Instead of worrying about some vague future threat (or pretending to, in order to get cheaper future labor), how about the folks at Google fix the rogue AI at YouTube which are behind the Ad-pocalypse first? They're killing the golden goose at a rapid rate. Their search engine isn't doing as well as it used to, either.... I've heard that Bing is now the best way to google something.
Robert Murray-Smith has an interesting Youtube channel where he's doing all sorts of amazing things with graphene and other forms of carbon, including building an all carbon battery. We might not need any metal (not even for the plates) in a few years time.
A lot of people think that creators won't move to a new platform until a new, BIGGER audience can be found somewhere else. I believe that any minimally viable video platform that has monitization that works at all, and can import back catalogs in some sort of reasonable manner is all that is required to start an avalanche. That shift would start with simply having content on multiple platforms, and letting viewers try out the new platform.
The creators are pissed, and intelligent viewers will realize that people need to be paid.... I for one am already pissed at Youtube, and willing to tolerate a lot of rough edges to help in the long run.
I've figured out how to efficiently factor large numbers, and next year I'm going to use that knowledge to randomly redistribute all bitcoin wallets with more than 1 bitcoin in them, you've been warned.;-)
I leave it to the reader as an exercise determine how this breaks the rest of internet security.
Windows, Mac, Linux, you name it... it's not secure, by design. None of them implement the principle of least access (POLA). All of them are default permissive environments which makes it impossible to specify at run time the extent of side-effects allowable from a given process.
My running estimate is 10 more years before people wake up and start re-engineering things to shift paradigms. Until then, chaos will continue.
The first thing is to do a traffic analysis of the data that has transited the outbound data diode. Look for unusual destinations. Then work backwards to see what system generated that data. Then start searching all of the computers for rogue USB devices or other media carried into the office. Actual fingerprints may help catch the culprit, if it wasn't a staff member who was social engineered into using the device.
Remove the hard drives from any affected systems, and do a bare metal restore from the most recent trusted backup. Then use the delta backups to bring things to a reasonably current state.
There should be no physical way for internet traffic to get inbound into the system, as it should be air-gapped except for the data diode. As we all know, a data diode has no physical inbound connection, and is thus secure.
If there isn't a data diode, start questioning the qualifications of the existing IT staff and engineers.
I'm slowly working my way through "Foundations of Mechanical Accuracy" written by Wayne Moore of the Moore tool company, who make machines that measure in millionths of an inch.
True enough, prompting a user isn't going to help much on a server. Capabilities offer a way to make sure a process only accesses the appropriate files and folders, and nothing else, without having to have an administrator set the permissions on everything to make that happen. Having a default of no access is far, far easier to secure, making it easy to limit the possible side effects (and side channels of data exfiltration) for any given task.
A bitgrid is a design I came up with in the 1980s for a new type of FPGA, it's all lookup tables, with no routing logic. There are several advantages that make up for the massive waste of transistors.
I could easily use 16 times the transistors of Intels biggest chip, and possibly get more than 16x performance out of them.
AppArmor is a step in the right direction, but it's not Capability Based Security. With Capabilities, you hand a capability (much like a file handle) to a program, instead of giving it all the users permissions. This eliminates the need for an administrator to set up a bunch of rules on top of a system, and just lets the user handle it in a more transparent manner.
AppArmor is good, but it puts a lot of load on administrators to make up for a design flaw in Linux.
Nope, I make gears for a living. I used to be a system administrator. The facts are that there are no fundamentally secure operating system choices in the consumer / commercial space worth considering. Windows, Linux, MacOS, none of them can be made secure, it's all just a single zero-day exploit (or old NSA toolbox) away from being owned.
The reason is that they all fail to implement the principle of least privilege, instead using ambient authority as a universal lubricant to make everything work. If the APIs didn't keep changing every year or two, it would be possible to come up with a Windows clone that implemented capabilities, and pretty much work identically as far as the user is concerned, substituting a PowerBox for dialog boxes, and giving capabilities to applications, instead of just a filename and all of the users authority. But that time has passed, the powers that be have no interest in actually securing general purpose computing.
Most of the technical community seems completely unaware of the implications of the hole in the design of their systems, and is more than ready to go along with approaches that paper over it in the short run. They deploy virus scanners, "secure" programming languages, patch Tuesdays, and/or apt-update as means to deflect problems. They blame the users, the programmers, the internet, the software vendors, hackers, hardware, spy agencies.
All of this effort at patching things, or the emotional work of blaming others is misplaced. I've got a boatload of analogies, but none of them seem to be able to break through the mindset that things will be ok if we just make this one little tweak. NOPE, won't work..
If we want to SOLVE computer security, we have to implement capability based security in our operating systems, and then modify every single program to support the new APIs that it provides. We can build things such that the users won't really notice much different, and the administration overhead actually goes down a bit. It can be done, but it's not trivial, it's an Apollo moonshot worth of effort required.
The open source community could pull off a secure OS, if it had an interest in doing so. I hope that one day, one of my many comments here on the subject sparks that discussion and interest. I think we're still 10 years out... people haven't suffered enough yet.
As for the original question: Data diodes can, in hardware, allow for physically secure data ingress. Equifax could use one to allow reporting into their systems, which is the bulk of the information flow. They could then use another to allow requests inbound for customer queries, and then another one for the outbound results of those queries. All of the outbound results would be in one easy to monitor flow. No other egress would be possible. Thus they could then know the type and flow rates that are normal... and cut it off if the rates get exceeded, possibly even in an automated manner.
Data diodes aren't cheap, because they are specialized devices, but it should be possible to craft one out of a few Raspberry Pi computers for about $200, if you don't have a large flow of data to secure. They are definitely within the reach of the open source community to pull off.
Equifax obviously has never heard of data diodes, which let data in, but not back out. Such a system could have let them accumulate data without risk of exposing all of it. They probably never heard of capability based security either, nor the principle of least privilege. They probably also use Operating Systems that rely on ambient authority to get everything done, such operating systems are wildly popular, but can't be made secure.
There's a lot of bad design decisions behind this... not just the use of Apache Struts.
With the currently available crop of consumer oriented operating systems, it is simply NOT POSSIBLE to make a secure device. None of them offer capability based security.... the operating system equivalent to modern electrical standards... imagine trying to hook up every appliance everywhere, with no circuit breakers, no standard outlets, no grounding, no conduit, all supported by post and spool insulators.
Once a program is run, it gets trusted with all authority of the user running it. There are no effective measures to limit the side effects (and thus risk/damage) that a given chunk of code can do.
Another equivalent is like building a Fort out of stacks of C4 explosives.
Until we get HURD, Genode, or a modern replacement for KeyKOS, we can't make secure devices. Stop blaming the developers, or users, or chip makers... it's not their fault. It's the fault of every Linux, MacOS, or Windows fanboy in the world.
I find it very hard to believe that the day to day details of how I barely slide into payday with a dollar left in my wallet can somehow be transformed into wealth by the 1%. Long ago I heard the phrase "physical economy" uttered by Lyndon LaRouche... and it has stuck with me ever since... show me how this information actually results in a widget being manufactured somewhere, and isn't just a bit in a bank account... and I might believe you.
I make gears for a living... I understand how the value I put in results in productivity elsewhere, in a direct physical way. I have no idea how the details of my poverty can enrich someone else.
I call BUBBLE! Like sub-prime real estate... and sub-prime auto set to pop next... I think this too shall pop.
Google's Picassa had unmatched facial recognition, and I've got 500Gb of photos to organize... but there was a bug, and it started getting confused... then they discontinued development and support.
If you're making a purchase, you could hand the person your wallet (along with your entire life savings), and hope they remove the right amount before handing it back.... or you could just hand them a suitable amount of cash... the amount you hand over is the maximum you could lose.
In a similar fashion, capability based security never, ever, trusts a program to be honest and only touch the resources you wanted it to use. Instead of letting it have access to everything (ambient authority), you let it have nothing by default. When a dialog box is used to open a file, the operating system gives a handle to that file (a capability) to the program. The files you hand it are the maximum you could lose. You never have to worry about a program wiping your system.
The current state of affairs is like having the modern power grid, without any circuit breakers anywhere.... one glitch and all the resources available can be funneled into a single fault..... resulting in unlimited loss and damage.
The NSA has known for decades that computing systems using a model of ambient authority are insecure. It is my theory that they have promoted this model to allow them to make their work easier. If the worlds computers managed resources in the same manner we manage money, electricity, or any other scarce resource, almost none of this would have happened, and Trillions would have been saved.
This is a normal 3d printer, with filament that is heavily laden with metal, so they probably use a nozzle that is tougher (like carbide or sapphire).... the magic is the metal gets sintered after a bath to remove most of the plastic. Enterprising folks could probably use a different extruder on their existing 3d printers, and get similar results.
I have no problem believing this thing works, as there is nothing really revolutionary happening.
Ambient Authority in all of our operating systems is the cause of most of our grief, and the fact that most technical people don't even realize it's happening makes it even worse.
It's going to be about 5 more years until everyone wakes the fsck up, and another 10 years to finally fix things.
Slashdot Mirror
Instead of worrying about some vague future threat (or pretending to, in order to get cheaper future labor), how about the folks at Google fix the rogue AI at YouTube which are behind the Ad-pocalypse first? They're killing the golden goose at a rapid rate. Their search engine isn't doing as well as it used to, either.... I've heard that Bing is now the best way to google something.
Robert Murray-Smith has an interesting Youtube channel where he's doing all sorts of amazing things with graphene and other forms of carbon, including building an all carbon battery.
We might not need any metal (not even for the plates) in a few years time.
A lot of people think that creators won't move to a new platform until a new, BIGGER audience can be found somewhere else. I believe that any minimally viable video platform that has monitization that works at all, and can import back catalogs in some sort of reasonable manner is all that is required to start an avalanche. That shift would start with simply having content on multiple platforms, and letting viewers try out the new platform.
The creators are pissed, and intelligent viewers will realize that people need to be paid.... I for one am already pissed at Youtube, and willing to tolerate a lot of rough edges to help in the long run.
I've figured out how to efficiently factor large numbers, and next year I'm going to use that knowledge to randomly redistribute all bitcoin wallets with more than 1 bitcoin in them, you've been warned. ;-)
I leave it to the reader as an exercise determine how this breaks the rest of internet security.
Amen, Brother
It's going to take most IT folks another 5 years to wake up to the need for capability based security... and another 5 years until they get it.
Windows, Mac, Linux, you name it... it's not secure, by design. None of them implement the principle of least access (POLA). All of them are default permissive environments which makes it impossible to specify at run time the extent of side-effects allowable from a given process.
My running estimate is 10 more years before people wake up and start re-engineering things to shift paradigms. Until then, chaos will continue.
Remember years ago when the NSA was intercepting shipments of Cisco routers and adding spy stuff? Color me un-surprised.
The first thing is to do a traffic analysis of the data that has transited the outbound data diode. Look for unusual destinations. Then work backwards to see what system generated that data. Then start searching all of the computers for rogue USB devices or other media carried into the office. Actual fingerprints may help catch the culprit, if it wasn't a staff member who was social engineered into using the device.
Remove the hard drives from any affected systems, and do a bare metal restore from the most recent trusted backup. Then use the delta backups to bring things to a reasonably current state.
There should be no physical way for internet traffic to get inbound into the system, as it should be air-gapped except for the data diode. As we all know, a data diode has no physical inbound connection, and is thus secure.
If there isn't a data diode, start questioning the qualifications of the existing IT staff and engineers.
I'm slowly working my way through "Foundations of Mechanical Accuracy" written by Wayne Moore of the Moore tool company, who make machines that measure in millionths of an inch.
True enough, prompting a user isn't going to help much on a server. Capabilities offer a way to make sure a process only accesses the appropriate files and folders, and nothing else, without having to have an administrator set the permissions on everything to make that happen. Having a default of no access is far, far easier to secure, making it easy to limit the possible side effects (and side channels of data exfiltration) for any given task.
A bitgrid is a design I came up with in the 1980s for a new type of FPGA, it's all lookup tables, with no routing logic. There are several advantages that make up for the massive waste of transistors.
I could easily use 16 times the transistors of Intels biggest chip, and possibly get more than 16x performance out of them.
AppArmor is a step in the right direction, but it's not Capability Based Security. With Capabilities, you hand a capability (much like a file handle) to a program, instead of giving it all the users permissions. This eliminates the need for an administrator to set up a bunch of rules on top of a system, and just lets the user handle it in a more transparent manner.
AppArmor is good, but it puts a lot of load on administrators to make up for a design flaw in Linux.
Re: My background/motivation:
Nope, I make gears for a living. I used to be a system administrator. The facts are that there are no fundamentally secure operating system choices in the consumer / commercial space worth considering. Windows, Linux, MacOS, none of them can be made secure, it's all just a single zero-day exploit (or old NSA toolbox) away from being owned.
The reason is that they all fail to implement the principle of least privilege, instead using ambient authority as a universal lubricant to make everything work. If the APIs didn't keep changing every year or two, it would be possible to come up with a Windows clone that implemented capabilities, and pretty much work identically as far as the user is concerned, substituting a PowerBox for dialog boxes, and giving capabilities to applications, instead of just a filename and all of the users authority. But that time has passed, the powers that be have no interest in actually securing general purpose computing.
Most of the technical community seems completely unaware of the implications of the hole in the design of their systems, and is more than ready to go along with approaches that paper over it in the short run. They deploy virus scanners, "secure" programming languages, patch Tuesdays, and/or apt-update as means to deflect problems. They blame the users, the programmers, the internet, the software vendors, hackers, hardware, spy agencies.
All of this effort at patching things, or the emotional work of blaming others is misplaced. I've got a boatload of analogies, but none of them seem to be able to break through the mindset that things will be ok if we just make this one little tweak. NOPE, won't work..
If we want to SOLVE computer security, we have to implement capability based security in our operating systems, and then modify every single program to support the new APIs that it provides. We can build things such that the users won't really notice much different, and the administration overhead actually goes down a bit. It can be done, but it's not trivial, it's an Apollo moonshot worth of effort required.
The open source community could pull off a secure OS, if it had an interest in doing so. I hope that one day, one of my many comments here on the subject sparks that discussion and interest. I think we're still 10 years out... people haven't suffered enough yet.
As for the original question:
Data diodes can, in hardware, allow for physically secure data ingress. Equifax could use one to allow reporting into their systems, which is the bulk of the information flow. They could then use another to allow requests inbound for customer queries, and then another one for the outbound results of those queries. All of the outbound results would be in one easy to monitor flow. No other egress would be possible. Thus they could then know the type and flow rates that are normal... and cut it off if the rates get exceeded, possibly even in an automated manner.
Data diodes aren't cheap, because they are specialized devices, but it should be possible to craft one out of a few Raspberry Pi computers for about $200, if you don't have a large flow of data to secure. They are definitely within the reach of the open source community to pull off.
Equifax obviously has never heard of data diodes, which let data in, but not back out. Such a system could have let them accumulate data without risk of exposing all of it. They probably never heard of capability based security either, nor the principle of least privilege. They probably also use Operating Systems that rely on ambient authority to get everything done, such operating systems are wildly popular, but can't be made secure.
There's a lot of bad design decisions behind this... not just the use of Apache Struts.
Upon more googling.... it's more like a gelcap.
So, if I may... does this mean sterile vodka jello shots could be used to kill cancer?
With the currently available crop of consumer oriented operating systems, it is simply NOT POSSIBLE to make a secure device. None of them offer capability based security.... the operating system equivalent to modern electrical standards... imagine trying to hook up every appliance everywhere, with no circuit breakers, no standard outlets, no grounding, no conduit, all supported by post and spool insulators.
Once a program is run, it gets trusted with all authority of the user running it. There are no effective measures to limit the side effects (and thus risk/damage) that a given chunk of code can do.
Another equivalent is like building a Fort out of stacks of C4 explosives.
Until we get HURD, Genode, or a modern replacement for KeyKOS, we can't make secure devices. Stop blaming the developers, or users, or chip makers... it's not their fault. It's the fault of every Linux, MacOS, or Windows fanboy in the world.
I find it very hard to believe that the day to day details of how I barely slide into payday with a dollar left in my wallet can somehow be transformed into wealth by the 1%. Long ago I heard the phrase "physical economy" uttered by Lyndon LaRouche... and it has stuck with me ever since... show me how this information actually results in a widget being manufactured somewhere, and isn't just a bit in a bank account... and I might believe you.
I make gears for a living... I understand how the value I put in results in productivity elsewhere, in a direct physical way. I have no idea how the details of my poverty can enrich someone else.
I call BUBBLE! Like sub-prime real estate... and sub-prime auto set to pop next... I think this too shall pop.
Google's Picassa had unmatched facial recognition, and I've got 500Gb of photos to organize... but there was a bug, and it started getting confused... then they discontinued development and support.
I'd also like Google Reader to come back
Capability based security could render all this stuff moot. Operating systems that trust everything the applications do are inherently insecure.
If you're making a purchase, you could hand the person your wallet (along with your entire life savings), and hope they remove the right amount before handing it back.... or you could just hand them a suitable amount of cash... the amount you hand over is the maximum you could lose.
In a similar fashion, capability based security never, ever, trusts a program to be honest and only touch the resources you wanted it to use. Instead of letting it have access to everything (ambient authority), you let it have nothing by default. When a dialog box is used to open a file, the operating system gives a handle to that file (a capability) to the program. The files you hand it are the maximum you could lose. You never have to worry about a program wiping your system.
The current state of affairs is like having the modern power grid, without any circuit breakers anywhere.... one glitch and all the resources available can be funneled into a single fault..... resulting in unlimited loss and damage.
The NSA has known for decades that computing systems using a model of ambient authority are insecure. It is my theory that they have promoted this model to allow them to make their work easier. If the worlds computers managed resources in the same manner we manage money, electricity, or any other scarce resource, almost none of this would have happened, and Trillions would have been saved.
This is a normal 3d printer, with filament that is heavily laden with metal, so they probably use a nozzle that is tougher (like carbide or sapphire).... the magic is the metal gets sintered after a bath to remove most of the plastic. Enterprising folks could probably use a different extruder on their existing 3d printers, and get similar results.
I have no problem believing this thing works, as there is nothing really revolutionary happening.
Capability Based Security can actually fix this mess we call "computer security", but alas, it remains an obscure topic.
Ambient Authority in all of our operating systems is the cause of most of our grief, and the fact that most technical people don't even realize it's happening makes it even worse.
It's going to be about 5 more years until everyone wakes the fsck up, and another 10 years to finally fix things.