The"Biggest Target" paradigm and its consequence

Sinister Midget · External Since: Jun 17, 2006 Posts: 746

On 2006-10-04, Erik Funkenbusch <erik RemoveThis @despam-funkenbusch.com> posted something concerning:
> On Tue, 03 Oct 2006 20:52:14 -0400, Jesse F. Hughes wrote:

>> Right. And until those solutions exist, let's all pretend that there
>> are no gradations in security. You're either secure or you aren't and
>> also no one is. So let's use Windows!
>
> You're still not getting my point.

Everybody gets it. You just want to keep plugging it until everybody
cries "uncle" so you can "win" one.

No thanks. I'll keep using my "insecure" (weasel-speak) linux machine
at home, sitting behind a single hardware firewall, running smoothly,
without exploits and malware running on it. And I'll continue to
compare it favorably to the equally insecure (more weasel-speak) XP Pro
(ha ha ha) machine I use at work, sitting behind a complex corporate
firewall, running its own internal firewall, getting every incoming and
outgoing connection scanned, running all kinds of anti-malware
programs, and which is probably _still_ overrun with nasties because
I'm forced to use IE for a couple of things.

But I won't capitulate and agree you're point makes sense, no matter
how many times you want to repeat your gibber.

--
Windows? WINDOWS?!? Hahahahahahehehe.....

Peter KÃ¶hlmann · External Since: Jun 27, 2005 Posts: 1500

Linonut wrote:

> After takin' a swig o' grog, Tim Smith belched out this bit o' wisdom:
>
>> In article <1o7sun1pc8u5t.dlg.DeleteThis@funkenbusch.com>,
>> Erik Funkenbusch <erik.DeleteThis@despam-funkenbusch.com> wrote:
>>> As for why it's running on Linux, well, VMWare ESX server is only hosted
>>> on
>>> Linux, as that's what it uses for it's base OS. And, honestly, it
>>> doesn't make much sense to run a full featured OS if it's only going to
>>> host VM's, so a stripped down Linux box is perfect.
>>
>> Actually, VMWare ESX doesn't run on Linux. To quote vmware.com:
>>
>> ESX Server installs on the "bare metal" and allows multiple
>> unmodified operating systems and their applications to run in
>> virtual machines that share physical resources.
>
> Ah, good catch.
>

It still needs some base OS to run that bare metal
--
Microsoft? Is that some kind of a toilet paper?

Linonut · External Since: Mar 31, 2006 Posts: 3492

After takin' a swig o' grog, Peter Köhlmann belched out this bit o' wisdom:

> Linonut wrote:
>
>> After takin' a swig o' grog, Tim Smith belched out this bit o' wisdom:
>>
>>> Actually, VMWare ESX doesn't run on Linux. To quote vmware.com:
>>>
>>> ESX Server installs on the "bare metal" and allows multiple
>>> unmodified operating systems and their applications to run in
>>> virtual machines that share physical resources.
>>
>> Ah, good catch.
>
> It still needs some base OS to run that bare metal

Ah, but is it Linux, or a VMware mini-OS? Sounds like the latter.

VMware's documentation is pretty short on specifics, from what I've seen
in the last few minutes.

--
Loose bits sink chips.

Tim Smith · External Since: Apr 26, 2004 Posts: 2610

In article <sMednZ9sYsgXfb7YnZ2dnUVZ_sKdnZ2d.TakeThisOut@comcast.com>,
Linonut <linonut.TakeThisOut@bone.com> wrote:
> >
> > It still needs some base OS to run that bare metal
>
> Ah, but is it Linux, or a VMware mini-OS? Sounds like the latter.
>
> VMware's documentation is pretty short on specifics, from what I've seen
> in the last few minutes.

From Wikipedia:

ESX Server uses a stripped-down proprietary kernel (derived from
work done on Stanford University's SimOS) that replaces the Linux
kernel after hardware-initialization. The Service Console (also
known as "COS" or as "vmnix") for ESX Server 2.x derives from a
modified version of Red Hat Linux 7.2. The Service Console for ESX
Server 3.x derives from a modified version of Red Hat Enterprise
Linux 3. In general, this Service Console acts as a boot-loader for
the vmkernel and provides management interfaces (CLI, Webpage MUI,
Remote Console). This VMware ESX hypervisor-virtualization approach
provides lower overhead and better control and granularity for
allocating resources (cpu time, disk bandwidth, network bandwidth,
memory utilization) to virtual machines. It also increases security,
thus positioning VMware ESX as an enterprise-grade product.

Linux is on the service console, and involved in booting, but their
proprietary non-Linux kernel owns the hardware.

--
--Tim Smith

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2362

On Tue, 03 Oct 2006 22:10:02 -0700, Tim Smith wrote:

> In article <16u6ycy87oof8.dlg DeleteThis @funkenbusch.com>,
> Erik Funkenbusch <erik DeleteThis @despam-funkenbusch.com> wrote:
>> In other words, you were secure by the eboscurity of the information needed
>> to compromise you. And, as we all know, security by obscurity is no
>> security at all.
>>
>> So, if "security by obscurity is no security at all", how can you claim
>> that you can be "more secure" when merely having the right knowledge will
>> make you totally vulnerable?
>
> So by that argument, if you encrypted your credit card number using the
> RSA algorithm with N=12696419543959060573 and and exponent of 3, and I
> encrypted mine with N=
> 1297093612225579302319381138985109799104817684082555175048354173395794924
> 7515770257735092393173163490696050721033969636771100513416859740264847216
> 9778293276218438993043461618282881113797291399312269896156727540888777667
> 3532557049723874784462187337601480023897508284577955665330636962338624800
> 39866202156962157 and an exponent of 3, we'd be equally secure? Either
> can be trivially broken given the right knowledge (the factors of N).

I have long believed that passwords (which is what keys are) are not
security unless you can guarantee there is no way for the secret to escape.
The best cryptography in the world doesn't matter if your key
transportation mechanism is insecure.

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2362

On Wed, 04 Oct 2006 07:14:00 -0400, Jesse F. Hughes wrote:

> Erik Funkenbusch <erik.TakeThisOut@despam-funkenbusch.com> writes:
>
>> So, if "security by obscurity is no security at all", how can you
>> claim that you can be "more secure" when merely having the right
>> knowledge will make you totally vulnerable?
>
> I don't believe the "security by obscurity" saying should be literally
> interpreted. *Of course* security by obscurity is better than nothing
> at all, for as long as the security secrets aren't generally known.

So what, then, is the difference between obscurity of, say, a password, and
obscurity of, say, an unknown vulnerability? You'r secure as long as
nobody knows about the vulnerability.

10 years ago, there were next to no exploits for Windows. Despite better
coding practices and and intense scrutiny, the number of attacks have only
increased. Why? Because people are looking for them. Lots of people are
looking for them. It's not like they're trivial to find, either. It takes
a lot of work to do so.

> Just as clearly, security holes are serious issues. But an O/S with
> forty-nine easily exploited holes is *less secure* than an O/S with
> one hole that takes considerable effort to exploit. The fact is that
> the latter will be more easily and readily compromised, all other
> things being equal.

My point is that it only takes "siginficant effort" because there are fewer
people developing the knowledge to do so. The holes in Windows weren't
easy to exploit 10 years ago. They've only become so because a lot of
effort has been put into making those kinds of exploits easy to exploit.

> Only an idiot would claim that both O/Ses are just as insecure.
>
> (The numbers of exploits above were purely hypothetical. Duh.)

The reason I view security as a binary value is that if your level of
security can change, without the the code changing (ie, someone discoevers
a hole), then the code was never secure in the first place.

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2362

On Tue, 03 Oct 2006 21:32:43 -0700, Tim Smith wrote:

> In article <1o7sun1pc8u5t.dlg.DeleteThis@funkenbusch.com>,
> Erik Funkenbusch <erik.DeleteThis@despam-funkenbusch.com> wrote:
>> As for why it's running on Linux, well, VMWare ESX server is only hosted on
>> Linux, as that's what it uses for it's base OS. And, honestly, it doesn't
>> make much sense to run a full featured OS if it's only going to host VM's,
>> so a stripped down Linux box is perfect.
>
> Actually, VMWare ESX doesn't run on Linux. To quote vmware.com:
>
> ESX Server installs on the "bare metal" and allows multiple
> unmodified operating systems and their applications to run in
> virtual machines that share physical resources.

I admin an ESX server. It's a very scaled down Linux system, complete with
Linux kernel.

Here's the uname -a

Linux xxx.xxx.xxx 2.4.9-vmnix2 #1 Thu Oct 6 15:50:15 PDT 2005 i686 unknown

Erik Funkenbusch · External Since: May 27, 2005 Posts: 2362

On Wed, 04 Oct 2006 19:37:30 -0700, Tim Smith wrote:

> From Wikipedia:
>
> ESX Server uses a stripped-down proprietary kernel (derived from
> work done on Stanford University's SimOS) that replaces the Linux
> kernel after hardware-initialization. The Service Console (also
> known as "COS" or as "vmnix") for ESX Server 2.x derives from a
> modified version of Red Hat Linux 7.2. The Service Console for ESX
> Server 3.x derives from a modified version of Red Hat Enterprise
> Linux 3. In general, this Service Console acts as a boot-loader for
> the vmkernel and provides management interfaces (CLI, Webpage MUI,
> Remote Console). This VMware ESX hypervisor-virtualization approach
> provides lower overhead and better control and granularity for
> allocating resources (cpu time, disk bandwidth, network bandwidth,
> memory utilization) to virtual machines. It also increases security,
> thus positioning VMware ESX as an enterprise-grade product.
>
> Linux is on the service console, and involved in booting, but their
> proprietary non-Linux kernel owns the hardware.

Yes and no. vmnix is a service that runs under the Linux kernel that you
can start and stop.

I'll admit I don't know the details of how the vmnix subsystem runs, but
the fact that you can start and stop it while the original console is still
running makes the above definition seem simplistic.

thad01 · External Since: Apr 20, 2005 Posts: 812

Erik Funkenbusch <erik.DeleteThis@despam-funkenbusch.com> wrote:
>
> So what, then, is the difference between obscurity of, say, a password, and
> obscurity of, say, an unknown vulnerability? You're secure as long as
> nobody knows about the vulnerability.

The difference is that a password is easily changed while your
software infrastructure is not. Furthermore, a compromised
password effects only the system or systems using that
password, while a known software vulnerability can potentially
compromise every system using that version of software. This
is the crux of the 'security through obscurity' saying. In
the field of computer security, it is a truism that reliance
on secrets is a weakness. The more you depend on secrets to
secure your system, the more you are vulnerable to those
secrets being compromised. The best approach is to rely only
on secrets that are localized and easily changed (i.e. password
and cryptographic keys).

Using open, peer reviewed algorithms implemented with open, peer
reviewed code is the best strategy for shaking out potential
security holes before they cause a problem. It is not a
guarantee of perfect security, but history has proved it as
the superior model, and you will be hard pressed to find a
computer security expert worth his or her paycheck that will
say otherwise[1].

Thad

[1] 'Experts' trying to sell you their closed source solution are
a notable exception.

Sinister Midget · External Since: Jun 17, 2006 Posts: 746

On 2006-10-05, Erik Funkenbusch <erik.TakeThisOut@despam-funkenbusch.com> posted something concerning:

> 10 years ago, there were next to no exploits for Windows. Despite better
> coding practices and and intense scrutiny, the number of attacks have only
> increased.

I swear, every time I think I've heard the funniest thing you could
possibly say, you find a way to top it. "Better coding practices" and
"intense scrutiny" at MS! I hope I can stop laughing soon. I have to
get ready for work.

--
I'm not one of those who think Bill Gates is the devil. I simply suspect
that if Microsoft ever met up with the devil, it wouldn't need an
interpreter.