A new Mindcraft moment?

Posted Nov 9, 2015 15:47 UTC (Mon) by MarcB (subscriber, #101804)
In reply to: A new Mindcraft moment? by ortalo
Parent article: A new Mindcraft moment?

One of my all-time favourite readings sums the situation up very well and raises all of the issues you do (and some more): http://www.ranum.com/security/computer_security/editorial...

It even has a nice, seven line Basic-pseudo-code that describes the current situation and clearly shows that we are caught in an endless loop. It does not answer the big question, though: How to write better software.

The sad thing is, that this is from 2005 and all the things that were obviously stupid ideas 10 years ago have proliferated even more.

A new Mindcraft moment?

Posted Nov 10, 2015 11:20 UTC (Tue) by ortalo (guest, #4654) [Link]

Thanks for the link! Very nice page indeed and I did not know it.

Note IMHO, we should investigate further why these dumb things proliferate and get so much support.
If it's only human psychology, well, let's fight it: e.g. Mozilla has shown us that they can do wonderful things given the right message.
If we are facing active people exploiting public credulity: let's identify and fight them.

But, more importantly, let's capitalize on this knowledge and secure *our* systems, to show off at a minimum (and more later on of course).

Your reference conclusion is especially nice to me. "challenge [...] the conventional wisdom and the status quo": that job I would happily accept.

A new Mindcraft moment?

Posted Nov 30, 2015 9:39 UTC (Mon) by paulj (subscriber, #341) [Link]

I gave up reading that. If "default permit" and "enumerating badness" are the top things on that list, it's not a very good list. The converse of "default deny" is a disease of the nuttier "security at all costs (usefulness? what's that?)" types. The converse of "enumerating goodness" is as unscalable and unrealistic as "enumerating badness", and again its on the nutty "security over usefulness" side of security.

That rant is itself a bunch of "empty calories". The converse to the items it rants about, which it is suggesting at some level, would be as bad or worse, and indicative of the worst kind of security thinking that has put a lot of people off. Alternatively, it is just a rant that offers little of value.

Personally, I think there's no magic bullet. Security is and always has been, in human history, an arms race between defenders and attackers, and one that is inherently a trade-off between usability, risks and costs. If there are mistakes being made, it is that we should probably spend more resources on defences that could block entire classes of attacks. E.g., why is the GRSec kernel hardening stuff so hard to apply to regular distros (e.g. there's no reliable source of a GRSec kernel for Fedora or RHEL, is there?). Why does the entire Linux kernel run in one security context? Why are we still writing lots of software in C/C++, often without any basic security-checking abstractions (e.g. basic bounds-checking layers in between I/O and parsing layers, say)? Can hardware do more to provide security with speed?

No doubt there are plenty of people working on "block classes of attacks" stuff, the question is, why aren't there more resources directed there?