Privacy, Security Archive

Reflections on Trusting Trust

This paper was written by Ken Thompson around August 1984. Ken Thompson is the co-father of UNIX: "You can't trust code that you did not totally create yourself. No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."

The World’s Safest Operating System

UK based security firm mi2g has analyzed 17,074 successful digital attacks against servers and networks. The results are a bit surprising. The BSD OSes (including FreeBSD and Mac OS X) proved to be the systems least likely to be successfully cracked, while Linux servers were the most vulnerable. Linux machines suffered 13,654 successful attacks, or 80% of the survey total. Windows based servers enjoyed a sharp decline in successful breaches, with only 2,005 attacks. "Read more" for our take.

Who’s Patching Open Source?

The first place many companies look for Apache support is their main distribution provider, most commonly Red Hat or SuSE. As open source grows, the need for support grows, and this new need has led to the development of a new support option: third-party vendors who manage or patch software. Flaws raise red flag on Linux security but many users remain confident about the security of the open-source environment notices ComputerWorld.

Reflecting On Linux Security In 2003

This has been indeed an interesting year for Linux security. The point of this article is to offer a view on what I believe to be some of the most interesting happenings in 2003. The Linux experts that offer their view on 2003 are Bob Toxen (one of the 162 recognized developers of Berkeley UNIX and author of "Real World Linux Security") and Marcel Gagne (President of Salmar Consulting, Inc. and author of "Linux System Administration - A User's Guide" and "Moving to Linux").

Commercial Trojan Horse Spyware

A company is maketing a product called Lover Spy, which allows the customer to send a "greeting" to an acquaintance. That greeting contains a hidden application that installs itself on the victim's computer and reports back information on that person's online activities. It's intended to be a way for jealous lovers to keep tabs on their partner. It's a remote version of the old "install a keystroke logger on your boyfriend" trick. It's also probably illegal in the United States.

“MS: Security Risk” Paper Criticised By Industry Group

The recent paper that claimed that Microsoft's dominance poses a risk to US national security has come under fire by the groups Americans for Technology Leadership as being a shameless attempt by Microsoft's business rivals to promote their own products. Interestingly enough, Microsoft is one of the founding members of Americans for Technology Leadership, so this looks like this may be a bit of a "Battle of the Trade Groups."

Proper Security Will Take Horsepower

A ZDNet article has figured out what to do with all that extra processing power that Moore's Law keeps giving us: use brute force to make our computers secure. Encrypting everything, between machines, and also between processes might do the trick. Of course, you can't keep your keys in software, so that's where hardware tricks like "Trusted Computing" come in. So let me get this straight, because we're all afraid of viruses and hackers now, we're going to get back on the processor upgrade treadmill and give up ultimate control over what's on our PC to our motherboard and OS vendors?