Forgot your password?

Comment: If this happened in the US (Score 1) 378

If this were a couple of kids in the US... they would both be on their way to Gitmo, the anti-rejection drugs the kid probably needs to stay alive wouldn't be addressed... then the remaining kid would probably go on a hunger strike in Solitary.

Oh... and someone at the Bank would be put in charge of a new "cyber security" division, with a big bonus and a corner office.

I wish we could be more like Canada some times.

Comment: Re:"Coming IT Nightmare?!?" (Score 1) 240

by ka9dgx (#47152085) Attached to: The Coming IT Nightmare of Unpatchable Systems

That doesn't address the issue of unintended side effects from existing bugs. I agree that a separate LAN can help mitigate things, but it doesn't eliminate the odd things that can happen in a world where code is trusted by default.

Imagine if your garage light switch would 1 out of every 1000,000 times, cause your roof to fall off your house.... this is the world of software that can do anything.

Comment: Trusted by default - right phrase, wrong context (Score 1) 240

by ka9dgx (#47149465) Attached to: The Coming IT Nightmare of Unpatchable Systems

The problem IS that things are trusted by default... but not in the way the author thought. If you trust every program you run by default, you are doomed. An operating system should NEVER trust anything by default... Linux, Windows, OSX all violate this principle. So do embedded devices base on some variant of them.

Never trust by default, and you stop having to worry about side-effects, and start deciding what the limits are ahead of time.

Comment: Progress IS being made (Score 1) 187

by ka9dgx (#47002305) Attached to: Do Embedded Systems Need a Time To Die?

I sit here in the Cassandra suite, watching the tech community finally waking up to the reality of the world. You are starting to panic because you know none of the operating system choices you have are viable for truly secure systems. Soon you will learn about Multi-Level Secure systems, Capabilities, and other features of the secure computing..

About 10 years from now, you'll get the hints the universe has dropped on you, and start implementing these systems.

About 10 years after that, some real old timers (or young punks who've read history) will point out that this stuff was actually figured out in the late 1960s, and early 1970s.

Comment: Re:Multi-Level Security? (Score 3, Interesting) 22

by ka9dgx (#46916867) Attached to: Europe's Cybersecurity Policy Under Attack

Multi-Level Security was worked out in the late 1960s in order to allow computing both Secret and "Top Secret" information in the same computer at the same time. The use of the Bell-LaPadula model ensures that a lesser privileged user can never cause grief for a more privileged user. If we had Mutli-Level secure systems, we could safely run any program we want in a sandbox, and it could never, ever crawl back out of it.

The closest you're likely to approach is if you enable the MAC option in FreeBSD, which is experimental.

The Genode project aims to provide a capability based security system which can run Linux Apps... it is the best chance I see going forward for a truly secure system that isn't military grade. In such systems, you specify at run time exactly which files can be accessed by an application. This has the benefit of explicitly limiting the side effects of said application, and thus making for a far more secure system. You might be tempted to think this would make it unusable (as App-Armour tends to be)... but it doesn't have to be that way. In fact, it's possible to make apps behave almost identically, as far as the user is concerned, without compromising anything.

I think we're still 10 years out before people wake up and realize that our collective assumptions about computer security are wrong, and this needs a more rigorous, carefully engineered solution, instead of the layers of patch we currently employ. I'm hoping that my frequent postings on this subject are informative, and help shorten that timespan significantly.

Comment: Re:It never ceases to amaze me... (Score 1) 345

by ka9dgx (#46905567) Attached to: Why Microsoft Shouldn't Patch the XP Internet Explorer Flaw


I just "upgraded" some Windows 7 machines to IE8 (from IE10) because that is the standard the automobile industry has settled on.

Linux is not any more secure than Windows in the long run... its not a multi-level secure system, nor is any other choice you've ever heard of. Until we adopt something like the Bell-LaPadula security model, we're going to be chasing our collective tails, and this is going to be happening for years!


'Accidental' Siberian Mummies Part of Mysterious Ancient Arctic Civilization 34

Posted by samzenpus
from the who-are-you-who-who-who-who? dept.
concertina226 (2447056) writes "Russian archaeologists are trying to discover the origins of a group of 800-year-old bodies found just 29 km from the Arctic Circle, which were accidentally mummified by copper when they were buried. The mummies were discovered at Zeleniy Yar in Siberia, in 34 shallow graves, and 11 of the bodies found in the medieval burial place had either smashed skeletons or missing and shattered skulls. They may have been damaged by their peers deliberately to prevent spells emanating from them. There is only one female, a child, who is buried with her face masked by copper plates, and three male infant mummies, who wear copper masks and were bound in four or five copper hoops that each measure several centimetres wide."

NASA Proposes "Water World" Theory For Origin of Life 115

Posted by samzenpus
from the from-the-water dept.
William Robinson (875390) writes "A new study from researchers at Nasa's Jet Propulsion Laboratory has proposed the "water world" theory as the answer to our evolution, which describes how electrical energy naturally produced at the sea floor might have given rise to life. While the scientists had already proposed this hypothesis called 'submarine alkaline hydrothermal emergence of life' the new report assembles decades of field, laboratory and theoretical research into a grand, unified picture."

You can bring any calculator you like to the midterm, as long as it doesn't dim the lights when you turn it on. -- Hepler, Systems Design 182