Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment SE/Linux (and SE/Android) (Score 5, Interesting) 240

there's an extremely common mistake made which needs to be pointed out: the clue is in the phrase "This kind of top-down thinking". the fundamental assumption is that there is a concept of "more privilege is required than before" to achieve privileged tasks. people imagine that security is hierarchical - that the further towards "the top" you get, the more access you are permitted. this is simply NOT TRUE. the classic example is "root", which is a drastic binary oversimplification which is simply very convenient.

so, people invent new security systems, but they invent them without actual proper thought towards design, and they invent them thinking that this "top down" hierarchical approach is the only way. thus, new APIs have to be invented.

there is another way: it's called SE/Linux (and there's a variant called SE/Android). SE/Linux follows the FLASK model, which basically says that based on the current context, the current application, that a new executable is given a COMPLETELY new security context, where the new privileges have to be explicitly given. the most important implication of this model is: it absolutely does not matter how "powerful" you were in the previous context - the one that fires up the new executable; the new one is literally a completely and utterly separate security context.

to give an example: take a 5 Star General, and send him to a security base. when he gets there, standard security procedure: they take away his passport and all his credentials, and they give him a security pass (a new context). that security pass has a pre-prepared set of restricted corridors and rooms that the 5 Star General can go to. he can go to the conference room, and the bathroom. if he tries to leave without returning the security pass, he has no passport, and no papers.

this incredibly powerful security model - FLASK basically fits on top of an OS *without* interfering with it. it's particularly fascinating because it can watch which programs exec() other programs, and it can watch what APIs those programs use.... *without* needing to actually modify those programs.

basically what i'm saying is that the problem that cyanogen is trying to solve already has a way in which it can be solved, if the SE/Android team haven't already solved it. and that's because, under SE/Linux and SE/Android, you can operate both the normal "root access" system *in parallel* with SE/Linux. all you need to do is create a FLASK security context which restricts access to only those applications that *should* be accessing the restricted APIs. you don't need to modify the applications, nor do anything special to the underlying OS.

Submission + - Obama's promise to "Protect Whisleblowers" disappears from the web

An anonymous reader writes: The Obama administration's campaign site Change.gov has been removed, a possible reason Sunlight Foundation comments may be that a statement from the Administration that outlined the protection of Whistleblowers, "Barack Obama will strengthen whistleblower laws to protect federal workers who expose waste, fraud, and abuse of authority in government." when the exact opposite has occurred and Obama is threatening trade sanctions against countries who give Edward Snowden asylum.

Comment Re:Sigh. (Score 1) 339

Sorry, no.

http://www.serendipity.li/wot/other_fires/other_fires.htm

Here's one example:

In October 2004 in Caracas, Venezuela, a fire in a 56-story office tower burned for more 17 hours and spread over 26 floors. Two floors collapsed, but the underlying floors did not, and the building remained standing.

See http://www.cbsnews.com/stories/2004/10/18/world/main649824.shtml

Comment Re:I hope they ask SpiderOak for mine (Score 1) 339

But... how do you KNOW they're doing what they say they're doing? Really? Without an intentional MiTM machine you can use to analyze what is ultimately being sent upstream to SpiderOak, you can't be sure.

Remember too, peeling apart and masquerading SSL/https sites is VERY easy to do, including certificate forging. Many companies do this today to decrypt (yes, decrypt) SSL traffic to then scan the plaintext content of the request. Heck, you can even set up Squid to do that if you want.

http://blog.blackfoundry.com/2011/06/02/break-open-dropbox-ssl-traffic-with-squid-proxy/

http://www.squid-cache.org/Doc/config/ssl_bump/

Comment Re:Companies shouldn't have this anyway (Score 1) 339

His point was that the system maintainer might be forced by a spy agency to alter the code so that the password variable is not temporary, but instead logged in persistent storage.

That's easy: Build your hashing systems such that there IS no persistent storage. Make it out of DRAM, and enforce rules to scrub the memory and temporary storage before and after each password hashing request or attempt. Additionally, just create a tmpfs volume, encrypted with a one-way hash/salt, and write your scratch data there, then dump it and scrub those bits when done. Problem solved.

Businesses

Hallibuton Pleads Guilty To Destroying Simulation Data From 2010 Gulf Oil Spill 104

An anonymous reader writes "Oilfield services giant Halliburton will plead guilty to destroying computer test results that had been sought as evidence in the Deepwater Horizon disaster, the Justice Department announced Thursday. Company officials threw out test results that showed 'little difference' between the number of devices Halliburton said was needed to center the cement casing in the well at the heart of the disaster and the number well owner BP installed, according to court papers. The issue has been key point of contention between the two companies in hearings and litigation ever since the April 2010 blowout. BP and Halliburton are still battling over responsibility for the disaster in a New Orleans federal courtroom. BP had no comment on the plea agreement Thursday evening."

Submission + - Don't like a patent? Help kIll it.

Camael writes: When Joel Spolsky spotted an undeserving Microsoft patent application, he didn't just let it be granted — He killed a in just a few minutes. In short, he found prior art and submitted it, and the USPTO examiner rejected the patent because of it. From TFA :- "Micah showed me a document from the USPTO confirming that they had rejected the patent application, and the rejection relied very heavily on the document I found. This was, in fact, the first 'confirmed kill' of Ask Patents, and it was really surprisingly easy. I didn't have to do the hard work of studying everything in the patent application and carefully proving that it was all prior art: the examiner did that for me." This is all under the umbrella of Ask Patents'.

Slashdot Top Deals

As a computer, I find your faith in technology amusing.

Working...