Longhorn locked down to fight hackers 17327
In comp.os.linux.advocacy, William Poaster wrote on Thu, 07 Jul 2005 23:28:13 +0100
Yes, except that this time it won't be a blue color. ;-)
Security breaches 'threaten IT' anon July 04 2005 "I think it's the number one thing...
Of course, as Dave Ross occasionally puts it, one might have to read this r e a l s l o w to figure out exactly what is meant by the expression "unauthorized access". The most obvious questions: who is responsible for authorization, and when?
Some questions along these lines.
1 A user is sitting at the machine, and wants to run a program. What checks are needed?
2 A developer is sitting at the machine, and wants to write a program. What checks are needed? Bear in mind cut and paste may very well be a copyright violation, if one turns up the paranoia enough.
Liam Slider What does it matter? Better question: WHY should the age of my distro matter? I get that question all the time. I use the distros I use...
I was just reading some post in Cola about the new Systemax Linux PC and I started to wonder: how come, when companies like Systemax...
3 A user is sitting at the machine and wants to listen to some tunes. What checks are needed? Are these the same as 1?
4 A user wants to copy some tunes from a CD he bought to a CD of "his personal favorite tunes" that he might listen to on his personal CD player in his car, or while riding on the train. What checks are needed?
There are no shortcuts when it comes to making a decision about whether to use open-source...
I'm stuck in RPM dependancy hell. I'm trying to install a newer version of GTK+ on my Linux workbox. It's running Mandrake 8.2. Normally I would install this by compiling everything, but I don't have...
5 A user is a rampant pirate, unknown to the authorities. He steals a CD from a legitimate user (or, more likely, acquires a CD copy from some other pirate, but that just pushes the problem back an iteration). He then makes 1,000 copies. What checks could prevent this?
6 A user is a convicted pirate. Would he be able to do any of 1 through 4? Would it make sense for a court to forbid any of 1 through 4?
7 A user purchases a PC with a preloaded operating system, most likely Microsoft Windows (though Apple OSX also falls into this category on a subset of available machines). He wants to wipe it and install Linux or FreeBSD. What checks are needed?
8 A user purchases a PC with *no* operating system, and wants to install one. What checks are needed? Does it matter whether the OS is commercial (Windows, OSX, Solaris-x86) or freeware (Linux, FreeBSD, FreeDOS)?
9 A developer wants to develop a new kernel, or to make modifications to an existing Linux kernel. What checks are needed?
snips On Thu, 07 Jul 2005 17:24:08 +0000, Sinister Midget Hmm... "Security will also be boosted using a technique dubbed User...
10 A user wants remote access to the machine. What checks are needed?
Possible checks.
Sinister Midget In a Forrester Research report, over 75% of the companies surveyed were using Linux and over 95% were using or were planning to use it...
a No check needed here at all; just do it. b A generic authorization check enforced by the prevailing OS. For example, file ownership and access are most commonly handled somewhere deep in the kernel, after the user has proven himself through Pluggable Authentication Modules (one of which may ask for his pbuttword). c A keycheck of some sort. The user enters in a key into a trusted area. Playback of the media would use that key, together with a key as part of the media, to authorize playback. Failure to locate that key would terminate the attempt. Keys would be non-forgeable in an ideal system; a simple one might use MD5 hashing. d Server audit. Same as c except that a packet is broadcast for every attempt to a well-known server. Excessive attempts may warrant legal action. e Server roundtrip. Same as d except that a valid response must be received by the server prior to playback authorization. f Server roundtrip with chit verification. Same as e except that the user must also enter in a unique identification number, from his sales slip. g Server roundtrip with chit verification and idenbreasty key. Same as f except that the information may include such things as address of residence, mother's maiden name, last four SS digits, and other such usually used in the commercial realm to verify credit records. h Server roundtrip with full idenbreasty. Same as g except that all idenbreasty would be keyed in, including address of residence, employment verification, FBI background check (handled by an FBI server upon receipt of a partial record), full SS identification number, a major credit card (# and expiration date), state driver's license identification number or equivalent, date of birth, residence of birth, home phone #, business phone #, cell phone #, and anything else needed to establish something along the lines of a car or house loan. A fingerprint is optional.
And remember, this system is to protect the consumer. :-) (And if you believe that...)
-- It's still legal to go .sigless.
Longhorn locked down to fight hackers 17328
Linux Advocacy from Newsgroups