I wonder if they plan to apologize to the 80% of their customers who got this system foisted on them without recourse (you have to enable WGA to get security fixes).
Not to mention, the 20% must be either really stupid (I wonder if my Haxxored Windows copy will validate? Gee, let's try!) or, more likely, have misconfigured Windows systems or bugs in WGA that report them as invalid when they probably own a legitimate license.
Great marketing strategy though: punish your legit user-base as the pirates work around your system. Can't wait to see how Vista improves things. I'm excited to see what "advantage" I'm "genuinely" going to get.
Disclosure: I only allow WGA on my work machine, where I have little choice and didn't pay the license fee personally.
Wow, I guess I touched a nerve with my airbag analogy. I'm not an airbag manufacturer, however, so please feel free to imagine whatever acceptable analogy you like in its place. (Guns without a safety button, unsterilized medical utensils, take your pick.) However, I'm inclined to think that you did understand my meaning.
In that vein I suppose airbags are about as useful as trying to turn bad vendors into good ones with nothing more than bug disclosure practices.
Sounds like you don't think that full disclosure causes any reform in these companies. I am certain that it does have some impact in purchasing decisions... it's essentially bad press. I'd think that if advertising is at all successful, bad security press must have an opposite effect.
Is there more we could do to shape these companies up? Maybe. I'm interested in the idea of software liability, but I think that path also has plenty of problems. I'm not sure we can litigate the software market into responsibility... but maybe it'd be enough to scare them with the idea of litigation. Do you have a suggestion, or were you just spreading cynicism?
I think that "responsible disclosure" is fine for companies that:
1) Make real attempts to release secure software, rather than just ship shoddy software as fast as they can onto the unsuspecting public. 2) Have a serious method for responding to issues quickly and effectively when they are found outside the company. This really just means good customer support combined with a good method of patching shipped code safely and effectively. 3) Treat security researchers as friends who help improve their products.
For other companies whose arrogance and lack of understanding are obvious ("Unbreakable" anyone?), I think that full disclosure is the most responsible action by a security researcher. These companies are doing the equivalent of shipping cars without airbags in the modern world, and then in many cases lying about it. That behavior needs to be "shocked" out of them, and for that reason, I think "30 bugs in 30 days" kinds of exercises are good for the software community overall.
In other words, "The beatings will continue until morale improves.";)
I'm glad DARPA funds stuff like this. They should perhaps call it DARPA-net or something like that. Also, perhaps this research will result in really cool new inter-networking technology that the public can make use of. Perhaps universities might be the first big users.
Of course, if that happens, I hope this new inter-networking thing doesn't get privatized... 'cause then all kinds of crazy things might happen.
Say what you will, (and I know you will,) but this is another example of how Microsoft is changing from inside. We're all quick to distrust MS, and inclined to bash, (myself certainly included) but I think that they are making some genuine steps lately towards being a likable company.
Why? Well, my theory is that as they have grown bigger and bigger, they can't help but hire some nice, decent people, and then these nice people have grown in influence internally. It could also be that they see Google as their chief competitor these days, so they're trying to out-"do no evil" Google. (If that makes sense.)
I have an iHP-120 too... I really like it. I haven't put RockBox on it, though. Can you tell me what you like about it and how it compares to iRiver's firmware?
Wow, what a great idea! We could put a port number (just for example) in the IP spec, and then different services could be available on those ports... OVER IP!!!
This is clearly the next great step forward for the internet.
That reminds me of the old way of getting access to WinNT 4.0 admin account if you had forgotten the password. You just back up logon.scr, and then copy cmd.exe to logon.scr, reboot, and wait 15 minutes. A DOS prompt with admin rights would pop up and you were on your way.;)
When will we be able to get decency laws applied to Congress? I consider the wholesale abandonment of the ideals embodied in the Constitution by our legislators to be indecent.
And I DO vote, and I always favor the candidate who I think will do the "right" thing, not necessarily what I favor, but I haven't noticed that it does a lot of good. Especially since neither party in our "two-party government" fields candidates that seem to care about preserving what once made our government unique and outstanding. Those who even make noises about it seem to sell out quickly.
Of course, much depends upon the licenses, but pretty much all of the open source and free software licenses are based on lofty principles of the sharing of information and code.
If you believe that the spinoff developers really adher to the principles embodied in their license, not only is it okay to borrow, they should encourage it.
Rip. Mix. Burn. (Newly added: And then never touch those files again, you pinko commie pirate scum!)
Sheesh. I'm glad I got an iRiver instead. It just shows up like a USB mass storage device, no questions asked. In fact I've already used it to transfer large files without making coasters.
On the bright side... it's so nice that they kindly resize your browser to fit the whole desktop. It's rare to get that kind of service from a website.
Quite often, I find myself thinking... wouldn't it be cool if my browser could take up the whole window? Sure, that Maximize button works, but what I'd really like is for the window to be at maximum size, so that I don't have to worry about whether the window is maximized or not... either way the whole screen is full! But it can be really tricky trying to do it by hand.
Fairness is highly overrated. Sure, if the test has a huge impact on the student's future, (SAT, AP, etc.) fairness is important. In fact, it's always important. But as long as you are in the ballpark, I think that it is of secondary concern. The primary concern, (and it's also why I think grading should be looked at as less of a chore and more of an opportunity,) is the feedback you give the student. I learned more about writing from my High School english teacher than anyone else. I also learned more from the papers she gave back to me than I learned from anything she taught in the class setting. The feedback given is an opportunity to take some time one-on-one with the student (well, actually, with the student's work) and help them out on an individual basis.
Granted, kids (and parents) would say that fairness is the most important factor. However, if you took them aside ten years later and asked them, I think they might place your constructive feedback higher on their list. I think that all teachers get an inflated opinion of fairness because of course that is what their students complain about. Well, even if you could somehow be perfectly fair, they would still complain; it's in their nature.
Anyway, just MHO and IANAT, so I don't speak from experience, other than as a student.
There is no reason that more user-friendliness would necessarily reduce the security of the average Linux installation, as long as the user was still more committed to security than to ease-of-use. But sad and frequent experience has shown us that ease-of-use is often more important than security.
In cases where there is a trade-off, such as with executable email attachments, we saw what Microsoft chose to do. But before you condemn MS, first answer to yourself how often you check md5sum files of executable code that you download? And if you do, how did you ensure that the person who generated the md5sum is actually the creator of the file? Security often involves these kinds of trade-offs.
And that is why ease-of-use will end up limiting Linux's security in a default installation in the real world.
Of course, the real strength of Linux is that it is infinitely configurable, especially if you consider modification of the source to be "configuration". Therefore it can always be made secure, which isn't always true of MS boxes. Just try to disable that RPC service on your XP box, I dare you! (And then do a google search for how to reg-hack it back to enabled, since you won't be able to open the Services window anymore.;)
Side rant: IMHO we need to get the crypto crowd to start thinking hard about usability, because they will probably be better at creating usable security products than the average joe programmer would be at making their usable software secure. And right now, there is definitely a barrier between the two fields.
FWIW, I agree with you. In fact, I tend towards the traditional in my infosec opinions, normally. However, there is definitely obscurity in traditional encryption, namely the mathematical obscurity of the key. The points I was trying to make are:
1. The words "cryptography" and "obscurity" are close to the same thing. Look at the definitions (and especially the roots) of each words and you will see what I mean. These terms have come to have special definitions in the computer world. "Cryptography" has come to mean enciphering a stream of bits using an algorithm that may be public and a "key" value that must remain secret, at least in part. "Obscurity" has come to mean hiding the methods used to protect information, in the hopes that they won't be discovered.
2. But where does the algorithm end and the key begin? Almost all algorithms have constants, so algorithms can't be defined as just "operations", and for a given key value, operations may be performed additionally or in different orders from another key value (sometimes leading to timing attacks), so a key is more than just a nearly random number.
3. Conceptually, I could consider attacking two different systems. In one system, the answer to Life, the Universe, and Everything is encrypted in a very public place, and looks like this. BEGIN SECRET ANSWER BLOCK (MODE AES-256) GD(#KG(DL:@ END BLOCK In the other system, I use a stego algorithm, with my own chosen "settings" (kind of like a key, eh?) and hide the answer in a pic of my car and post it on ofoto.com. I only tell the people I want to send the "answer" to the details (which photo, what algorithm and settings). In attacking these systems, it may turn out that the algorithmic complexity is equal. The stego approach has at least one benefit: plausible deniability. The encryption approach also has at least one benefit: a much simpler "key".
One final note... you stated that a good crypto algorithm can be shown to the world and still remain secure. I would posit that a good stego algorithm has the same properties.
Cryptography IS security through obscurity... mathematical obscurity. You either choose a secret (a prime or a password) to encrypt something, or you choose a secret (which picture, which algorithm and settings) to hide something using stego.
Basically, encryption is hiding a needle in a very large haystack, and stego is hiding a carefully disguised strand of hay in a not-so-big haystack. The end result is that similar attacks are required to break either scheme (theoretically), so from a conceptual point of view neither should be preferred over the other.
Honestly, how long will it be before the delivery mechanism is reverse engineered and the security broken? Even when systems like this have a decent attempt at good cryptography (DirectTV, etc.) they usually get broken. And then there are the other schemes (SDMI, cuecat, etc.) where the attempts at security just give the/. crowd a good chuckle.
It's hard enough securing Alice and Bob so they can talk to each other securely. It's much harder when there is one Alice and *many* Bobs, and the Bobs are divided into a group you can only barely trust (those that subscribe) and those you can't trust at all.
Anyway, bring it on! I'd love to see another example of applying security techniques to this kind of problem... it's just that I anticipate that it will be another "whatever you do, don't do this" kind of example.:)
Director David Lynch also uses this technique in his films. I remember it most vividly from Mulholland Drive, when that guy goes behind the restaurant. I have 2 massive subs in my home theater, so it's easy to notice what is going on in the scene, even though the sound is hardly audible. It did make the scene a lot more scary to me. It doesn't help when you know about it either; it just makes you anticipate the scene more, hence making it even more scary.
I hope the US Government is aware of exactly what Anonymizer.com does. Unfortunately I doubt they do.
The anonymizer.com service protects you from the sites that you are connecting to, not really from anyone else. Your web accesses go through the anonymizer site, then get stripped of any identifying information, and then are sent to the destination. This is useful when you don't want to be tracked by Doubleclick, or you want to view a site that you don't trust with your IP address, but it does nothing to prevent sniffers from seeing who you intend to connect to if they can see the traffic before it hits the anonymizer. (Which Iran is surely doing.)
This is actually worse than doing nothing at all, because some mistaken Iranians may believe that their actions are protected from snooping when in fact the Iranian government is probably paying more attention to this kind of traffic. It could get someone killed or imprisoned.
Luckily all those Iranians that want to protect their identity from Doubleclick will be safe, though.
It's really unbelievable how many bad security decisions are made every day by organizations that should know better. All you really have to do is think about a security problem for a second in a real-life context and it becomes obvious how stupid this answer is. Imagine sending a kid into a store to buy you something, but the person you really are trying to avoid is standing right next to you, listening to you tell the kid what to buy.
*sigh* I applaud the intentions, but I guess it's too much to expect that they think it through a little first.
Slashdot Mirror
I wonder if they plan to apologize to the 80% of their customers who got this system foisted on them without recourse (you have to enable WGA to get security fixes).
Not to mention, the 20% must be either really stupid (I wonder if my Haxxored Windows copy will validate? Gee, let's try!) or, more likely, have misconfigured Windows systems or bugs in WGA that report them as invalid when they probably own a legitimate license.
Great marketing strategy though: punish your legit user-base as the pirates work around your system. Can't wait to see how Vista improves things. I'm excited to see what "advantage" I'm "genuinely" going to get.
Disclosure: I only allow WGA on my work machine, where I have little choice and didn't pay the license fee personally.
Wow, I guess I touched a nerve with my airbag analogy. I'm not an airbag manufacturer, however, so please feel free to imagine whatever acceptable analogy you like in its place. (Guns without a safety button, unsterilized medical utensils, take your pick.) However, I'm inclined to think that you did understand my meaning.
In that vein I suppose airbags are about as useful as trying to turn bad vendors into good ones with nothing more than bug disclosure practices.
Sounds like you don't think that full disclosure causes any reform in these companies. I am certain that it does have some impact in purchasing decisions... it's essentially bad press. I'd think that if advertising is at all successful, bad security press must have an opposite effect.
Is there more we could do to shape these companies up? Maybe. I'm interested in the idea of software liability, but I think that path also has plenty of problems. I'm not sure we can litigate the software market into responsibility... but maybe it'd be enough to scare them with the idea of litigation. Do you have a suggestion, or were you just spreading cynicism?
I think that "responsible disclosure" is fine for companies that:
;)
1) Make real attempts to release secure software, rather than just ship shoddy software as fast as they can onto the unsuspecting public.
2) Have a serious method for responding to issues quickly and effectively when they are found outside the company. This really just means good customer support combined with a good method of patching shipped code safely and effectively.
3) Treat security researchers as friends who help improve their products.
For other companies whose arrogance and lack of understanding are obvious ("Unbreakable" anyone?), I think that full disclosure is the most responsible action by a security researcher. These companies are doing the equivalent of shipping cars without airbags in the modern world, and then in many cases lying about it. That behavior needs to be "shocked" out of them, and for that reason, I think "30 bugs in 30 days" kinds of exercises are good for the software community overall.
In other words, "The beatings will continue until morale improves."
I'm glad DARPA funds stuff like this. They should perhaps call it DARPA-net or something like that. Also, perhaps this research will result in really cool new inter-networking technology that the public can make use of. Perhaps universities might be the first big users.
n et)
Of course, if that happens, I hope this new inter-networking thing doesn't get privatized... 'cause then all kinds of crazy things might happen.
(For the uninitiated or those who like things spelled out, see: http://en.wikipedia.org/wiki/History_of_the_Inter
Say what you will, (and I know you will,) but this is another example of how Microsoft is changing from inside. We're all quick to distrust MS, and inclined to bash, (myself certainly included) but I think that they are making some genuine steps lately towards being a likable company.
Why? Well, my theory is that as they have grown bigger and bigger, they can't help but hire some nice, decent people, and then these nice people have grown in influence internally. It could also be that they see Google as their chief competitor these days, so they're trying to out-"do no evil" Google. (If that makes sense.)
Maybe renaming it was a prerequisite for Konami to make a version of DDR for the console.
:)
They probably didn't like "Dance Dance Revolution Revolution" too much, thinking that repetition is nice, but it's best not to take it too far.
"Dance Dance Revolution Weeeee!", on the other hand, is sure to be a hit!
I have an iHP-120 too... I really like it. I haven't put RockBox on it, though. Can you tell me what you like about it and how it compares to iRiver's firmware?
Services over IP?
Wow, what a great idea! We could put a port number (just for example) in the IP spec, and then different services could be available on those ports... OVER IP!!!
This is clearly the next great step forward for the internet.
That reminds me of the old way of getting access to WinNT 4.0 admin account if you had forgotten the password. You just back up logon.scr, and then ;)
copy cmd.exe to logon.scr, reboot, and wait 15 minutes. A DOS prompt with admin rights would pop up and you were on your way.
When will we be able to get decency laws applied to Congress? I consider the wholesale abandonment of the ideals embodied in the Constitution by our legislators to be indecent.
And I DO vote, and I always favor the candidate who I think will do the "right" thing, not necessarily what I favor, but I haven't noticed that it does a lot of good. Especially since neither party in our "two-party government" fields candidates that seem to care about preserving what once made our government unique and outstanding. Those who even make noises about it seem to sell out quickly.
OK, yes... I know I'm ranting.
Of course, much depends upon the licenses, but pretty much all of the open source and free software licenses are based on lofty principles of the sharing of information and code.
If you believe that the spinoff developers really adher to the principles embodied in their license, not only is it okay to borrow, they should encourage it.
It's as simple as that.
Rip. Mix. Burn. (Newly added: And then never touch those files again, you pinko commie pirate scum!)
Sheesh. I'm glad I got an iRiver instead. It just shows up like a USB mass storage device, no questions asked. In fact I've already used it to transfer large files without making coasters.
A little like John Edward 'dictating' a new chapter of the Old Testament called "Moses had Laser Pistols"
Actually he did. But Pharoah shot first. Don't let the revisionists tell you otherwise.
On the bright side... it's so nice that they kindly resize your browser to fit the whole desktop. It's rare to get that kind of service from a website.
Quite often, I find myself thinking... wouldn't it be cool if my browser could take up the whole window? Sure, that Maximize button works, but what I'd really like is for the window to be at maximum size, so that I don't have to worry about whether the window is maximized or not... either way the whole screen is full! But it can be really tricky trying to do it by hand.
Congrats, GitS web guys!
Fairness is highly overrated. Sure, if the test has a huge impact on the student's future, (SAT, AP, etc.) fairness is important. In fact, it's always important. But as long as you are in the ballpark, I think that it is of secondary concern. The primary concern, (and it's also why I think grading should be looked at as less of a chore and more of an opportunity,) is the feedback you give the student. I learned more about writing from my High School english teacher than anyone else. I also learned more from the papers she gave back to me than I learned from anything she taught in the class setting. The feedback given is an opportunity to take some time one-on-one with the student (well, actually, with the student's work) and help them out on an individual basis.
Granted, kids (and parents) would say that fairness is the most important factor. However, if you took them aside ten years later and asked them, I think they might place your constructive feedback higher on their list. I think that all teachers get an inflated opinion of fairness because of course that is what their students complain about. Well, even if you could somehow be perfectly fair, they would still complain; it's in their nature.
Anyway, just MHO and IANAT, so I don't speak from experience, other than as a student.
There is no reason that more user-friendliness would necessarily reduce the security of the average Linux installation, as long as the user was still more committed to security than to ease-of-use. But sad and frequent experience has shown us that ease-of-use is often more important than security.
;)
In cases where there is a trade-off, such as with executable email attachments, we saw what Microsoft chose to do. But before you condemn MS, first answer to yourself how often you check md5sum files of executable code that you download? And if you do, how did you ensure that the person who generated the md5sum is actually the creator of the file? Security often involves these kinds of trade-offs.
And that is why ease-of-use will end up limiting Linux's security in a default installation in the real world.
Of course, the real strength of Linux is that it is infinitely configurable, especially if you consider modification of the source to be "configuration". Therefore it can always be made secure, which isn't always true of MS boxes. Just try to disable that RPC service on your XP box, I dare you! (And then do a google search for how to reg-hack it back to enabled, since you won't be able to open the Services window anymore.
Side rant: IMHO we need to get the crypto crowd to start thinking hard about usability, because they will probably be better at creating usable security products than the average joe programmer would be at making their usable software secure. And right now, there is definitely a barrier between the two fields.
Someone did this to /.!
I hope Rob and Co. sue their pants off! Sheesh, what audacity!
I don't understand everyone's problem!?
Realplayer is, without a doubt, the most user-friendly, featureful trojan I have ever unintentionally installed.
(Well, yeah, I thought I was getting a free little utility to play *.rm files, but I had no idea of the "bargain" I was about to get.)
Atomic Man: "My eyes ... The goggles--they do nothing!"
FWIW, I agree with you. In fact, I tend towards the traditional in my infosec opinions, normally. However, there is definitely obscurity in traditional encryption, namely the mathematical obscurity of the key. The points I was trying to make are:
1. The words "cryptography" and "obscurity" are close to the same thing. Look at the definitions (and especially the roots) of each words and you will see what I mean. These terms have come to have special definitions in the computer world. "Cryptography" has come to mean enciphering a stream of bits using an algorithm that may be public and a "key" value that must remain secret, at least in part. "Obscurity" has come to mean hiding the methods used to protect information, in the hopes that they won't be discovered.
2. But where does the algorithm end and the key begin? Almost all algorithms have constants, so algorithms can't be defined as just "operations", and for a given key value, operations may be performed additionally or in different orders from another key value (sometimes leading to timing attacks), so a key is more than just a nearly random number.
3. Conceptually, I could consider attacking two different systems. In one system, the answer to Life, the Universe, and Everything is encrypted in a very public place, and looks like this. BEGIN SECRET ANSWER BLOCK (MODE AES-256) GD(#KG(DL:@ END BLOCK
In the other system, I use a stego algorithm, with my own chosen "settings" (kind of like a key, eh?) and hide the answer in a pic of my car and post it on ofoto.com. I only tell the people I want to send the "answer" to the details (which photo, what algorithm and settings).
In attacking these systems, it may turn out that the algorithmic complexity is equal. The stego approach has at least one benefit: plausible deniability. The encryption approach also has at least one benefit: a much simpler "key".
One final note... you stated that a good crypto algorithm can be shown to the world and still remain secure. I would posit that a good stego algorithm has the same properties.
For a really cool paper on stego, see here.
You should give buffets a try. Sure, the food isn't usually that great, but they have an excellent 3D interface.
Cryptography IS security through obscurity... mathematical obscurity. You either choose a secret (a prime or a password) to encrypt something, or you choose a secret (which picture, which algorithm and settings) to hide something using stego.
Basically, encryption is hiding a needle in a very large haystack, and stego is hiding a carefully disguised strand of hay in a not-so-big haystack. The end result is that similar attacks are required to break either scheme (theoretically), so from a conceptual point of view neither should be preferred over the other.
Honestly, how long will it be before the delivery mechanism is reverse engineered and the security broken? Even when systems like this have a decent attempt at good cryptography (DirectTV, etc.) they usually get broken. And then there are the other schemes (SDMI, cuecat, etc.) where the attempts at security just give the /. crowd a good chuckle.
:)
It's hard enough securing Alice and Bob so they can talk to each other securely. It's much harder when there is one Alice and *many* Bobs, and the Bobs are divided into a group you can only barely trust (those that subscribe) and those you can't trust at all.
Anyway, bring it on! I'd love to see another example of applying security techniques to this kind of problem... it's just that I anticipate that it will be another "whatever you do, don't do this" kind of example.
Director David Lynch also uses this technique in his films. I remember it most vividly from Mulholland Drive, when that guy goes behind the restaurant. I have 2 massive subs in my home theater, so it's easy to notice what is going on in the scene, even though the sound is hardly audible. It did make the scene a lot more scary to me. It doesn't help when you know about it either; it just makes you anticipate the scene more, hence making it even more scary.
I hope the US Government is aware of exactly what Anonymizer.com does. Unfortunately I doubt they do.
The anonymizer.com service protects you from the sites that you are connecting to, not really from anyone else. Your web accesses go through the anonymizer site, then get stripped of any identifying information, and then are sent to the destination. This is useful when you don't want to be tracked by Doubleclick, or you want to view a site that you don't trust with your IP address, but it does nothing to prevent sniffers from seeing who you intend to connect to if they can see the traffic before it hits the anonymizer. (Which Iran is surely doing.)
This is actually worse than doing nothing at all, because some mistaken Iranians may believe that their actions are protected from snooping when in fact the Iranian government is probably paying more attention to this kind of traffic. It could get someone killed or imprisoned.
Luckily all those Iranians that want to protect their identity from Doubleclick will be safe, though.
It's really unbelievable how many bad security decisions are made every day by organizations that should know better. All you really have to do is think about a security problem for a second in a real-life context and it becomes obvious how stupid this answer is. Imagine sending a kid into a store to buy you something, but the person you really are trying to avoid is standing right next to you, listening to you tell the kid what to buy.
*sigh* I applaud the intentions, but I guess it's too much to expect that they think it through a little first.