LWN Weekly Edition
Front pageSecurity
Kernel development
Distributions
Development
Announcements
->One big page
This page
Previous weekFollowing week
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SecurityThe perils of desktop trackingOne of the first things most of us learn about computers is that they are not particularly smart; they only do the things that they have been told to do. Sometimes telling a computer to do something can be a long and repetitive process, bringing into question the benefits of the whole exercise. As developers work to improve the experience of using computers, they find themselves trying to enable those computers to make more educated guesses about what the user may want to do. The technology to make those guesses is improving, but it brings risks as well as benefits. How much do we really want our computers to know - and tell - about what we are doing?The Zeitgeist project aims to make desktop systems more helpful by keeping close track of what the user has been doing. Its developers describe it this way:
Zeitgeist is a service which logs the [user's] activities and
events, anywhere from files opened to websites visited and
conversations, and makes this information readily available for
other applications to use.
Zeitgeist is ostensibly independent of any specific desktop, but it seems to be driven more from the GNOME side of the house than any other. The fact that it has recently been entirely rewritten in the Vala language and proposed as an official GNOME module tend to reinforce that impression. Canonical has been putting in some of the development effort and Unity makes use of Zeitgeist. Tools like the GNOME Activity Journal also obtain information from Zeitgeist. The Zeitgeist use cases page makes it clear that the plan is to create a comprehensive mechanism for the tracking, analysis, and sharing of user activity. Some examples include:
Tim and Joe are doing research on dinosaurs for a school
project. They both set their browser activities to shared and
always know what pages the other one is looking at. Using IM they
can easily talk about them without having to exchange links.
Daniel was at a conference a week ago and wants to remember what computer resources (files, websites, contacts, etc.) he used there. He opens the Journal, sets up a location filter and thanks to geolocation data gets a list of everything he wants. Undoubtedly there are a lot of useful things that can be done with this kind of tracking data. But there is also a possible down side; what happens if a detailed log of a user's activities gets into the wrong hands? The Zeitgeist "about" page has a rather unsatisfactory response to this concern: don't run untrusted applications on your system. Certainly that is good advice, but it also misses part of the point. One can easily imagine an untrusting employer routinely examining the activity logs on all of its computers; it would be a shame, after all, if an employee were to be doing something unproductive on the job. This kind of information would be even more useful to governments that, for good reasons or bad, seek to know what somebody has been up to. The activity log could be a gold mine for inquisitive spouses, concerned parents, or curious roommates. This log could also open up a victim's life to any sort of successful malware attack. The advice to avoid running untrusted applications really only addresses the last of those concerns, and it is a partial response at best. A somewhat improved response can be seen in this post from Zeitgeist developer Seif Lotfy. He has been working on the Vala port of the "activity log manager" (ALM), a tool for controlling the information tracked by Zeitgeist. Using ALM, it is possible to configure the system to forget events after a specific period of time - or to disable logging entirely. It is also possible to turn off logging involving specific types of files (videos or email messages, say), directories, or applications. After a proper bit of configuration, one's boss can see that flurry of spreadsheet activity but will remain unaware of all the time spent in a web browser. This kind of configurability is a step in the right direction, but it is still a partial response at best. There will undoubtedly be legions of users who are unaware that this logging is happening at all; they are unlikely to find the utility to fine-tune that logging. Even users who want the functionality provided by this logging may find themselves reconsidering after their activity is exposed to the wrong person. For a certain class of user, the answer will be to simply turn off features like Zeitgeist altogether - once they become aware of such features. But even the most paranoid among us find ourselves, at times, wishing that our computers were a little smarter in their interaction with us. Many (probably most) of us want the computer to understand how we work and to make that work easier and less repetitive. So, increasingly, those computers will observe what we do and build their own models of who we are and how we work. Progress toward the creation of those models appears to be outpacing the work to protect them; experience suggests that this problem will only be addressed after some people have learned about the issue the hard way.
Brief items Security quotes of the week
The "cybersecurity" industry has become an increasingly bloated "money machine" for firms wishing to cash in on cyber fears of every stripe, from realistic to ridiculous. And even more alarmingly, it has become an excuse for potential government intrusions into Internet operations on a scope never before imagined.
-- Lauren Weinstein
There are warning signs galore. While we can all agree that SCADA systems that operate industrial control and other infrastructure environments are in need of serious security upgrades -- most really never should have been connected to the public Internet in the first place -- "war game" scenarios now being promulgated to garner political support (and the really big bucks!) for "cyber protection" have become de rigueur for agencies and others hell bent for a ride on the cybersecurity gravy train.
By the time of my arrival, the agency was focused almost entirely on
finding prohibited items. Constant positive reinforcement on finding items
like lighters had turned our checkpoint operations into an Easter-egg
hunt. When we ran a test, putting dummy bomb components near lighters in
bags at checkpoints, officers caught the lighters, not the bomb parts.
-- Kip Hawley, former head of the US Transportation Security Administration (TSA)
This is the fundamental political problem of airport security: it's in nobody's self-interest to take a stand for what might appear to be reduced security. Imagine that the TSA management announces a new rule that box cutters are now okay, and that they respond to critics by explaining that the current risks to airplanes don't warrant prohibiting them. Even if they're right, they're open to attacks from political opponents that they're not taking terrorism seriously enough. And if they're wrong, their careers are over.
-- Bruce
Schneier
Critical Flaw Found In Security Pros' Favorite: Backtrack Linux (threatpost)A local privilege escalation flaw in wicd (wireless interface connection daemon) was found as part of an "ethical hacking" class using the Backtrack security-oriented Linux distribution. While Backtrack is singled out in the threatpost article, the flaw really resides in wicd and is likely present in other distributions: "The security flaw was discovered in a Backtrack component known as the Wireless Interface Connection Daemon (or WICD). The latest version of Backtrack does a poor job "sanitizing" (or filtering) inputs to the WICD DBUS (Desktop Bus) interface - a component that allows different applications to communicate with each other. That means that attackers can push invalid configuration options to DBUS, which are then written to a WICD wireless settings configuration file. The improper settings could include scripts or executables that would be run when certain events occur - such as the user connecting to a wireless network, according to the post, whose author asked to remain anonymous."
New Security Sensor Gives Admins Better View of Network Attacks (eWeek)EWeek introduces Hone, a security tool developed by the US Department of Energy (DOE). "Hone gives users a “’glanceable’ type of view of what’s happening on the network and what’s happening on the machine,” [Hone creater Glenn Fink] said. Hone also is a tool that has uses beyond understanding and responding to attacks, Fink said. It can be used to help programmers debug new networked applications being developed. In addition, security administrators can use data from Hone to ensure that only certain processes on their systems can communicate with the network, and to monitor what their systems are doing, which would help them identify such threats as viruses, spyware and rootkits."
New vulnerabilities apache2: insecure default configuration
cumin: cross-site scripting
gajim: multiple vulnerabilities
kernel: remote denial of service
moodle: many vulnerabilities
phppgadmin: cross-site scripting
swftools: code execution
Page editor: Jake Edge |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||