iOS 4 [8], the latest version of iOS, includes ASLR, DEP, a sandbox, and code signing
Having never used IOS long enough to compare with other systems, it might impress on the phone front, but I am unconvinced its really competing against the Desktop. In fact, its an apples and oranges comparison anyway.
Firstly, having read the article - its incredibly lacking in exposure to many operating systems. After this, the technologies quoted are all available in most modern distros of Linux, plus more including resource limitations to prevent abusing memory or CPU and mandatory access control mechanisms.
From a security perspective seeing as with a smart phone you are carrying your online persona outside with you its at much greater risk of data theft than with a fixed desktop.
Because someone is in a position of trust, with privileges raised to do their job, doesnt mean you cannot do anything if the trust is breached.
You need to account for the commands and time spent on a box that an admin might do, so that if there ever was a breach of trust there is sufficiently strong logs to detect how and when and what happened. If people know that their work is (if needed) being recorded theres less incentive to do damage that might be criminally motivated.
You also need to detect and be reported of activity that would not typically fall within the boundaries of an admins daily routine (such as deleting large quantities of files perhaps, or execution of of programs (like shred) that you wouldn't typically use.
You have not mentioned the platforms you are working with, or if your talking about a platform - or just some CMS but Linux for example has audit, you can set this up to monitor virtually anything you might want to watch for. It takes a little more creativity to audit from a thresholds perspective (where work is permitted but too many events at once is a threat) but it can be done. Audit can be locked once you've finished setting up the ruleset meaning the box needs to be rebooted for you to change the ruleset at all.
There are also pam modules for linux (like pam_tty) that can log literally every character a user pressed into their terminal (including non-space characters like escape and backspace) which can be useful to help determine the impact of incidents that you might be after avoiding.
SELinux on Linux on newer distros (typically thinking enterprise linux 6) has flexible support for role based access controls, which can further restrict an admins abilities exactly down to least privilege needed to do their job. Learning SELinux to the extent you can really do this efficiently might be a commitment though you might not have the time for - although I certainly recommend learning about Mandatory Access Control policies, especially for situations like this.
Transport these logs to a remote machine, if necessary one nobody has access to without some form of local authorization (like using pam_usb). Theres no point doing logging just on the audited box that a potential admin has access to.
Detection can be more difficult. Prelude is a open source security application that offers some stuff you might find of benefit here, other than that rolling your own scripts might help too - depending on your skills and experience in such things.
Finally, and more importantly - people who are given positions of trust like this should be trustworthy. This is purely a management problem, but screen your guys effectively. Dont hand the keys to the city to some bloke you pulled in off the street without doing at least some background checking.
Whilst this solution does not particularly offer any more device consistency with what is already in Fedora, the idea here I believe is to make the ethernet configuration stateless in addition to consistent.
This is not the case at the moment, as the network scripts add udev rules binding ethX named devices against the MAC address of the underlying device itself (so Mac AA:BB:CC:DD:EE:FF is always ethX). This additionally offers no indication of which PCI device this is referring to, and on ethernet cards with multiple ports, which port the ethernet device is associated against.
I think this is over-engineering a solution if your only after seeking for device naming consistency across reboots, but it makes more sense when you understand that what Fedora want to do is be able to make their logical naming schemes for network devices map to the physical devices, in addition to providing device naming consistency.
KSM is a great idea, much of its abilities are available in Fedora 12. I tried it and I had higher expectations to be honest.
That is not to say that it is no good - its great but there is a bit of a cost analsysis that should be done before implementing it. You dont get something for nothing - and in this case ultimately your offloading the higher memory usage onto the CPU. Depending on your hypervisor setup this might not be such a bad thing of course.
In my somewhat narrow testing of it I found that:-
a) Even with the same O/S images running multiple times the memory I saved was about 5-10%.
b) It effectively used about 50% of one CPU running the feature.
I think that to really see a benefit to this you have to be running a huge hypervisor with a ton of memory and cpus and a lot of guests as there is a plateau which beforehand makes it quite inefficient to use the features seeing as (at least with my results) the payback is less than 10% anyway.
But the IPv4 version appears to be a hell of a lot slower than its v6 counterpart.
In fact i've found v6 runs much faster generally (probably cause so few people are using it at the moment). I use it quite often to download new Fedora distros at max speed.
I personally use qemu-kvm and im quite happy with it. Thats running on a dual core machine with 2G of ram (probably not enough ram though!).
For the KVM stuff you need have chips which support Intels VT or AMDS AMD-V so your processor is the most important aspect. A quad core would probably be suitable too if you can buy that.
For just experimentation usage its a fantastic alternative to VMWare (I personally got sick of having to recompile the module every time my Kernel got updated).
On my box myself i've had about 6 CentOS VMs running at once but frankly there were not doing much most of the time. Ultimately its going to boil down to how much load you inflict on VMS underneath, my experience with it has not been very load heavy so I could probably stretch to 9vms on my hardware which is probably on the lower end of the consumer range these days.
The most important bits are your CPU and RAM. If your after something low spec you can do dual core 2g ram but you could easily beef that up to quad core 8G RAM to give you something you can throw more at.
Oh and Qemu without KVM is painstakingly slow - I wouldn't suggest it at all.
Based on fuse, I've searched around for numerous shared filesystems or clustered filesystems and hands down this is the best I've come across.
Not only can you enable cacheing as you mentioned but you can create virtual disk space up to petabytes in size by aggregating all your available gigs of storage you have with servers that are lying around. It supports posix locking along with file replication (a-la raid1) and striping (although its not recommended) with the add on system that it runs with.
Hell, by writing clever config files you can centralize your configs. You can then use autofs to centralize your mounts.
I would say the biggest thing its missing at the moment is hot addition/removal of space.
Gluster just works. The config for it is very well documented and architecturally a breeze compared to the ungodly configuration nightmare of say GFS. Failover and restoring is handled without necessarily having to manually intervene.
Try Gluster. Nothing else comes close and I expect its exactly what you would need in your environment.
I used to work for O2, not in the technical department.
I found a javascript injection attack on their public facing website that let you log in as anybody. Literally, any user. They eventually fixed the flaw after I reported it, but what their attitude for me finding the flaw was ridiculous. They felt I had wasted their time by bringing it up. Worse still, they considered disciplining me for "wasting time".
The head of IT security at the time subtley hinted I had wasted their programmers time too.
This kind of situation does not surprise me, the quality of their internal websites security is lackluster (they are regularly being hacked by their own staff!) and have in the past installed untested web applications internally which were not properly tested for security.
People seem to think that the 16 digit hex code is "good enough". I digress. For a international communications company that uses the beauroucratic ITIL method for change control this is not very good as it signifies that this was acceptable when checked through numerous channels.
It would not have been difficult to require a sessionable random variable to match along with the key before allowing this.
This is completely true - Many online stores and local stores in my area blatantly put that there Media Device / Pc / Whatever is "DRM Compatible".
People dont know or dont really care what "DRM Compatible" actually is or means on the product they are buying, they just see it as yet another feature they get with the device.
Before people know what DRM is its probably going to be either too late to go back or too hard to find products that are non-drm.
What if i dont have the key, what if the key only presents itself when certain circumstances are met?
I dont know my key, I know part of it but not all. The rest uses unique infomation from hardware that is easily hidden far enough away and also easily destroyable (a-la-wireless mac addresses md5 hashes or its hardware serials md5 hashes). All this using One time pad encryption. I dont really have anything incriminiating really. Just wanted to prove to myself I could do it!
I have a password so you simply cant nick my gear and get in but you need the password hash and the hardware hash to get it, then a hash of that. And I dont know it. Not that I will be a terrorist or anything like that. Yet if the authorities come around and demand my private documents I would make good of destroying anybodies use of the data.
Then even under intense torture I couldnt give them access even if I had the password. Sounds daft. But if nobody actually knows the full key I can protect me from myself.
Pointy haired people buy all MS when they can. I know they have everywhere i've worked.
MS Exchange, MS Office, MS IIS, MS Sql.. now MS AV.
As with anything MS. Itll be very popular, most people just lurve MS for nearly anything. Theyll download it with a crack simply because its Ms's latest offering. I know people whove downloaded cracked XP Media edition stuff ffs. And thats the most restricted O/S they have!
In a way I think they are gonna shoot themselves in the foot, because if its unpopular which is unlikely but you know might happen;) it'll be a another dead project.
Whats worse is if it does take off and becomes popular once its cracked via a virus and propagates around the globe to every computer MS will look REALLY silly and then people will move O/S's as even Joe User is going to never trust MS again!
Child porn websites being blocked might work, but that wont stop people using file sharing programs to access the same material.
Likewise, any censorship any authority attempts to add is pointless as the more systems they put in place on network "chokepoints" where huge amounts of traffic passes the more interest there will be in building peer to peer applications, MANs using wireless with high gain antennas and might possibly even end up with true peer to peer protocols being developed.
Either way, whenever BT take a step forward the rug underneath them gets pulled two setps back.
You might wanna encrypt the terabyte hard drive with all them dvds knocking around on it. Cos if they are all rentals it might raise a few heads you probably wouldnt want to have risen.
And yeah, you can use dd in linux to image a dvd then play it through a normal dvd player on linux, I have never looked into it but there is probably a way to use X to configure another video card (with a TV out) as being a seperate monitor. In fact, that sounds almost a definite yes.
And further up mentioned the program Girder looks like a method your looking for too.
What would be a really fun idea (my idea of fun is probably twisted but what the hey) is to get the covers for every film, scan them in and store them in some kind of intranet website. Get a good enough remote control, have the website load up in some sleek (i.e bloat free) web browser that supports full screen (normally F11 on most browsers) to load up on a button press of a remote. Select the film you want through the pic, then somehow, but as I am no website expert whatsoever launch your dvd iso using some easy enough bash script and the dvd iso as an argument. Might be able to do that using perl maybe.
And if you want to impress your friends index the whole collection with:
ls/my/dvd/iso/directory | cat -n | sed 's/\t/##/' | sed 's///g' >someindex
You can use the index to assign a number to a dvd file name. Once this is done its pretty simple to chalk up a bash/perl script to find and parse a specific number, then launch the iso associated with it.
You can impress your friends with a cron daily / weekends / weekly schedule to launch a randomly chosen movie at a specific time / date.
Telling your mates some movies on at six might earn you brownie points:-). Just dont index your porn stash.
The way it works (afaik) is you host material on your node that you didnt ask to host.
Now forgive me if im wrong but freenet, to me, and I have used it is freedom of speech by depriving your freedom of choice!
Think about it, you can do/view and say what you want on their but in return your hosting material you do not have a choice about what its hosting and dont have a choice not to host?
Thats why I dont use it. Not because it deals with many taboo subjects, but because it is conscripting my machine into helping others view taboo material.
If so, whats wrong with the normal voting system. Its not like its ever been that insecure.
In a way you could call this the eroding of freedom to having your right to vote. I know its a bit of a lame idea though. I have never read the American constitution (as im not American) but im guessing there is no mention of the right to vote in a certain media.
But, if because you wished to vote using older methods you were denied because using the new method is compulsory is that being denied your right to vote?
Slashdot Mirror
iOS 4 [8], the latest version of iOS, includes ASLR, DEP, a sandbox, and code signing
Having never used IOS long enough to compare with other systems, it might impress on the phone front, but I am unconvinced its really competing against the Desktop. In fact, its an apples and oranges comparison anyway.
Firstly, having read the article - its incredibly lacking in exposure to many operating systems. After this, the technologies quoted are all available in most modern distros of Linux, plus more including resource limitations to prevent abusing memory or CPU and mandatory access control mechanisms.
From a security perspective seeing as with a smart phone you are carrying your online persona outside with you its at much greater risk of data theft than with a fixed desktop.
Because someone is in a position of trust, with privileges raised to do their job, doesnt mean you cannot do anything if the trust is breached.
You need to account for the commands and time spent on a box that an admin might do, so that if there ever was a breach of trust there is sufficiently strong logs to detect how and when and what happened. If people know that their work is (if needed) being recorded theres less incentive to do damage that might be criminally motivated.
You also need to detect and be reported of activity that would not typically fall within the boundaries of an admins daily routine (such as deleting large quantities of files perhaps, or execution of of programs (like shred) that you wouldn't typically use.
You have not mentioned the platforms you are working with, or if your talking about a platform - or just some CMS but Linux for example has audit, you can set this up to monitor virtually anything you might want to watch for. It takes a little more creativity to audit from a thresholds perspective (where work is permitted but too many events at once is a threat) but it can be done. Audit can be locked once you've finished setting up the ruleset meaning the box needs to be rebooted for you to change the ruleset at all.
There are also pam modules for linux (like pam_tty) that can log literally every character a user pressed into their terminal (including non-space characters like escape and backspace) which can be useful to help determine the impact of incidents that you might be after avoiding.
SELinux on Linux on newer distros (typically thinking enterprise linux 6) has flexible support for role based access controls, which can further restrict an admins abilities exactly down to least privilege needed to do their job. Learning SELinux to the extent you can really do this efficiently might be a commitment though you might not have the time for - although I certainly recommend learning about Mandatory Access Control policies, especially for situations like this.
Transport these logs to a remote machine, if necessary one nobody has access to without some form of local authorization (like using pam_usb). Theres no point doing logging just on the audited box that a potential admin has access to.
Detection can be more difficult. Prelude is a open source security application that offers some stuff you might find of benefit here, other than that rolling your own scripts might help too - depending on your skills and experience in such things.
Finally, and more importantly - people who are given positions of trust like this should be trustworthy. This is purely a management problem, but screen your guys effectively. Dont hand the keys to the city to some bloke you pulled in off the street without doing at least some background checking.
Whilst this solution does not particularly offer any more device consistency with what is already in Fedora, the idea here I believe is to make the ethernet configuration stateless in addition to consistent.
This is not the case at the moment, as the network scripts add udev rules binding ethX named devices against the MAC address of the underlying device itself (so Mac AA:BB:CC:DD:EE:FF is always ethX). This additionally offers no indication of which PCI device this is referring to, and on ethernet cards with multiple ports, which port the ethernet device is associated against.
I think this is over-engineering a solution if your only after seeking for device naming consistency across reboots, but it makes more sense when you understand that what Fedora want to do is be able to make their logical naming schemes for network devices map to the physical devices, in addition to providing device naming consistency.
KSM is a great idea, much of its abilities are available in Fedora 12. I tried it and I had higher expectations to be honest.
That is not to say that it is no good - its great but there is a bit of a cost analsysis that should be done before implementing it. You dont get something for nothing - and in this case ultimately your offloading the higher memory usage onto the CPU. Depending on your hypervisor setup this might not be such a bad thing of course.
In my somewhat narrow testing of it I found that:-
a) Even with the same O/S images running multiple times the memory I saved was about 5-10%.
b) It effectively used about 50% of one CPU running the feature.
I think that to really see a benefit to this you have to be running a huge hypervisor with a ton of memory and cpus and a lot of guests as there is a plateau which beforehand makes it quite inefficient to use the features seeing as (at least with my results) the payback is less than 10% anyway.
But the IPv4 version appears to be a hell of a lot slower than its v6 counterpart.
In fact i've found v6 runs much faster generally (probably cause so few people are using it at the moment). I use it quite often to download new Fedora distros at max speed.
I personally use qemu-kvm and im quite happy with it. Thats running on a dual core machine with 2G of ram (probably not enough ram though!).
For the KVM stuff you need have chips which support Intels VT or AMDS AMD-V so your processor is the most important aspect. A quad core would probably be suitable too if you can buy that.
For just experimentation usage its a fantastic alternative to VMWare (I personally got sick of having to recompile the module every time my Kernel got updated).
On my box myself i've had about 6 CentOS VMs running at once but frankly there were not doing much most of the time. Ultimately its going to boil down to how much load you inflict on VMS underneath, my experience with it has not been very load heavy so I could probably stretch to 9vms on my hardware which is probably on the lower end of the consumer range these days.
The most important bits are your CPU and RAM. If your after something low spec you can do dual core 2g ram but you could easily beef that up to quad core 8G RAM to give you something you can throw more at.
Oh and Qemu without KVM is painstakingly slow - I wouldn't suggest it at all.
I hope to god nobodies got a ** typo in an old script because that could be troublesome.
Even worse it could be simple enough to ** in error on the prompt.
But some PHP tinkering and you could probably do something to pass comments through spamassassin using a socket or something.
Spamassassin would need updating though to work with content-only data.
Wonder if anyones ever thought of this before?
Cmon Slashdot, your taking the piss now..
Dont know much about it, but it appears to support encryption straight from the transport level with no kludges like OTR.
Looks open source too.
http://www.gluster.org/
Based on fuse, I've searched around for numerous shared filesystems or clustered filesystems and hands down this is the best I've come across.
Not only can you enable cacheing as you mentioned but you can create virtual disk space up to petabytes in size by aggregating all your available gigs of storage you have with servers that are lying around. It supports posix locking along with file replication (a-la raid1) and striping (although its not recommended) with the add on system that it runs with.
Hell, by writing clever config files you can centralize your configs. You can then use autofs to centralize your mounts.
I would say the biggest thing its missing at the moment is hot addition/removal of space.
Gluster just works. The config for it is very well documented and architecturally a breeze compared to the ungodly configuration nightmare of say GFS. Failover and restoring is handled without necessarily having to manually intervene.
Try Gluster. Nothing else comes close and I expect its exactly what you would need in your environment.
I used to work for O2, not in the technical department.
I found a javascript injection attack on their public facing website that let you log in as anybody. Literally, any user. They eventually fixed the flaw after I reported it, but what their attitude for me finding the flaw was ridiculous.
They felt I had wasted their time by bringing it up. Worse still, they considered disciplining me for "wasting time".
The head of IT security at the time subtley hinted I had wasted their programmers time too.
This kind of situation does not surprise me, the quality of their internal websites security is lackluster (they are regularly being hacked by their own staff!) and have in the past installed untested web applications internally which were not properly tested for security.
People seem to think that the 16 digit hex code is "good enough". I digress. For a international communications company that uses the beauroucratic ITIL method for change control this is not very good as it signifies that this was acceptable when checked through numerous channels.
It would not have been difficult to require a sessionable random variable to match along with the key before allowing this.
Well by posting it on Slashdot a much larger number of people now know they are doing this.
I for one wont buy their products.
Tom Cruise and John Travolta were right about Xenu all along!
This is completely true - Many online stores and local stores in my area blatantly put that there Media Device / Pc / Whatever is "DRM Compatible".
People dont know or dont really care what "DRM Compatible" actually is or means on the product they are buying, they just see it as yet another feature they get with the device.
Before people know what DRM is its probably going to be either too late to go back or too hard to find products that are non-drm.
What if i dont have the key, what if the key only presents itself when certain circumstances are met?
I dont know my key, I know part of it but not all. The rest uses unique infomation from hardware that is easily hidden far enough away and also easily destroyable (a-la-wireless mac addresses md5 hashes or its hardware serials md5 hashes). All this using One time pad encryption. I dont really have anything incriminiating really. Just wanted to prove to myself I could do it!
I have a password so you simply cant nick my gear and get in but you need the password hash and the hardware hash to get it, then a hash of that. And I dont know it. Not that I will be a terrorist or anything like that. Yet if the authorities come around and demand my private documents I would make good of destroying anybodies use of the data.
Then even under intense torture I couldnt give them access even if I had the password. Sounds daft. But if nobody actually knows the full key I can protect me from myself.
Oh, well - not anymore anyway.
Almost like saying because my grandad used to be a fantastic carpenter and im a descendant of my grandad I must be just a good carpenter?
Bullshit.
Just because I have a remote likeness to my grandad does not mean I am my grandad.
1. Tell everyone the Win API is dead.
2. Insert advert at bottom of article.
3. ????
4. Loss!
Think of it from an MS point of view.
;) it'll be a another dead project.
Pointy haired people buy all MS when they can. I know they have everywhere i've worked.
MS Exchange, MS Office, MS IIS, MS Sql.. now MS AV.
As with anything MS. Itll be very popular, most people just lurve MS for nearly anything. Theyll download it with a crack simply because its Ms's latest offering. I know people whove downloaded cracked XP Media edition stuff ffs. And thats the most restricted O/S they have!
In a way I think they are gonna shoot themselves in the foot, because if its unpopular which is unlikely but you know might happen
Whats worse is if it does take off and becomes popular once its cracked via a virus and propagates around the globe to every computer MS will look REALLY silly and then people will move O/S's as even Joe User is going to never trust MS again!
Child porn websites being blocked might work, but that wont stop people using file sharing programs to access the same material.
Likewise, any censorship any authority attempts to add is pointless as the more systems they put in place on network "chokepoints" where huge amounts of traffic passes the more interest there will be in building peer to peer applications, MANs using wireless with high gain antennas and might possibly even end up with true peer to peer protocols being developed.
Either way, whenever BT take a step forward the rug underneath them gets pulled two setps back.
You might wanna encrypt the terabyte hard drive with all them dvds knocking around on it. Cos if they are all rentals it might raise a few heads you probably wouldnt want to have risen.
/my/dvd/iso/directory | cat -n | sed 's/\t/##/' | sed 's/ //g' >someindex
:-). Just dont index your porn stash.
And yeah, you can use dd in linux to image a dvd then play it through a normal dvd player on linux, I have never looked into it but there is probably a way to use X to configure another video card (with a TV out) as being a seperate monitor. In fact, that sounds almost a definite yes.
And further up mentioned the program Girder looks like a method your looking for too.
What would be a really fun idea (my idea of fun is probably twisted but what the hey) is to get the covers for every film, scan them in and store them in some kind of intranet website. Get a good enough remote control, have the website load up in some sleek (i.e bloat free) web browser that supports full screen (normally F11 on most browsers) to load up on a button press of a remote. Select the film you want through the pic, then somehow, but as I am no website expert whatsoever launch your dvd iso using some easy enough bash script and the dvd iso as an argument. Might be able to do that using perl maybe.
And if you want to impress your friends index the whole collection with:
ls
You can use the index to assign a number to a dvd file name. Once this is done its pretty simple to chalk up a bash/perl script to find and parse a specific number, then launch the iso associated with it.
You can impress your friends with a cron daily / weekends / weekly schedule to launch a randomly chosen movie at a specific time / date.
Telling your mates some movies on at six might earn you brownie points
The way it works (afaik) is you host material on your node that you didnt ask to host.
Now forgive me if im wrong but freenet, to me, and I have used it is freedom of speech by depriving your freedom of choice!
Think about it, you can do/view and say what you want on their but in return your hosting material you do not have a choice about what its hosting and dont have a choice not to host?
Thats why I dont use it. Not because it deals with many taboo subjects, but because it is conscripting my machine into helping others view taboo material.
Money doesnt bother me. What bothers me is whats next to be deemed 'untasteful' to manipulate?
If so, whats wrong with the normal voting system. Its not like its ever been that insecure.
In a way you could call this the eroding of freedom to having your right to vote. I know its a bit of a lame idea though. I have never read the American constitution (as im not American) but im guessing there is no mention of the right to vote in a certain media.
But, if because you wished to vote using older methods you were denied because using the new method is compulsory is that being denied your right to vote?
Its what you do with it that counts.
Mind you, I bet you wont be hearing "When im ready for porn, I unveil my 1 incher."