The wording in TFS is a little misleading; they did not "crack Skype encryption," they found an exploitable side channel in Skype. The crypto itself has not been cracked, but it was being used in a way that leaked lots of information.
Personally, I was looking at it as a pain in the ass from a user perspective more so than a admin perspective.
Only for those users who are adept enough to write their own scripts and programs; I would like to think that such users are not going to be downloading MacDefender.
noexec is a pain in the ass for your home dir as a user, and is only really useful if they have no way they can write to any location that isn't noexec, which is easy enough to do, but easy enough to miss someplace as well.
One nice thing about SELinux is that you can ensure that a user is unable to execute any file that they themselves created, or any file that another user at the same access level created. Combined with a policy that prevents users from executing programs that interpret scripts that could potentially modify the user's environment or write/modify files in their home directory (i.e. bash), or perhaps only allows such programs to be executed in a sandbox, you can mitigate quite a few PEBKAC-exploiting attacks.
If you're not using a Fedora-based OS then SELinux probably doesn't work,
Well, there is also AppArmor, TrustedBSD, TrustedSolaris, etc. The real point here is that mandatory access control does not have to be a hard thing to use, especially if you are trying to do something common like prevent a particular user from executing programs in their home directory. I cannot comment much on how easy AppArmor/etc. are to use, since I have not actually used them.
You also need to ensure that/tmp and/var/tmp are noexec, which Ubuntu, at least, seems to dislike.
That screams "problem" to me, but theoretically an SELinux policy could be written to allow this for whatever specific program needs that privilege. I have tried a few lightweight things with SELinux, and there are quite a few surprises -- like the fact that Firefox tries to mark its stack as executable (seriously, in 2011, a web browser wants to execute code on its stack). Another option, which I have made use of, is the SELinux sandbox, which lets you confine an application so that it can get special permissions (like marking its stack as excecutable) without allowing it to affect other parts of the system (this also means that you cannot save files, unless you mount a special home directory just for the sandbox, which is allowed; the sandbox also allows you to set up the security context in a way that makes sense, e.g. Firefox should be able to access the web).
That much is true, which is why I said "thwart" and not "completely eliminate." Now, with a bit of work, you could stop users from doing that as well -- set up the right SELinux policies/contexts and whatnot -- and thus mitigate the threat further. In the end, it really depends on what exactly you are trying to do, and what your users need to be able to do. If your users only need to be able to launch a web browser and email client, then go ahead and stop them from running bash.
you could probably use SELinux to prevent users from running any applications from/home, but that's a pain.
How is that a pain? Have you ever tried it? In Fedora, it is a matter of setting an SELinux boolean (allow_user_exec_content) and setting the user as user_u. This is literally two things to click on in the SELinux GUI tool, or two commands to run in a terminal. This might annoy users who want to do things like write scripts, but if your goal is to defend against this kind of malware, then that is what you have to do.
Of course, most home users are unaware of noexec/SELinux and would need the family IT guy to do this for them.
It depends on who is using the computer. GNU/Linux has many millions of desktop users, but it would be pretty hard to convince most of those people to run some random program they downloaded from some website. Mac OS X's userbase, on the other hand, is composed mainly of people who are not knowledgeable about computers and who wanted something that was "easier" or "more user friendly" than Windows (cue the comments from technically adept people who happen to like Mac OS X), and may more easily fall victim to social engineering.
Of course, desktop GNU/Linux use is expanding to more people who are not so technically inclined, so this may change over the next few years.
This means the problem would be isolated to that particular user's account.
For many home users, that is all that really matters. We are not talking about an enterprise setup here, we are talking about some person's laptop. Frankly, in an enterprise setup I would be surprised if user home directories were not mounted with noexec (or whatever such an option would be called in Mac OS X), which would thwart this problem.
Hello nuclear engineers, can someone explain why it takes so long to shut down a nuclear power plant?
I am not a nuclear engineer, but my understanding of the problem is that the fission byproducts decay very fast and release a lot of heat in the process, so until those byproducts are gone the rods need to be cooled.
Read the part of my post that you quoted, and you'll see that I did not say anything that contradicts what you or Schneier said. When using a 128 bit block cipher, the recommended size for your asymmetric keys is 3072 bits for non-ECC algorithms (e.g. RSA). That is not a ridiculously long key size, given the state of the art attacks on the RSA problem, nor does it exclude the smaller symmetric key size. I was responding to a statement about "256 bit RSA," which is ridiculously short.
Can you please point out the experts who have cracked RSA, DSA, DH, ElGamal, or ECC? Oh, right, the math has not been cracked, the only things we hear about are:
Specific implementations being attacked, due to bugs or poorly thought out optimizations (i.e. that lead to side channel attacks).
Proprietary crypto being cracked; why anyone would be using proprietary crypto in this day and age is a mystery to me, but people continue to do it.
Also, nobody speaks of 256 bit RSA in this century; the recommended key size for use with a 128 bit block cipher is 3072 bits when I last checked.
Yes, if my mother was cleaning up the computer and not just calling me and having me do it (or worse yet, paying someone else to do what I would have done), then yes, I would agree. Like I said, if she wants to start, the SELinux could be put into permissive mode or even disabled at any time -- the security is only mandatory to the point of booting into single user mode. I would even give her step-by-step instructions on how to do it, if she wanted or expressed even the slightest bit of interest.
I became the family IT guy over a decade ago, and in that time, I have been the one who gets called in to clean up when things go bad. With malware getting nastier and me getting busier, that really cannot continue; things cannot go bad as often as they used to, and that is where SELinux comes in.
Just so the message is clear, since you seem to thing that I have set up some kind of iOS clone: all anyone would have to do is boot into single user mode and run three commands, and the system has the same SELinux policy it had when it was freshly installed. There is really no effort to stop anyone from learning if they want to, this is just a way to get more time between phone calls asking for help.
I said the underlying structure has not changed much, but that there have been superficial changes. Can you please point out where the underlying structure of the Internet or the Web has undergone a significant change? When last I checked, we are still using IPv4 and we are still using HTTP, and we are still using a client-server model. This most significant change that I can think of is AJAX, and that is not a terribly significant change (it really just means that things people would have done in an applet can now be done by the browser itself).
Yes, things look a lot different now, and we are making more sophisticated use of the underlying technology (sometimes), but for the most part we are still talking about the same system.
Like I said, whenever she has a question, she asks. She also does, in fact, have full control over her computers -- at any time, she can have anything changed by myself or by others (I left single-user-mode available) if the security settings become a problem. It has never been a problem, and I have never "scolded" anyone -- a gentle explanation of why some action is being prevented is more than enough. If she wants to learn about her computer, she is entirely free to do so -- I have not actually done anything that prevents her from removing the security, and like I have repeatedly stated, I am entirely willing to explain anything that she asks about.
We used to call it "SSJS" -- server-side Javascript. Times really have not changed, but why would you expect them to? Despite the superficial changes, the underlying structure of the Internet and the Web has not really changed. We have not really seen much in the way of "revolution" in the past 15 years, just incremental changes (or if you would prefer, "improvements") to the way everything works.
She is glad to not have to deal with malware, and since she generally called me up to ask for help with things before, there really is not much of a change. It is not like I failed to inform her of what I was doing to her system, and I am entirely willing to explain to her whatever it is that she asks. Really it is not as big of an issue as you seem to think -- in no way is there any disrespect and nobody is being treated as if they are unintelligent. We are not talking about a censorship/parental control program, we are talking about the equivalent of mounting home directories with the noexec flag.
It is when there are entire genres of games that are underrepresented on PCs and Macs compared to consoles.
You are assuming that these games are something that I (or even most people) have the time or desire to play. I have seen console games, and I used to play them when I was a kid, but to be honest I really do not play video games much anymore. I play games, sure -- strategy games like Go -- but intense 3D video games are really not something I spend much time on these days.
My point was that there's no reason to inflict Linux on them either;-) The user might be more comfortable with an OS other than Linux.
In my experience, the only time users become uncomfortable with GNU/Linux is when they start doing exactly the sort of things that a lock downed account should prevent them from doing. When all a user knows or cares about is launching a few programs -- a web browser, an email client, and a word processor -- then it hardly makes a difference what OS they are running. Once users start doing things like installing "cool little applications" that actually leave them worse off, or trying to fiddle with settings they need guidance for, things can become a problem -- but the great thing about locking down their accounts is that they are forced to contact you when they try to do that, before it can become a problem, and you have a chance to either teach them or at least explain why they cannot do what they were trying to do (e.g. because of malware or because it would make their system unusable).
The argument that users are "uncomfortable with GNU/Linux" is predicated on the belief that users are not uncomfortable with some other system. When you are talking about moving someone from a Windows system to a GNU/Linux system, why do you think they will be more comfortable if instead you move them to a Mac OS X system? If they need to be given a locked down account for their own good, then it sounds like they are not very adept with computers to begin with, and GNOME would be no worse for them.
Unfortunately, their customers are getting hurt in the process, which is what makes this sad. If it were just a matter of Sony getting beat down everywhere they turned, I would have no problem.
Then I will stop buying from those computer makers. The lock down has to be under my control, and nobody else' -- I am the one who owns and administers the computer.
The POSIX standard editor of course.
The wording in TFS is a little misleading; they did not "crack Skype encryption," they found an exploitable side channel in Skype. The crypto itself has not been cracked, but it was being used in a way that leaked lots of information.
Personally, I was looking at it as a pain in the ass from a user perspective more so than a admin perspective.
Only for those users who are adept enough to write their own scripts and programs; I would like to think that such users are not going to be downloading MacDefender.
noexec is a pain in the ass for your home dir as a user, and is only really useful if they have no way they can write to any location that isn't noexec, which is easy enough to do, but easy enough to miss someplace as well.
One nice thing about SELinux is that you can ensure that a user is unable to execute any file that they themselves created, or any file that another user at the same access level created. Combined with a policy that prevents users from executing programs that interpret scripts that could potentially modify the user's environment or write/modify files in their home directory (i.e. bash), or perhaps only allows such programs to be executed in a sandbox, you can mitigate quite a few PEBKAC-exploiting attacks.
If you're not using a Fedora-based OS then SELinux probably doesn't work,
Well, there is also AppArmor, TrustedBSD, TrustedSolaris, etc. The real point here is that mandatory access control does not have to be a hard thing to use, especially if you are trying to do something common like prevent a particular user from executing programs in their home directory. I cannot comment much on how easy AppArmor/etc. are to use, since I have not actually used them.
You also need to ensure that /tmp and /var/tmp are noexec, which Ubuntu, at least, seems to dislike.
That screams "problem" to me, but theoretically an SELinux policy could be written to allow this for whatever specific program needs that privilege. I have tried a few lightweight things with SELinux, and there are quite a few surprises -- like the fact that Firefox tries to mark its stack as executable (seriously, in 2011, a web browser wants to execute code on its stack). Another option, which I have made use of, is the SELinux sandbox, which lets you confine an application so that it can get special permissions (like marking its stack as excecutable) without allowing it to affect other parts of the system (this also means that you cannot save files, unless you mount a special home directory just for the sandbox, which is allowed; the sandbox also allows you to set up the security context in a way that makes sense, e.g. Firefox should be able to access the web).
That much is true, which is why I said "thwart" and not "completely eliminate." Now, with a bit of work, you could stop users from doing that as well -- set up the right SELinux policies/contexts and whatnot -- and thus mitigate the threat further. In the end, it really depends on what exactly you are trying to do, and what your users need to be able to do. If your users only need to be able to launch a web browser and email client, then go ahead and stop them from running bash.
you could probably use SELinux to prevent users from running any applications from /home, but that's a pain.
How is that a pain? Have you ever tried it? In Fedora, it is a matter of setting an SELinux boolean (allow_user_exec_content) and setting the user as user_u. This is literally two things to click on in the SELinux GUI tool, or two commands to run in a terminal. This might annoy users who want to do things like write scripts, but if your goal is to defend against this kind of malware, then that is what you have to do.
Of course, most home users are unaware of noexec/SELinux and would need the family IT guy to do this for them.
It depends on who is using the computer. GNU/Linux has many millions of desktop users, but it would be pretty hard to convince most of those people to run some random program they downloaded from some website. Mac OS X's userbase, on the other hand, is composed mainly of people who are not knowledgeable about computers and who wanted something that was "easier" or "more user friendly" than Windows (cue the comments from technically adept people who happen to like Mac OS X), and may more easily fall victim to social engineering.
Of course, desktop GNU/Linux use is expanding to more people who are not so technically inclined, so this may change over the next few years.
This means the problem would be isolated to that particular user's account.
For many home users, that is all that really matters. We are not talking about an enterprise setup here, we are talking about some person's laptop. Frankly, in an enterprise setup I would be surprised if user home directories were not mounted with noexec (or whatever such an option would be called in Mac OS X), which would thwart this problem.
...is anyone actually surprised by this?
Hello nuclear engineers, can someone explain why it takes so long to shut down a nuclear power plant?
I am not a nuclear engineer, but my understanding of the problem is that the fission byproducts decay very fast and release a lot of heat in the process, so until those byproducts are gone the rods need to be cooled.
Read the part of my post that you quoted, and you'll see that I did not say anything that contradicts what you or Schneier said. When using a 128 bit block cipher, the recommended size for your asymmetric keys is 3072 bits for non-ECC algorithms (e.g. RSA). That is not a ridiculously long key size, given the state of the art attacks on the RSA problem, nor does it exclude the smaller symmetric key size. I was responding to a statement about "256 bit RSA," which is ridiculously short.
Computer experts have cracked the encryption
Can you please point out the experts who have cracked RSA, DSA, DH, ElGamal, or ECC? Oh, right, the math has not been cracked, the only things we hear about are:
Also, nobody speaks of 256 bit RSA in this century; the recommended key size for use with a 128 bit block cipher is 3072 bits when I last checked.
Apple doesn't actively prohibit "rooting" of their devices.
http://gizmodo.com/303171/apple-says-unlocked-iphones-will-brick-after-software-update-+-what-does-it-mean
Apple doesn't pursue the iOS "hacker" community with legal threats, DMCA takedown notices, etc.
http://news.cnet.com/apple-iphone-jailbreaking-violates-our-copyright/
Apple doesn't infest its products with an OS (Windows 7) that has DRM from the driver-level up.
http://tech.slashdot.org/story/05/08/01/0421248/Mac-OS-X-Intel-Kernel-Uses-DRM
Yes, if my mother was cleaning up the computer and not just calling me and having me do it (or worse yet, paying someone else to do what I would have done), then yes, I would agree. Like I said, if she wants to start, the SELinux could be put into permissive mode or even disabled at any time -- the security is only mandatory to the point of booting into single user mode. I would even give her step-by-step instructions on how to do it, if she wanted or expressed even the slightest bit of interest.
I became the family IT guy over a decade ago, and in that time, I have been the one who gets called in to clean up when things go bad. With malware getting nastier and me getting busier, that really cannot continue; things cannot go bad as often as they used to, and that is where SELinux comes in.
Just so the message is clear, since you seem to thing that I have set up some kind of iOS clone: all anyone would have to do is boot into single user mode and run three commands, and the system has the same SELinux policy it had when it was freshly installed. There is really no effort to stop anyone from learning if they want to, this is just a way to get more time between phone calls asking for help.
I said the underlying structure has not changed much, but that there have been superficial changes. Can you please point out where the underlying structure of the Internet or the Web has undergone a significant change? When last I checked, we are still using IPv4 and we are still using HTTP, and we are still using a client-server model. This most significant change that I can think of is AJAX, and that is not a terribly significant change (it really just means that things people would have done in an applet can now be done by the browser itself).
Yes, things look a lot different now, and we are making more sophisticated use of the underlying technology (sometimes), but for the most part we are still talking about the same system.
Like I said, whenever she has a question, she asks. She also does, in fact, have full control over her computers -- at any time, she can have anything changed by myself or by others (I left single-user-mode available) if the security settings become a problem. It has never been a problem, and I have never "scolded" anyone -- a gentle explanation of why some action is being prevented is more than enough. If she wants to learn about her computer, she is entirely free to do so -- I have not actually done anything that prevents her from removing the security, and like I have repeatedly stated, I am entirely willing to explain anything that she asks about.
We used to call it "SSJS" -- server-side Javascript. Times really have not changed, but why would you expect them to? Despite the superficial changes, the underlying structure of the Internet and the Web has not really changed. We have not really seen much in the way of "revolution" in the past 15 years, just incremental changes (or if you would prefer, "improvements") to the way everything works.
She is glad to not have to deal with malware, and since she generally called me up to ask for help with things before, there really is not much of a change. It is not like I failed to inform her of what I was doing to her system, and I am entirely willing to explain to her whatever it is that she asks. Really it is not as big of an issue as you seem to think -- in no way is there any disrespect and nobody is being treated as if they are unintelligent. We are not talking about a censorship/parental control program, we are talking about the equivalent of mounting home directories with the noexec flag.
It is when there are entire genres of games that are underrepresented on PCs and Macs compared to consoles.
You are assuming that these games are something that I (or even most people) have the time or desire to play. I have seen console games, and I used to play them when I was a kid, but to be honest I really do not play video games much anymore. I play games, sure -- strategy games like Go -- but intense 3D video games are really not something I spend much time on these days.
No we just want to play our video game!
Yeah, is that so hard to believe?
My point was that there's no reason to inflict Linux on them either ;-) The user might be more comfortable with an OS other than Linux.
In my experience, the only time users become uncomfortable with GNU/Linux is when they start doing exactly the sort of things that a lock downed account should prevent them from doing. When all a user knows or cares about is launching a few programs -- a web browser, an email client, and a word processor -- then it hardly makes a difference what OS they are running. Once users start doing things like installing "cool little applications" that actually leave them worse off, or trying to fiddle with settings they need guidance for, things can become a problem -- but the great thing about locking down their accounts is that they are forced to contact you when they try to do that, before it can become a problem, and you have a chance to either teach them or at least explain why they cannot do what they were trying to do (e.g. because of malware or because it would make their system unusable).
The argument that users are "uncomfortable with GNU/Linux" is predicated on the belief that users are not uncomfortable with some other system. When you are talking about moving someone from a Windows system to a GNU/Linux system, why do you think they will be more comfortable if instead you move them to a Mac OS X system? If they need to be given a locked down account for their own good, then it sounds like they are not very adept with computers to begin with, and GNOME would be no worse for them.
Unfortunately, their customers are getting hurt in the process, which is what makes this sad. If it were just a matter of Sony getting beat down everywhere they turned, I would have no problem.
I doubt that security is their objective with the walled garden.
Then I will stop buying from those computer makers. The lock down has to be under my control, and nobody else' -- I am the one who owns and administers the computer.