Do you have a reference for the widespread copyright "infringement" in the US? I have heard the same comment from other sources, but have not found a good reference yet.
In 2015, we'll have Petabyte drives for $500. THAT is nuts.
No, the nuts part is the data we will be storing that requires petabytes! A terabyte is pretty easy to fill nowadays, e.g., photos, scans of books, online copies of (my) DVDs and CDs, but a petabyte requires a bit more imagination (with the exception of "record every aspect of my life").
Um, are you sure? First off, if the sign is at the exit only, then I very much doubt that it carries any weight whatsoever. Even if the sign is at the entrance to the store, I have not agreed in writing (nor even verbally). How on earth can they enforce that? Would they sue me if I left the store without allowing them to inspect my bags (I understand anyone can sue for anything at any time)? Could they restrain me without reasonable grounds for suspicion? If the guard at the exit is a off-duty police officer, do they have any more right to detain me if I refuse to let them inspect my bag as part of their normal routine (I am thinking of the "inspect every bag" routine, not the "that person was seen stuffing items into their bag" search)?
That was quite funny, and I see that you managed to fool somebody into giving you an "Insightful" mod.
Mods take note, the parent post is deliberately nonsensical. For example, "It's been shown that creating working kernel based on a register machine like most modern microprocessors is NP hard".
This could only be properly protected against by incorporating Address Space Layout Randomization into the protection scheme.
I don't believe that. Using a canary would stop the attack discussed in that post (which is an attack strategy that is already well known).
MS Visual C++ has offered the option of canary protection for some time (even if they did not use Cowan's name for it). I would have expected that SP2 involved recompiling most/all code with the check prior to a return with the option of hardware protection on platforms that support it. Can't say that I have bothered to investigate though.
Are you looking specifically for Kerberos on Windows, or Kerberos in general? If the former "Secure Networking with Windows 2000 and Trust Services" is surprisingly good. If the latter, get the Kerberos RFCs and read the MIT source code...sorry.
Wrong ! LDAP is a protocol used to access directories - Lightweight Directory Access Protocol. I believe it was base upon an ISO standard X.509 or some such thing.
To the AC: LDAP is derived from the X.500 directory work. X.509 is the authentication framework part of the X.500 work. X.509 includes a definition of public-key name certificates using the X.500 naming convention. If you want to find out more, search for the online book "Understanding X.500 - The Directory".
As to your reply to rmdyer, I think you might as well teach your grandmother to suck eggs.
That's mostly correct, but I disagree with your last statement.
The KDC is an attractive target because it has all of the secrets. Public key systems with a hiearchical PKI structure have a similar problem because the holder of the private key for the root certificate is also an attractive target---if an attacker gets that private key then they can issue new certificates for themselves. However, the Kerberos KDC is always online (hence vulnerable), whereas the private key for the root certificate might be used offline. There is still the hard problem of someone convincing the root authority to certify an untrustworthy public key, but at least it is difficult for attackers to reach the private key via a network attack.
One of the mildly alarming things about Kerberos is the use of service and host keys, stored on hosts other than the KDC. They are used to authenticate a server (maybe a telnet server) when a client connects. The Kerberos designers targeted environments where hosts are secure from physical attack. It is not clear that everyone deploying Kerberized services understands that. I am not criticizing the Kerberos designers or Kerberos itself, just suggesting that it is sometimes used in inappropriate circumstances. Not that there's much that you can do to authenticate machines/servers without physical security or tamper-resistant hardware that you consider trustworthy.
Of course I wasn't questioning the deployment of OpenSSH, Samba, or OpenLDAP! I use the first two every day. I meant deployed and using Kerberos. It wasn't clear from my post on its own, but I meant my comment in the context of the thread.
I know about those, but they are not exactly impressive or widely deployed (at least, that's my perception) in comparison to the other achievements of the open source community.
I agree that the way that MS changed Kerberos to add authorization information is intensely frustrating, but I think that adding authorization information is the right thing to do. Trouble is, it's a hard problem to come up with a reasonable authorization infrastructure. MS had one already. The rest of the world doesn't agree on one, so there isn't anything to drop in to Kerberos (they might agree if somebody developed one and gave it to them). Tunneling over SSL/SSH is far from a complete solution, because it leaves authorization up to the developer.
So do you handle authorization on a per-application basis, or is it workable to store authorization for all applications in Novell/OpenLDAP or some other centralized server?
I would be interested to hear your opinion on the use of Kerberos in a UNIX environment. Personally, I am impressed by the way that MS have integrated Kerberos and made it relatively easy for application developers to use. The picture seems weaker in a UNIX environment, because few applications take advantage of Kerberos authentication (so people do not use Kerberos, so there is no incentive to add Kerberos support to applications, and so on). It is unfortunate. My question is, do you do anything interesting with Kerberos?
And before a weenie jumps all over this post with "you can do this, and do that", yes, I know that Kerberos is sort of usable on UNIX. I am hoping that someone with a clue, such as the parent poster, will go into more detail about complex deployments with custom apps. To the parent poster: I have written Kerberized apps for both UNIX and Windows, used pam_krb, etc.
If you have a small trusted circle of friends, then it would be better to set up a PKI for those people. There's no need or benefit to creating a secret, unanalyzed crypto algorithm.
Yes. How do you know that peer 2 is not the ISPs filtering service?
Seriously, if you do not have some prior knowledge about the other trusted principals then you cannot avoid MITM attacks. You should think of PKI in these terms: it is an attempt to minimize the information that you have to distribute in a secure fashion to a small set of root public keys (at the cost of making those root public keys a more attractive target).
Slashdot Mirror
Do you have a reference for the widespread copyright "infringement" in the US? I have heard the same comment from other sources, but have not found a good reference yet.
No, the nuts part is the data we will be storing that requires petabytes! A terabyte is pretty easy to fill nowadays, e.g., photos, scans of books, online copies of (my) DVDs and CDs, but a petabyte requires a bit more imagination (with the exception of "record every aspect of my life").
How does the (Open)Solaris security model differ from that of a "standard" UNIX?
Um, are you sure? First off, if the sign is at the exit only, then I very much doubt that it carries any weight whatsoever. Even if the sign is at the entrance to the store, I have not agreed in writing (nor even verbally). How on earth can they enforce that? Would they sue me if I left the store without allowing them to inspect my bags (I understand anyone can sue for anything at any time)? Could they restrain me without reasonable grounds for suspicion? If the guard at the exit is a off-duty police officer, do they have any more right to detain me if I refuse to let them inspect my bag as part of their normal routine (I am thinking of the "inspect every bag" routine, not the "that person was seen stuffing items into their bag" search)?
From the story:
That's a misleading definition of the word "pedantry". Wordnet's definition is better:
:-)
*splutter*
You haven't really grasped this "principle of least privilege" thing, have you?
Remind me again: why does .NET exist?
Pocket PC.
No disagreement about the value of MFC, but I would say that X Toolkit is comparable rather than better...
That was quite funny, and I see that you managed to fool somebody into giving you an "Insightful" mod.
Mods take note, the parent post is deliberately nonsensical. For example, "It's been shown that creating working kernel based on a register machine like most modern microprocessors is NP hard".
From the linked blog post:
I don't believe that. Using a canary would stop the attack discussed in that post (which is an attack strategy that is already well known).
MS Visual C++ has offered the option of canary protection for some time (even if they did not use Cowan's name for it). I would have expected that SP2 involved recompiling most/all code with the check prior to a return with the option of hardware protection on platforms that support it. Can't say that I have bothered to investigate though.
In contrast to Slashdot story postings where there's often sufficient redundancy to allow for error correction.
Christ on a bike, this is the most insightful post in the whole discussion (although there are many good technical replies) and yet it is ignored!
You have set yourself a difficult task though, both technically and in terms of selling your solution to the rest of the world. Good luck!
Are you looking specifically for Kerberos on Windows, or Kerberos in general? If the former "Secure Networking with Windows 2000 and Trust Services" is surprisingly good. If the latter, get the Kerberos RFCs and read the MIT source code...sorry.
To the AC: LDAP is derived from the X.500 directory work. X.509 is the authentication framework part of the X.500 work. X.509 includes a definition of public-key name certificates using the X.500 naming convention. If you want to find out more, search for the online book "Understanding X.500 - The Directory".
As to your reply to rmdyer, I think you might as well teach your grandmother to suck eggs.
That's mostly correct, but I disagree with your last statement.
The KDC is an attractive target because it has all of the secrets. Public key systems with a hiearchical PKI structure have a similar problem because the holder of the private key for the root certificate is also an attractive target---if an attacker gets that private key then they can issue new certificates for themselves. However, the Kerberos KDC is always online (hence vulnerable), whereas the private key for the root certificate might be used offline. There is still the hard problem of someone convincing the root authority to certify an untrustworthy public key, but at least it is difficult for attackers to reach the private key via a network attack.
One of the mildly alarming things about Kerberos is the use of service and host keys, stored on hosts other than the KDC. They are used to authenticate a server (maybe a telnet server) when a client connects. The Kerberos designers targeted environments where hosts are secure from physical attack. It is not clear that everyone deploying Kerberized services understands that. I am not criticizing the Kerberos designers or Kerberos itself, just suggesting that it is sometimes used in inappropriate circumstances. Not that there's much that you can do to authenticate machines/servers without physical security or tamper-resistant hardware that you consider trustworthy.
Of course I wasn't questioning the deployment of OpenSSH, Samba, or OpenLDAP! I use the first two every day. I meant deployed and using Kerberos. It wasn't clear from my post on its own, but I meant my comment in the context of the thread.
I know about those, but they are not exactly impressive or widely deployed (at least, that's my perception) in comparison to the other achievements of the open source community.
I agree that the way that MS changed Kerberos to add authorization information is intensely frustrating, but I think that adding authorization information is the right thing to do. Trouble is, it's a hard problem to come up with a reasonable authorization infrastructure. MS had one already. The rest of the world doesn't agree on one, so there isn't anything to drop in to Kerberos (they might agree if somebody developed one and gave it to them). Tunneling over SSL/SSH is far from a complete solution, because it leaves authorization up to the developer.
Thanks.
So do you handle authorization on a per-application basis, or is it workable to store authorization for all applications in Novell/OpenLDAP or some other centralized server?
I would be interested to hear your opinion on the use of Kerberos in a UNIX environment. Personally, I am impressed by the way that MS have integrated Kerberos and made it relatively easy for application developers to use. The picture seems weaker in a UNIX environment, because few applications take advantage of Kerberos authentication (so people do not use Kerberos, so there is no incentive to add Kerberos support to applications, and so on). It is unfortunate. My question is, do you do anything interesting with Kerberos?
And before a weenie jumps all over this post with "you can do this, and do that", yes, I know that Kerberos is sort of usable on UNIX. I am hoping that someone with a clue, such as the parent poster, will go into more detail about complex deployments with custom apps. To the parent poster: I have written Kerberized apps for both UNIX and Windows, used pam_krb, etc.
If you have a small trusted circle of friends, then it would be better to set up a PKI for those people. There's no need or benefit to creating a secret, unanalyzed crypto algorithm.
Yes. How do you know that peer 2 is not the ISPs filtering service?
Seriously, if you do not have some prior knowledge about the other trusted principals then you cannot avoid MITM attacks. You should think of PKI in these terms: it is an attempt to minimize the information that you have to distribute in a secure fashion to a small set of root public keys (at the cost of making those root public keys a more attractive target).
That's the kind of thinking that gets products publicised on bugtraq!
Real men just use a hex editor on /proc/kcore to remove the process. :-)
BayTSP seem to get away with it.
Summary: here's documentation of my illegal access to a system, please prosecute me, thanks.