0wned .gov machines (was Re: Russian cyberwar against Estonia?)
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Sat May 19 22:44:22 EDT 2007
Perry E. Metzger wrote:
> What is interesting to me is that, even though things have nearly
> gotten as bad as they could possibly get, we still have seen very
> little real effort made to improve systems security (at least in
> comparison with what is necessary to make a big dent).
I think it's anything but surprising. There's only so much you can do to
significantly improve systems security if you're unwilling to break
backwards compatibility -- many of the fundamental premises of desktop
security are fatally flawed, chief among them the idea that all programs
execute with the full privileges of the executing user.
One Laptop per Child is breaking application backwards compatibility for
a number of reasons, one of which is security. As a result, I'm
earnestly hoping that our systems security platform, Bitfrost[0], will
be an improvement on the scale you're talking about. But time will tell.
(Sidenote: I'm giving a keynote at AusCERT tomorrow about exactly this,
titled 'Everything you know about desktop security is wrong, or: How I
Learned to Stop Worrying and Love the Virtual Machine'. Any list members
who are at the conference should mail me if they want to play with an
OLPC laptop and commiserate about desktop security over beer.)
[0] Summary at http://wiki.laptop.org/go/Bitfrost with full spec at
http://wiki.laptop.org/go/OLPC_Bitfrost
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list