You're forgetting one thing: If they just settle the case, it may be cheaper that time, but then they might as well put up a big sign: "for free money - sue a Lloyds insured company!"
To avoid having to pay up often, they'll want to discourage such lawsuits as much as possible. That means making an example out of the fool who has the audacity to initiate a lawsuit that is covered by the insurance policy.
There are so-called secret-sharing systems, which allow you to distribute a secret (such as a private key) over some number of people such that a specified number of people (the threshold) must work together to recover the secret.
This way, you can avoid a single person being able to sign, while at the same time making sure that no single person is critical for the signing.
The first space elevator would reduce lift costs immediately to $100 per pound, as compared to current launch costs, which are $10,000-$40,000 per pound, depending upon destination and choice of rocket launch system.
Plus, if you look at their studies it seems they have figured out pretty much everything already. The only technical detail they're waiting for is a sufficiently strong carbon nanotube composite to make the cable of, and they're already making good progress there. After that, apparently it becomes just an engineering/funding problem.
Of course the studies could be mistaken, but still it's definitely not in the pure "Sci-Fi" category anymore. With a bit of luck, we'll still live to see it built.:-)
It's nice to rely on the fact that most people have this installed.
Which is exactly one of the reasons the competitors get no chance and why the EU has made this decision.
BTW, QuickTime works just fine on Windows afaik and I see it used quite a lot by people other than Apple (though often alongside other formats, rather than as the only format)
The Discrete Log Problem is basically: given x, y find g such that g^x = y.
Actually, that's taking the x'th root of y, not a logarithm. The discrete logarithm problem is:
given g, y find x such that g^x = y
The Diffie Hellman Problem is given g, g^x, g^y, find g^xy. This is generally done by finding the discrete log of g^x or g^y, but I'm not entirely sure whether it's proven if the DLP and DHP are equivalent.. perhaps google may yield answers to that
First, your comparison with the GPL is flawed, see my comment below
I think I do agree with that if you license music and agree to certain terms, it's not easy to justify violating those terms when they're inconvenient for you. However..
Apple calls it the 'iTunes Music Store', you have a shopping cart, iTunes says things like "Sign In to buy music" and talks about "purchasing". Such terminology makes it clear to me that Apple wants users to consider it a music store like they know it, so I can sympathise with people who are offended by the artificial mechanisms that prevent them from doing things with the music they bought (according to Apple) that would otherwise be perfectly legal, such as making personal copies within the limits of fair use.
Someone already briefly pointed it out, but it's worth repeating again: The GPL is a license, not a contract, see for example this excellent article or perhaps this one. In short: the GPL is a unilateral license that just gives you additional rights you previously didn't have (under specific terms of course), if you choose to accept them.
These "license agreements" are different.. their basic idea is that you enter into a contract where you give up certain rights, simply by clicking on an "Agree" button or under even more dubious circumstances. I have no idea what their legal status is so I'm not going to comment on that - the main point here is that the GPL is not remotely like this.
Note also one interesting difference with most other PC-based DMX systems: it's the LanBox that's actually doing most of the work, not the computer. This means that if LCedit+ is somehow not satisfying for you, or if you want to work under Linux, you could control the LanBox directly via its documented command set. (it also means that if your computer crashes, the LanBox will happily keep playing back what you programmed it to do;-)
There are already third parties who've built or are building their own apps to control the LanBox. For example, this simple thingy running on Linux
(disclaimer: I work for them, so my views may be slightly biased:-)
you missed the point, the grand-grand-grand-grandparent said "Take PPC for example, there are two separate caches, one for code and one for data. The code can not be changed during runtime." as an argument of why self-modifying code would be a problem on PPC already today - without W^X..
grand-grand-grandparent then pointed out you can simply avoid that problem (in normal self-modifying code, not in buffer overflow exploits) with some instructions, I gave the actual correct code sequence - which does not require being supervisor
You are. A buffer overflow works by overflowing a stack-allocated buffer, causing other stack-allocated data to be overwritten. The usual method of exploiting this is by overwriting the return address with a value that points back into the buffer, so that the function will return straight into the buffer data, where the cracker will have put executable code of course.
A way to provide some protection against this is by disabling the ability to execute code that is located on stack.
Note that:
1. there are already linux kernel patches to do this on x86 hardware, but they incur a slight performance penalty because they're implemented by abusing page table caches (there are separate ones for data, and you can deliberately make 'em inconsistent so that the table entry for data says access is allowed, while the one for code says it's disallowed)
2. this does not prevent buffer overflow exploits entirely, it just makes 'em a lot harder. There are tricks you can still use sometimes like putting the known address of some useful library function into the return address
The analogy is kinda flawed, since a college degree should - regardless of the subject - at least indicate a certain level of education in some area.
EAL just indicates how sure you are... you could get something EAL3-certified to be totally insecure.
(note that I don't mean to say the certification is meaningless, just that its presentation in the article is. also, that comparisons like "but Win2000 has EAL4!" are bogus)
A company that knows how the Common Criteria work won't require "EAL3", but actually pay attention to the security target.
For the benefit of other readers, a short summary of how the Common Criteria work - as far as I can remember (if any inaccuracies slip in, I'm sure someone will point them out:-)
The common criteria are a framework for specifying and evaluating security properties of a product.
They provide a big list of "security functional requirements" that a product might adhere to. Examples:
"
FAU_GEN.2.1 The TSF shall be able to associate each auditable event with the identity of the user that caused the event."
"FDP_ACC.2.1 The TSF shall enforce the [assignment: access control SFP] on [assignment: list of subjects and objects] and all operations among subjects and objects covered by
the SFP."
(yes, they just love TLAs)
So there's a nice set of standard security requirements from which you can select the ones you think your product adheres to (or should adhere to).
A second list contains the "security assurance requirements" which is a big list of means by which the development and evaluator can provide assurance of your product's security features.
For example, ATE_COV.2 Analysis of coverage specifies things the developer and evaluator must do to "establish that the TSF has been tested against its functional specification in a systematic manner. This is to be achieved through
an examination of developer analysis of correspondence."
The security functional requirements and security assurance requirements are then packed together into the "security target" and evaluation can commence.
The Evaluation Assurance Levels are simply standard packages of security assurance requirements. (for example, ATE_COV.2 given above is part of EAL3 and higher)
you're right of course.. I meant security target when I said protection profile.
terminology slip-up:-)
indeed, SuSE's certification (EAL2) of July last year was for a "Product specific Security Target", no protection profile. Assuming it's still the case this year, it means comparing its EAL-rating to Common Criteria certifications of other products (with different security targets) is completely bogus.
The problem is people seem to think "EAL3" is the certification by itself, while the security target is actually more important, but not even mentioned or summarized in the article.
EAL-rating only indicates how sure you are the product meets the profile (a set of security requirements). Saying it gets "EAL3 Certification" is like saying "We're now quite sure it does... eh... something"
For example, the Win2000 EAL4 certification was CAPP/EAL4 (Controlled Access Protection Profile). Its description:
The CAPP provides for a level of protection which is appropriate for an assumed non-hostile and well-managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security. The profile is not intended to be applicable to circumstances in which protection is required against determined attempts by hostile and well funded attackers to breach system security. The CAPP does not fully address the threats posed by malicious system development or administrative personnel.
It should be obvious that while CAPP is nice to have, it does not mean the system is "secure", even if you'd get EAL7.:-)
I guess this is just one of those "they have - we need it too!" things.
Re:Definitely
on
Real Security?
·
· Score: 5, Interesting
Come on, who uses passwords like '%33#Gt(;' nowadays..
I do.:-)
The funny thing is, I don't actually remember the character sequence. Maybe it's because I play the piano, but I remember the hand motions of typing the password. So to pick a password I just generate a few random ones until I find one that "feels" okay.
I wonder how many people do this too
Re:Wonder if they used this?
on
SCO's Plan Examined
·
· Score: 2, Interesting
As the webpage for that diagram mentions, an arrow doesn't mean source code inheritance.
This means that for SCO this diagram is irrelevant, since it doesn't refer to IP, but ofcourse that doesn't stop them from using it anyway.
(They do imply the diagram is about "intellectual property" so they seem to be misrepresenting the facts a bit... *shudder* who would have thought they'd do such a thing!;-)
The only thing that sucks about this scheme is the elaborate procedure necessary to login as this special user (first login as admin and manually mount the encrypted homedir)
I wonder if it's possible to write a Login Plugin to automatically mount the encrypted homedir using the password entered by the user. That would make the system completely transparent, while still being secure (assuming the password is good): If someone uses any other means (= security hole) to gain access to the account, the system won't have the password it needs to decrypt the homedir, so even gaining root access wouldn't help.
(This would be very similar to the way Keychains are already handled: if your login password is equal to the passphrase of your default keychain, it is automatically unlocked when you log in)
Note that on MacOS X, using disk images like the author of the article described is *exactly* like using PGPdisk, except PGPdisk is cross-platform and perhaps more trustworthy since its source is available for auditing.
Using OSX' diskimages however is free-as-in-beer, and probably a bit more flexible. Can you even mount a PGPdisk from the commandline on OSX ?
The DiskImages framework and associated utilities (hdid, hdiutil) are not part of Darwin.
And sadly the encryption "plugin" is embedded inside the framework rather than being external. So if you'd want to check for backdoors, you'd need to disassmble the whole DiskImages framework (in/System/Library/PrivateFrameworks) and plow through that.
However, since it does seem use a plugin interface, even internally, it's probably not too hard to locate just the encryption-related parts.
Slashdot Mirror
You're forgetting one thing: If they just settle the case, it may be cheaper that time, but then they might as well put up a big sign: "for free money - sue a Lloyds insured company!"
To avoid having to pay up often, they'll want to discourage such lawsuits as much as possible. That means making an example out of the fool who has the audacity to initiate a lawsuit that is covered by the insurance policy.
There are so-called secret-sharing systems, which allow you to distribute a secret (such as a private key) over some number of people such that a specified number of people (the threshold) must work together to recover the secret.
This way, you can avoid a single person being able to sign, while at the same time making sure that no single person is critical for the signing.
Plus, if you look at their studies it seems they have figured out pretty much everything already. The only technical detail they're waiting for is a sufficiently strong carbon nanotube composite to make the cable of, and they're already making good progress there. After that, apparently it becomes just an engineering/funding problem.
Of course the studies could be mistaken, but still it's definitely not in the pure "Sci-Fi" category anymore. With a bit of luck, we'll still live to see it built. :-)
Which is exactly one of the reasons the competitors get no chance and why the EU has made this decision.
BTW, QuickTime works just fine on Windows afaik and I see it used quite a lot by people other than Apple (though often alongside other formats, rather than as the only format)
Actually, that's taking the x'th root of y, not a logarithm. The discrete logarithm problem is:
given g, y find x such that g^x = y
The Diffie Hellman Problem is given g, g^x, g^y, find g^xy. This is generally done by finding the discrete log of g^x or g^y, but I'm not entirely sure whether it's proven if the DLP and DHP are equivalent.. perhaps google may yield answers to that
I think I do agree with that if you license music and agree to certain terms, it's not easy to justify violating those terms when they're inconvenient for you. However..
Apple calls it the 'iTunes Music Store', you have a shopping cart, iTunes says things like "Sign In to buy music" and talks about "purchasing". Such terminology makes it clear to me that Apple wants users to consider it a music store like they know it, so I can sympathise with people who are offended by the artificial mechanisms that prevent them from doing things with the music they bought (according to Apple) that would otherwise be perfectly legal, such as making personal copies within the limits of fair use.
These "license agreements" are different.. their basic idea is that you enter into a contract where you give up certain rights, simply by clicking on an "Agree" button or under even more dubious circumstances. I have no idea what their legal status is so I'm not going to comment on that - the main point here is that the GPL is not remotely like this.
There are already third parties who've built or are building their own apps to control the LanBox. For example, this simple thingy running on Linux
(disclaimer: I work for them, so my views may be slightly biased :-)
you missed the point, the grand-grand-grand-grandparent said "Take PPC for example, there are two separate caches, one for code and one for data. The code can not be changed during runtime." as an argument of why self-modifying code would be a problem on PPC already today - without W^X..
grand-grand-grandparent then pointed out you can simply avoid that problem (in normal self-modifying code, not in buffer overflow exploits) with some instructions, I gave the actual correct code sequence - which does not require being supervisor
sync # memory synchronization barrier
icbi # invalidate instruction cache
isync # context synchronization
is actually the sequence you need on a uniprocessor system. (multiprocessor might need extra flavor)
Usually the OS provides some primitive to do this the right way for you (MakeDataExecutable on MacOS 9 iirc)
You are. A buffer overflow works by overflowing a stack-allocated buffer, causing other stack-allocated data to be overwritten. The usual method of exploiting this is by overwriting the return address with a value that points back into the buffer, so that the function will return straight into the buffer data, where the cracker will have put executable code of course.
A way to provide some protection against this is by disabling the ability to execute code that is located on stack.
Note that:
1. there are already linux kernel patches to do this on x86 hardware, but they incur a slight performance penalty because they're implemented by abusing page table caches (there are separate ones for data, and you can deliberately make 'em inconsistent so that the table entry for data says access is allowed, while the one for code says it's disallowed)
2. this does not prevent buffer overflow exploits entirely, it just makes 'em a lot harder. There are tricks you can still use sometimes like putting the known address of some useful library function into the return address
hope this helps to clear it up a bit
EAL just indicates how sure you are... you could get something EAL3-certified to be totally insecure.
(note that I don't mean to say the certification is meaningless, just that its presentation in the article is. also, that comparisons like "but Win2000 has EAL4!" are bogus)
A company that knows how the Common Criteria work won't require "EAL3", but actually pay attention to the security target.
The common criteria are a framework for specifying and evaluating security properties of a product.
They provide a big list of "security functional requirements" that a product might adhere to. Examples:
(yes, they just love TLAs)So there's a nice set of standard security requirements from which you can select the ones you think your product adheres to (or should adhere to).
A second list contains the "security assurance requirements" which is a big list of means by which the development and evaluator can provide assurance of your product's security features.
For example, ATE_COV.2 Analysis of coverage specifies things the developer and evaluator must do to "establish that the TSF has been tested against its functional specification in a systematic manner. This is to be achieved through an examination of developer analysis of correspondence."
The security functional requirements and security assurance requirements are then packed together into the "security target" and evaluation can commence.
The Evaluation Assurance Levels are simply standard packages of security assurance requirements. (for example, ATE_COV.2 given above is part of EAL3 and higher)
ok, hope this helps
terminology slip-up :-)
indeed, SuSE's certification (EAL2) of July last year was for a "Product specific Security Target", no protection profile. Assuming it's still the case this year, it means comparing its EAL-rating to Common Criteria certifications of other products (with different security targets) is completely bogus.
The problem is people seem to think "EAL3" is the certification by itself, while the security target is actually more important, but not even mentioned or summarized in the article.
EAL-rating only indicates how sure you are the product meets the profile (a set of security requirements). Saying it gets "EAL3 Certification" is like saying "We're now quite sure it does... eh... something"
For example, the Win2000 EAL4 certification was CAPP/EAL4 (Controlled Access Protection Profile). Its description:
It should be obvious that while CAPP is nice to have, it does not mean the system is "secure", even if you'd get EAL7. :-)
I guess this is just one of those "they have - we need it too!" things.
I do. :-)
The funny thing is, I don't actually remember the character sequence. Maybe it's because I play the piano, but I remember the hand motions of typing the password. So to pick a password I just generate a few random ones until I find one that "feels" okay.
I wonder how many people do this too
This means that for SCO this diagram is irrelevant, since it doesn't refer to IP, but ofcourse that doesn't stop them from using it anyway.
(They do imply the diagram is about "intellectual property" so they seem to be misrepresenting the facts a bit... *shudder* who would have thought they'd do such a thing! ;-)
the teacher of some boring statistics course made the mistake of saying ".. in a programming language of your choice"
here is the postscript file, in case anyone cares
I've heard of hifi audio geeks covering the walls with egg cartons. Cheap and apparently good for the acoustics of the room.
:-)
(Disclaimer: not really into hifi audio myself
Message Authentication Code
Hashed Message Authentication Code
Pseudo Random Function
Initialization Vector
The only thing that sucks about this scheme is the elaborate procedure necessary to login as this special user (first login as admin and manually mount the encrypted homedir)
I wonder if it's possible to write a Login Plugin to automatically mount the encrypted homedir using the password entered by the user. That would make the system completely transparent, while still being secure (assuming the password is good): If someone uses any other means (= security hole) to gain access to the account, the system won't have the password it needs to decrypt the homedir, so even gaining root access wouldn't help.
(This would be very similar to the way Keychains are already handled: if your login password is equal to the passphrase of your default keychain, it is automatically unlocked when you log in)
Note that on MacOS X, using disk images like the author of the article described is *exactly* like using PGPdisk, except PGPdisk is cross-platform and perhaps more trustworthy since its source is available for auditing.
Using OSX' diskimages however is free-as-in-beer, and probably a bit more flexible. Can you even mount a PGPdisk from the commandline on OSX ?
The DiskImages framework and associated utilities (hdid, hdiutil) are not part of Darwin.
/System/Library/PrivateFrameworks) and plow through that.
And sadly the encryption "plugin" is embedded inside the framework rather than being external. So if you'd want to check for backdoors, you'd need to disassmble the whole DiskImages framework (in
However, since it does seem use a plugin interface, even internally, it's probably not too hard to locate just the encryption-related parts.
See the FAQ.
(and slashdot is a news site, not a blog)