LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security Against Who?

Security Against Who?

Posted Jan 18, 2012 22:19 UTC (Wed) by ldo (subscriber, #40946)
In reply to: NSA releases security-enhanced Android (The H) by hpro
Parent article: NSA releases security-enhanced Android (The H)

hpro:

But given the choice of having my phone firmware "abused" by the carrier, and _abused_ by malicious software, I would pick the former every time.

That’s a stupid, specious dichotomy. As is well-known, you cannot “secure” a system against the person who legitimately owns that system and has physical access to it. SELinux doesn’t try to do that, and SEAndroid wouldn’t try to do that. The NSA, of all people, are well aware of such a limitation—after all, it is the reason that Digital Restrictions Management doesn’t work. In short, these security frameworks, like all security frameworks, are useless for vendors trying to lock you out of devices that you buy from them.

But of course, like a lot of people, the stupid vendors would have trouble grasping such a fine point. So I wouldn’t be surprised to see one or two of them try to use it for this very purpose.

(Log in to post comments)

Actually DRM works perfectly fine...

Posted Jan 18, 2012 22:30 UTC (Wed) by khim (subscriber, #9252) [Link]

The NSA, of all people, are well aware of such a limitation—after all, it is the reason that Digital Restrictions Management doesn’t work.

Apparently NSA knows the reality better then you and they obviously knows that DRM does work. The governing principle in security is famous ages-old you can fool all the people some of the time, and some of the people all the time, but you cannot fool all the people all the time. DRM can not full fool all the people all the time - here you are absolutely correct, but it can fool all the people some of the time and this some of the time is growing: just 10 years ago DRM typically DRM was broken in weeks, often days, but today it takes years for well-designed DRM systems (XBox360, PS3, etc).

If you'll consider the fact that lifespan of typical phone model is 2-3 years... this means that for Android DRM may work just fine.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds