Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

- Archives - 2004-06-13 2004-06-20 2004-06-27 2004-08-29 2004-09-05 2004-09-12 2004-09-19 2004-10-10 2004-10-24 2004-11-07 2004-11-28 2004-12-05 2004-12-12 2004-12-26 2005-01-30 2005-02-06 2005-03-06 2005-03-13 2005-03-20 2005-04-03 2005-04-10 2005-04-17 2005-04-24 2005-05-01 2005-05-08 2005-05-15 2005-05-29 2005-06-05 2005-06-12 2005-06-19 2005-06-26 2005-07-10 2005-07-17 2005-07-31 2005-08-28 2005-10-09 2005-10-16 2005-10-23 2005-11-13 2005-11-27 2005-12-04 2005-12-18 2006-01-08 2006-02-05 2006-02-12 2006-02-19 2006-03-05 2006-03-12 2006-03-26 2006-04-23 2006-04-30 2006-07-16 2006-07-30 2006-08-06 2006-09-03 2006-10-08 2006-10-22 2006-10-29 2006-11-26 2006-12-10 2007-01-28 2007-02-04 2007-02-11 2007-03-11 2007-03-25 2007-04-08 2007-06-03 2007-06-10 2007-06-17 2007-07-01 2007-07-08 2007-08-19 2007-09-30 2007-10-07 2007-10-21 2007-11-04 2007-11-11 2007-11-18 2007-11-25 2008-01-27 2008-02-03 2008-02-10 2008-02-17 2008-02-24 2008-03-09 2008-04-06 2008-05-18 2008-05-25 2008-06-01 2008-06-08 2008-07-13 2008-08-10 2008-08-24 2008-08-31 2008-09-07 2008-10-05 2008-12-28 2009-05-10 2010-04-25


Blog Feed

Recent Items
 
Sorting the Mail: Agile Databases, Vulnerable Appl...
 
SSH and Known_Hosts Vulnerabilities Threaten Grid
 
Service Research: Focusing on Requirements for Tec...
 
TiddlyWiki: Ohmygosh, I'm in Love.
 
3I: Individualized Interactive Instruction
 
Three Defects We Can Do Without: Memory Leaks, Buf...
 
Windows Genuine Advantage: So, did I fail the test...
 
Hark, Is That a Pattern I See Before Me?
 
NSS2: All Things to All People through Perfect Sof...
 
Are You A Problem Witch or a Solution Witch?

  

visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
 
Millennia Antica: The Kiln Sitter's Diary
 
nfoWorks: Pursuing Harmony
 
Numbering Peano
 
Orcmid's Lair
 
Orcmid's Live Hideout
 
Prof. von Clueless in the Blunder Dome
 
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
 
DMA: The Document Management Alliance
 
DMware: Document Management Interoperability Exchange
 
Millennia Antica Pottery
 
The Miser Project
 
nfoCentrale: the Anchor Site
 
nfoWare: Information Processing Technology
 
nfoWorks: Tools for Document Interoperability
 
NuovoDoc: Design for Document System Interoperability
 
ODMA Interoperability Exchange
 
Orcmid's Lair
 
TROST: Open-System Trustworthiness

 

The Same Old Mistakes, Over and Over Again

ACM News Service: Scientist Blames Web Security Issues on Repeated Mistakes.  It is suggested in this blurb that the Internet’s vulnerability stems from repeatedly commiting the same mistakes and overworking the critical infrastructure’s intended use.  There are two observations that stand out for me:

• The simplification of using dedicated services instead of multipurpose devices
• The ultimate reliability collapse, following continued abuse, will lead to government regulation.

Jack M. Germain’s 2005-05-24 E-Commerce Times article features Peiter Zatko’s observation that the Internet is heading for a catostrophic failure, and that it is in no one’s interest for that to happen.

From Zatko's perspective, Internet security issues won't go away until programmers stop tainting code. Program coding is based on trust, but that trust is misplaced when programmers create access holes.

Tainted coding occurs through calls within a program for certain convenience actions. For example, a program will contain code calling for access to certain files or links to other computers.

Hackers put these coding vulnerabilities to good use. They easily tap into binary executables, Zatko said.

 There seem to be two key ideas: First, that the practice of putting modifications on top of modifications — whether protocols or programs — has to stop and, secondly, the fundamental flaws can and must be repaired.  Zatko also predicts that this will only happen when it finally becomes too expensive not to.

¶ posted by orcmid at 5/29/2005 12:40:00 PM

  <$BlogBacklinkTitle$>  

<$BlogBacklinkSnippet$>
posted by <$BlogBacklinkAuthor$> at <$BlogBacklinkDateTime$>