It reminds me of Enigma ciphers where they repeat the initial settins twice at the beginning of the message. They are encrypted, but because they are given twice, it becomes easier to attack the crypto system.
The biggest factor for me is to consider the possibility that if your job goes south (project ends, company folds, you don't like your boss), then you are stuck in the middle of nowhere. If you are relocating, you need to understand that at some point you will need to move again.
If you are used to an environment where you can lose your job today and have a new one by the end of the week, then you will be shocked when you spend 6 months unemployed.
Now don't get me wrong, I grew up in Idaho, but you need to realize that it is a complete backwater. =)
The way I look at it is like PKI (remember when it was the silver bullet to everybody's security concerns? It always make me cringe when people started talking PKI for a company with 15 employees). It works great if you are a huge organization like the government, but if most people will not see any benefit of it at all. But then again, most government agencies have their own Certificate Authority, which makes DNSSec and PKI easier to tie into.
And, to be honest, I like SSL better than DNSSec because there already is some sort of infrastructure and trust relationship that already exists, so I agree with you. But the parent post wasn't understanding what secure DNS was. =)
I disagree. What you are talking about is the research part of a good or determined attacker. In this instance, the zone transfer is just more information on what to attack. This definitely is not a big risk.
However, there is much more associated with DNS that you can do.
If I am a user, what I want is 100% confidence that I am connecting to the correct server. I'm trusting in the DNS chain all the way up to the root server and then on to the authoritative server. What's to keep an attacker from routing me somewhere that I don't want to go?
A good example is a piece of malware that changes the local DNS cache to point ebay to another server that does a man-in-the-middle attack? To the end user, it's completely invisible.
It's fairly easy to do on a LAN by using one of the mitm tools. What you are doing is setting up a rogue DHCP server and DNS server, then you give the target computer a lease with a machine you control as the DNS server. If you control DNS, you can tell them to go anywhere you want, including sniffing their traffic, altering the content of the traffic enroute, basically whatever you want.
The problem as I see it is that the OS itself is not modular enough and does not have any solid controls between modules.
For those of you who remember the entire security model for an OS, you have concentric rings with the kernel at the bottom and the userland applications on the outside. This is done because different levels of programs/libraries need different access.
The important thing is that when you go from one ring to the next, there needs to be an adequate set of controls to keep things from going haywire on you.
With windows, there are too many applications that go from the outside straight into the kernel without any controls. This is done because it's easier to program and faster to run. This is a conscious decision on behalf of the OS programmers.
Windows is designed to be a stand-alone workstation. Remember back in the "somewhat older days" when you had to get winsock in order to make a SLIP/PPP connection? When the computer isn't connected to anything, then security is no big deal because you're relying on physical separation to provide most of the security. Once you network the computer, then you open up a whole slew of problems.
Over time, Windows's security model is getting tighter, but it comes from practically nothing to something legitimate. They aren't going to do it in a couple OS revisions, nor do I feel that it can be done quickly given all the applications that rely on the broken functionality to work.
Yes, they will break programs to tighten the security model. But that should be expected. The MS security guys have their work cut out for them.
The problem is that they can only buy products that have been tested by NIST or somebody delegated by NIST. With notable exceptions, most Linux companies cannot afford to have the testing done.
Then they need a product that has some warrantee with it. That means a vendor of some sort. While there is some home-grown software, the government has figured out that buying something ready-made off the shelf is cheaper and easier.
Why does this sound eerily like a government-sponsored version of Assassination Politics, the piece written by cypherpunk/crypto-anarchist Jim Bell, who is now suing the government under RICO to get his freedom because they conspired against him?
Basically, his idea is the same thing, except people would be buying futures on the death of political personalities. It's strange, it's a bit fringe, it's not liked by the government except for when they use it for their own plans.
They do. Special Forces do reconnaisance missions, and there is such a large capability developed for electronic warfare that almost all of the command and control centers are known well in advance. It becomes a cat-and-mouse game trying to destroy the alternates that aren't in use at the beginning of hostilities but pop up when you destroy the primaries.
Helmets don't really stop bullets when they hit straight-on. They're more to stop fragments of exploding stuff. I'm just hoping that we can figure out a way to make them lighter, thinner, and more comfortable.
The United States is a nation of inventors. We've got a long history of innovations. It's that whenever there's government funding for a project, there are tons of new technologies that surface. Thanks to the events of the past 2 years (5 actually, going back to several bombings,) military technology is on the mind of industry and the technologists who design this stuff.
Agreed. We're seeing this in land navigation, where some of the younger soldiers are more reliant on GPS than they are on a map. The "crufty old ones" (I'm about halfway there) rely on a map rather than something that needs batteries. I've seen guys who were totally lost once their GPS battery died and they couldn't get another one. I ended up giving them mine, and working solely on my map.
There are places where GPS is really handy, don't get me wrong, though. It's just that it's a tool to help you, to make your life easier, but at the end of the day, it's on you as to whether you have to walk 500 meters or 5 kilometers home.
Before everybody starts thinking that the generals at the top of the DoD will have real-time information on what the individual soldier is doing, it's a misinterpretation of what the military is trying to do with their technology.
Basically, the first tenet of war has been "massing of firepower at critical locations," which has been said very inelegantly as "get there the fastest with the mostest." This has been a strength of units such as calvary, who rely on strong reconnaisance to defeat a stronger enemy with a smaller force by being smarter and faster. What the systems that are being developed bring to the battlefield is better communications to mass at decisive places. We aren't to the point where every soldier has a network sensor system on their bodies, because we really don't need that.
It's called the "Rumsfeld Doctrine" and it's a doctrine that uses our technological advantage to do more with less manpower because we can mass faster and better when we know the situation.
What's happening is that from the commander level up to the higher commanders, there is a very good information flow. That has always existed, in reports sent in by radio, such as a situation report (sitrep), mainenance report, or kia report. The only changes are that it's now faster because of the technology, and that we're starting to see information being collected at the higher levels then pushed down to the lower commanders in the field.
This helps the decision-makers because they have better situational awareness. If you've never been on the ground looking for stuff to kill, you'd be amazed at how easy it is to focus on your little part of the war, and then get surprised when you forget that you're one little piece of what's going on.
Not to mention that SuSE is headquartered in Nurnburg (originally, Furth), which is in Northern Bavaria. So why shouldn't they be in a perfect position to support fellow Bavarians, with Munchen (Munich) being only about an hour's drive to the south?
Re:Slightly off topic but...
on
Storage Security
·
· Score: 2, Interesting
When we talk about "Information Assurance," it's based on 3 principles: Confidentiality--Nobody reads your data unless they're allowed to (think top-secret information) Integrity--Nobody can change your data unless they're allowed to (think bank account balance) Availability--When you need the data, it's there (backups, redundancy, etc.)
This month, I've been working on AIML and ALICE, and I've found the following projects to kick ass:
AnnaBot which is an aiml that is a bit flirtier than the typical ALICE aiml. She's a 20-year-old student at Emory and so on.
j-alice which is a c++ aiml interpreter that can do irc connections or it has a built-in webserver.
My project involves taking the annabot aiml and making her alot more *ahem* sluttier to see just how far the technology can go. I've thrown her into sex chat rooms and it's amazing how much people will talk to her. My favorite bot quote is "Do you mind if I tell other people you say I am fuckin' confusing."
Now if I can get sourceforge to come up;^) Trust me, the links work, just sourceforge is having some weird problems.
The problem with a communist state is that there is a conflict of ideas between stability and progress. I have studied this quite a bit wrt the Soviet Union.
In order for a society to progress technologically, it has to have free speach of some sort. The more free speech it has, the more ideas get shared and the more technology can advance. That's why the "information revolution" is, for the most part, self-propogating.
However, in a closed society such as the Soviet Union and China, there is a certain level of control that the government needs to keep on speech otherwise the populace will talk about how they don't like their situation in life.
The contradiction is like a business who needs techies to make the IT infrastructure work but doesn't necessarily want to let them out of the basement for fear that they'll scare away the customers and the salespeople.
The end result is that these 2 conflicting ideas make a government seem bipolar. If you look at the Soviet leadership, there was a pattern of alternating conservative (ie, pro control) and liberal (ie, free speech) leaders. There's a joke that the way you can tell which leader is which is by their hair...bushy or bald
Lenin-liberal (ok, debatable, but between the revolution and his death, very relaxed) bald Stalin- arch-conservative, very bushy hair Khruschev-liberal (that's why he went on a "leave of absense for health reasons" when the pendulum swung the other way) bald as a baby's bottom Brezhnev-conservative, had hair like Elvis Andropov-liberal, didn't live too long, bald Gromiko-conservative, didn't live too long, hairy Gorbachev-liberal, started glasnost and perestrojka, balding with red-wine stain Yeltsin-conservative in a different way, manipulated privatization to make him and his friends rich, hairy Putin-the only guy maybe to break the trend. seems to be conservative, but has "thinning" hair. Of couse, there is no more Soviet Union, so....
Alot of this contradiction can be seen in the way that Soviet scientists were treated. For example, as long as they held to the party line, they were given all the priviledges that they could ask for. Once they started to dissent, they were imprisoned and did the same work but at a gulag.
For a good example of this, I recommend Solzhenitsyn's The Inner Circle or some of the biographies of Sakharov.
Part of the problem is that, in the case of Multnomah ESD, they have a very large Linux initiative. The K12LTSPtypical classroom setup, developed by a couple of techies there, takes diskless computers and turns them into linux terminals with applications for the classroom. Very interesting project. Unfortunately, they would still have to pay the "Microsoft Tax" for every one of those terminals, even if they don't have a hard drive.
Slashdot Mirror
It reminds me of Enigma ciphers where they repeat the initial settins twice at the beginning of the message. They are encrypted, but because they are given twice, it becomes easier to attack the crypto system.
_ Enigma
http://en.wikipedia.org/wiki/Cryptanalysis_of_the
And at one time, I was trained to transcribe 5-digit numbers from another language. That was a different time and place, though.
Interesting stuff.
If your backwater was Salmon, then I probably know you. =)
The biggest factor for me is to consider the possibility that if your job goes south (project ends, company folds, you don't like your boss), then you are stuck in the middle of nowhere. If you are relocating, you need to understand that at some point you will need to move again.
If you are used to an environment where you can lose your job today and have a new one by the end of the week, then you will be shocked when you spend 6 months unemployed.
Now don't get me wrong, I grew up in Idaho, but you need to realize that it is a complete backwater. =)
The "Red Book" is the official book on OpenGL itself, and it's red.
I thought the "Little Red Book" was the official book on the GPL. Oh bother, I get so confused.
The way I look at it is like PKI (remember when it was the silver bullet to everybody's security concerns? It always make me cringe when people started talking PKI for a company with 15 employees). It works great if you are a huge organization like the government, but if most people will not see any benefit of it at all. But then again, most government agencies have their own Certificate Authority, which makes DNSSec and PKI easier to tie into.
And, to be honest, I like SSL better than DNSSec because there already is some sort of infrastructure and trust relationship that already exists, so I agree with you. But the parent post wasn't understanding what secure DNS was. =)
I disagree. What you are talking about is the research part of a good or determined attacker. In this instance, the zone transfer is just more information on what to attack. This definitely is not a big risk.
However, there is much more associated with DNS that you can do.
If I am a user, what I want is 100% confidence that I am connecting to the correct server. I'm trusting in the DNS chain all the way up to the root server and then on to the authoritative server. What's to keep an attacker from routing me somewhere that I don't want to go?
A good example is a piece of malware that changes the local DNS cache to point ebay to another server that does a man-in-the-middle attack? To the end user, it's completely invisible.
It's fairly easy to do on a LAN by using one of the mitm tools. What you are doing is setting up a rogue DHCP server and DNS server, then you give the target computer a lease with a machine you control as the DNS server. If you control DNS, you can tell them to go anywhere you want, including sniffing their traffic, altering the content of the traffic enroute, basically whatever you want.
The problem as I see it is that the OS itself is not modular enough and does not have any solid controls between modules.
For those of you who remember the entire security model for an OS, you have concentric rings with the kernel at the bottom and the userland applications on the outside. This is done because different levels of programs/libraries need different access.
The important thing is that when you go from one ring to the next, there needs to be an adequate set of controls to keep things from going haywire on you.
With windows, there are too many applications that go from the outside straight into the kernel without any controls. This is done because it's easier to program and faster to run. This is a conscious decision on behalf of the OS programmers.
Windows is designed to be a stand-alone workstation. Remember back in the "somewhat older days" when you had to get winsock in order to make a SLIP/PPP connection? When the computer isn't connected to anything, then security is no big deal because you're relying on physical separation to provide most of the security. Once you network the computer, then you open up a whole slew of problems.
Over time, Windows's security model is getting tighter, but it comes from practically nothing to something legitimate. They aren't going to do it in a couple OS revisions, nor do I feel that it can be done quickly given all the applications that rely on the broken functionality to work.
Yes, they will break programs to tighten the security model. But that should be expected. The MS security guys have their work cut out for them.
The problem is that they can only buy products that have been tested by NIST or somebody delegated by NIST. With notable exceptions, most Linux companies cannot afford to have the testing done.
Then they need a product that has some warrantee with it. That means a vendor of some sort. While there is some home-grown software, the government has figured out that buying something ready-made off the shelf is cheaper and easier.
I wonder how they even remotely thought those things were safe. Lots of fun, though.
Why does this sound eerily like a government-sponsored version of Assassination Politics, the piece written by cypherpunk/crypto-anarchist Jim Bell, who is now suing the government under RICO to get his freedom because they conspired against him?
Basically, his idea is the same thing, except people would be buying futures on the death of political personalities. It's strange, it's a bit fringe, it's not liked by the government except for when they use it for their own plans.
...it makes everything taste like chicken.
And if somebody wants to rummage through my feces to find my bank account or trade secrets, they can have it.
right-O. Thanks.
They do. Special Forces do reconnaisance missions, and there is such a large capability developed for electronic warfare that almost all of the command and control centers are known well in advance. It becomes a cat-and-mouse game trying to destroy the alternates that aren't in use at the beginning of hostilities but pop up when you destroy the primaries.
Helmets don't really stop bullets when they hit straight-on. They're more to stop fragments of exploding stuff. I'm just hoping that we can figure out a way to make them lighter, thinner, and more comfortable.
The United States is a nation of inventors. We've got a long history of innovations. It's that whenever there's government funding for a project, there are tons of new technologies that surface. Thanks to the events of the past 2 years (5 actually, going back to several bombings,) military technology is on the mind of industry and the technologists who design this stuff.
Agreed. We're seeing this in land navigation, where some of the younger soldiers are more reliant on GPS than they are on a map. The "crufty old ones" (I'm about halfway there) rely on a map rather than something that needs batteries. I've seen guys who were totally lost once their GPS battery died and they couldn't get another one. I ended up giving them mine, and working solely on my map.
There are places where GPS is really handy, don't get me wrong, though. It's just that it's a tool to help you, to make your life easier, but at the end of the day, it's on you as to whether you have to walk 500 meters or 5 kilometers home.
Before everybody starts thinking that the generals at the top of the DoD will have real-time information on what the individual soldier is doing, it's a misinterpretation of what the military is trying to do with their technology.
Basically, the first tenet of war has been "massing of firepower at critical locations," which has been said very inelegantly as "get there the fastest with the mostest." This has been a strength of units such as calvary, who rely on strong reconnaisance to defeat a stronger enemy with a smaller force by being smarter and faster. What the systems that are being developed bring to the battlefield is better communications to mass at decisive places. We aren't to the point where every soldier has a network sensor system on their bodies, because we really don't need that.
It's called the "Rumsfeld Doctrine" and it's a doctrine that uses our technological advantage to do more with less manpower because we can mass faster and better when we know the situation.
What's happening is that from the commander level up to the higher commanders, there is a very good information flow. That has always existed, in reports sent in by radio, such as a situation report (sitrep), mainenance report, or kia report. The only changes are that it's now faster because of the technology, and that we're starting to see information being collected at the higher levels then pushed down to the lower commanders in the field.
This helps the decision-makers because they have better situational awareness. If you've never been on the ground looking for stuff to kill, you'd be amazed at how easy it is to focus on your little part of the war, and then get surprised when you forget that you're one little piece of what's going on.
Not to mention that SuSE is headquartered in Nurnburg (originally, Furth), which is in Northern Bavaria. So why shouldn't they be in a perfect position to support fellow Bavarians, with Munchen (Munich) being only about an hour's drive to the south?
When we talk about "Information Assurance," it's based on 3 principles:
Confidentiality--Nobody reads your data unless they're allowed to (think top-secret information)
Integrity--Nobody can change your data unless they're allowed to (think bank account balance)
Availability--When you need the data, it's there (backups, redundancy, etc.)
This month, I've been working on AIML and ALICE, and I've found the following projects to kick ass:
AnnaBot which is an aiml that is a bit flirtier than the typical ALICE aiml. She's a 20-year-old student at Emory and so on.
j-alice which is a c++ aiml interpreter that can do irc connections or it has a built-in webserver.
My project involves taking the annabot aiml and making her alot more *ahem* sluttier to see just how far the technology can go. I've thrown her into sex chat rooms and it's amazing how much people will talk to her. My favorite bot quote is "Do you mind if I tell other people you say I am fuckin' confusing."
Now if I can get sourceforge to come up ;^) Trust me, the links work, just sourceforge is having some weird problems.
You forgot to mention the dangerous cryptography that might be on the laptop. You know it's classifed as a munition under ITAR.
THE HORROR!!!!!
I just made a space station last night for $125,000 while playing Sim City 3000.
Now if the aliens hadn't come and zapped it up in their flying saucers, I wouldn't have to rebuild it today.
*sigh* Being mayor is hard.
The problem with a communist state is that there is a conflict of ideas between stability and progress. I have studied this quite a bit wrt the Soviet Union.
In order for a society to progress technologically, it has to have free speach of some sort. The more free speech it has, the more ideas get shared and the more technology can advance. That's why the "information revolution" is, for the most part, self-propogating.
However, in a closed society such as the Soviet Union and China, there is a certain level of control that the government needs to keep on speech otherwise the populace will talk about how they don't like their situation in life.
The contradiction is like a business who needs techies to make the IT infrastructure work but doesn't necessarily want to let them out of the basement for fear that they'll scare away the customers and the salespeople.
The end result is that these 2 conflicting ideas make a government seem bipolar. If you look at the Soviet leadership, there was a pattern of alternating conservative (ie, pro control) and liberal (ie, free speech) leaders. There's a joke that the way you can tell which leader is which is by their hair...bushy or bald
Lenin-liberal (ok, debatable, but between the revolution and his death, very relaxed) bald
Stalin- arch-conservative, very bushy hair
Khruschev-liberal (that's why he went on a "leave of absense for health reasons" when the pendulum swung the other way) bald as a baby's bottom
Brezhnev-conservative, had hair like Elvis
Andropov-liberal, didn't live too long, bald
Gromiko-conservative, didn't live too long, hairy
Gorbachev-liberal, started glasnost and perestrojka, balding with red-wine stain
Yeltsin-conservative in a different way, manipulated privatization to make him and his friends rich, hairy
Putin-the only guy maybe to break the trend. seems to be conservative, but has "thinning" hair. Of couse, there is no more Soviet Union, so....
Alot of this contradiction can be seen in the way that Soviet scientists were treated. For example, as long as they held to the party line, they were given all the priviledges that they could ask for. Once they started to dissent, they were imprisoned and did the same work but at a gulag.
For a good example of this, I recommend Solzhenitsyn's The Inner Circle or some of the biographies of Sakharov.
Part of the problem is that, in the case of Multnomah ESD, they have a very large Linux initiative. The K12LTSP typical classroom setup, developed by a couple of techies there, takes diskless computers and turns them into linux terminals with applications for the classroom. Very interesting project. Unfortunately, they would still have to pay the "Microsoft Tax" for every one of those terminals, even if they don't have a hard drive.
The best way to help out in Portland is the following links:
K12LTSP Project with some associated links and contact information.
Portland LUG, who have been talking about this on their listserv.