Home page logo

interesting-people logo Interesting People mailing list archives

on kill switches
From: David Farber <dave () farber net>
Date: Mon, 11 Aug 2008 19:09:13 -0400

Begin forwarded message:

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: August 11, 2008 12:56:32 PM EDT
To: dave () farber net
Cc: "ip" <ip () v2 listbox com>
Subject: Re: [IP] Re: iPhone can phone home and kill apps? - says yes

On Fri, 8 Aug 2008 09:01:20 -0700
David Farber <dave () farber net> wrote:

The question is why is OS/X on the iPhone so vulnerable and, for that
matter, why are the cellular protocols so vulnerable.

Unfortunately, the state of the art is such that we can't solve the
problem. We fundamentally do not know how to build large-scale software
platforms that are secure or even robust against non-malicious failures.

Now -- "can't be secure" is not the same as "can't be better".  We can
build better systems than most we see today.  Some of it requires
better education of system architects and programmers (buffer
overflows, anyone?), some of it requires more humility (to a security
guy, the phrase "active content" translates to "game over, we lose",
which means we don't want to see it in our systems), and some of it
requires a much more expensive development process. This -- especially
the last point -- translates to money: how much security (or
robustness) can Apple (or Microsoft or whomever) afford and still make
money?  How much are you willing to pay, whether in money or in
decreased functionality or glitz, for a stronger system?

I don't like kill lists and the like, but there are good and bad
reasons for having them.  It's interesting to read the URLs on the
Mozilla kill list -- most refer to plug-ins that are (a) known to be
buggy, and (b) kill the browser.  One -- the Vietnamese language pack
-- is known to be contaminated with a Trojan horse.  Kill lists can be
abused, of course -- would Mozilla some day ban the adblock or noscript
plug-ins because they interfere with web sites making money? -- but
they can also be seen as an engineering response to real problems: if
you run this code, you *will* be hurt.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

  By Date           By Thread  

Current thread:
  • on kill switches David Farber (Aug 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]