I wish someone would produce a live-CD (like Knoppix) oriented for that "average user".
Viruses? Spyware? Bad installs? Not a chance of writing to the CD. Problems? Just restart.
I'd like to be able to recommend a disk - IMHO Knoppix is almost there, but needs a few less alternative programs (e.g. browser, mail) and a few more easy-setup programs (for network, ISP, email) - plus the "Dummies Guide" book.
Note very carefully, they count advisories only once, even though they may include multiple vulnerabilities.
The Windows XP Pro list includes:
Microsoft Windows 14 Vulnerabilities
Microsoft Windows RPC/DCOM Multiple Vulnerabilities
Microsoft Windows ASN.1 Library Integer Overflow Vulnerabilities
Microsoft Windows RPCSS Service DCOM Interface Vulnerabilities
contain 14 + 4 + 2 + 3 = 23 vulnerabilities but Secunia only count 4 advisories. So the count is now 65 acknowledged vulnerabilities for XP Pro. Not including those silently fixed, nor the 38 vulnerabilities in Internet Explorer 6 alone.
Actually, Secunia tend to publish alerts based the vendor bulletins. There are better sources for collated vulnerability information, such as Sintelli (free) or TruSecure (fee) which have far higher totals.
Be careful of what you ask for. We can already authenticate mail senders using S/MIME, PGP or GPG. All that SPF and the like do is authenticate email postmarks. So if this became commonplace, the response of the spammers is simply to stop forging sender addresses and run their own domain, with completely legitimate SPF markers, all in some TLD that allows them to do so.
Result - very little difference in spam volume. Maybe you could filter by the domains used - but these will also come and go rapidly.
I suggest you follow the money with SPF/etc - a few years downstream, you will need to pay someone to get your sent mail approved, either for an SPF/etc signature from your ISP or for your own domain. It's like paying someone to throw away all your mail unless it was posted in the mailbox you paid to use.
It is unlawful to contact an individual on the lists without their prior consent.
It costs money to get the data (e.g. GBP 3750 for the full fax file,
GBP 375 for small number of area codes) or to get an official registration
that a third party is filtering the list for you. (You could avoid
paying by individually asking everyone on your list, so this is not a
compulsory fee.)
It's easy for customers to complain by mail or on the web. That
costs an offender time and money to investigate as well as a possible
fine.
The businesses providing the goods or services are ultimately liable.
So far there is not the same backing for email. The US Direct Marketing Association's eMPS service provides a limited service for honest suppliers, but does not have the legal teeth of TPS, MPS or FPS.
I'm aware that trans-national issues could cause some problems of using
a Do Not Spam list within another country. However, for most
non-electronic services it's unlikely that most trans-national
advertising would be profitable. From the UK I'm not going to buy US
inkjet carts, US student loans, Taiwanese products that I can't even
read - so such emails are a waste of time to the seller. A properly
filtered list could even be a business advantage to a bulk emailer or
their customers.
I looked up current UK MEP email addresses in UpYourStreet. (That also confirms your electoral region, useful if you are near a boundary.)
Compare with the candidate listcandidate list and you have the people with a strong interest in re-election.
I sent all in my region an email asking their opinions, cc: to party email addresses from the paper handouts. So far three replies, all broadly supportive of not allowing software patents.
These kinds of products seem a good way of finding out what software is really on your network. They can look at banners as well as p0f-style operating system versions. And hence deduce whether you have applied all the patches.
Smaller organisations with good control on software versions might find them overkill and just use arpwatch or DHCP logs instead.
I don't think they will eliminate the need for active vulnerability scanning to check for software configuration errors which don't depend on version. I'd be interested to hear other people's experiences. Or if anyone is working on tools and common database schemas for describing network topologies and inventories.
K12LTSP is a very simple way of installing LTSP. Current version 4 is based on Fedora Core 1 with a few updates. As easy to install as FC1.
Although thin clients have been around for a few years now, in those days 300 MHz server CPUs and 10 Mbit/sec Ethernet were top-of-affordable-range. And the performance was a bit clunky.
Now we have 3000 MHz servers and 100 Mbit/sec networks, thin clients can really fly. So long as you forget the clunky days and try them!
I'm no lover of porn, but neither do I like the hypocricy of the announcement. This seems at least as much a way to block competition, and to try to prevent backlash when they carry their own "adult" services.
Let's look at MS03-041, examine the Windows XP Gold patch.
Run "WindowsXP-KB823182-x86-ENU.exe/x" to extract the components.
24 Jul 2003: date of most recent component file 25 Jul 2003: date of patch file (using wget to obtain timestamp). 14 Oct 2003: "Date published" according to Microsoft.
3 MiB Windows 98 SP1
26 MiB Windows 98 updates (fetched from WindowsUpdate)
34 MiB NT4 SP6a
15 MiB NT4 Security Rollup
129 MiB Windows 2000 SP4
133 MiB Windows XP SP1
35 MiB Windows XP updates (fetched from WindowsUpdate)
4 MiB HFNetCheck and friends
67 MiB Office 2000 SR1a/SP2
48 MiB Office XP SP1/SP2
78 MiB IE6 SP1
---
572 MiB Total (MiB = 1024*1024 bytes) Once you've applied these, Windows Update won't take too long. (:-)
My next CD has
Web browsers - Mozilla, Netscape, Opera
browser plugins - Acrobat Reader, QuickTime, Ghostscript/Ghostview, Shockwave+Flash, Media Player, Sun Java Runtime, Real Player (and how I hate those plugins that need all their droppings cleaning up afterwards).
Instant Message updates, MSN messenger, Windows Messenger
Other tools - Ethereal, Sam Spade, GIMP, UnxUtils, Zip Central, GPG+WinPT
Yes, I know some of these have issues, but people will want to use them, so they might as well have the least-buggy version.
Palm claims around 2 weeks in their adverts. My Palm Vx still gets around that battery life in average use. So maybe not too much advertising licence. Better than a new XDA I tested that would not last overnight!
Means I take a charger on holiday though. Personally I'd love them to fit replaceable rechargeable batteries so I could stick in 2 or 3 AAA cells in an emergency on holiday, whilst using the charger most of the time.
For securing most office desktops and servers, NGSCB appears to replace a problem of file and ACL management with a problem of key management. Which you might be able to offload to the vendors at the cost of handing over control (as well as money).
You need to look at how the trust would be *really* managed. In a NGSCB FAQ is the reassuring statement: "One of the most important design goals of NGSCB is to ensure that people are in complete control of the computers they own. That means that the owner has complete control of all of the software that runs on the computer -- in a more visible and powerful way than is possible on any PC today." The problem is in how this actually works.
Yes, you can cryptographically sign executables; and even sign them with the system-unique key, so they can't even run on another system. But how do you practically manage these keys?
It seems that there are several options:
a) "Trust Microsoft/other vendor" - (note the quote above implies this is *not* the model used) - vendor signs *all* valid code. Including all those nice add-on programs that might compete with that vendor. I'm sure I really do not want to hand over that much control.
b) "Trust the user" - user gets to sign all code on their PC. But then the same tools can be used by trojan software to get themselves installed by deceit. So it's not really more secure than sticking "execute" permission bits on valid programs.
c) "Trust IT department (for businesses)" - has more potential, but at the local resource cost of trying to establish whether trusted code is trustworthy - on thousands of systems.
Each has its problems, and none of these are a good defense against classic buffer overflow attacks - or simply exploiting poorly-designed but signed code? And what precautions are needed against key loss? Long-term access to vital corporate data protected by DRM scares me.
Is there a simpler way?
Many of the purported benefits could be achieved by much simpler mechanisms:
a) Using execute (x) permission bits correctly, and lock down ACLs. If all code loaded onto a system always had execute bit cleared, and there was a separate process to explicitly grant permisson (chmod), this would defend aginst most rogue code. Installation would be more tedious (as it has to be in NGSCB-protection), though some simple code-signing could be used to automate that. But administrating fine-grained security will probably be costly, whatever technologies are used.
b) Use write-protected filing systems. I'm old enough to remember when hard disks had write-protect switches. They worked very well! Software-enforced write protection, as in some BSD systems, is the next best thing. Run-from-CD systems such as Knoppix have similar benefits. Of course, you need an operating system designed to segregate read-only data from read-write data. Not so easy with Windows registry.
c) technologies such as exec-shield (http://www.kerneltrap.org/node.php?id=644) and the OpenBSD stack and execution protection (http://www.openbsd.org/33.html) have great short-term potential.
Other uses for NGCSB
It's not all negative, I can see some benefits of having secure storage on PCs.
Being able to store unique device keys (e.g. ssh server keys) would be nice. You can do this today with smartcards or USB tokens, apart from the small issue that neither are fitted to systems by default.
Being able to store cached credentials and passwords in a secure area that even administrators cannot read would improve confidence that users could not be impersonated. This needs very careful design, of course, on which items of software can be trusted to read the secure data.
And for dedicated appliances such as firewalls, having a trusted boot sequence would give more confidence that the system software could not be corrupted.
One problem with the idea that some universes are simulated comes from information theory. It takes a certain number of bits to describe the state of a simulated universe, and so the simulator needs at least this number of bits. (Which is why your PC or PS/2 can only show a certain level of detail in its simulated world, up to its memory capacity.)
This cuts through the possibility of infinite regression, and also hints at a way of testing whether a universe is simulated. I personally have serious doubts that our universe, with its demonstrable complexity, could be simulated, since the simulator would have to be several orders of magnitude more complex, to be able to store the state of all particles.
There is a possible escape, mentioned in The Matrix, which is that the simulator "cheats" by not simulating to the same level of detail in all areas. Maybe Bishop Berkeley had the right idea to ask "If a tree falls in the forest and no one hears it, does it make a sound?". If the simulator cheats, then maybe not all falling trees do make a sound.
Translated into physics, this would mean that some unobserved actions might not totally follow the same laws as observed actions. I'll let the Quantum Mechanics experts see how well this fits their observations. If anything, I feel QM disproves the cheating simulator - since an observed particle with collapsed wave function needs less information to describe it than an uncollapsed set of possibilities. But maybe our universe needs more stress-testing to see if the simulation breaks down.
Anyway, our planet already contains 6,337,052,626 separate universes, and counting...
Moore's law causes a problem to manufacturers - how to keep up the profit margins. I suspect this is the major driving force behind many new technologies.
For example, once disk drives are cheap enough to give everyone 100+GB local storage, we get much more expensive SANs, NAS servers and network caches.
Once complete PCs began to cost under $200, we get blade servers and micro cases to keep the price (and total profit) up.
Before the flames start, I'm perfectly aware that some people's requirements will dictate the more expensive solution. But in many cases you can go for multiply redundent cheaper devices, with higher total reliability, and still get change from the price of the "enterprise" products.
The "SMTP Service Extension for Secure SMTP over TLS" (STARTTLS for short) defined by RFC 2487 already provides the technical framework for Tripoli. And is today supported by Sendmail, Exchange, Postfix, Exim, etc.
It normally runs over TCP port 25, the initial connection is normal SMTP, then the STARTTLS directive begins a TLS-encrypted session. STARTTLS can be configured to only accept mail sent with a trusted certificate, or to allow anyone to connect - it is compatible with existing SMTP.
The one additional item in the Tripoli proposal is the use of a trusted third party to validate certificates. Great if this can be made to work, though current experiences with PKI make me doubtful of a truly Public Infrastructure. But STARTTLS can certainly work amongst smaller private user groups.
One current hurdle preventing wholesale adoption is that few ISPs support STARTTLS. Not a problem for people running their own mail servers, though even they would want secondary servers to support STARTTLS. But if the core ISPs started using STARTTLS, they could mutually authenticate each other. Initially all mail could be accepted, but later on unauthenticated mail could be filtered more rigorously.
Slashdot Mirror
found here. It does exactly what you ask, though for Mozilla rather than Firefox.
Viruses? Spyware? Bad installs? Not a chance of writing to the CD. Problems? Just restart.
I'd like to be able to recommend a disk - IMHO Knoppix is almost there, but needs a few less alternative programs (e.g. browser, mail) and a few more easy-setup programs (for network, ISP, email) - plus the "Dummies Guide" book.
The Windows XP Pro list includes:
- Microsoft Windows 14 Vulnerabilities
- Microsoft Windows RPC/DCOM Multiple Vulnerabilities
- Microsoft Windows ASN.1 Library Integer Overflow Vulnerabilities
- Microsoft Windows RPCSS Service DCOM Interface Vulnerabilities
contain 14 + 4 + 2 + 3 = 23 vulnerabilities but Secunia only count 4 advisories. So the count is now 65 acknowledged vulnerabilities for XP Pro. Not including those silently fixed, nor the 38 vulnerabilities in Internet Explorer 6 alone.Actually, Secunia tend to publish alerts based the vendor bulletins. There are better sources for collated vulnerability information, such as Sintelli (free) or TruSecure (fee) which have far higher totals.
= Don't Use Microsoft Browser!
The US Land Survey used 1 meter = 39.37 inches exactly. All other uses are 25.4 centimeters = 1 inch. (See Google for details)
The meter is the same in both cases, but the inch is different.
Size matters.
Result - very little difference in spam volume. Maybe you could filter by the domains used - but these will also come and go rapidly.
I suggest you follow the money with SPF/etc - a few years downstream, you will need to pay someone to get your sent mail approved, either for an SPF/etc signature from your ISP or for your own domain. It's like paying someone to throw away all your mail unless it was posted in the mailbox you paid to use.
Have a look at UK Mail Preference Service, also see Fax preference service and Telephone preference service. I've found these to be effective blockers.
The key elements of their success are:
So far there is not the same backing for email. The US Direct Marketing Association's eMPS service provides a limited service for honest suppliers, but does not have the legal teeth of TPS, MPS or FPS.
I'm aware that trans-national issues could cause some problems of using a Do Not Spam list within another country. However, for most non-electronic services it's unlikely that most trans-national advertising would be profitable. From the UK I'm not going to buy US inkjet carts, US student loans, Taiwanese products that I can't even read - so such emails are a waste of time to the seller. A properly filtered list could even be a business advantage to a bulk emailer or their customers.
Compare with the candidate listcandidate list and you have the people with a strong interest in re-election.
I sent all in my region an email asking their opinions, cc: to party email addresses from the paper handouts. So far three replies, all broadly supportive of not allowing software patents.
Check out Java programming for kids, parents and grandparents e-book. Review and sample chapter here.
These kinds of products seem a good way of finding out what software is really on your network. They can look at banners as well as p0f-style operating system versions. And hence deduce whether you have applied all the patches.
Smaller organisations with good control on software versions might find them overkill and just use arpwatch or DHCP logs instead.
I don't think they will eliminate the need for active vulnerability scanning to check for software configuration errors which don't depend on version. I'd be interested to hear other people's experiences. Or if anyone is working on tools and common database schemas for describing network topologies and inventories.
K12LTSP is a very simple way of installing LTSP. Current version 4 is based on Fedora Core 1 with a few updates. As easy to install as FC1.
Although thin clients have been around for a few years now, in those days 300 MHz server CPUs and 10 Mbit/sec Ethernet were top-of-affordable-range. And the performance was a bit clunky.
Now we have 3000 MHz servers and 100 Mbit/sec networks, thin clients can really fly. So long as you forget the clunky days and try them!
I'm no lover of porn, but neither do I like the hypocricy of the announcement. This seems at least as much a way to block competition, and to try to prevent backlash when they carry their own "adult" services.
Golden rule: Follow the money!
See
3G network may carry adult video, or Mobile phone video service bypasses 3G.
What's wrong with LIST3820 format ? (:-)
Let's look at MS03-041, examine the Windows XP Gold patch.
/x" to extract the components.
Run "WindowsXP-KB823182-x86-ENU.exe
24 Jul 2003: date of most recent component file
25 Jul 2003: date of patch file (using wget to obtain timestamp).
14 Oct 2003: "Date published" according to Microsoft.
I make that 82 days to release.
3 MiB Windows 98 SP1
26 MiB Windows 98 updates (fetched from WindowsUpdate)
34 MiB NT4 SP6a
15 MiB NT4 Security Rollup
129 MiB Windows 2000 SP4
133 MiB Windows XP SP1
35 MiB Windows XP updates (fetched from WindowsUpdate)
4 MiB HFNetCheck and friends
67 MiB Office 2000 SR1a/SP2
48 MiB Office XP SP1/SP2
78 MiB IE6 SP1
---
572 MiB Total (MiB = 1024*1024 bytes)
Once you've applied these, Windows Update won't take too long. (:-)
My next CD has
Yes, I know some of these have issues, but people will want to use them, so they might as well have the least-buggy version.
GnuWinII provides my next layer of tools.
And my other CD is Knoppix
Enjoy!
GNU Win II is even better than The Open CD (unless you need the source code).
See the list of GNUWinII applications.
Palm claims around 2 weeks in their adverts. My Palm Vx still gets around that battery life in average use. So maybe not too much advertising licence. Better than a new XDA I tested that would not last overnight!
Means I take a charger on holiday though.
Personally I'd love them to fit replaceable rechargeable batteries so I could stick in 2 or 3 AAA cells in an emergency on holiday, whilst using the charger most of the time.
You can always use your network cables instead; brief description or full paper.
Anyone care to use the method with RFC1149 Avian Carrier Protocol, namely Using Ping to determine Speed of Flight!
For securing most office desktops and servers, NGSCB appears to replace a problem of file and ACL management with a problem of key management. Which you might be able to offload to the vendors at the cost of handing over control (as well as money).
You need to look at how the trust would be *really* managed. In a NGSCB FAQ is the reassuring statement: "One of the most important design goals of NGSCB is to ensure that people are in complete control of the computers they own. That means that the owner has complete control of all of the software that runs on the computer -- in a more visible and powerful way than is possible on any PC today." The problem is in how this actually works.
Yes, you can cryptographically sign executables; and even sign them with the system-unique key, so they can't even run on another system. But how do you practically manage these keys?
It seems that there are several options:
a) "Trust Microsoft/other vendor" - (note the quote above implies this is *not* the model used) - vendor signs *all* valid code. Including all those nice add-on programs that might compete with that vendor. I'm sure I really do not want to hand over that much control.
b) "Trust the user" - user gets to sign all code on their PC. But then the same tools can be used by trojan software to get themselves installed by deceit. So it's not really more secure than sticking "execute" permission bits on valid programs.
c) "Trust IT department (for businesses)" - has more potential, but at the local resource cost of trying to establish whether trusted code is trustworthy - on thousands of systems.
Each has its problems, and none of these are a good defense against classic buffer overflow attacks - or simply exploiting poorly-designed but signed code? And what precautions are needed against key loss? Long-term access to vital corporate data protected by DRM scares me.
Is there a simpler way?
Many of the purported benefits could be achieved by much simpler mechanisms:
a) Using execute (x) permission bits correctly, and lock down ACLs. If all code loaded onto a system always had execute bit cleared, and there was a separate process to explicitly grant permisson (chmod), this would defend aginst most rogue code. Installation would be more tedious (as it has to be in NGSCB-protection), though some simple code-signing could be used to automate that. But administrating fine-grained security will probably be costly, whatever technologies are used.
b) Use write-protected filing systems. I'm old enough to remember when hard disks had write-protect switches. They worked very well! Software-enforced write protection, as in some BSD systems, is the next best thing. Run-from-CD systems such as Knoppix have similar benefits. Of course, you need an operating system designed to segregate read-only data from read-write data. Not so easy with Windows registry.
c) technologies such as exec-shield (http://www.kerneltrap.org/node.php?id=644) and the OpenBSD stack and execution protection (http://www.openbsd.org/33.html) have great short-term potential.
Other uses for NGCSB
It's not all negative, I can see some benefits of having secure storage on PCs.
Being able to store unique device keys (e.g. ssh server keys) would be nice. You can do this today with smartcards or USB tokens, apart from the small issue that neither are fitted to systems by default.
Being able to store cached credentials and passwords in a secure area that even administrators cannot read would improve confidence that users could not be impersonated. This needs very careful design, of course, on which items of software can be trusted to read the secure data.
And for dedicated appliances such as firewalls, having a trusted boot sequence would give more confidence that the system software could not be corrupted.
Are you sure you don't have one of these keyboard sniffers connected by your employer / family?
This cuts through the possibility of infinite regression, and also hints at a way of testing whether a universe is simulated. I personally have serious doubts that our universe, with its demonstrable complexity, could be simulated, since the simulator would have to be several orders of magnitude more complex, to be able to store the state of all particles.
There is a possible escape, mentioned in The Matrix, which is that the simulator "cheats" by not simulating to the same level of detail in all areas. Maybe Bishop Berkeley had the right idea to ask "If a tree falls in the forest and no one hears it, does it make a sound?". If the simulator cheats, then maybe not all falling trees do make a sound.
Translated into physics, this would mean that some unobserved actions might not totally follow the same laws as observed actions. I'll let the Quantum Mechanics experts see how well this fits their observations. If anything, I feel QM disproves the cheating simulator - since an observed particle with collapsed wave function needs less information to describe it than an uncollapsed set of possibilities. But maybe our universe needs more stress-testing to see if the simulation breaks down.
Anyway, our planet already contains 6,337,052,626 separate universes, and counting...
Moore's law causes a problem to manufacturers - how to keep up the profit margins. I suspect this is the major driving force behind many new technologies.
For example, once disk drives are cheap enough to give everyone 100+GB local storage, we get much more expensive SANs, NAS servers and network caches.
Once complete PCs began to cost under $200, we get blade servers and micro cases to keep the price (and total profit) up.
Before the flames start, I'm perfectly aware that some people's requirements will dictate the more expensive solution. But in many cases you can go for multiply redundent cheaper devices, with higher total reliability, and still get change from the price of the "enterprise" products.
The "SMTP Service Extension for Secure SMTP over TLS" (STARTTLS for short) defined by RFC 2487 already provides the technical framework for Tripoli. And is today supported by Sendmail, Exchange, Postfix, Exim, etc.
It normally runs over TCP port 25, the initial connection is normal SMTP, then the STARTTLS directive begins a TLS-encrypted session. STARTTLS can be configured to only accept mail sent with a trusted certificate, or to allow anyone to connect - it is compatible with existing SMTP.
The one additional item in the Tripoli proposal is the use of a trusted third party to validate certificates. Great if this can be made to work, though current experiences with PKI make me doubtful of a truly Public Infrastructure. But STARTTLS can certainly work amongst smaller private user groups.
One current hurdle preventing wholesale adoption is that few ISPs support STARTTLS. Not a problem for people running their own mail servers, though even they would want secondary servers to support STARTTLS. But if the core ISPs started using STARTTLS, they could mutually authenticate each other. Initially all mail could be accepted, but later on unauthenticated mail could be filtered more rigorously.
Would you buy a used IPv6 from these guys? They've already wasted 48% of IPv4 addresses in the bogon lists (:-)
So what's new?
Alan Turing designed the random number generator instruction for the Ferranti Mark 1 around 1950.
(Or is this an entry for the oldest Slashdot reposting competition, just 53 years late?)