convenient access to system resources, or is it more important to be secure?
That settled, there is little controversy left. Maybe some squabbling over WHICH VERSION of Linux you should migrate to, that would be about it.
Assuming that Tibetans are literate, there should be little difficulty in customising your own fonts, and other requirements.
So, get cracking, customise Linux to your needs, and quit whining about Bill Gates inbuilt insecurities. If Tibetans aren't capable and literate enough, they can always borrow from http://redflag-linux.com.cn/en/index.php
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
And each one with its own set of vulnerabilities.
cpghost at Cordula's Web.
wow, "convene an international Board of Advisers", that is some proactive thinking. Are you sure you don't want to form a comitee to consider this first? maybe draft some resolutions? that sounds like such decisive action!
--
Stay tuned for some shock and awe coming right up after this messages!
Now let me do a bit of that myself too, since I think that it's unjust that each time the Dalai Lama is mentioned, people think he's all for justice.
For a bit more balance in the whole story, have a look at this video.
Anyone willing to debunk this, you're welcome; As I still have quite a quarrel with each time the Dalai Lama gets mentioned as some sort of Saint.
(This does not reflect my opinion on the whole Tibet/China debacle; I think that's as bad as it is)
When you shoot a mime, do you use a silencer?
The problem here is probably one of process and not operating system.
One of the ways that I manage my systems is to create a zone where hackers may go, and not go.
For example, I use a good firewall. That firewalls is allowed to communicate to another firewall. Between the two firewalls is my take down zone. This means if they happen to break through the firewall all they will get are servers that can be taken down anyways.
These take down servers are virtual machine based. So if a machine goes down, who shives a ghit because you just shut down the VM, copy the old one and restart it.
The second firewall is a non entry firewall. That means there is absolutely no way at all to get through it from the outside. Only those behind the second firewall may communicate outside. And if I need to communicate to a trusted source outside the first firewall I setup a VPN server between the two firewalls. If somebody manages to hack that VPN server, you just take it down, setup new keys, restart and away you go.
By not allowing any communication into the second firewall you stop outside hackers. Then to allow communications from the inside to the outside you setup proxy servers that are trusted to communicate to the outside. Only those proxy servers may communicate with the outside world. Without those proxy servers the inside users are cut off, but you have created a wall where you can control the entries and exits.
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
To bad MS has figured out how to implement it consistently. ASLR in Linux is a novelty and usually not the default. Just like selinux is a joke. It's high maintenance and just having it installed doesn't protect anything unless you carefully and manually tweak it. Ever look and see what it actually protects when you enable it on RHEL? Damn near nothing. A carefully setup system with a proper selinux config might be good for a secure, single purpose internet facing server but it usually ends up getting disabled on a desktop computer.
China has some of the best hackers - just ask our on Military how good they are. Given China's political dislike of Tibet, they'll just divert some of their guys to focus on whatever boutique OS Tibet decides to convert to. In the meantime Tibet will struggle with the usual pains of changing and learning a operating system.
My vote is to simply educate their users and make sure they understand safe practices and keep their OSs up to date. Poor practices and unpatches systems matter far more than what OS you use.
Or they could just approach MS. MS would gladly provide support for the bragging rights that the DA is using their OS.
it's like the soul of Debian, but reincarnated in a new body.
well hidden flamebait :rofl:
anything opensource should be fine...
whether linux bsd or whatever...
His Holiness merely needs to look inside his heart, and ask himself; "What is the sound of one server booting?" and then he will know the answer to which platform he should choose. Personally, I think he should go with Amiga. After all, Guru Meditation is what the Lama is all about.
... and then they built the supercollider.
Exactly. AndyCater must not have much system security experience. People hate to admit it, but aside from users clicking on malicious software while being administrator, windows is pretty solid in the security front.
Hardly any exploits at all.
Oh you wanted a USABLE OS? Well you'll need to tell me what it's going to be used for.
These posts express my own personal views, not those of my employer
This entire article smells like flamebait to me. I'm going to sit back and watch it burn.
Power does not corrupt - power attracts the corrupt.
In fact it's probably much less secure than windows, since it doesn't deploy counter-measure such as non-exec stacks, address randomization and the like.
Wrong. Mac OS X has supported non-executable stacks on PowerPC and Intel; in fact, it can't be turned off like it can on Windows. ASLR is also supported as of Mac OS X 10.5. Other security features include signed applications and downloads, as well as sandboxing of core system services (and you can sandbox your own applications, too).
Regardless, most of the exploits made on Mac OS X have been through the Flash plugin. Whichever operating system you choose, you may want to disable Flash.
int main( int argc, char **argv )
{
printf( "Hello, Dalai!\n" );
return 0;
}
Anybody want a peanut?
Well, most such emails either have no body, or a body that's very obviously not from the person who sent it -- for example, "check this out" or "I love you", etc...
Contrast to something informative, actually identifying what the attachment is, and probably discussing it.
Don't thank God, thank a doctor!
I keep squinting at the comments waiting for someone to mention the biggest hole in every OS: the end user. The chinese aren't getting most of their information from their 1337 haxxor skilz, they're getting it from loaded e-mails, moles, "free" thumb drives, interesting Word documents and pdfs. The user, say, the Dalai Lama's Advisor on Climate Change, gets a message from a likely-sounding source titled "Climate Change in Tibet: 2012", he's going to open it. Now he's owned. Linux deals with that better than Windows does, but it still doesn't solve the problem of the clueless user, or worse, the clueless admin. And there are legions of both.
Just look at one of the BSD's they have a track record for being secure and no messy cert issues like debian had. Also you might want to consider that the OS isnt the only attack vector.
Preferably something that runs under Xen?
Surprised it doesn't seem to have been recommended yet. This OS is developed with security as a guiding design principle and offers binary emulation compatibility with Linux.
Ken Thompson is no idiot.
Ehud
The first thing you need to determine is just how secure you want your Linux to be, how much control you want, and how much expertise you can muster to implement those security policies. If you want total control and have a staff with high technical expertise, then you may want to go with Linux From Scratch. You'll have total control (and total responsibility) for everything, but it's going to require a lot of work.
On the other end is (K)ubuntu, PCLinuxOS, Mandriva, and other easy to use Linux distributions. Setup and maintenance are very easy, but they are managed outside of your direct control. You can always boot from read-only media or run the system (slowly) from CD or DVD, though. Outside of creating your own operating system and applications, though, you're probably going to have to compromise on total control. In that case, any of these distributions are more or less on equal security footing; all of them are good choices.
How paranoid you are will go a long way towards deciding which distribution you want to use.
Not to mention OpenBSD has been auditing their code file-by-file since 1996. They also employ the following technologies:
strlcpy() and strlcat()
Memory protection purify
Privilege separation
Privilege revocation
Chroot jailing
New uids
ProPolice
And since OpenBSD is based in Canada you get all the cryptography you would ever desire.
Perhaps the issue shouldn't primarily be which OS to use. What if its assumed that the data will be obtained. What if its obtained and it does no good to the reader, even if its encrypted? Perhaps you guys need to hire a Navajo?
Have you fscked your local propeller head today?
yum install tibetan-machine-uni-fonts
Of course you may hate YUM but the package is available for other distros as well. Even if you are using Windows (download the font from the url: http://www.thlib.org/tools/#wiki=/access/wiki/site/26a34146-33a6-48ce-001e-f16ce7908a6a/tibetan%20machine%20uni.html)
Colorless green Cthulhu waits dreaming furiously.
The only truly secure computer is one that has been powered off, disconnected from any and all networks, encased in a 1 inch thick lead box, then buried under 25 feet of concrete inside a guarded military compound.
The opinions in this post are ficticious. Any similarity to actual opinions, real or imagined, is purely coincidental.
Buddhabuntu perhaps?
Not the entire US Govt - just the state department. It was a political pissing contest over which contract was used and that Congressman Wolf didn't get a kickback if the contract went through Lenovo who was doing business out of New York. If Chinese made computers or Chinese controlled companies were the issue, they wouldn't have bought any computers. There are no computers made solely with US parts on US soil.
Computers aren't that big of a deal. You inspect for physical anomalies, wipe the HD and install the OS. You never use the default factory install as its untrustworthy. Same reason you wipe thumb drives on a standalone computer before issuing to your users.
Now if you want to talk about untrustworthy sources - there are legitimate reasons for the US govt to avoid Kasperasky A/V as the company is owned by an ex-KGB type and has connections to russian hackers.
I'm afraid even Linux is popular enough that "open source" exploits exist. I'd suggest a good, modern, and transparent firewalling solution with a more obscure (but secure) OS like VMS.
It would give the enemy a LOT more work to do to develop custom exploits, which they probably won't be able to get through (with enough vigilance -- something like paper & printer logs and trained admins to look through them)
ASLR in Linux is a novelty and usually not the default. Just like selinux is a joke.
Yes, and there's a reason for that: the Linux community apparently doesn't want them and doesn't find them useful. If enough people wanted them, they'd be on by default in the major distributions.
To bad MS has figured out how to implement it consistently.
Yes, and that pretty much tells you what's wrong with Microsoft: it's a bunch of managers deciding top down what security mechanisms Windows should use, and then they direct their masses of programmers to implement that "consistently", and finally it gets shipped with the next major release, whether users want it or not.
The trouble with the Microsoft approach is that nobody in the world is smart enough to design security correctly in such a top-down way. Based on a bunch of papers half a dozen years ago, Microsoft may have jumped onto the ASLR bandwagon, but that doesn't make it a good security solution.
And this top-down, planned approach is the reason Microsoft keeps screwing up and why they need to spend so much money developing software that other people develop with a fraction of the investment. It sounds good on paper, and control-freaks love it, but it simply isn't a good way of creating a complex software system.
Finally a reference to the bsds. I thought of openbsd when I saw this story.
Remind me again please which OS the botnet runs on? Thank you.
MS embeds all kinds of code from third parties. Drivers, libraries etc etc. It has been shown time and time again that there are huge security holes in MS code, holes that are actively exploited. It ain't for nothing that when the NSA wanted to make a proof of concept secure OS they choose linux.
You got a point, how can you trust any OS if you have not checked the code. Where you take a dive of the deep end is that you then suggest that MS can be trusted to check the code for you. Not trusting say Red Hat blindly that they checked all the code is sensible, trusting Microsoft that they checked all theirs is just plain silly. If they had, they wouldn't have so many bugs. And your fate in your goverment is bordering on the insane.
Anyway, that same goverment checks linux code. So either both are to be trusted or neither is.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Graphite is an open-source technology, designed for the specific purpose of non-Roman fonts with complex behaviors like contextual shaping, etc.
Unfortunately, the default font rendering toolkit in Linux, Pango is not a smart-font technology.
However, the pango-graphite library supports the smartfont technology if fonts are authored with the appropriate tables.
I think that people need to share their experiences with designing smart fonts. This way, more projects know what are their options.
As is true with any widely used OS.
do you have some sort of point?
The Kruger Dunning explains most post on
Unplug the network cable. Done.
If His Holiness doesn't mind waiting until the summer, Mac OS X 10.6 ("Snow Leopard") is rumored to include a full implementation of ASLR. I can't find any other details beyond that, so we'll have to wait and see what that means.
Does it include Enlightenment?
... you need to choose a competent admin. Remember, security is a process, not a product ...
gd
It's not about the OS. I've had Windows servers remain safe for years, and Linux servers be subverted in days.
Security is an eco-system, not an OS, for example:
- granting and removing access rights, in a very conservative and up-to-date manner
- keeping an audit trail of every access
- locking confidential info so it never gets onto a laptop's HD
- having backups
- securing every cog and wheel of the system: client PCs, routers, servers, backups, admin stations...
- locking down the weakest point: users (weak passwords, copied files, printouts, espionage...)
- and many more issues.
In the big picture, the OS is fairly irrelevant. It's only a very small part of the whole system. The whole "we need to be safe - let's switch to Linux" is wrong and shows a tremendous lack of understanding of the issues.
The Cloud - because you don't care if your apps and data are up in the air.
1. Seek Dalai's help and convert Steve Jobs.
2. Get free Macs for all.
3. Problem solved.
What!! You want to make Profit here as well?
Eclipse PDE and Me
Hello, China? I think I have something you may want, but it's gonna cost you...that's right -- all the tea.
Geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone.-rms
and avoid Microsoft as it is an American corporation with deep connections to the American Government... who would love to have a backdoor into computers used by other governments... and the means to remotely force "upgrades" onto those machines...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
I prefer Windows CEMENT - the name alone says 'security'.
Power does not corrupt - power attracts the corrupt.
Hey, Apple borrows the Dalai Lama's picture for their "Think Different" advertising poster campaign a few years ago. Surely they can become unattached to their possessions enough to donate a bunch of Macs...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Oh, come on, somebody had to post something like that one....
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Does it include Enlightenment?
Enlightenment is not in the distribution; Enlightenment is in everything.
(If only I could apt-get install enlightenment in my brain...)
What I would try and convince the people of who you are working with is that security is a continuum running from almost totally secure to almost completely insecure (to the extent that there is such a thing), so in reality pretty much no OS will be completely secure. What is interesting, I think, is that usability is inversely related to security. If you imagine that an OS which wouldn't allow you to write to the disk and wouldn't allow you on the internet you can imagine that when security is that high you'll get almost no usability.
with that in mind I would advocate trading a lot of usability for security - you could have an encrypted disk and run a terminal with something like nano and lynx installed - this would be pretty damn secure especially if you were running it on fairly secure hardware (did Intel ever fix the security issue that theo de raat was talking about in the Core 2s?) with something like OpenBSD as the core. This, I think would allow you (after some modifications) to allow pretty robust security. A downside though is that I'm pretty sure you might be compelled to run in English as I'm not sure how good the language support is for this sort of thing (with no GUI I can't imagine it would be great). Even so, I think if your data security is important (and lets face it, in this situation it probably is) then the trade-off might be worth while.
Of course, perhaps the more gaping hole in security is the user themselves, who could always reveal all the information they had to anyone... XKCD said it better - http://xkcd.com/538/
*''I can't believe it's not a hyperlink.''
See http://cyberwarfaremag.wordpress.com/2008/11/19/integrity-os-to-be-released-commercially/ or http://www.ghs.com/security/security_home.html
To quote Green Hills Software's web site:
INTEGRITY has been deployed for 10 years in systems that require absolute security and total reliability:
- Flying the Boeing B1-B intercontinental nuclear bomber, the Boeing 787 Dreamliner, Lockheed Martin's F-16, F-22 & F-35, and dozens of other aircraft
- Securing military computers, networks, routers, cell phones, and radios
- Widespread adoption in medical, industrial, and networking products
- Running a multitude of consumer products from printers to kitchen ovens
INTEGRITY can secure virtually any computer or computer controlled device from attack, even systems running operating systems such as Windows, Linux, Mac OS, Solaris, Palm OS, Symbian, or VxWorks, whether it is in a PC, server, networking equipment, embedded system, smart phone, or critical infrastructure. INTEGRITY has more than a decade of fielded deployment in the following industries:
Medical
Industrial
Avionics & Aerospace
Automotive
Financial
Consumer
Government
Defense
I found this place by wondering what was the most secure OS out there and did any OS get a TCSEC A1 security level rating? NT was built for a C2 level.
Not generic 'I love you' viruses.
We can expect the attacker to tailor the message to the Tibetan gov't. In fact, such an example was given in an article I read about this, the subject said, it was something like "Preliminary report on UN summit on Tibet sovereignty."
That's why those advices are completely bogus, if not downright dangerous.
Red Flag Linux
GENERATION 25: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
If it absolutely has to be incorruptable, use a read-only medium.. Installing a permanent trojan is going to be a tad difficult if you can only write to memory..
Insert
Conficker, Storm Worm, Bifrost + WMF Exploit, ILOVEYOU (Ok, the last one with a high User vulnerability rating)...
Nuf said.
A move to Linux would make sense, given that the attacks have predominantly used Windows attack vectors. Linux is also sufficiently main-stream to support the various hardware used by various tibetan exiles. After all, they don't need the custom ultra-secure NSA-style box, but a functioning as-normal-as-possible desktop.
But since we all agree that there is no 100% security, the laudable efforts need to be conducted in layers.
First I would put stringent security-policies that need to be followed as well as physical access protections. A guest account with low privileges would go far in the usual more than one person using one computer scenario.
Second, since the attacks mostly used e-mail and perhaps browser vulnerabilities, those applications need to be sandbox'ed somehow. Perhaps SELinux can help there if properly implemented (meaning protection out-of-the-box without getting too much in the way...don't expect monks to re-write any rules) or virtualization.
All systems should have cron-jobs updating/running stuff like RKHunter, chkrootkit (is this still developed, btw.?), Anti-Virus programs (yes, even on Linux!) etc. and the output sent to a technically capable person in the event of them finding something unusual. Ditto for Integrity checking. This alone shows the need for educated SysAdmin's that can handle this stuff, interpret it properly and take action where needed. Hence training willing Tibetans should be a major point. Perhaps various companies and individuals can chip in and sponsor such efforts. Without such people administering various machines, any attempt to make them secure will necessarily fail.
You do realize that Windows can get a virus on it before it has even finished installing, right?
Karma Whoring for Fun and Profit.
If you want security, be minimalistic w.r.t. the number of programs that you install.
Considering the OS, OpenBSD is probably one of the most secure OSes today, but still: as soon as you start installing 3rd party apps, you open yourself up to an increasing number of vulnerabilities.
Regarding the Dalai Lama: the less software they install (on an otherwise secure OS), the less they open up to foreign attacks. It's as simple as that.
cpghost at Cordula's Web.
The one-l lama,
He's a priest.
The two-l llama,
He's a beast.
And I will bet a silk pajama
There isn't any Three-l lllama.
Where the defenses are strongest, the suffering is greatest.
Let's consider that proverb in a slightly different light. Let's say we've identified some OS as the most hacker-proof operating system in the world. You are free to imagine this is whatever you like: Windows, MaxOS, FreeBSD, or some Linux variant.
Now consider that "hacker proof" is a relative term. We cannot cling to an OS brand and expect it to protect us from all harm. In fact, strengthening our defenses by using that OS makes us more vulnerable than we ever were before. Yes, it's harder to break than any other OS, but not impossible, and now the reward for an attacker is very much greater. It is conceivable that an attacker could use this lack of diversity to digitally silence all Tibetans at some critical point in the future.
I would, instead, mandate diversity. Embrace open standards, insist on compliant implementations, and forgo non-standard extensions unless there is a clear duty to do otherwise. This is much easier than it was a few years ago. Don't standardize on OpenOffice, standardize on OpenDocument format. Don't use ActiceDirectory, use Kerberos or some LDAP based scheme. Then encourage the adoption of more than one implementation. Promote the projects that are useful, using the great moral authority of HHTDL to bring the same software freedoms to others that the Tibetans will enjoy.
The main point is not to become attached to a platform, much less a brand or vendor. Make the rewards of an attacker as small as possible by spreading your eggs across multiple baskets. Also, be as open with information as possible; the fewer secrets, the smaller the rewards of cracking the safe.
Ultimately, you should be attached only to standards. This is different than being attached to a "de facto standard" implementation, because a good, non-proprietary standard is easier to let go of.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Out of interest: did any anti-virus/anti-spyware programs detect this stuff?
Woosh, yourself.
Read the entire quote again:
His point is basically that if he moves to Windows, it's going to confuse the "hackers" temporarily, but without Microsoft security features (I think he's referring to UAC here...I've never heard of something called DAP (except "Download Accelerator Plus") but I'll take your word for it) the "hackers" will get their data eventually.
You seem, like the author, to be of the mistaken impression that security is a battle between exploitative programs that "hackers" write and the security software that Microsoft writes, which does not resemble reality. Security is merely the absence of unauthorized behavior in people (social engineering) and computers (bugs or shortsighted code).
Once a valid exploit is discovered, the implementation, OS security measures and so forth are all just details. Saying you have discovered an exploit but you can't implement it or write it or it's getting blocked is like saying you've discovered a great way to trash a Linux box and all you need is ssh access and sudo.
when he doesn't seem to understand the very basics of security?
On the desktop, Windows owns the majority of the market. Most Windows machines are very poorly configured and most are either protected by software that the user has no idea how to configure, or not protected at all.
On web servers, Linux owns the majority of the market. Most machines are hastilly configured and tossed up onto racks. Most users of these machines are programmers who have little to no real security training.
In both instances, this is kinda like hiding a gun in a paper bag in a toy box at a nursery school, and then screaming about how bad guns are when a kid finds it and manages to shoot someone.
If the Dalai Lama is so important, then perhaps he should hire a leading (and by leading, I mean someone who actually performs this task at a high level, not an internet blogophile "expert") IT security expert to configure his systems. There are steps they can take to protect his data.
This is a solved problem in computer science, circa December 1985 (;-))
That's when the "orange book" came out, defining a range of trusted computer systems for the U.S. Department of Defense, rated rather like students:
The part of the B2 standard you care about is called "mandatory access control" (MAC), which says that even if you want to email a secret to your partner the spy, it won't work. To make MAC work, you have levels, like public, restricted, confidential and secret, and categories like administration, infrastructure, trade, international relations and religion. You investigate people and then assign them to the appropriate "compartment", such as public & trade, or secret & international relations. The computer's security kernel keeps the international secrets from flowing electronically to the public trade person. It doesn't keep the international relations person from whispering the secrets into the trade person's ear, but it stops them from doing so inside the computer or it's network.
Where do you get a trusted OS? From any US computer company, specifically including Red Hat. I used to use Trusted Solaris, snidely known as "the word processor for Generals" to protect my customers from each other, even if some of their data and staff lived on the same machine.
Some of the other features of trusted OSs also mitigate typical Windows or Unix attacks, such as privilege escalation by subverting root. You can still subvert root, but you'll find yourself running at system-low, below the level that can get at any secure data (;-))
It's not trivial: you need to train security admins as well as sysadmins, but it's a good first step.
Note that most commercial folks will tell you you don't need B2. That's because all they knows is C or "common criteria", and C just isn't good enough.
--dave
davecb@spamcop.net
It's a really nice, free font. For Tibetans who prefer a more traditional-looking font, I would suggest that the Tibetan government should contact Xenotype. They have a fantastic dbu-med and dbu-chen font that's very traditional looking.
The big question is, does the Linux opentype implementation actually support the fonts. If not, it's just a matter of fixing that, which, while nontrivial, is certainly something that a good programmer could do.
unlike the ones that run on Windows, which have no vulnerabilityes?
It's not nice to split the exiles from the rest.
Quietly invent a nice system, sneak it into Tibet (if not invented there), convince a pro-Chinese Tibetian politician to advocate it, and then the Dalai Lama can announce that he reluctantly accepts the idea and wishes to avoid needless incompatibility.
And yet, with all these applications that are "exploitable" .. where are the exploits ?? .. Heck Linux ought to be a dream for hackers since there are not all these firewall and anitvirus apps to deal with.. and yet, where is the evidence of that ? ... Another statment that could be true, is that Windows could be made unexploiable.. but like the statement you made, the facts and evidence don't support it.
waiting for ad.doubleclick.net
Assuming you are using standard X86/AMD64 hardware, you have the following options:
1) Windows XP/Vista/7
2) Mac OSX
3) Security Enhanced Gnu/Linux (Many versions are available)
4) Open Solaris
5) Open BSD/Free BSD/Net BSD
There are other options of course, but these are the best choices in my opinion, due to having the best hardware support (note that OSX runs well only on hardware manufactured by Apple). In detail my comments are:
1) Windows XP/Vista/7 - probably the worst choice. Microsoft has shown an inability to issue timely security patchs. I cannot recommend this product to anyone.
2) Mac OSX - with minor modifications it is fairly secure (but the Safari web browser should be replaced with Firefox, Opera, or some other browser). Apple has shown some problems with patching, so it may not be safe enough.
3) SE Linux - many versions are available. Linux has the best hardware support of the available operating systems. It is completely customizable as source code is is freely available. Good solid choice. Patches are available quickly, and if you have the in house programming talent you can patch it yourself.
4) Open Solaris - several versions available. Good, solid OS. It is completely customizable as source code is is freely available. Good solid choice. Patches are available quickly, and if you have the in house programming talent you can patch it yourself.
5) Open BSD/Free BSD/Net BSD - the Open BSD version was written specifically as a secure OS, and this is probably your best choice. It is completely customizable as source code is is freely available. Patches available quickly, and if you have the in house programming talent you can patch it yourself.
I would strongly recommend OPEN BSD. If you contact the Open BSD community, I suspect that they would be more than happy to assist you.
On a personal note, I run Linux and OSX myself, but I don't have your security requirements!
Why do you assume I'm comparing Unix with Windows? I'm not (being a Unix hacker for over 20 years). Personally, I wouldn't touch Windows with a 10 ft pole, but that's totally beside the point. Just have a look at bugtraq: there are HUGE number of vulnerabilities in 3rd party software, and if the DL's staff wants to keep intruders out, they'd be better advised to be minimalistic: install a secure OS (like, say, OpenBSD, SE-Linux, etc...), and only the smallest possible set of 3rd party programs. And then, monitor all those full disclosure lists, and update frequently. Oh, and steer clear of binary blobs of unknown security record (like closed-source GPU device drivers, proprietary Flash viewers etc).
cpghost at Cordula's Web.
Another OS holy war.
This is a terrible non-sequitur. Microsoft has made enormous gains in recent years, but only because they were so far behind to start with. It's like saying "Person A ran the 10th mile of the Boston marathon 2 minutes faster then Person B". It's problematic for two reasons. First, it doesn't actually tell you who was ahead at the end of mile 10 unless you knew where the runners were at the beginning of mile 10. Second, it doesn't tell you anything about where the runners will be relative to each other after mile 15.
People should choose a platform based on all of their requirements. Often compromises do need to be made, because there is never a system that does exactly what you need. It's important to be able to identify which needs you are willing to compromise on, and which you are not. If your users can accomplish their work at all, that is a problem. If their work becomes a little more difficult because of the extra security measures, you have to decide whether that's an acceptable trade off, and at one point the line should be drawn.
Have you determined how the machines were compromised? Generally speaking, Linux web servers are most likely to be compromised through attacks on third party software such as phpBB. If you switch to Windows and keep using the same third party software, you haven't really improved your situation. This, by the way, is where people often get into trouble when assessing requirements. Many people will say "I need an OS that will allow me to run software X", rather than saying "I need a platform that will allow me to perform task Y". By improperly assessing their requirements in the first place, they limit their options in the long run, and in the worst case, they may have restricted themselves to a platform with inherent flaws.
If you're really looking for the most secure software, look around and see what other people who demand security are using. The NSA uses and has contributed heavily to SELinux. I believe that OpenBSD has similar high profile users/contributers although I don't remember any off the top of my head.
Above all, though, it's important to remember that security is a process. Any system can be made secure with enough work. Any secure system will not remain so without continued work. And finally, the most difficult part is also the most important: The user is almost always the weakest link.
If I don't put anything here, will anyone recognize me anymore?