Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Comment Thanks Bush/Cheney (Score 0, Troll) 728

There were strong warnings in advance of the 9/11 attack, which the Bush/Cheney administration chose to ignore. (Could it be because they needed a "Pearl Harbor" event to catalyze the "New American Century" vision from PNAC?)
They then ignored the reality that Iraq had NOTHING TO DO WITH 9/11, and lied their way to get us into Iraq (in accordance with the "New American Century")
It didn't work, because the full might of the country couldn't actually be used (being based on a lie, and not having full support)
This broke Iraq, and gave rise to ISIS, killing or displacing millions along the way.
My heart goes out to the victims in Paris, and the millions of others our nation has displaced, maimed, or killed in the service of our empire.

Comment We're at war... and we're losing (Score 1) 93

Consider yourself in a cyber-war... any line of program you run on your computer can be turned against you... why do you trust any of it with your full authority?

Because you don't have a choice, your OS doesn't give you one. Read up on the principle of least privilege, and the ambient authority model we currently use.

Comment Ambient Authority - Spraying it all over the place (Score 1) 291

There's no way to specify "run this task with this type of access only to this set of stuff" in Linux... which means you're giving your authority to everything you execute. Until this gets fixed... any flaw in any of the code you run can be used against you.

If you could specify authority and filter it, in a similar manner to unix pipes, you'd be able to build a database that can only take local connections, then build a read-only connection to it, then build a web page that could only connect to that and respond to requests... and finally the web server to take requests from the web and query the page.... and an outside hacker would have to pick through each layer on his way to the database... even if the code was only 99% effective, that's a 99.9999% effective block with very minimal effort.

This type of stuff doesn't have to be user-unfriendly, in fact if implemented correctly it would be fairly transparent to them.

Comment Why trust applications? (Score 0) 320

Why y'all continue to trust applications to do anything is beyond me.

You don't hand your wallet to the clerk at the gas station, but you'll hand your whole machine over to any random bit of code, and get upset when it goes awry.

Your OS should ask which files to let your application access... until that changes, you're going to keep getting skunked.

Comment Nobody is talking about the root causes yet.... (Score 1) 77

The root cause of all of these security problems has been in plain sight since 1970 or so, yet only a few people are even aware of it. It's obvious once you get it, and the scope of fixing things comes clearly into place. So, do you really want to take on forking every program to build a new version of it? If so, you can fix it, if not... this will continue to happen, and government will try to fix it by fiat, badly.

The cause is that our operating systems operate on the assumption that programs can be trusted. This makes it almost impossible to launch an executable safely, because there is no OS enforced way to limit the side effects of execution.

Only an operating system that requires specifying the resources to feed to a given instance of execution can limit the side effects by design, instead of luck.

It doesn't have to be user-unfriendly, because the OS can always handle prompting for file names, etc... in fact if done properly, the user might not even need re-training to use the new fork of their favorite program, because for their intents and purposes, it acts the same, with the same dialog boxes, etc.

The principle of least privilege is the solution to this whole mess, but it has to be applied from the kernel all the way up the stack. This is a lot of forking work to do.

Do you dare to take up the challenge, or will you let someone else try the latest band-aid instead?

It is your destiny. - Darth Vader