[info] 0wned .gov machines (was Re: Russian cyberwar against Estonia?)
Eugen Leitl
<eugen at leitl.org> on
Sun May 20 16:32:47 UTC 2007
----- Forwarded message from Ivan Krstić <krstic at solarsail.hcs.harvard.edu> -----
From: Ivan Krstić <krstic at solarsail.hcs.harvard.edu>
Date: Sun, 20 May 2007 12:44:22 +1000
To: "Perry E. Metzger" <perry at piermont.com>
CC: "Trei, Peter" <ptrei at rsasecurity.com>, cryptography at metzdowd.com
Subject: Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)
User-Agent: Thunderbird 2.0.0.0 (X11/20070501)
Perry E. Metzger wrote:
> What is interesting to me is that, even though things have nearly
> gotten as bad as they could possibly get, we still have seen very
> little real effort made to improve systems security (at least in
> comparison with what is necessary to make a big dent).
I think it's anything but surprising. There's only so much you can do to
significantly improve systems security if you're unwilling to break
backwards compatibility -- many of the fundamental premises of desktop
security are fatally flawed, chief among them the idea that all programs
execute with the full privileges of the executing user.
One Laptop per Child is breaking application backwards compatibility for
a number of reasons, one of which is security. As a result, I'm
earnestly hoping that our systems security platform, Bitfrost[0], will
be an improvement on the scale you're talking about. But time will tell.
(Sidenote: I'm giving a keynote at AusCERT tomorrow about exactly this,
titled 'Everything you know about desktop security is wrong, or: How I
Learned to Stop Worrying and Love the Virtual Machine'. Any list members
who are at the conference should mail me if they want to play with an
OLPC laptop and commiserate about desktop security over beer.)
[0] Summary at http://wiki.laptop.org/go/Bitfrost with full spec at
http://wiki.laptop.org/go/OLPC_Bitfrost
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the info
mailing list