Comments for Philosophically Secure

Comment on Glimers of hope in OS security by Dave McGuffey

Dave McGuffey — Fri, 29 Oct 2010 15:12:39 +0000

Eugene,

Long time no see. Good to find your blog.

WRT operating systems, many are actually getting better. Red Hat and Apple have continued to make great strides to make their operating systems stronger and more resilient to attack and better able to contain successful attacks. Over time SELinux has spread its wings over an ever larger number of system daemons and user-space applications. RHEL 6 (beta) extends SELinux to provide MAC protection of the kernel and cover the kvm virtual machines. It also provides some capability to sandbox applications. Oracle/Sun are working to embed an SELinux-like capability into Solaris. Win7 is stronger than its predecessors. I personally think MS is falling behind in the OS realm because of all the legacy code they are dragging around to support legacy apps…but they are moving forward.

When one looks at the successful attacks, almost all are going into the application layer. There are tens of thousands of network-aware apps out there that were built with little to no security, and many are not supported by their developers with patches, preferring to wait for the next version release. Because there is so little incentive to develop apps that are more secure, maybe the only way forward is to consider all of them untrustworthy, and let the OS sandbox them all.

Until we change the software engineer mindset, crappy vulnerable code will continue to hit the market.

I hate lawyers, but I believe we’ve reached the point where Congress needs to invalidate those worthless software licenses and expose the developers to civil and criminal penalties for failing to do “due diligence” in the development cycle.

Comment on Mmm, forever cookies by Daniel Molina

Daniel Molina — Tue, 28 Sep 2010 12:09:14 +0000

Looks nice and very useful. I will review the implementation and its codependencies, if any. Thanks for your post. I’ve added the project to my bookmarks. I’m interested on how it works.

Comment on Hackers for Charity: AOET.org project by Rev.Samson Kayoti Wafula

Rev.Samson Kayoti Wafula — Thu, 05 Aug 2010 08:00:48 +0000

We have a young christian ministry which has a church, a school for orphans and other vulnerable children and other initiatves meant to reach the rural needy families. What and how can we have a website designed for us?

Comment on Automated Web-Based Malware Behavior Analysis by eugenekogan

eugenekogan — Wed, 22 Oct 2008 23:35:08 +0000

I got this comment from the presenter this morning:

Your name: Tyler Hudak

Message: Thanks for watching the video of my presentation! The reason I didn’t show how the info is presented to the user (which comes in both the raw files generated and a tidy little HTML report) was that I was running short on time and OWASP was being VERY strict about going over at the conference (as they should). You are also correct in that its not that pretty, since its an internal-only device at this point.

Comment on Django from the ground up by kevin

kevin — Sat, 27 Sep 2008 00:30:51 +0000

Thanks so much for the kind words about This Week in Django. Eric did an amazing job and has a few more casts lined up in the future. If you have any feedback regarding the site, just let us know!