Re: FWD (TLCB) The Death of TCP/IP - Why the Age of InternetInnocence is Over

From: Samantha Atkins (samantha@objectent.com)
Date: Sat Aug 11 2001 - 20:16:42 MDT


Miriam English wrote:
>

> >The real problem with Microsoft is that their e-mailer automatically runs
> >software some anonymous person sent you in e-mail without asking. All these
> >viruses could easily stopped if Microsoft would just pop up a window and
> >say, "Unknown person just sent you an unsolicited program that wants to make
> >unknown modifications to your PC. Do you want to run this program? [Yes]
> >[No]" But Microsoft doesn't want to do this because many of their programs,
> >such as Microsoft Project, use these remote-control programs to make updates
> >on different PCs from a central location without bothering to include any
> >security to make sure the instructions come from a trusted source.

What would work is using signatures and well-encrypted
relatively tamper-proof code servlets or agents.

>
> Yes MS's Outlook email program is a major problem (though not the only one)
> but deciding on whether the item comes from a trusted source is not the
> solution as most recent viruses use MS Outlook to email themselves to the
> people in the Outlook address book. This means that the most dangerous
> attachments can easily come from people you know and trust.
>

Yes. The last sender is irrelevant. Who signed the code
package and their level of trust and the integrity of the
package are the key. Also the package should be executable
within a sandbox that restricts and flags certain possibly
dangerous behaviors.
 
>
> It is already not terribly difficult to write networking software on a
> Windows PC without access to raw sockets. As I understand it, raw sockets
> give the programmer control over every aspect of the packets they send. At
> the moment if you want to send, say, a UDP packet then the operating system
> makes it easy for you to do that; it creates the headers for you and you
> just give it the data you wish to stick in it. Raw sockets give you the
> ability to forge the headers so that you can make it look like your packet
> came from anywhere, for example from Harvey Newstrom's IP address. This is
> a real worry when they start doing very illegal things.
>

Raw sockets seem irrelevant to the problem. They are being used
as a red herring for the purpose of sowing further distrust of
the underlying layers of the internet. We are being set up for
proposals to let MS and others redesign the network "for our own
good". Wait and see. The kind of wire is irrelevant.
Establishing the authenicity and trustwortiness of the packet is
the crucial point. Even with raw sockets I could not fake a
message as being encrypted with your private key.

 
> ><snip> We already have this ease of
> >network programming on Macintosh, OS/2, Linux and other Operating Systems.
> >Only Microsoft had previously tried to block programmers from accessing
> >their own PCs. We haven't seen those other platforms becoming hacker
> >favorites.
>
> MS machines are so insecure that blocking people from raw sockets is a good
> idea. If they became as secure as Linux machines then most of this problem
> would evaporate. Random programs are not allowed access to raw sockets on
> Linux, from what I understand -- they need super-user (root) status. I
> don't know enough about the Mac and OS/2 to be able to comment on them.
>

Covering up the wire in proprietary bullshit because the system
is misdesigned is *not* a good idea. You do not need root
permission to do socket programming. It would be dangerous if
you did need that kind of permission to do something so
elementary. The wire is not important. It is what is the
message and what is done to protect its integrity and what is
done in response to it that we care about.

 
> >There is nothing really new in Microsoft XP that hackers
> >don't already have if they wanted.
>
> Every XP machine that is open to the net without adequate virus/worm/trojan
> protection becomes a potentially untraceable source of Denial Of Service
> flooding via zombies using forged headers. (Read http://grc.com/dos/ for
> information on why WindowsXP is a special security concern and particularly
> http://grc.com/dos/grcdos.htm for a vivid understanding of the zombie danger.)
>

The zombie danger has always been present on all platforms.
 
> ><snip> This system [universal ID]
> >is already in place. Hackers may be able to work around this system or any
> >new system of identification.
>
> OK. Burglars can get around any security system. Do you leave your front
> door unlocked or open when you go away on holidays? Why not?
>

Universal ids have the nasty side-affect of making all
transactions traceable. Say goodbye to many perhaps cherished
forms of privacy. Anonymous ids with reputation based levels of
trust maintained by well designed and respected trust-broker
sites could alleviate some of that.
 
>
> >Cringely's call for new protocols, APIs, interfaces and the like are silly.
>
> You have misread his article. He is actually arguing against new protocols.
> He wants us to make better use of what we have now. He makes no suggestions
> for new APIs or interfaces.
>

He should. And especially better and more ubiquitious
encryption and sandboxing of received code.

- samantha



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:09:45 MST