Skip to main content

View Diary: An NSA-proof operating system. Yes, for real. (171 comments)

Comment Preferences

  •  Some Qubes Security Bulletins (3+ / 0-)
    Recommended by:
    duhban, CroneWit, Sparhawk

    Qubes Security Bulletin #7

    Discussion
    ------------

    This is not the first time when the overly-complex permission system strikes back and causes more harm than good.

    Qubes Security Bulletin #8
    Xen.org has announced today a security advisory XSA 58, which fixes a bug introduced by... a previous security fix identified as XSA 45 (see [1]).

    The original problem that the XSA 45 was supposed to fix was a timing-based DoS attack.

    It's a security bug that was introduced by trying to fix the previous security bug.

    And here's a list Xen security announcements.

    •  Yes? And those bugs were patched... (5+ / 0-)

      ...immediately.  In fairness, you might have included that information in your quote:  it was just the next paragraph, in both cases.

      Bugs exist.  We do the best we can, and follow the lead of those who can do better.

      It ain't called paranoia - when they're really out to get you. 6 points.

      by Jaime Frontero on Sat Jul 13, 2013 at 01:50:18 AM PDT

      [ Parent ]

    •  A bug doesn't mean it's hackable... (3+ / 0-)
      Recommended by:
      Garrett, quill, J M F

      Only a small number of bugs actually leave a real world system vulnerable.  

      In the examples you are giving, in Bulletin #8, the previous security bug patch was never applied to the released packages, so they say "so the users, up to date, have only been affected by the timing DoS, related to XSA 45 problem."  And since that was a DOS problem, it didn't actually leave the system "hackable" as far as axcess to the system or data.  

      And in Bulletin #7 they say "the impact of the XSA 52-54 does not seem to be so problematic in practice".  Looking at other recent advisories, XSA 55 only applies if you run an untrusted kernel in one of your domains, and XSA 56 also doesn't apply to systems with normal security measures.  Only XSA 57 of the recent advisories has the potential to allow a serious attack.  But there's no evidence yet that potential has been exploited.  

      I do think the diarist is overstating the advantages of this system vs. an ordinary linux.  Nearly all of those things you do to lock down an ordinary linux sytem, you should also do on Qubes.  This just adds an additional layer of security.  

      But some are overstating the capabilities of the NSA if they really think they can get into any system or crack any encryption.  Nothing is 100% guaranteed, but good security can make things very difficult even for the NSA.  

      •  As I see it, the diary title (1+ / 0-)
        Recommended by:
        duhban

        might as well be  "A Perpetual Motion Machine. Yes, for real."

        A diary with a title and theme like that wouldn't be a place I'd want to get into discussions about real-world machine efficiency.  

        •  I guess that depends on interpretation.... (0+ / 0-)

          If you interpret "NSA-proof" as meaning it's perfect, then yeah, that's never going to be.  But, if you interpret it in the way words like "waterproof", "soundproof", and "bullet-proof" are normally used, then I don't think it's that unreasonable a headline.  

          I don't think he ever said in the body that it made a system unhackable.  Though on the whole he does seem to be overselling it. It does seem like a decent security idea, but probably more effective vs. malware than vs. the NSA (which is only collecting data off the internet, and if they do target individual computers, they really wouldn't be permitted to do that to US citizens).  

          And I think it also would likely be more complex, and less for average users, than applying basic security measures to a popular Linux distribution like Mint or Ubuntu.  

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site