Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

Recent Items
 
Sorting the Mail: Agile Databases, Vulnerable Applications, and Optimized Code
 
SSH and Known_Hosts Vulnerabilities Threaten Grid
 
Service Research: Focusing on Requirements for Technology, not the Technology
 
TiddlyWiki: Ohmygosh, I'm in Love.
 
3I: Individualized Interactive Instruction
 
Three Defects We Can Do Without: Memory Leaks, Buffer Overflows, and Unclosed Files
 
Windows Genuine Advantage: So, did I fail the test or did the test fail?
 
Hark, Is That a Pattern I See Before Me?
 
NSS2: All Things to All People through Perfect Software
 
Are You A Problem Witch or a Solution Witch?

Archives
2004-06-13
2004-06-20
2004-06-27
2004-08-29
2004-09-05
2004-09-12
2004-09-19
2004-10-10
2004-10-24
2004-11-07
2004-11-28
2004-12-05
2004-12-12
2004-12-26
2005-01-30
2005-02-06
2005-03-06
2005-03-13
2005-03-20
2005-04-03
2005-04-10
2005-04-17
2005-04-24
2005-05-01
2005-05-08
2005-05-15
2005-05-29
2005-06-05
2005-06-12
2005-06-19
2005-06-26
2005-07-10
2005-07-17
2005-07-31
2005-08-28
2005-10-09
2005-10-16
2005-10-23
2005-11-13
2005-11-27
2005-12-04
2005-12-18
2006-01-08
2006-02-05
2006-02-12
2006-02-19
2006-03-05
2006-03-12
2006-03-26
2006-04-23
2006-04-30
2006-07-16
2006-07-30
2006-08-06
2006-09-03
2006-10-08

The Same Old Mistakes, Over and Over Again

ACM News Service: Scientist Blames Web Security Issues on Repeated Mistakes.  It is suggested in this blurb that the Internet’s vulnerability stems from repeatedly commiting the same mistakes and overworking the critical infrastructure’s intended use.  There are two observations that stand out for me:

• The simplification of using dedicated services instead of multipurpose devices
• The ultimate reliability collapse, following continued abuse, will lead to government regulation.

Jack M. Germain’s 2005-05-24 E-Commerce Times article features Peiter Zatko’s observation that the Internet is heading for a catostrophic failure, and that it is in no one’s interest for that to happen.

From Zatko's perspective, Internet security issues won't go away until programmers stop tainting code. Program coding is based on trust, but that trust is misplaced when programmers create access holes.

Tainted coding occurs through calls within a program for certain convenience actions. For example, a program will contain code calling for access to certain files or links to other computers.

Hackers put these coding vulnerabilities to good use. They easily tap into binary executables, Zatko said.

 There seem to be two key ideas: First, that the practice of putting modifications on top of modifications — whether protocols or programs — has to stop and, secondly, the fundamental flaws can and must be repaired.  Zatko also predicts that this will only happen when it finally becomes too expensive not to.

posted by orcmid at 5/29/2005 12:40:01 PM, rating data by NewsGator Online