tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: rshd...

>>> Possibly with a new category called "insecurity" so people know everything$
>> Why does everyone seem to think everything that's not suitable for
>> the open Internet is not suitable anywhere?!
> Because even when you aren't connected to the internet, you are still connec$

Maybe _you_ are, but _I_ know the difference between "not connected to
the Internet" and "connected to the Internet indirectly via other

Furthermore, even if true, so what?  Some designs have a boundary
beyond which you are "inside", and it's a choice of one insecure
protocol or another insecure protocol.  Unless you are going to decree
that all such network designs are Wrong and Broken (and good luck
getting anyone else to go along), rsh has a place in such setups.

So do other protocols.  Do you also propose to disable unencrypted NFS?
If not, why not?  It's at least as dangerous in many respects.

> All you need to start the ball rolling is a funny cat picture.

Eh.  I'd say, rather, that all you need to get started is someone on
the inside who doesn't know how to be secure.  With that, a lolcat is
almost unnecessary; there are dozens of things that will do just as
well.  Without that, the lolcat is completely futile.

> The reason most of us don't get owned is because we don't have enough
> goodies to make it worth anyone's trouble.


> I'm pretty sure that's not a good security model.  Just in case
> anyone's wondering, it's not a good security model because it assumes
> we know what other people want, and we only ever know that in
> general.

That's enough in some cases.  I, for example, have some things a fair
number of people want, but those are the things I lock myself down
against pretty hard.  It's possible I have something that's more
valuable than I realize; against a sufficiently determined and
resourceful attacker, I'm sure my security could be made to fail.  But
that seems unlikely enough to me that I place such attacks outside the
threat model when I design my security.  As I do, for example,
attackers physically inside my machine room.

> Unfortunately, when someone attacks you, it's always a specific person, rath$

That's not entirely true these days.  There are a lot of attacks which
are purely automated, just a botnet trying to grow itself or the like,
with no human caring about whether it succeeds except in the aggregate.
"Woo, another 7347 hosts in the herd" without even being given enough
information to notice it could have been 7348 but for my defenses.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML      
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index