Malicious, targeted, OS updates. How likely do you think it is?
John Newman
jnn at synfin.org
Wed Jan 18 14:59:44 PST 2017
> On Jan 18, 2017, at 4:17 PM, Steve Kinney <admin at pilobilus.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> On 01/18/2017 02:30 PM, John Newman wrote:
>> Use FreeBSD, build from source ;)
>
> Security regression paradox: What's to prevent whoever might have
> replaced the binary in the repo - or replaced it in transit to you -
> from also rigging the source? So you have to audit the source. And
> the compiler that makes the source useable might have already been
> compromised, so audit its source and then... oops, compile the audited
> compiler using a potentially compromised compiler on a potentially
> compromised OS.
>
lol i know, it becomes increasingly apparent how impossible a full audit of all the hardware and software that led to the software that is running your computer would be, even with a totally open source OS ;)
Still, gotta take what you can get i guess..
> This problem is no reason to just give up, but it does transform the
> security picture from a purely imaginary secure vs. insecure binary
> state, to an ecosystem of context-dependent compromise solutions.
>
> The costs of an "acceptable" security result depend on this question:
> What it is worth to an adversary to break your security model, vs.
> how much is preventing compromise of that asset worth to you? If an
> adversary spends less to successfully attack an asset than they gain
> by doing so, the adversary wins. If you spend more to successfully
> defend an asset than that asset is worth to you, you lose.
>
> This context provides a rational basis for allocating resources to
> security, but alas, it rules out absolute values or one size fits all
> solutions: Who are your potential adversaries, what motivates them,
> what resources are available to them? Who benefits from your security
> strategy, and what are they willing / able to pay - in additional
> work, constraints on their behavior, and cash money - to secure the
> assets in question? A security model that does not take these factors
> into accounts is a snake oil security model, regardless of the quality
> of the tools used.
>
>
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQEcBAEBAgAGBQJYf9tUAAoJEECU6c5Xzmuq4lIIAMmjeyTeLr2kAvlBzbjO9ANq
> /S33clrbw+kK6UgfgxIMRGuG9mtEF8UPw/aZh0NBLE2498VdG8NNo+ghLqxfzwLe
> v5OXKeRDHPoOGslB0CP1TciIGSMxPS4v8YXGuM6AbgL0Eb7pE268MtdFt3xmX6ZV
> z5S0aVWToIqC7CJerjrOPunlvp6EfVWX5heOuBFWSISsYh0eZyH0id5QgJWLTShF
> awWi8O1BrbvlUEtWWLbnKvB5IWDAAU8/xl6tuuxtozk3ar3hcCNer9KYzjBHvPBx
> NBiCb9Chg1D0B41g8/VOmQTPQFNaA+mByJ+go4dhMLTYW+HzfMf585aLm6wAxrc=
> =PvlM
> -----END PGP SIGNATURE-----
More information about the cypherpunks
mailing list