OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Extreme Hacking

Re: Extreme Hacking

James Burns (jburnsipivot.com)
Wed, 7 Jul 1999 10:42:39 -0700

    People are talking about how to make a box immune to hacking. There
seems to be the idea that if you crack as many aspects of the box as
possible and then fix them that somehow you've made a secure box. This just
isn't true. There will always be bugs either in the software or in the
configuration which will allow people with enough time and determination to
get access to the box.
    It seems that finding new ways to hack something is creating a problem
so you can solve it. I'm not saying that general checks of whether you box
does anything stupid are worthless. What I'm saying is that you can create
as many problems as you like, fix all of them, and someone smarter or more
skilled than you is still going to come along and break your
software/configuration.
    Part of the problem is that most software is built on top of operating
systems which have not been fully audited. If there was a "known secure"
operating system or general code base and all you had to do was check your
own code it would be a lot easier. Perhaps that will happen sometime.
However, then the problem is as I indicated above. You can take a perfectly
"secure" operating system and configure it so it isn't secure. (Partially
because secure means different things in different contexts.)

-James

-------------------------------------------------------------------------
James Burns
Software Engineer
IPivot, Inc.
-------------------------------------------------------------------------

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:02 CDT