Comments on: Operation Aurora and Software Distributions as Single Points of Security Failure http://hyper.to/blog/link/aurora-and-software/ Fast Forward Sun, 18 Jul 2010 17:47:51 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Eric http://hyper.to/blog/link/aurora-and-software/comment-page-1/#comment-9589 Eric Mon, 22 Feb 2010 16:09:48 +0000 http://hyper.to/blog/?p=136#comment-9589 I Imagine a worst case. Suppose a foreign country got control over the Microsoft security update system and immediately installed software on every microsoft product that has auto-updates and destroys drives a few weeks after the install (so people would be less likely to cut the carnage short). Imagine all the services that would be taken down. One way to mitigate this risk is to make Apple, Microsoft and Linux 33.3% market penetration. That way if any one update system is compramised, we still have 66% of the machines that are up. Another way is to automate backup systems that are stored on disks offline and kept powered off. What if we lost google? We need other search engines like Bing to take up the slack. We can't have one single point of failure taking everything down. I Imagine a worst case. Suppose a foreign country got control over the Microsoft security update system and immediately installed software on every microsoft product that has auto-updates and destroys drives a few weeks after the install (so people would be less likely to cut the carnage short). Imagine all the services that would be taken down.

One way to mitigate this risk is to make Apple, Microsoft and Linux 33.3% market penetration. That way if any one update system is compramised, we still have 66% of the machines that are up.

Another way is to automate backup systems that are stored on disks offline and kept powered off.

What if we lost google? We need other search engines like Bing to take up the slack. We can’t have one single point of failure taking everything down.

]]> By: Accelerating Future » The Gitian Initiative: Maximizing Resilience to Cyberattack http://hyper.to/blog/link/aurora-and-software/comment-page-1/#comment-9583 Accelerating Future » The Gitian Initiative: Maximizing Resilience to Cyberattack Mon, 01 Feb 2010 22:50:13 +0000 http://hyper.to/blog/?p=136#comment-9583 [...] security initiative called Gitian. The motivation is to eliminate software distributors as a single point-of-failure for malicious code injection. Here is Miron’s blog post which summarizes the initiative: [...] [...] security initiative called Gitian. The motivation is to eliminate software distributors as a single point-of-failure for malicious code injection. Here is Miron’s blog post which summarizes the initiative: [...]

]]> By: miron http://hyper.to/blog/link/aurora-and-software/comment-page-1/#comment-9581 miron Sun, 24 Jan 2010 20:24:19 +0000 http://hyper.to/blog/?p=136#comment-9581 It seems easier to protect an auditor than to protect a large software company. The auditor's private key can be on an dedicated computer that does not allow incoming connections and is not used for any purpose other than to review code and sign it. Also, attacking multiple entities without detection seems exponentially harder. Lastly, different end-users can trust different sets of auditors, based on their security needs. (A <a href="http://en.wikipedia.org/wiki/Sybil_attack" rel="nofollow">Sybil attack</a> is relevant to some peer-to-peer systems - subverting a reputation score by creation of a large number of entities. For sure you'd have to establish a chain of trust to the auditors and not just take a majority vote of all entities claiming to be auditors.) It seems easier to protect an auditor than to protect a large software company. The auditor’s private key can be on an dedicated computer that does not allow incoming connections and is not used for any purpose other than to review code and sign it.

Also, attacking multiple entities without detection seems exponentially harder.

Lastly, different end-users can trust different sets of auditors, based on their security needs.

(A Sybil attack is relevant to some peer-to-peer systems – subverting a reputation score by creation of a large number of entities. For sure you’d have to establish a chain of trust to the auditors and not just take a majority vote of all entities claiming to be auditors.)

]]> By: ken http://hyper.to/blog/link/aurora-and-software/comment-page-1/#comment-9580 ken Sun, 24 Jan 2010 19:36:39 +0000 http://hyper.to/blog/?p=136#comment-9580 "One way to mitigate such a risk is to have multiple independent security auditors sign software distributions." this would be trusted auditors, i assume? i could see the next level of threats coming from spoofed multiple auditors. called a sybel attack, right? -ken “One way to mitigate such a risk is to have multiple independent security auditors
sign software distributions.”

this would be trusted auditors, i assume? i could see the next level of threats
coming from spoofed multiple auditors. called a sybel attack, right?
-ken

]]>