Active Topics
-
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (9)
to SailfishOS by biketool - 12 hrs, 20 mins ago -
[Announce] coderus unrestricted system-ui (297)
to MeeGo / Harmattan by nieldk - 6 days, 17 hrs ago - more...
| The Following User Says Thank You to Navi For This Useful Post: | ||
|
2008-04-15
, 22:47
|
|
Posts: 373 |
Thanked: 56 times |
Joined on Dec 2005
@ Ottawa, ON
|
#42
|
Security is about layering. To say that something is absolutely insecure because it is missing a single layer is simplifying the topic to meaninglessness.
There are many layers of security that still exist on the tabletOS:
1) It is built on a Linux foundation. Linux developers (especially kernel developers) do think a lot more about security than the average.
2) The libraries and infrastructure sticks pretty close to upstream. The more you deviate from the common core code, the more you have to rely on your local security experts; the less eyes you have auditing your code; the more chance you will have security problems.
3) It is an obscure platform to write an exploit for. Malicious attackers will look to get the most bang for their buck and the tablet is not it. Not exactly a feature that Nokia marketing wants to use but it does help with security somewhat.
4) Linux generally does not run applications as a superuser. After they are installed, apps on the tablet generally run as the user "user" and that gives them much less leverage on the system. They can affect files in /user/home and /media/mmc*, maybe communicate via the various communication interfaces but that is about it. Certainly they have the leash to create a great deal of havok but it is limited havok should a security hole get exploited that way. This is in stark contrast to a Windows world where you are actively encouraged to run as an Administrator (and cutting the leash on anything you run) since so many things just don't quite work right if you don't.
5) The tablet is not always on and always connected to the network. Being mobile, it is jumping from network to network and spending a lot of the time sitting off and not talking to anyone. Most of the other part of the time, it is connected to an wireless access point that masquerades the network connection and often has a firewall built in. This greatly reduces the opportunity for network-based remote attackers to even try to exploit servers running on your tablet. The addition of the Wimax line of tablets sheds this significant layer though. Another axiom that goes along with "security is layering"; "Security is also always a trade-off".
So that is a (by no means exhaustive) list layers that provide a security patchwork that attempts to have 100% coverage of all possible exploits. Never can any anything ever achieve this goal. The security of the available application trust system is certainly a problem that throwing out buzz-phrases like "sandbox" is not going to solve ... sandboxes can be breached too. Nor does it mean that what you have currently is a pile of crap.
Hopefully people continue to think about security and making things more secure but I am not laying awake at night worried that someone is going to pwnz0r my l33t b0xx0r.
Nokia made a wise choice to go with Linux in that respect since it has a inherent security infrastructure and culture.
There are many layers of security that still exist on the tabletOS:
1) It is built on a Linux foundation. Linux developers (especially kernel developers) do think a lot more about security than the average.
2) The libraries and infrastructure sticks pretty close to upstream. The more you deviate from the common core code, the more you have to rely on your local security experts; the less eyes you have auditing your code; the more chance you will have security problems.
3) It is an obscure platform to write an exploit for. Malicious attackers will look to get the most bang for their buck and the tablet is not it. Not exactly a feature that Nokia marketing wants to use but it does help with security somewhat.
4) Linux generally does not run applications as a superuser. After they are installed, apps on the tablet generally run as the user "user" and that gives them much less leverage on the system. They can affect files in /user/home and /media/mmc*, maybe communicate via the various communication interfaces but that is about it. Certainly they have the leash to create a great deal of havok but it is limited havok should a security hole get exploited that way. This is in stark contrast to a Windows world where you are actively encouraged to run as an Administrator (and cutting the leash on anything you run) since so many things just don't quite work right if you don't.
5) The tablet is not always on and always connected to the network. Being mobile, it is jumping from network to network and spending a lot of the time sitting off and not talking to anyone. Most of the other part of the time, it is connected to an wireless access point that masquerades the network connection and often has a firewall built in. This greatly reduces the opportunity for network-based remote attackers to even try to exploit servers running on your tablet. The addition of the Wimax line of tablets sheds this significant layer though. Another axiom that goes along with "security is layering"; "Security is also always a trade-off".
So that is a (by no means exhaustive) list layers that provide a security patchwork that attempts to have 100% coverage of all possible exploits. Never can any anything ever achieve this goal. The security of the available application trust system is certainly a problem that throwing out buzz-phrases like "sandbox" is not going to solve ... sandboxes can be breached too. Nor does it mean that what you have currently is a pile of crap.
Hopefully people continue to think about security and making things more secure but I am not laying awake at night worried that someone is going to pwnz0r my l33t b0xx0r.
Nokia made a wise choice to go with Linux in that respect since it has a inherent security infrastructure and culture.
| The Following User Says Thank You to mwiktowy For This Useful Post: | ||
|
|
2008-04-16
, 00:02
|
|
Posts: 66 |
Thanked: 17 times |
Joined on Apr 2008
|
#43
|
Oops! I said that Android is likely to replace maemo, when I should have written qtopia - which does have a safe execution environment, and is the reason most analysts believe that Nokia bought Trolltech. As I said, typos happen!
Here's the page at Trolltech that probably represents the future of security on Nokia Linux devices:
http://troll.no/support/consulting/q...archterm=patch
- Very much the sandboxing virtual machine approach I would have expected for a modern mobile OS, as opposed to the cruder approach used by Nokia on their current flagship consumer platform:
https://www.symbiansigned.com/app/page
Here's the page at Trolltech that probably represents the future of security on Nokia Linux devices:
http://troll.no/support/consulting/q...archterm=patch
- Very much the sandboxing virtual machine approach I would have expected for a modern mobile OS, as opposed to the cruder approach used by Nokia on their current flagship consumer platform:
https://www.symbiansigned.com/app/page
 |
|
2008-04-16
, 00:37
|
|
Posts: 868 |
Thanked: 474 times |
Joined on Oct 2007
@ Capital District, NY, USA
|
#44
|
Originally Posted by meanwhile
"most analysts"? Could you produce your sources for that huge leap of logic?
Oops! I said that Android is likely to replace maemo, when I should have written qtopia - which does have a safe execution environment, and is the reason most analysts believe that Nokia bought Trolltech. As I said, typos happen!
Here's the page at Trolltech that probably represents the future of security on Nokia Linux devices:
http://troll.no/support/consulting/q...archterm=patch
From the page. "SXE is not an anti-virus application or a firewall." - I guess we're screwed.
| The Following 3 Users Say Thank You to brontide For This Useful Post: | ||
|
|
2008-04-16
, 06:05
|
|
Posts: 373 |
Thanked: 56 times |
Joined on Dec 2005
@ Ottawa, ON
|
#45
|
Originally Posted by brontide
SXE is SELinux rebadged. It provides the exact same thing. I am curious why they reinvented the wheel or whether they are just starting with SELinux and culling some flexibility to make it more streamlined.
From the page. "SXE is not an anti-virus application or a firewall." - I guess we're screwed.
|
|
2008-04-16
, 14:53
|
|
Posts: 66 |
Thanked: 17 times |
Joined on Apr 2008
|
#46
|
Originally Posted by mwiktowy
That's a strawman argument. I never claimed that there weren't alternative methods of security. I discussed the Windows approach of firewall and other defensive software, virtual machines, and OS enforced certification and privileges: maemo isn't insecure because it fails to implement any particular one of these but because it implements *none* of them. It has no security strategy at all, and Nokia doesn't claim otherwise - the only thing they on the subject is that you're screwed if you install an app with hostile intent. (P42 of the N800 User Guide, which possibly shows someone has a sense of humour.) By comparison they have entire whitepapers showing why the qtopia and the version of Symbian they use on smartphones are safe.
Security is about layering. To say that something is absolutely insecure because it is missing a single layer is simplifying the topic to meaninglessness.
There are many layers of security that still exist on the tabletOS:
1) It is built on a Linux foundation. Linux developers (especially kernel developers) do think a lot more about security than the average.
3) It is an obscure platform to write an exploit for. Malicious attackers will look to get the most bang for their buck and the tablet is not it. Not exactly a feature that Nokia marketing wants to use but it does help with security somewhat.
4) Linux generally does not run applications as a superuser. After they are installed, apps on the tablet generally run as the user "user" and that gives them much less leverage on the system. They can affect files in /user/home and /media/mmc*, maybe communicate via the various communication interfaces but that is about it.
Btw, given the openess to attack, does anyone expect to see maemo run on a phone, wiith the the potential for telecommunications dos attacks?
5) The tablet is not always on and always connected to the network. Being mobile, it is jumping from network to network and spending a lot of the time sitting off and not talking to anyone. Most of the other part of the time, it is connected to an wireless access point that masquerades the network connection and often has a firewall built in. This greatly reduces the opportunity for network-based remote attackers to even try to exploit servers running on your tablet.
ii. One of the previous posters already thought of a way around the above, even on the occasions that your logic is correct...
iii. Which will probably be quite rare. Most people will use their nit at home and won't have nearly so paranoid an environment.
The addition of the Wimax line of tablets sheds this significant layer though. Another axiom that goes along with "security is layering"; "Security is also always a trade-off".
So that is a (by no means exhaustive) list layers that provide a security
attempts to have 100% coverage of all possible exploits. Never can any anything ever achieve this goal. The security of the available application trust system is certainly a problem that throwing out buzz-phrases like "sandbox" is not going to solve ... sandboxes can be breached too
|
|
2008-04-16
, 15:04
|
|
Posts: 66 |
Thanked: 17 times |
Joined on Apr 2008
|
#47
|
Originally Posted by mwiktowy
You seem to be under the impression that SE Linux is a Linux distribution. It isn't; ***it's a set of standards for one***. I'm unsure as to how you can state that it is exactly the same thing as SXE ("SXE is SELinux rebadged") given that you then go on to say that you don't know what the differences between the two are...
SXE is SELinux rebadged. It provides the exact same thing. I am curious why they reinvented the wheel or whether they are just starting with SELinux and culling some flexibility to make it more streamlined.
Anyway, SEL (I think like AppArmor) is about providing native Unix processes with security protocols. This has very little to do with the SXE approach, which is about implementing a safe virtual machine (which makes more sense in a heterogeneous hardware environment because if it is implemented correctly, as for some versions of Smalltalk and Lisp rather than Java, gets you cross platform capability without re-compilation.)
Unlike SEL, SXE *is* a specific implementation - which includes, but isn't limited to, a Linux OS.
So in summary, SXE and SEL are about as unlike as two computer security initiatives can be. Standard vs implementation; native code vs virtual machine.
Last edited by meanwhile; 2008-04-16 at 15:16.
 |
|
2008-04-16
, 18:42
|
|
Posts: 107 |
Thanked: 26 times |
Joined on Jan 2008
@ New Jersey
|
#48
|
As a rule, if I'm in a public place, unless I can verify that an access point is "safe" I generally don't connect to it and start logging onto my online banking or webmail/instant messaging accounts.
I've been in too many places where SSID's come up as "FREE INTERNET" or "PUBLIC ACCESS POINT" and then don't connect to anything. That leads me to wonder about what it really is.
If I can verify the device (for example, I've used the one at my public library simply because the AP was sitting on the floor between two lounge chairs...not good security per se either but at least I knew where it was) then I'll connect to it. Same with places like Staples that have well-known hot-spots and subscription services like T-Mobile where you're required to authenticate.
I mean, think about it. You could configure your N8x0 as an adhoc AP with a nice innocuous SSID like "Public Cafe Internet", set up Apache and trap everyone with a fake website, a DHCP server, and a hosts file redirecting well-known sites to a packet sniffer in the background. Then wander around an airport, hotel or train station, or loiter around a Starbucks grabbing everyone's login info.
Heck if you really wanted to play a gag, have Apache serve up porn to everyone who connects to it
But like I said, Internet Tablets are tiny and mobile. Like laptops, the biggest security issue is that they're more likely to get stolen than hacked.
Last edited by Securix; 2008-04-16 at 18:44.
I've been in too many places where SSID's come up as "FREE INTERNET" or "PUBLIC ACCESS POINT" and then don't connect to anything. That leads me to wonder about what it really is.
If I can verify the device (for example, I've used the one at my public library simply because the AP was sitting on the floor between two lounge chairs...not good security per se either but at least I knew where it was) then I'll connect to it. Same with places like Staples that have well-known hot-spots and subscription services like T-Mobile where you're required to authenticate.
I mean, think about it. You could configure your N8x0 as an adhoc AP with a nice innocuous SSID like "Public Cafe Internet", set up Apache and trap everyone with a fake website, a DHCP server, and a hosts file redirecting well-known sites to a packet sniffer in the background. Then wander around an airport, hotel or train station, or loiter around a Starbucks grabbing everyone's login info.
Heck if you really wanted to play a gag, have Apache serve up porn to everyone who connects to it
But like I said, Internet Tablets are tiny and mobile. Like laptops, the biggest security issue is that they're more likely to get stolen than hacked.
Last edited by Securix; 2008-04-16 at 18:44.
| The Following User Says Thank You to Securix For This Useful Post: | ||
|
|
2008-04-16
, 18:55
|
|
Posts: 5,335 |
Thanked: 8,187 times |
Joined on Mar 2007
@ Pennsylvania, USA
|
#49
|
Originally Posted by Securix
It's one of the more benign Windows viruses.
I've been in too many places where SSID's come up as "FREE INTERNET" or "PUBLIC ACCESS POINT" and then don't connect to anything. That leads me to wonder about what it really is.
Originally Posted by Securix
I rather like the idea of redirecting traffic through a transparent squid proxy.
Heck if you really wanted to play a gag, have Apache serve up porn to everyone who connects to it
|
|
2008-04-16
, 19:29
|
|
Posts: 107 |
Thanked: 26 times |
Joined on Jan 2008
@ New Jersey
|
#50
|
<COUGH> Not that I'd actually do something like that </COUGH>
I'm most worried about packet sniffers on an open network.