The proper way to improve security is invalidate all those EULA disclaimers.
You've noticed the same kinds of disclaimers on the GPL, yes? If the warranty disclaimer on a Microsoft license is invalid, what makes the one on the GPL valid; and if it is not, then how would, say, the contributors to the Linux kernel fare if they were sued for a major security breach?
Therefore, an RIAA representative downloading a song from a Napster node is not an illegal act on their part-- which means that it's not an illegal act on the part of the uploader?
If stolen property is sold, both the buyer and the seller are affected; the seller is charged with a crime, while the buyer usually only has to return the property. Now suppose you sell the stolen items back to their owner. The buyer won't have to return them (since it would be returning them to itself) but you are still commiting a crime.
If the act is illegal, then both parties are guilty.
Certainly, but they don't have to receive the same punishment. Consider drugs, for instance. The penalty for selling cocaine is much harsher than the penalty for buying it, even though both parties to the sale are breaking the law.
No, I'm not ignoring it, just simplifying the argument even more:)
Certainly, by the third century the active legion system that Rome was built with was gone (although Aetius was still able to raise a regular army to fight Atilla in 451). However, this does not make the auxillary units and the "barbarian" mercenaries any less a form of Roman military force.
With the possible exception of the Visgoths, the auxillaries' motivation for fighting was payment in the form of Roman lands/gold/titles, effectively making them an extension of the Roman military system, rather than merely an ally.
My original point was just that those states which could not muster a major military force (either natively recruited or hired from the "barbarians") were destroyed even more casually than Rome was.
And where are the Romans today? No matter how much "might" or influence or wealth an empire may have, it always fails.
And what countries have not failed? Yes, Rome was overrun; but so were all the little countries without power. In fact, they typically went under first, simply because they, unlike Rome, didn't have the military power to delay the barbarians.
That being said, trusted computing is evil because it is about taking away the rights and choices of others in the name of profit.>
Yeah, and buying a car takes away your right to go 200 mph on the highway.
In many cases, if you purchase an item that could reasonably be used to harm others, you accept certain restrictions on its use. For instance, certain modifications to guns or cars are illegal. There's no reason to think that computers are so fundamentally different from any other technology that their modification and use cannot be restricted.
Even the name is inherintly dishonest as trusted computers cant be trusted by their owners.
Assuming, of course, that the user owns the computer. If you're using someone else's computer, you can hardly complain about any restrictions they place on its use.
Recall also the heyday of IBM, when computers were rented rather than bought. TC would be perfectly appropriate in such a scenario.
Clearly by the mere fact that incorrect ballots were being shown, the people were not properly given the ability to vote for the candidate of their choice.
Ah, but do you trust anyone that comes up and claims their vote was miscounted? Without an audit trail, there is no way to prove the votes are correct, but there's no way to prove the reverse either. So the requirement is there to prevent unscrupulous voters from DOSing the election by claiming their votes were counted incorrectly.
I add a few extra characters in the middle and then highlight the extra characters with the mouse.
This only works if you type the same extra characters each time; otherwise the real password can be obtained by comparing the characters from two logins.
There is absolutely nothing preventing a company (or anyone running a router, for that matter) from messing with the routing protocols. In fact, on a small network (i.e. one that uses a distance-vector protocol), it's quite possible to disable all traffic by advertising incorrect routes.
However, the backbone routers run BGP, which provides the admins with a snapshot of the entire route to a destination rather than just the next hop. If someone along that route begins interfering with traffic, the route can be changed to avoid them. To prevent A from reaching B, a group would need to control routers on all the possible links from A to B, which is very difficult, especially if there are wireless connections somewhere in the chain.
Critical mass is slightly more than the.2-.3% desktop share Linux enjoys.
Well, you don't necessarily need critical mass in the general marketplace to stop something like Palladium. All you need is a single extremely powerful group opposing it.
For instance, I doubt the NSA will run Palladium machines anytime soon. And they will certainly be in a position to prevent non-Palladium systems from being locked out of anything important.
There's an option to automatically send them back, though. I think this may have been turned on by default in some older versions of Outlook Express, so it's quite possible for someone unaware of that to send out receipts without knowing.
No, the reason TLDs are limited is so that the root nameservers only need to keep state for a few different identifiers. If you allow an arbitrary number of them, the roots will slow down to a crawl.
This is the same reason that class C IP addresses are such a problem - there's too many of them to do a lookup quickly.
This is what happens when people don't study basic physics...
The astronauts would be forced backwards due to the acceleration of the craft, not its velocity. The important factor is how rapidly escape velocity is reached, not what the final velocity is.
Well, there has already been a solution proposed in RFC 2550, so there's nothing to worry about.
On the other hand, 8000 years from now, changes in hardware (not only the actual machines, but also infrastructure like the power grid, preventing legacy hardware from being used) would probably have made most of today's software inoperable anyways.
For most homes/businesses, encrypted wireless doesn't make sense. However, there are plenty of reasons to do encryption (or at least some other type of security measures) at the AP level in higher security situations (military/government stuff).
For instance, suppose you send me an encrypted email that is transmitted over a wireless network at some point in its path. Someone eavesdropping on the wireless almost certainly can't decrypt the message - but they can tell that a message was transferred, and in many cases determine the approximate size of the message. There are certainly some situations where that would be considered a security breach.
If the AP's were security-conscious, however, they could prevent such eavesdropping (for instance by continuously transmitting a signal stream, and splicing the actual transmissions into it). Having this done at the VPN level is less effective, since all the VPN clients would need to be built to ignore the junk data, rather than just the AP's.
The digital form of the biometric is not really meant to be secret. After all, I can get your fingerprint just by setting up my own print scanner at a store.
The point of the scanner is to tie the binary string to a particular physical object, such as your finger or eye. For instance, suppose that you are visiting store X. If you scan in your finger and the fingerprint matches the one on file, the store is reasonably certain that you are the person who you claim to be.
Of course, this is vulnerable both to compromises of the scanning hardware, and, more importantly, of the central server that would store the biometric data. If, however, we assume a certain level of trust in someone and have them sign all the fingerprints, and also assume that the scanning device correctly produces a print matching that of the person putting their finger on it, then we can prevent most cases of things like identity theft.
ATM fraud like this has been reported at least since 1988. Ross Anderson presented this at a conference in 1993 Why Cryptosystems Fail mentioning that:
The fastest growing modus operandi is to use false terminals to collect customer card and PIN data. Attacks of this kind were first reported from the USA in 1988; there, crooks built a vending machine which would accept any card and PIN, and dispense a packet of cigarettes. They put their invention in a shopping mall, and harvested PINs and magnetic strip data by modem... in 1992, criminals set up a market stall in High Wycombe, England, and customers who wished to pay for goods by credit card were asked to swipe the card and enter the PIN at a terminal which was in fact hooked up to a PC.
This is really more of a problem with the lack of attention to such security issues on the part of banks than a new type of crime.
I would expect to get the public key from the DNS.
But DNS is insecure to begin with, for at least two reasons.
First, there is nothing preventing spammers from registering their own domains (e.g. legitimatemail1.com, legitimatemail2.com), putting perfectly valid public keys on their nameserver, and sending mail which will be accepted. Unless all domain registrars begin doing background checks before handing out domains (which isn't going to happen), you will have no way of knowing if a particular domain that you have never received mail from is generating spam or not.
Second, most nameserver machines are just regular hosts, no more difficult to compromise than any other server. I could definitely see major spammer groups cracking some obscure NS and putting in their own keys. This can be prevented by having the keys signed by a third party, but then you have lock-in problems.
Ultimately this may just lead to the existence of two separate nets, one running Windows and the other running other systems.
Microsoft has a great deal of power in the hardware industry; it may even be able to push Cisco into producing compliant routers. However, until Microsoft can produce an OS which the major supercomputer-using organizations will be happy with, they won't be able to seize complete control of the net.
Do you think the NSA will happily run Microsoft's DRM on their machines, or that they'll tolerate being locked out of all external traffic?
In the end, the non-MS portions of the net may wind up looking more like the original ARPANET than what we have today, but at least they'll still be around.
The new BIOS would be rather pointless if it were easy to remove, since Phoenix wouldn't be able to (a) protect against viruses and (b) lock in users.
I see two different ways Phoenix could go about doing this. Either all BIOS changes will come from official sources and be signed by Phoenix (with the sigs checked in hardware), or the BIOS will be completely static, and users will be forced to buy a new mobo whenever something major changes.
Either way, I don't think you will be able to buy a board with Phoenix preloaded and just wipe it off.
Re:Are capability systems a blanket solution?
on
20 Years of Virii
·
· Score: 2, Interesting
In theory, a capability system can be used to prevent many types of viruses; however, they are still vulnerable to at least two kinds of attacks.
First, if a program is capable of causing damage with rights it legitimately possesses, the capability system will be unable to prevent it from doing whatever it chooses. This would typically require some sort of manual intervention (exploiting a backdoor, rooting the system, spoofing a distribution site) to compromise a trusted component, but there are many programs which run with enough rights to spread themselves. For instance, if the file system manager is a trojan, it can copy itself or delete a user's files without overstepping the security mechanism.
Second, capability systems are just as susceptible to social engineering as any other security device: if a user naively grants the "cool new game" he just received in an email full rights to his system, the rest of the security policy is pretty much useless. The danger lessens if only administrators can grant rights to programs, but in general no security mechanism can protect a system if it is not used as it was intended
Remote exploits on unpatched machines go back quite a while too, at least to 1988 (the Morris worm).
As long as there are security holes in programs that interface with the network (such as sendmail), people will try to use them for malicious (or at least non-beneficial) purposes.
IANAL, but I believe that SCO cannot sue end users for damages (for copyright infringement, etc) because the end user could claim the distributor paid the fees. For instance, if you buy a machine from Dell with Windows preloaded, you don't pay Microsoft directly; instead, you accept Dell's word that they paid Microsoft, and that the copy of Windows is properly licensed.
However, AFAIK, once the issue becomes one of licensing rather than infringement, SCO may be able to sue end users who refuse to license in order to gain an injunction against them (stopping end users from running unlicensed versions of the code). This would largely depend on how the GPL entered into the court's decision.
Most inventors throughout history (and I would guess most inventors today) were not in a position to market their ideas because they didn't have the startup capital.
If we take away the patent system, we'll get into another RIAA-like situation, where a group of large marketing/production companies will collect new inventions from their creators and sell them to the public, pocketing most of the revenue.
Slashdot Mirror
Would you let an unlicensed surgeon operate on you? Perhaps one who had gotten his M.D. in the 50's?
How about having an uncertified accountant manage your tax returns?
A license (certification) program, if properly implemented, could at the very least remove the egregiously incompetent from the software industry.
MS patches generally violate some or all of the goals stated above.
Maybe Microsoft intends to improve the quality of its patches?
The company is out to make money; if they can't sell software without following these patch guidelines, then they will follow them.
The proper way to improve security is invalidate all those EULA disclaimers.
You've noticed the same kinds of disclaimers on the GPL, yes? If the warranty disclaimer on a Microsoft license is invalid, what makes the one on the GPL valid; and if it is not, then how would, say, the contributors to the Linux kernel fare if they were sued for a major security breach?
Therefore, an RIAA representative downloading a song from a Napster node is not an illegal act on their part-- which means that it's not an illegal act on the part of the uploader?
If stolen property is sold, both the buyer and the seller are affected; the seller is charged with a crime, while the buyer usually only has to return the property. Now suppose you sell the stolen items back to their owner. The buyer won't have to return them (since it would be returning them to itself) but you are still commiting a crime.
If the act is illegal, then both parties are guilty.
Certainly, but they don't have to receive the same punishment. Consider drugs, for instance. The penalty for selling cocaine is much harsher than the penalty for buying it, even though both parties to the sale are breaking the law.
No, I'm not ignoring it, just simplifying the argument even more :)
Certainly, by the third century the active legion system that Rome was built with was gone (although Aetius was still able to raise a regular army to fight Atilla in 451). However, this does not make the auxillary units and the "barbarian" mercenaries any less a form of Roman military force.
With the possible exception of the Visgoths, the auxillaries' motivation for fighting was payment in the form of Roman lands/gold/titles, effectively making them an extension of the Roman military system, rather than merely an ally.
My original point was just that those states which could not muster a major military force (either natively recruited or hired from the "barbarians") were destroyed even more casually than Rome was.
And where are the Romans today? No matter how much "might" or influence or wealth an empire may have, it always fails.
And what countries have not failed? Yes, Rome was overrun; but so were all the little countries without power. In fact, they typically went under first, simply because they, unlike Rome, didn't have the military power to delay the barbarians.
That being said, trusted computing is evil because it is about taking away the rights and choices of others in the name of profit.>
Yeah, and buying a car takes away your right to go 200 mph on the highway.
In many cases, if you purchase an item that could reasonably be used to harm others, you accept certain restrictions on its use. For instance, certain modifications to guns or cars are illegal. There's no reason to think that computers are so fundamentally different from any other technology that their modification and use cannot be restricted.
Even the name is inherintly dishonest as trusted computers cant be trusted by their owners.
Assuming, of course, that the user owns the computer. If you're using someone else's computer, you can hardly complain about any restrictions they place on its use.
Recall also the heyday of IBM, when computers were rented rather than bought. TC would be perfectly appropriate in such a scenario.
Clearly by the mere fact that incorrect ballots were being shown, the people were not properly given the ability to vote for the candidate of their choice.
Ah, but do you trust anyone that comes up and claims their vote was miscounted? Without an audit trail, there is no way to prove the votes are correct, but there's no way to prove the reverse either. So the requirement is there to prevent unscrupulous voters from DOSing the election by claiming their votes were counted incorrectly.
I add a few extra characters in the middle and then highlight the extra characters with the mouse.
This only works if you type the same extra characters each time; otherwise the real password can be obtained by comparing the characters from two logins.
There is absolutely nothing preventing a company (or anyone running a router, for that matter) from messing with the routing protocols. In fact, on a small network (i.e. one that uses a distance-vector protocol), it's quite possible to disable all traffic by advertising incorrect routes.
However, the backbone routers run BGP, which provides the admins with a snapshot of the entire route to a destination rather than just the next hop. If someone along that route begins interfering with traffic, the route can be changed to avoid them. To prevent A from reaching B, a group would need to control routers on all the possible links from A to B, which is very difficult, especially if there are wireless connections somewhere in the chain.
Critical mass is slightly more than the .2-.3% desktop share Linux enjoys.
Well, you don't necessarily need critical mass in the general marketplace to stop something like Palladium. All you need is a single extremely powerful group opposing it.
For instance, I doubt the NSA will run Palladium machines anytime soon. And they will certainly be in a position to prevent non-Palladium systems from being locked out of anything important.
There's an option to automatically send them back, though. I think this may have been turned on by default in some older versions of Outlook Express, so it's quite possible for someone unaware of that to send out receipts without knowing.
No, the reason TLDs are limited is so that the root nameservers only need to keep state for a few different identifiers. If you allow an arbitrary number of them, the roots will slow down to a crawl.
This is the same reason that class C IP addresses are such a problem - there's too many of them to do a lookup quickly.
This is what happens when people don't study basic physics...
The astronauts would be forced backwards due to the acceleration of the craft, not its velocity. The important factor is how rapidly escape velocity is reached, not what the final velocity is.
Well, there has already been a solution proposed in RFC 2550, so there's nothing to worry about. On the other hand, 8000 years from now, changes in hardware (not only the actual machines, but also infrastructure like the power grid, preventing legacy hardware from being used) would probably have made most of today's software inoperable anyways.
For most homes/businesses, encrypted wireless doesn't make sense. However, there are plenty of reasons to do encryption (or at least some other type of security measures) at the AP level in higher security situations (military/government stuff).
For instance, suppose you send me an encrypted email that is transmitted over a wireless network at some point in its path. Someone eavesdropping on the wireless almost certainly can't decrypt the message - but they can tell that a message was transferred, and in many cases determine the approximate size of the message. There are certainly some situations where that would be considered a security breach.
If the AP's were security-conscious, however, they could prevent such eavesdropping (for instance by continuously transmitting a signal stream, and splicing the actual transmissions into it). Having this done at the VPN level is less effective, since all the VPN clients would need to be built to ignore the junk data, rather than just the AP's.
The digital form of the biometric is not really meant to be secret. After all, I can get your fingerprint just by setting up my own print scanner at a store.
The point of the scanner is to tie the binary string to a particular physical object, such as your finger or eye. For instance, suppose that you are visiting store X. If you scan in your finger and the fingerprint matches the one on file, the store is reasonably certain that you are the person who you claim to be.
Of course, this is vulnerable both to compromises of the scanning hardware, and, more importantly, of the central server that would store the biometric data. If, however, we assume a certain level of trust in someone and have them sign all the fingerprints, and also assume that the scanning device correctly produces a print matching that of the person putting their finger on it, then we can prevent most cases of things like identity theft.
ATM fraud like this has been reported at least since 1988. Ross Anderson presented this at a conference in 1993 Why Cryptosystems Fail mentioning that:
The fastest growing modus operandi is to use false terminals to collect customer card and PIN data. Attacks of this kind were first reported from the USA in 1988; there, crooks built a vending machine which would accept any card and PIN, and dispense a packet of cigarettes. They put their invention in a shopping mall, and harvested PINs and magnetic strip data by modem... in 1992, criminals set up a market stall in High Wycombe, England, and customers who wished to pay for goods by credit card were asked to swipe the card and enter the PIN at a terminal which was in fact hooked up to a PC.
This is really more of a problem with the lack of attention to such security issues on the part of banks than a new type of crime.
I would expect to get the public key from the DNS. But DNS is insecure to begin with, for at least two reasons.
First, there is nothing preventing spammers from registering their own domains (e.g. legitimatemail1.com, legitimatemail2.com), putting perfectly valid public keys on their nameserver, and sending mail which will be accepted. Unless all domain registrars begin doing background checks before handing out domains (which isn't going to happen), you will have no way of knowing if a particular domain that you have never received mail from is generating spam or not.
Second, most nameserver machines are just regular hosts, no more difficult to compromise than any other server. I could definitely see major spammer groups cracking some obscure NS and putting in their own keys. This can be prevented by having the keys signed by a third party, but then you have lock-in problems.
Ultimately this may just lead to the existence of two separate nets, one running Windows and the other running other systems.
Microsoft has a great deal of power in the hardware industry; it may even be able to push Cisco into producing compliant routers. However, until Microsoft can produce an OS which the major supercomputer-using organizations will be happy with, they won't be able to seize complete control of the net.
Do you think the NSA will happily run Microsoft's DRM on their machines, or that they'll tolerate being locked out of all external traffic?
In the end, the non-MS portions of the net may wind up looking more like the original ARPANET than what we have today, but at least they'll still be around.
The new BIOS would be rather pointless if it were easy to remove, since Phoenix wouldn't be able to (a) protect against viruses and (b) lock in users.
I see two different ways Phoenix could go about doing this. Either all BIOS changes will come from official sources and be signed by Phoenix (with the sigs checked in hardware), or the BIOS will be completely static, and users will be forced to buy a new mobo whenever something major changes.
Either way, I don't think you will be able to buy a board with Phoenix preloaded and just wipe it off.
In theory, a capability system can be used to prevent many types of viruses; however, they are still vulnerable to at least two kinds of attacks.
First, if a program is capable of causing damage with rights it legitimately possesses, the capability system will be unable to prevent it from doing whatever it chooses. This would typically require some sort of manual intervention (exploiting a backdoor, rooting the system, spoofing a distribution site) to compromise a trusted component, but there are many programs which run with enough rights to spread themselves. For instance, if the file system manager is a trojan, it can copy itself or delete a user's files without overstepping the security mechanism.
Second, capability systems are just as susceptible to social engineering as any other security device: if a user naively grants the "cool new game" he just received in an email full rights to his system, the rest of the security policy is pretty much useless. The danger lessens if only administrators can grant rights to programs, but in general no security mechanism can protect a system if it is not used as it was intended
Remote exploits on unpatched machines go back quite a while too, at least to 1988 (the Morris worm).
As long as there are security holes in programs that interface with the network (such as sendmail), people will try to use them for malicious (or at least non-beneficial) purposes.
IANAL, but I believe that SCO cannot sue end users for damages (for copyright infringement, etc) because the end user could claim the distributor paid the fees. For instance, if you buy a machine from Dell with Windows preloaded, you don't pay Microsoft directly; instead, you accept Dell's word that they paid Microsoft, and that the copy of Windows is properly licensed.
However, AFAIK, once the issue becomes one of licensing rather than infringement, SCO may be able to sue end users who refuse to license in order to gain an injunction against them (stopping end users from running unlicensed versions of the code). This would largely depend on how the GPL entered into the court's decision.
Most inventors throughout history (and I would guess most inventors today) were not in a position to market their ideas because they didn't have the startup capital.
If we take away the patent system, we'll get into another RIAA-like situation, where a group of large marketing/production companies will collect new inventions from their creators and sell them to the public, pocketing most of the revenue.