Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It was eye opening. We worry about hackers, spammers and crooks. But the real hard core threat is from military and security agencies of national governments. He gave real examples that have already happened that I was unaware of. He then laid out real physical threats that can be brought about over the internet by breaking into and taking control of computer control systems.
Anyone else hear this interview? Read his book?
It seems we are at the mercy of the spread of microsoft and bad security practices "out there." What can we do about it? Anything?
It was eye opening. We worry about hackers, spammers and crooks. But the real hard core threat is from military and security agencies of national governments. He gave real examples that have already happened that I was unaware of. (..) Anyone else hear this interview? Read his book?
Haven't read the book (you can user Harper Collins browseinside to get an idea BTW) but have read some articles over the years.
Quote:
Originally Posted by choogendyk
It seems we are at the mercy of the spread of microsoft and bad security practices "out there."
We recently had a discussion on LQ about threats baked-in in HW and such. As in attack spectrum. In a recent article I read by Wesley Clark at the end he suggests that one of the basic problems stems from past unification (be it management, cost-based or otherwise) and that re-introduction of diversification would help make the infrastructure more resilient, stronger. (BTW I think that introducing mcrsft, or posts speaking of reveille for that matter, into a or any discussion is too easy and will only serve to detract from the main topic.)
One thing I find really messed up is how much foreign-manufactured hardware governments (and private entities responsible for certain critical infrastructure) use. While I won't claim that hardware can't be backdoored/trojanized when manufactured at home, I think it does make production easier to oversee effectively.
As for software, my gut tells me we'd be safer if we increased investment in the human resource necessary to develop most of it in-house (based on F/OSS whenever feasible). At the very least, I think all software used by the government should be open source (even if it's not free), so that it can be meticulously scrutinized.
NOTE: I haven't read the book (but I did stay at a Holiday Inn Express last night).
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,197
Original Poster
Rep:
Quote:
Originally Posted by unSpawn
(BTW I think that introducing mcrsft, or posts speaking of reveille for that matter, into a or any discussion is too easy and will only serve to detract from the main topic.)
I agree. And it is unfortunate.
However, it is also frustrating when there is a huge event in the news about a virus or worm taking down huge numbers of machines and causing chaos in corporate environments, and no one, not one single reporter, identifies it as a Windows virus or worm. They just talk generically about computers on the internet, so the average person is lead to believe that it affects all computers and continues buying into the Windows marketing.
Yesterday, I was walking down the hall at work, and I had a bunch of people accost me in the hallway exclaiming that their Windows machines had been hosed by the McAfee update and they were desperate for help. I referred them to the full time Windows support guy we have for just those sorts of reasons, but he was overloaded.
So, it was gratifying to hear someone of the stature of Richard Clarke express a professional judgment that Windows had no business anywhere near an internet facing command or control system. And he wasn't just talking military, he was talking business and industry.
As Unix and Linux admins and users living in this environment, we have responsibility to maintain our own systems. But, I think we also have a responsibility to speak out appropriately when these events occur, and say things like, "Yes, that's a Windows virus" and, perhaps, "those kinds of things are far less frequent on Linux/Unix/Mac systems." In yesterdays case, tens of thousands of Windows PCs were taken down by the very thing that was supposed to be protecting them.
I might also note that the clock on the McAfee system that distributes the update notifications is off by about half an hour. You can see it by looking at the full headers and comparing the receipt time on your mail server (you get it half an hour before it was sent ). Now that's really reassuring.
Anyway, I'm actually serious in asking what sorts of things we can do and looking for other people's thoughts.
Thanks, I very much agree with that review. This guy is a nutcase, if there ever was one. He's pushing this cyber war BS, because he has his own agenda. He want's a anti-cyber-terrorism squad with the right to hack people's computers in the name of national security. That's all he wants, well maybe not him specifically, but that is what is wanted by the rulers.
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,197
Original Poster
Rep:
hmm. That is a pretty damning review. According to that review, Clarke is guilty of hyperbole and insufficient rigor and fact checking. But I don't think he's any more of a nut case than the conspiracy theorists who attribute hidden agendas to him.
Checking http://en.wikipedia.org/wiki/Richard_A._Clarke, he was part of the Reagan, Bush Sr., Clinton, and Bush Jr. administrations, but left the government in 2003. He's now Chairman of a company that deals in strategic planning and corporate risk management. Based on that, I would suggest that the more likely explanation for his hyperbole is that he has the typical conflict of interest of so many in the corporate world. He want's to make money, and he get's his money from corporations that are worried about risks. Stoke up that fear of risks and he has more opportunities to make money.
The review did also say that some of the threats are real. So rather than worry about foreign agents remotely torching our copier, or some imagined conspiracy behind such hyperbole, perhaps we should pay attention to the risks that are real.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.