[148927] in cryptography@c2.net mail archive
Re: [Cryptography] defaults, black boxes, APIs,
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Sun Jan 5 16:51:17 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <alpine.BSO.2.03.1401041810180.3176@astro.indiana.edu>
Date: Sun, 5 Jan 2014 09:14:42 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Jonathan Thornburg <jthorn@astro.indiana.edu>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1678491067500226823==
Content-Type: multipart/alternative; boundary=001a11c25d48bd10ee04ef39c39e
--001a11c25d48bd10ee04ef39c39e
Content-Type: text/plain; charset=ISO-8859-1
On Sat, Jan 4, 2014 at 9:23 PM, Jonathan Thornburg <jthorn@astro.indiana.edu
> wrote:
> > Have you noticed how the entire world is moving to a much more
> > sophisticated update model, typically dynamically, monthly?
>
> I'm not sure if that's true. What I see is low-security consumer
> systems (e.g., the usual stuff from Microsoft, Adobe, etc) doing
> dynamic updates every month or even every week. But OSs which make
> security a very high priority, like (say) OpenBSD, aren't moving that
> way at all -- they're staying with the old "updates are manually
> applied by a (human) system administrator" model.
>
> The OpenBSD website points out that they've only had two remote holes
> in the default install in "a heck of a long time" (I think more than a
> decade). So perhaps the manual-updates security model remains viable....
>
Just don't, we used to laugh at UNIX security back in the days when VMS was
the only secure OS. Security is often used as ammo in standards wars, the
comparisons are rarely accurate.
I believe the point of OpenBSD is that it is not a kitchen sink O/S which
ships everything someone might want by default. That is certainly going to
offer more security if you use it for a single purpose with a stripped down
build. It also means that the O/S is not going to report a vulnerability
each time sendmail gets rolled.
But take OpenBSD and lard it up with the thirty packages that are written
by the usual C-crew and the advantage is lost. Very few Microsoft or OSX or
Linux security reports are for code in the O/S core. It is usually the
support apps that cause the issues.
The most significant differentiator in security has actually been whether
accounts have a mandatory separation of superuser privs from regular
accounts. Windows XP does not have that and so every app that runs in an
account with admin privs can bongo the machine without any trouble.
One of the reasons for that is I believe that all modern O/S have
essentially the same approach to access control which is essentially
broken. Butler Lampson thinks it is broken as well, but even he can't
change it.
The problem is that access control attributes are not attached to either
files or to the applications that run them. They are ledger entries in the
file system and grant access to users. Which makes them essentially useless
for modern uses where each machine has between zero and one user and files
move from machine to machine without the security controls being carried
with them.
I don't think the firmware on my printers has ever been updated. An the
routers were never updated till I moved from the cheap linux based ones
that last 6 months to Apple airports.
Windows XP still accounts for the majority of rooted systems. I find it
quite astounding that there are companies who still insist on using it. I
started buying my own machines when I was at VeriSign precisely because the
IT dept refused to let me run Vista.
I think the Vista hatred was mostly driven by lazyness on the part of the
IT staff who wanted to avoid having to make new builds for their machines.
The same companies that would allow their IT departments to continue to run
an operating system the provider was warning was defective would go out and
buy a million dollar firewall.
It will be interesting to see what happens when XP goes EOL in April. A lot
of IT staff are likely to find themselves looking for new jobs as they
discover that they can't get to grips with the new Windows that other
people have been working on for 7 years. Some voluntarily, quite a few not.
--
Website: http://hallambaker.com/
--001a11c25d48bd10ee04ef39c39e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Sat, Jan 4, 2014 at 9:23 PM, Jonathan Thornburg <span dir=3D"ltr=
"><<a href=3D"mailto:jthorn@astro.indiana.edu" target=3D"_blank">jthorn@=
astro.indiana.edu</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div class=3D"im">> Have you noticed how the entire wor=
ld is moving to a much more<br>
> sophisticated update model, typically dynamically, monthly?<br>
<br>
</div>I'm not sure if that's true. =A0What I see is low-security co=
nsumer<br>
systems (e.g., the usual stuff from Microsoft, Adobe, etc) doing<br>
dynamic updates every month or even every week. =A0But OSs which make<br>
security a very high priority, like (say) OpenBSD, aren't moving that<b=
r>
way at all -- they're staying with the old "updates are manually<b=
r>
applied by a (human) system administrator" model.<br>
<br>
The OpenBSD website points out that they've only had two remote holes<b=
r>
in the default install in "a heck of a long time" (I think more t=
han a<br>
decade). =A0So perhaps the manual-updates security model remains viable....=
<br></blockquote><div><br></div><div>Just don't, we used to laugh at UN=
IX security back in the days when VMS was the only secure OS. Security is o=
ften used as ammo in standards wars, the comparisons are rarely accurate.=
=A0</div>
<div><br></div><div>I believe the point of OpenBSD is that it is not a kitc=
hen sink O/S which ships everything someone might want by default. That is =
certainly going to offer more security if you use it for a single purpose w=
ith a stripped down build. It also means that the O/S is not going to repor=
t a vulnerability each time sendmail gets rolled.=A0</div>
<div><br></div><div>But take OpenBSD and lard it up with the thirty package=
s that are written by the usual C-crew and the advantage is lost. Very few =
Microsoft or OSX or Linux security reports are for code in the O/S core. It=
is usually the support apps that cause the issues.</div>
<div><br></div><div><br></div><div>The most significant differentiator in s=
ecurity has actually been whether accounts have a mandatory separation of s=
uperuser privs from regular accounts. Windows XP does not have that and so =
every app that runs in an account with admin privs can bongo the machine wi=
thout any trouble.<br>
</div><div><br></div><div>One of the reasons for that is I believe that all=
modern O/S have essentially the same approach to access control which is e=
ssentially broken. Butler Lampson thinks it is broken as well, but even he =
can't change it.</div>
<div><br></div><div>The problem is that access control attributes are not a=
ttached to either files or to the applications that run them. They are ledg=
er entries in the file system and grant access to users. Which makes them e=
ssentially useless for modern uses where each machine has between zero and =
one user and files move from machine to machine without the security contro=
ls being carried with them.</div>
<div><br></div><div><br></div><div>I don't think the firmware on my pri=
nters has ever been updated. An the routers were never updated till I moved=
from the cheap linux based ones that last 6 months to Apple airports.<br>
</div><div><br></div><div>Windows XP still accounts for the majority of roo=
ted systems. I find it quite astounding that there are companies who still =
insist on using it. I started buying my own machines when I was at VeriSign=
precisely because the IT dept refused to let me run Vista.</div>
<div><br></div><div>I think the Vista hatred was mostly driven by lazyness =
on the part of the IT staff who wanted to avoid having to make new builds f=
or their machines. The same companies that would allow their IT departments=
to continue to run an operating system the provider was warning was defect=
ive would go out and buy a million dollar firewall.=A0</div>
<div><br></div><div>It will be interesting to see what happens when XP goes=
EOL in April. A lot of IT staff are likely to find themselves looking for =
new jobs as they discover that they can't get to grips with the new Win=
dows that other people have been working on for 7 years. Some voluntarily, =
quite a few not.</div>
</div><div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">ht=
tp://hallambaker.com/</a><br>
</div></div>
--001a11c25d48bd10ee04ef39c39e--
--===============1678491067500226823==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1678491067500226823==--
