Reply
Thread Tools
Posts: 20 | Thanked: 9 times | Joined on Mar 2010
#211
Originally Posted by exo View Post
Of course it is, sharing data between applications means every application has access to all your data, that is inherently less secure than running applications sandboxed...that's about as obvious as it gets in terms of application security. Unrestricted access is ALWAYS less secure than restricted access.
Right, the same way apps have read/write access to your address book? Same way apps have a shared space for images (but not for documents/other files?)?

What you don't seem to understand is that the sharing already exists, but for unknown reason its being artificially limited. So please stop touting the "not sharing makes it more secure" excuse.

No, that's incorrect. If all applications have access to all the data then one rogue application can compromise your data...security 101.
No doofus, you have a shared space for data that you CHOOSE to save in there. The apps won't have access to private data used by other apps, just those you saved and want to put into the shared space.

Again, i'm not saying it's a better solution, just different but given you are disputing the very fundamentals of security it appears you're just calling it 'stupid and annoying' because you don't like it.
On the contrary, you are spouting about fundamentals of security when you seem to know very little. Just because something is "theoretically" more secure, doesn't really mean its more secure.

Longer passwords with mixture of alphanumeric characters and symbols is more secure than shorter ones with just numbers, but is it really more "secure" if all password fields required you to have a 16 character passwords with upper & lowercase, with numbers and symbols?

Now imagine if your iphone, for "security reasons" forced you to do that everytime you unlocked your phone. Perhaps now you can understand why we see it as something stupid.

Security has to balance itself with usability, and the sandboxed app approach doesn't really provide an increased level of security to justify itself.
 

The Following User Says Thank You to hawk For This Useful Post:
Posts: 45 | Thanked: 20 times | Joined on Jul 2010
#212
Originally Posted by hawk View Post
Right, the same way apps have read/write access to your address book? Same way apps have a shared space for images (but not for documents/other files?)?
Yes, the same way users have access to their own documents but can access a shared area for shared data. That limitation means some data is accessible by everyone and access to some data is limited, basic security.

What you don't seem to understand is that the sharing already exists, but for unknown reason its being artificially limited. So please stop touting the "not sharing makes it more secure" excuse.
Sharing exists to an extent, that extent is a limitation on access and what you don't seem to understand is the absolute fundamental and most basic concept of security which is based upon access restriction, the less access to data an application has the less security risk there is.

No doofus, you have a shared space for data that you CHOOSE to save in there.
Do I? Where? And what OS?
Of course having a shared space is a good thing, fundamentally less secure if the only copy of your data is in that shared space but personally i view that as an acceptable compromise, to let the user choose, i think all OSes should have such a thing.

On the contrary, you are spouting about fundamentals of security when you seem to know very little. Just because something is "theoretically" more secure, doesn't really mean its more secure.
In this case the theory matches the practise perfectly fine. If the PDF in the example were available to all applications then any one application could corrupt it. Again, it's very basic security.

Longer passwords with mixture of alphanumeric characters and symbols is more secure than shorter ones with just numbers, but is it really more "secure" if all password fields required you to have a 16 character passwords with upper & lowercase, with numbers and symbols?
Of course it is, do you know nothing about security? An idiotic statement like that demonstrates quite clearly that you have no understanding of security. Compare, for example, the difference in using rainbow tables and dictionary hacks to brute force those longer passwords. Building the tables and running those hacks on lower complexity passwords is trivial, doing such a thing on the passwords you describe is almost impossible, so it's almost always worth attempting the trivial attack just to see if it yields results. The most demonstrable example is the recent attack on firm HBGary, had the passwords been *required* to be of the type you describe they more than likely would not have been cracked at all. So yes *requiring* more complex passwords *is* more secure.

Security has to balance itself with usability, and the sandboxed app approach doesn't really provide an increased level of security to justify itself.
Quite clearly it DOES, look at the ubiquity of the platforms that employ it. Not only is it justified, it's widely implemented and accepted. Again a shared data area gives the user choice and my personal opinion is that is the best option but storing the only copy your data there is inherently less secure.
 
Sopwith's Avatar
Posts: 337 | Thanked: 283 times | Joined on Nov 2009 @ NYC
#213
The most secure system:



Secure, but boring. To reiterate a statement that I made earlier in the thread, justifying ANY limitation of a system, even for the sake of security, comes only from lack of imagination.
__________________
In anticipation of TMO's obsolescence, and hoping to meet you all again: elsewhere on the interwebs, I am Dr Doppio.
 
Posts: 45 | Thanked: 20 times | Joined on Jul 2010
#214
Originally Posted by Sopwith View Post
Secure, but boring. To reiterate a statement that I made earlier in the thread, justifying ANY limitation of a system, even for the sake of security, comes only from lack of imagination.
Explain how a limitation of a system can only be justified only by a lack of imagination. For one it can be - and indeed often is - quite clearly justified by a need for security. Security is - by it's very definition - limiting, however you seem to suggest we don't need security.

But then of course there are some people who actually believe shared data is just as secure as private data.

I'm not saying it's better, i'm not saying it's more usable, i'm not saying it's not limiting, all im saying is that private data is more secure than shared data and im not even giving a measure on how much more secure it is. However some people seem to think their idea is the one and only way to do things and that no other solution could possibly be of any benefit...now *that* comes from a lack of imagination.

Last edited by exo; 2011-02-22 at 04:07.
 
Sopwith's Avatar
Posts: 337 | Thanked: 283 times | Joined on Nov 2009 @ NYC
#215
Originally Posted by exo View Post
Explain how a limitation of a system can only be justified only by a lack of imagination...
Ok, I'll try. When you consider to limit a system*, you are weighing in the benefits from your system working as expected, and the drawbacks from it failing due to the limitations. If the benefits outweigh the drawbacks, you would consider the limitation appropriate. However, one possible outcome is that the limitations that you have imposed on your system would prevent it from achieving something that may have been much more advantageous than you expected. Your set goals may be way below what you could have reached had you not placed artificial limits. Now, with a little more imagination, you could have seen the possibilities, and refrained from limiting the possible outcomes...

To give you an example, you wondered who would want to read a PDF with several readers, but failed to imagine that PDF can not only be read but also created, edited or printed.

I would also like to point out that the security benefits you speak of are mostly imaginary, and the fake sense of security given by crippling the system is another sign of lack of imagination. In my personal experience, the greatest menace to my data has been in no other place but between my chair and keyboard. I see no limitations of the OS that would prevent me from wiping out 3GB of data or the vacation pictures from the last two years. I bet you didn't guess that when you were scheming how to prevent external network access to my hard-drive

___
* I referred to systems in general and not OSes on purpose; limiting ourselves to the narrow context of computer systems would be unimaginative
__________________
In anticipation of TMO's obsolescence, and hoping to meet you all again: elsewhere on the interwebs, I am Dr Doppio.
 
Posts: 45 | Thanked: 20 times | Joined on Jul 2010
#216
Originally Posted by Sopwith View Post
If the benefits outweigh the drawbacks, you would consider the limitation appropriate.
Which you said can never happen, because - according to you - you can never justify the limit of a system.

However, one possible outcome is that the limitations that you have imposed on your system would prevent it from achieving something that may have been much more advantageous than you expected.
And just as much chance that the ability for everyone to access everything could be more disastrous than you expected.

Now, with a little more imagination, you could have seen the possibilities, and refrained from limiting the possible outcomes...
Which are of course not necessarily good outcomes, most of these system limitations are in place to prevent the foreseen bad outcomes.

To give you an example, you wondered who would want to read a PDF with several readers, but failed to imagine that PDF can not only be read but also created, edited or printed.
No i didn't i just assumed the idea that one would want to do all 3 of those things in multiple programs was a niche. Which isn't necessarily wrong.

I would also like to point out that the security benefits you speak of are mostly imaginary
Well since we're talking of 'systems' in the broad sense:
We shouldn't use unprivileged user accounts - they place limits on the system - everyone should run as root and have access to everything all the time?
If i log in to my network provider's management system they shouldn't limit me to only seeing my own data? Ditto for banks?
I suppose you don't have a firewall? Use ACLs? Have all your ports open to be accessed by anyone?

These are systems that have limits in place for security and it most certainly is justified.

I see no limitations of the OS that would prevent me from wiping out 3GB of data or the vacation pictures from the last two years. I bet you didn't guess that when you were scheming how to prevent external network access to my hard-drive
You seem to be missing the point, it's not about you damaging your own data, it's about protecting your data from being damaged by someone else and vice versa. Hence shared vs private data.

Last edited by exo; 2011-02-22 at 05:59.
 
Reply

Tags
a hoax, alcalde babble, bla bla bla, micronokiasoft, nokia sux nuts, nokia=epic fail, plan(a-z), plan(t)


 
Forum Jump


All times are GMT. The time now is 13:43.