trust

You are currently browsing articles tagged trust.

Who do you trust? Everyone!

23 May 2007 in Internet by Stilgherrian | 4 comments

When it comes to security, every desktop computer operating system is fundamentally flawed. Why? Because any software you run has the same permissions that you do. Anything you can do, they can do too — whether you want that or not.

Speaking at the AusCERT conference on Monday, Ivan Krstic, director of security architecture for the One Laptop per Child project, says the computing industry relies on “utterly obsolete concepts and assumptions” and has “massively failed when it comes to desktop security”.

The way modern desktop security works is by relying on the user to make informed and sensible choices on things they don’t understand.

The early personal firewall software was a classic example:

A dialogue would pop up and say ‘Hi, we’ve intercepted this packet with this TCP sequence number and these flags set, and SYN and FIN are both on, and here are the destination ports and the source ports and here is a hex dump of the packet. Allow or deny? What do you think?’. Who is that protecting? It’s protecting me, but I don’t need that kind of protection in the first place.

The Apple Blog was sarcastic when they reported Krstic’s speech — I suspect because arrogant OS X users think security issues don’t apply to them — so I posted a response

Read the rest of this entry »

I don’t trust this seagull

03 May 2007 in Photography, Sydney by Stilgherrian | 6 comments

Photograph of seagull at Darling Harbour

Disturbing the Store

07 May 2006 in Human Nature, Politics by Stilgherrian | 2 comments

My vote for “Prank of the Month” (well, last month) goes to the New York-based Improv Everywhere crew for flooding a Best Buy department store with around 80 people dressed almost like their staff.

The full report on this prank shows how the store management couldn’t cope — they didn’t like it, and people get nervous when confronted with something “different”.

It’s also interesting reading the comments on Bruce Schneier’s write-up of this event, where so many commenters fail to see the difference between a “threat to the store” and a “threat to the perceived authority of the store managers”.