FreeVeracity: Network Intrusion Detection 112
Ross Williams writes: "FreeVeracity
is a new free intrusion detection tool for free platforms (GNU/Linux, FreeBSD, NetBSD, OpenBSD, etc.) that uses cryptographic hashes to detect file changes that may indicate a network intrusion. FreeVeracity can be run standalone or in a client/server configuration (on TCP port 1062) that enables you to monitor the integrity of hundreds of computers from a single point. FreeVeracity is also an excellent general-purpose data integrity tool with over ten different applications. FreeVeracity is released by
Rocksoft,
vendor of the Veracity data
integrity tool used to secure the networks of leading global companies in finance, communications, transport, aerospace, power generation and
defence. FreeVeracity is released under the
Free World Licence
which provides all the usual free-software freedoms, but for free platforms only." Looks useful.
Ignoring small crackers creates a training ground. (Score:1)
Had little johnny been smacked for h4xx0ring some cablemodem users' boxes, he wouldn't heve gone on to feel invulnerable enough to take on yahoo.com.
Law enforcement should target the lower levels of crackers rather than to react to panic when the problem crescendos into chaos at the higher levels.
They could've stopped the big cracking it before it ever started.
Re:When amazon is cracked, people fry. What of me? (Score:2)
Re:When amazon is cracked, people fry. What of me? (Score:1)
I agree that a common security hole won't cause a huge stir in the security world, however it is important to at least know how your machine was compromised. . . especially if you're not a security expert yourself. While they may not ``care'' per se, someone would be at least kind enough to point you in the right direction in terms of a solution.
Then again, it could be a new exploit that does need attention. You never know until the situation has been assessed by someone who knows what they're looking at.
Nothing New - Vulnerable to Attacks (Score:2)
They provide a way to remotely check the integrity of files. This is something that the latest commercial version of Tripwire does as well. While this is handy when you want to keep your eye on a few dozen or hundred machines it can easily be defeated by an intruder.
Data integrity tools are useless if they are running on a hostile environment. And the second the machine gets broken into thats what it is. The intruder can modify the kernel to return the right file content to the data integrity tool but not to anything else. He can shutdown the tool and replace it with one that reports everything is fine. Etc.
The only time you can know for sure that a data integrity tool is telling you the truth is when you have booted from clean media and are using file hashes that have been stored in read only media and could not have been tampered with.
Maybe every computer need a secure coprocessor running security software that can act independanly from the OS and primary CPU?
This is just begging for exploitation. (Score:1)
Re:er.. (Score:1)
Re:Detecting port scans? (Score:1)
Re:Same problem? (Score:1)
qmail [qmail.org] is an excellent choice for securely replacing sendmail.
DJBDNS [cr.yp.to] may be of some help.
ipchains [unc.edu] is your friend...
Source is available (was Re:Trust?) (Score:1)
The source is available, but it doesn't appear to work with the standard linux toolkit (gcc, make, configure, perl, etc.). It requires something called [freeveracity.org]FunnelWeb [ross.net] (which appears to be some sort of literate programming aid) to build.
Since Funnelweb isn't already installed on my box and I'm too lazy to be bothered with it I guess that I'll miss out on FreeVeracity, at least until someone releases a version in straight C (something that appears to be permissible under the license).
daniel
Re:Free World Licence (Score:1)
Why on Earth was this Published on Slashdot? (Score:1)
Rocksoft isn't the first commercial software company to release a "free" version of their software. They're not even the first computer security company to do so. They're not even releasing a particularly interesting tool. And, looking at the license, they're not even open- source.
People in the open-source community work hard to bring tools that are more interesting than "Veracity" to market every day. I don't hear about the most recent release of FreeSWAN here, or the latest news on Nessus. I could probably to go Freshmeat and find several tools that do exactly what Veracity claims to do, too.
Of course, even if that Freshmeat fodder was a 0.0.1a-release written in Perl, it'd be more trustworthy to me than "Rocksoft's" proprietary stuff.
And, incidentally, "Veracity" isn't "network intrusion detection", at least not under the common definition. It's file integrity monitoring, and in this case it's distributed. Rocksoft seems enormously impressed by this fact, advertising their newly allocated TCP port number as if it was an endorsement from IANA.
"FreeVeracity", like this Slashdot article, is nothing more than advertising for a (lame) commercial product.
Re:Source is available (was Re:Trust?) (Score:1)
Oops, didn't mean to hit that button. Here are better links.
The source is available [freeveracity.org], but it doesn't appear to work with the standard linux toolkit (gcc, make, configure, perl, etc.). It requires something called FunnelWeb [ross.net] (which appears to be some sort of literate programming aid) to build.
Since Funnelweb isn't already installed on my box and I'm too lazy to be bothered with it I guess that I'll miss out on FreeVeracity, at least until someone releases a version in straight C (something that appears to be permissible under the license).
daniel
Re:FreeVeracity (Score:1)
Hmmm... (Score:2)
The Free World License is hypocrisy itself on paper; a license can't be Open-Source if it's under a discriminatory license.
But this does lead to an interesting point: what if someone were to port this to Darwin? Darwin itself is Open-Source. However, if it runs on Darwin, then it should also run on OSX (the core of which is Darwin). But OSX isn't entirely Open-Source, only the core. However, one could say (and actually argue fairly well) that Darwin is really the operating system, and "OSX" is just Apple's value-added stuff on top of it. So is an OSX port legal or not?
Just something to think about.
----------
Re:Freeworld Licence (Score:1)
Vi IMproved: http://www.vim.org [vim.org]
Lynx: http://lynx.browser.org [browser.org]
Any other examples?
--Matt
Re:Wow. (Score:1)
this marks a file 'immutable' so that not even
root can modify it. Then as I understand it using
secure levels you can make it impossible to -i the
file without a (logged) reboot.
anyone use incremental hashing? (Score:1)
"Incremental Hashing With Application to Virus Protection" STOC '95 M. Bellare, O. Goldreich, S. Goldwasser
ftp://theory.lcs.mit.edu/pub/people/oded/
bgg-inc2.ps
It describes a signature scheme with an "incremental" or "fast update" property. They claim that this signature scheme is ideal for settings in which there's a very small amount of trusted memory and CPU available to a virus monitoring program.
Tripwire style IDS seems to be extremely similar.
Anyone implemented this sort of thing or know if it's being used in a commercial product?
Pronouns. (Score:1)
Re:Interesting (Score:1)
Speaking of Tripwire (Score:1)
Re:When amazon is cracked, people fry. What of me? (Score:1)
But I want... yes... VENGEANCE!!! Not to help make some 3rd party richer as a result of a wanton criminal's successful crime and my anguish at being violated. That's the leech talk of a lawyer... you BLOODSUCKER. You're not helping anyone. You're just sucking us both off.
Origin of login will deviate from 'normal' pattern (Score:1)
Re:Freeworld Licence (Score:2)
what? free software on a mac? this is a first... almost anything useful i can find for macos is usually shareware/crippleware/etc.
in all seriousness, though, macintosh is a consumer based platform. the most likely reason that there is no free software for it is simply the fact that people who use that platform aren't interested in developing free commercial quality utilities in their spare time for fun (with is more of the case on free *nix based platform.) Therefore, it would almost be futile, at least for the time being, to release onto that platform.
Additionally, a fear many companies have with releasing source is that 'why would anybody pay for the product when the source is avaliable'. I know i would most likely have simular worries. This licence gives the developer a chance to both a) release the source to a community which would most likely go though it, find security problems, improve it, etc., and b) test the open source concept with a smaller group, while not 'risking' their main income (being the windows folks). Having a way to cautiously try open source before releasing everything open, as to assure themselves that it is a Good Thing, may be the key thing many companies need to disclose their code, which really helps us all. This is why i see this licence as a potentially good thing.
-legolas
(ps RMS ate my balls... i love GNU software, and i'm a fan of the GNU licence, which is what i release anything i make under it. And which is one of the reasons I run Linux instead of Windows. However, not everybody in the world is so 'enlightened' ;^)
i've looked at love from both sides now. from win and lose, and still somehow...
Re:When amazon is cracked, people fry. What of me? (Score:1)
How so? If my machine was compromised and I didn't understand how it was exploited, I would want to find out how it was done so I could patch the hole ASAP. If everyone else learns from it as well then all the more power to them. Security cannot be effectively developed by obscuring knowledge. And no, IANAL.
Root should be able to stop this. . . (Score:1)
Too late now... (Score:1)
Re:Freeworld Licence (Score:2)
I can see why ESR and RMS don't like it.
Detecting port scans? (Score:1)
I have heard of Tripwire. Does any one have any experience running that one?
Panned by Perens! (Score:3)
Bruce
Re:Aide (Score:1)
From a very fast scan, looks to me that aide lacks the 'networking' feature, which I think is basic in a product of this kind (even if the authors plan on adding it). Couldn't an attacker just rebuild the database after mangling your system files? How are you supposed to protect the hash database if not storing it elsewhere?
In this sense, this stuff seems better than aide. I don't think that using a custom port/protocol was the right choice anyway. I'd better stick with ssh/scp for obvious reasons.
Let alone the licensing...
Re:er.. (Score:1)
* - I believe that Jeep used Toyota transfer cases in their 90's model Cherokees and Grand Cherokees. That's a pretty important part of a 4WD vehicle, dontchathink
so , you are calling your car a Toyata, right?
after all you are naming your OS after only one important part.
Re:Interesting (Score:1)
Bruce Perens brought up the same issue, with regards to Gauntlet, in a rebuttal to Elias Levy @ SecurityFocus's article questioning the value of Open Source to security. Perens' point applies just as much to NFR as to Gauntlet: what incentive does the community have to do QA on Marcus Ranum's commercial software?
I realize this is a tangent, but many people have this misconception about NFR.
Re:Sometimes a little editorializing is good (Score:1)
--
Re:Freeworld Licence (Score:1)
As a Mac and Linux user, I've thought a bit about the reasons for the lack of much free/open source software on the Mac.
Certainly, a major impediment is the fact that most Mac users aren't hackers but consumers who don't have much interest or ability in improving their software. I'm not sure what, if anything, can be done about this. I suppose another factor is that most development on the Mac is done using CodeWarrior or another commercial IDE, which further restricts the people who can do anything meaningful with the source to an application; I admit to not being the most knowledgable person in the field of Mac devlopment, but I don't know of any open source/free (speech) compilers on the Mac.
But I suspect that another main reason little free software is developed on the Mac is that people are unaware of it. I had been a Mac user for many years before I had even heard of 'free software' or 'open source', let alone understood why it was a good thing. It wasn't until I started using Linux that I became aware of such things; perhaps with the attention that Linux is receiving in the media, more people may be somewhat more aware of the free software movement, but most probably don't understand it more than superficially.
This is one reason I'm opposed to the Free World license. If we want to make more free software available, restricting it so that it can't be used by users of a non-free operating system won't help. By allowing everyone to use it, more people will be exposed to free software. They may only use it like any other program, which is necessarily a bad thing, but they might well learn more about free software and perhaps be influenced to write free software of their own or switch to a free operating system.
On an unrelated note, I also find it a bit troubling that the Free World license pages tout the fact that they were 'Denounced by Richard Stallman' and 'Rejected by Eric Raymond' as though those were things to be proud of...
Security programs (Score:2)
Also, does this sort of program work well with Portsentry [psionic.com]? Also, it'd be nice if this FreeVeracity client program acted in a similar fashion to LogCheck [psionic.com] by checking the syslog-generated files. Then you could use one program to monitor critical file changes, illegal port scans, attempted hack-ins, everything in one bag. Perhaps FreeVeracity provides more functionality than I'm assuming though. I'd like to hear what anyone has to say.
Re:Detecting port scans? (Score:3)
for detecting portscans, the first program to come to my mind (and that i have had some experience using) is portsentry [psionic.com]. It binds itself to a number of unused but frequently scanned ports (1, 12345, 31337, etc) and you can change the list. you can also set it up to automatically respond (add the person to ipchains or whatnot). care should be used in setting up portsentry, though. i've seen attacks where people make scans with forged ips, and the automatic reponce automatically firewalls out your own ip, your router, your nameserver, you mailserver, etc.
hope this is useful.
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
Re:Aide (Score:1)
Protecting the database is clearly the cornerstone of any software of this type working. The way I do it is I keep the database on a (physically) write protected floppy. I have a cron job that runs the binary from this same floppy and emails the results to root. (I have even considered putting a second fdd in the system and physically cutting the WE line on the ribbon cable.)
Another alternative would be to burn the db out and then put it in a CD-ROM (note the "RO" in ROM.)
Or you could keep it on a floppy and check it by hand.
-Peter
Re:New! Improved! Free! (Score:1)
Re:Money talks (Score:1)
Explain the logical differences between your attitude towards this and -for example- someone breaking into your home and stealing stuff from you.
By your line of reasoning, the police really shouldn't be involved in any sort of break and enter or property crime. If you can't secure your residence, TS for you.
If the above is what you're implying (which I assume it's not, since you seem to think authorities should involve themselves with a certain size of entity (what's the cut-off by the way, 100k+ revenue per year? less/more?)) I certainly hope you're never in a position of power in any government.
Re:Detecting port scans? (Score:1)
Re:Sometimes a little editorializing is good (Score:1)
Re:Root should be able to stop this. . . (Score:1)
Sounds like a good idea (Score:2)
Re:Free World license makes no sense (Score:1)
Intrusion vs. normal Login (Score:1)
---------------
Re:Is it me or is this AIDE? (Score:1)
FreeVeracity (Score:3)
Dont forget `rpm --verify -a` (Score:1)
Still, there is always
rpm --verify -a
But, of course, rpm could be among the compromised files, if someone has hacked root on your system. But, of course, so could 'veracity', I imagine, although perhaps having it run remotely on a network could make things harder for an intruder.
--
man sig
Re:Security programs (Score:1)
I'm not sure how FreeVeracity would work with PortSentry. However, if you use FreeVeracity's T.data feature to monitor logfiles, it will email you the logfiles differences, so yes it can be used to centralize the changes of a few different logfiles in one report, if that's what you meant.
Re:Free World Licence (Score:1)
When amazon is cracked, people fry. What of me? (Score:5)
Yet when my box is cracked and my credit card numbers stolen, etc., calling anyone (police, FBI, etc.) gets a "why are you bothering us? You're lucky we don't prosecute *you* for wasting our time with such trivialities." attitude?
Is cracking illegal or isn't it? Who do I report it to when I'm hit? What gov't/state/municipal entity defends me as defends amazon or CNN?
Re:Licence even has restrictive emulation clause (Score:1)
If you can form a concrete proposal for how the licence might be modified, I'll look at it.
Re:Sounds like a good idea (Score:2)
Re:Intrusion vs. normal Login (Score:2)
Unfortunately, this means that there are still places that intruders can hide files, but it doesn't mean that this type of tool isn't useful.
Re:Hmmm... (Score:1)
I don't have an easy answer to your Darwin question, but I would guess that Apple will not be releasing OSX under a free licence, so therefore it will not be a free platform even if it is capable of running executables that run on free platforms.
Interesting (Score:2)
Re:Intrusion vs. normal Login (Score:2)
>an intruder modifying files using a real/spoofed
>login and a normal user modifying his own files
>that he should be modifying? Or is this program
>not designed to catch that?
Not familiar with this particular s/w, but with this sort of thing you can generally pick and choose which files/directories to watch. You're not going to bother checksumming
And if you're the admin, you're going to remember what you did. If you add a new HD or something and get an alert the next day saying that
Re:When amazon is cracked, people fry. What of me? (Score:4)
Re:Interesting (Score:1)
Re:Freeworld Licence (Score:4)
Doesn't this just become another shrink-wrap license? I think most of us are not idelogically opposed to copyright per se, but are opposed to selling things with strings attached, aka "licensed", because of the obnoxious power it gives vendors over how we use the things we buy. Even the GPL doesn't tell you how you must use a program, it simply says "give back what we hath given you".
This license is foul, for that reason, and because it almost seems to willingly encourage relegating free operating systems to the hobbyist niche. It basically says you can make a profit on your work through traditional licensing frees, and toss a bone to free software enthusiasists at the same time. But what happens to your profit when free operating systems become the norm? If your revenue model is dependent on selling to proprietary platforms, you've screwed yourself by promoting free platforms. So you won't promote those platforms. In fact, why even release a free version at all?
Experience (Score:1)
Founder's Camp [founderscamp.com]
Re:Timely (Score:1)
What's going on?
Freeworld Licence (Score:3)
this approach has an interesting motivation - this way, they can experiment with open source on the more 'hackerish' OSs, while still maintaining their commercial customer base on the commercial systems.
This licence seems to be borrowing various parts from the GNU licence and the FSF licence. I think this is somewhat a good thing, because it gives us who like to tinker with the code a chance to get at it (and for free!) while not risking the majority of their income (from serious commercial vendors). Perhaps we may see this approach to opensource used more in the near future. and it may encourage more and more companies to release their source, which is kinda cool, i think. also, it could be a starting step for companies to start releasing source, between not-at-all and full-disclosure.
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
freshdot? slashmeat? (Score:2)
Re:Freeworld Licence (Score:1)
BTW, the annotated explanation of the license contains the erroneous assertion that licence is a verb and license is a noun [m-w.com].
Re:er.. (Score:2)
Without GNU, Linux would be a hacked clone of Minix. With GNU, it's a genuine alternative to other commercial/free Unix systems.
Give credit where credit is due, dumbass.
I'm sick and tired of this argument. I don't call my car a Chrysler/Toyota/American Motors Jeep*. I don't call my computer an Intel/Asus/WD/Esoniq/Advanced Gravis 466. I don't call my daughter Andrew/Vanessa Katie.
Yes GNU is a big part of Linux. You don't pollute the name of a product after the fact just because it was possible through a third (or fourth or fifth...) party.
If Linus called it GNU/Linux I may think otherwise. However he didn't, and I don't stroke other people's egos just because they feel that now that what they helped with is popular they should get some face time.
* - I believe that Jeep used Toyota transfer cases in their 90's model Cherokees and Grand Cherokees. That's a pretty important part of a 4WD vehicle, dontchathink?
Re:Root should be able to stop this. . . (Score:1)
Re:er.. (Score:2)
without C, most GNU tools would not exist: do you call them C/GNU?
I could go on, but you get the message. You should take a course in linguistics and you'd realize that the morpheme "linux" has all of the meaning you prefer associated with it already. The morpheme pair "GNU/Linux", BTW, does contain an extra semantic bit in that it classifies the user as coming from a particular side of this debate. Therefore, it would actually be an error for that AC to use it if that is not her belief.
Re:Free World Licence (Score:4)
Before I start this, I should just state for the record that I am a very enthusiastic Debian user, and a wholehearted DFSG & FSF supporter.
I thought for a long time about writng a Free World style license, simply because I resented the fact that Windows users could take almost any Free code I wrote and use it, while I couldn't use closed source Windows programs with anything like the same degree of ease.
Ross Williams (author of the Free World license) states on his Free World pages [freeworldlicence.org] that he sees the only difference between his approach to licensing and that of the GPL as "strategic". One approach to freeing the world's software is to exclude non-free platforms from using the free code base that we have created; the other is to entice users away from the proprietary software by showing them what wonderful free programs were available.
Eventually, I came round to agreeing with RMS [freeworldlicence.org] on this. I guess the key points that convinced me were:
Re:Is it me or is this AIDE? (Score:3)
Summaries are generated using shell scripts, the results collected from all over the network and stored on a secure machine for later testing.
HOw is this even a 'product'?
Free World license makes no sense (Score:2)
Cheers,
WFE
===========
Re:FreeVeracity (-1 flamebait) (Score:1)
However, I think the tripwire of the future will be a better service overall, simply because it will be under GPL (to my knowledge). This new FreeVeracity licence, plain stinks. If I'm a lowly University stuck with Irix, I really don't want to spend tons of money to get x86 boxes or buy this product. Free software should be free software, no matter what platform you're running on. And this sort of license really doesn't consider binary emmulation either...
Also my other beef is with this Network Intrusion Detection (IDS) brand that they are putting on it. To me it sounds like a bunch of hype. Sure it's a network service and it can talk to a central machine but that's a far cry from the standard IDS methods I know of. When I think of IDS, I think of known attacks that firewalls recognize or specific IDS machines in promiscous mode sniffing out the network. Sure it does help you quickly find out (like a standard IDS) whether you've been hacked or not, but it is a far cry from a standard IDS system.
I'd also be weary of installing this software and running it right away right now, especially for those who are concerned about security. This product hasn't been reviewed by the general public, the source code hasn't been fully audited. No one (except the company itself) has praised this product. I'd be really weary.
REAL free network intrusion detection (Score:2)
Oh yeah, it's GPL'd too.
FreeVeracity looks to be nothing more than a Tripwire clone that detects file changes on systems it's installed on. To use an analogy, it doesn't detect when your car has been stolen, but it goes off when the thieves try to repaint it.
If you're interested in checking out Snort, head over to www.snort.org [snort.org] and have a look around.
hmm... port 1062... (Score:1)
---
I'm not ashamed. It's the computer age, nerds are in.
They're still in, aren't they?
Re:Sometimes a little editorializing is good (Score:1)
Re:But the FBI/DOJ don't get paid for nabbing h4x0 (Score:2)
Breakins to big-name sites make news. FBI catching perpetrators of those breakins makes news. Congress notices the news. Congress increases FBI budget for chasing computer-crime perps. Hence, it's about money.
Re:Speaking of Tripwire (Score:1)
Free World Licence (Score:1)
There's the "free without restrictions" type of licences, e.g. the BSD licence, which basically let you do what you want with the software, including distribution of binaries without providing source. You can integrate it into proprietary projects without opening up your changes. It's for idealists who want to give away their code without asking for others to contribute back their improvements.
Then there's the "free with restrictions" kind of licences, e.g. the GNU GPL, which also let you do what you want with the software, but forbids distribution of binaries without source. You can't take it without giving back your changes. It's for pragmatists who want to give away their code while making sure it will remain free for all.
And now there's the "free only on free systems" licence, the Free World Licence, which is only free in the free parts of the software world. It's not Open Source because it's discrimination against non-free platforms which violates the Open Source Guidelines. However, it's useful for those who want to provide free software for users of free operating systems, but not to proprietary systems.
All three try to support Free Software in their own way. So which one is best? That's up to you, the creator of the software will choose whichever licence fits to their ideology best, and all are good at what they want to do! And in the Free Software World, there are more ways than one, as we all know...
(Or at least should know - never mind the flamewars, they are just a little drawback, the bright side is Freedom of Choice.)
why? (Score:1)
against good crackers, this system is worse than nothing as it will only give the admin a false sense of security. As far as I can tell, this would only be useful against the script kiddies and/or incomplete/interrupted jobs..
Re:Smells like Open Motif. (Score:1)
Who cares what RMS likes or dislikes?
Mojo
Re:er.. (Score:1)
But saying "If Linus called it GNU/Linux I might think otherwise" makes is sound as though you think it's the naming of the kernel (Linux) that's under discussion, which it isn't or that Linus is reponsible for the whole operating system, which he isn't. It gives the impression that you have no clue as to what what is being dicussed.
Linus created the kernel, this is true. I refer to Linux as the collective kernel and the distribution it's in.
If you want to badger the GNU organization about releasing GNU/Linux, that wouldn't bother me a bit and you'd have a valid point for calling it GNU/Linux. To date, however, GNU has not done this. Slackware has, Redhat has, Debian has, Suse has... you get the point. If I were to wrap the kernel around the Borland compiler and MKS utilities, what would you call it?
This whole GNU/Linux thing makes (oh balls, who is it? RMS? ESR? I can never remember) look like they're trying to grab hold to the fame of Linux after it got popular by tacking on the GNU and acting like a slobbering idiot everytime someone "forgets" to say GNU/Linux. My memory's not perfect, but I don't seem to recall what's-his-nuts emphatically defending the GNU/ in GNU/Linux until a few years ago, and that's what ticks me off. They were helping Linus out way before that.
Hopefully this is making some sense, I'm trying to type and watch my daughter at the same time, and not doing a very good job of either this early in the morning. :-)
Money talks (Score:2)
Because they employ lots of people, have millions of credit card numbers, and take in more money in a day than you will in a year?
Yet when my box is cracked and my credit card numbers stolen, etc., calling anyone (police, FBI, etc.) gets a "why are you bothering us? You're lucky we don't prosecute *you* for wasting our time with such trivialities." attitude?
Because you are not wealthy, a big name, or important?
Is cracking illegal or isn't it?
Yes. And the great thing is that constitutional laws don't apply to cracking cases! Just ask Kevin Mitnick.
Who do I report it to when I'm hit?
A trained consultant, perhaps?
What gov't/state/municipal entity defends me as defends amazon or CNN?
None of them. That's where the private sector comes in. If you can't secure your Corel Linux box, it's not really the government's problem, now is it?
-- Floyd
Trust? (Score:1)
Re:When amazon is cracked, people fry. What of me? (Score:2)
Security groups are looking for new attacks and how to stop them so they can expand their protection arsenal. They have no interest in stopping cracking because... that would put them out of a job!
Doesn't sound like you have any idea what we do, or have ever looked at the incidents list. We don't look for "ways to stop attacks" per se. We have no product. Take a look at the incidents list and see what kinds of posts people make. The archive is on our web site. Often times some ISP that has been ignoring complaints will finally do something when 10 other people chime in that they've seen the same activities from the same network.
The incidents list is a community-based mailing list for concerned net users to discuss incidents that are happening in the wild. The majority of the time, it's other list readers that are able to identify what attack has taken place, or suggest a remedy of some sort. There have been any number of attempts to corolate incidents in the past, and they've all met with pretty limited success. The incidents list seems to be working. None of the other efforts would have ever touched such small scale incidents that the incidents list does.
The only thing that the list (hopefully) buys us is more people who enjoy our site.
New! Improved! Free! (Score:2)
Free World Licence (Score:3)
Re:When amazon is cracked, people fry. What of me? (Score:2)
Because of this, we need to think about HOW we ask for help. Do you really want an FBI consumer-equipment intrusion team, or should that be something handled by your local law enforcement agencies? Personally, I'd be a lot happier with an international network of local law enforcement teams that deal with intrusions of this sort. Individually, they may not have the resources, but if all they need is 1-2 staff per precinct/district/whatever and a computer connected to the Internet with "Fuzz 2.0" installed, we could keep power in the hands that local-scale elections can at least control by proxy (e.g. the Mayor of your city has some control over the police). In this way, individual citizens have a significant say in how Internet policies and laws are implimented in their corner of the world.
Thoughts?
Re:Trust? (Score:1)
Re:Free World Licence (Score:1)
you are focusing (I think, you don't say) on the desire of these users to see source code. The license is trying to solve a different problem, how to make money. Yes, there are many users who are trapped, but many users have a choice about their platform, and the choosers are much more apt to be programmers with a need for source than are the trapped. The trapped can purchase the same product, the choosers can choose the source if they want.
More importantly, you are encouraging an incompatible world. This is not only an unpleasant situation, but it may be strategically very unwise for the free software movement..
you may feel that the use of this license may risk an incompatible world, but it explicitly doesn't encourage it. The license encourages selling stuff to people who've chosen a proprietary platform, and sharing stuff with people who've chosen to share. Same stuff, total compatibility.
I'm not coming down in favor of this license, but I don't think you are fairly portraying what this license intends.
Aide (Score:2)
It is GPL, so you can run it on commerical boxes for free, too
So if you want to security policy to include "it should be an interesting [licensing] experiment" use this thing.
I'll stick to Aide, thanks.
-Peter
Actually, shouldn't that be: (Score:1)
GNU/BSD/X11/MPL/Artistic/Linux? BIND, Apache, Sendmail .... are all, I believe BSD'd. These are some of the top reasons people actually use Linux...err, sorry. GNU/BSD/X11/MPL/Artistic/Linux. I'm not denying the contribution of the GNU utilities/FSF to Linux at all. And I'm not even saying that you should call it "Linux". But neither should it be referred to as "GNU" or "GNU/Linux". In fact, you might as well call the distribution of Linux, the entire OS, by the name which the distribution was created. Ie, you could call Mandrake 7.1....Mandrake 7.1 and Debian 2.2, Debian 2.2...and....Slackware 7...Slackware 7. No need to mention "Linux kernel" or "GNU utilities" or "BSD-licensed servers" or "MPL programs" or "Artistic programs".
No need.Re:When amazon is cracked, people fry. What of me? (Score:2)
Norton/Symantec putting pressure on Microsoft??? What possible pressure could they exert that MSFT would care about? They wouldn't even make a good-sized stain on the sole of the boot with which MSFT crushed them.
Smells like Open Motif. (Score:2)
<O
( \
XGNOME vs. KDE: the game! [8m.com]
Re:Free World Licence (Score:2)
you are focusing (I think, you don't say) on the desire of these users to see source code. The license is trying to solve a different problem, how to make money. Yes, there are many users who are trapped, but many users have a choice about their platform, and the choosers are much more apt to be programmers with a need for source than are the trapped. The trapped can purchase the same product, the choosers can choose the source if they want.
Actually, I think you misunderstood me a little there. I am (sometimes) a trapped user. If I sit down in a lab full of Windows boxes, or in an internet cafe, or I use a proprietary UNIX server somewhere, I would like to be able install and use free appliations. The Free World License is a double edged sword....
you may feel that the use of this license may risk an incompatible world, but it explicitly doesn't encourage it. The license encourages selling stuff to people who've chosen a proprietary platform, and sharing stuff with people who've chosen to share. Same stuff, total compatibility.
Obviously, there is some truth to this, and incompatibility is not always going to result from doing this sort of thing. There are however, times when it may; this is most likely to occur when a new area opens up, and different protocols are viying to become the "standard" for some kind of service. During this process, having Free code available on non-free platforms gives us more chance of setting an open standard. When we don't achieve this, we suffer as a result. For example, a hypothetical cross-platform free office suite available in the early 90s might have saved us from having to stress about M$ Office compatibility....
Re:Money talks (Score:2)
I'll give you a hint, it's not me.
Re:When amazon is cracked, people fry. What of me? (Score:2)
And frankly, I don't blame them. There really are bigger fish to fry.
Steve O.
Versitile! Intelligent! Sticky! (Score:2)
sorry... that's the first thing that came into my mind with the subject of your post. =^)
-legolas
i've looked at love from both sides now. from win and lose, and still somehow...
Re:When amazon is cracked, people fry. What of me? (Score:2)
That might be true if you're the target of a new attack. But when the 6.02e23rd victim of the LOVEBUG emails them... they just don't care anymore.
Security groups are looking for new attacks and how to stop them so they can expand their protection arsenal. They have no interest in stopping cracking because... that would put them out of a job!
I'm sure Norton/Symantec put pressure on Microsoft to not make windows too secure. Security holes are profitable to an entire industry. You can't just cut them loose. Sure, MS will make secure windows for big business (NT Server at kilodollars per pop) but consumer grade windows will always have bugs. It's by design.
Wow. (Score:2)
It's change detection, yes. System integrity, yes... but not an IDS.
Just like that rather neat linux kernel patch that locks off files and doesn't allow them to be changed isn't an intrusion detection system.. it's a change prevention system.
Sometimes a little editorializing is good (Score:5)
"This looks a whole heck of a lot like an Ad from Veracity, but the product still looks like it might be worthwhile to check out. Sorry for the blatant advertising in what's ostensibly an interesting technical story."
-=-=-=-=-