Re: Security on Nits?
Quote:
I'm most worried about packet sniffers on an open network. |
Re: Security on Nits?
Security is about layering. To say that something is absolutely insecure because it is missing a single layer is simplifying the topic to meaninglessness.
There are many layers of security that still exist on the tabletOS: 1) It is built on a Linux foundation. Linux developers (especially kernel developers) do think a lot more about security than the average. 2) The libraries and infrastructure sticks pretty close to upstream. The more you deviate from the common core code, the more you have to rely on your local security experts; the less eyes you have auditing your code; the more chance you will have security problems. 3) It is an obscure platform to write an exploit for. Malicious attackers will look to get the most bang for their buck and the tablet is not it. Not exactly a feature that Nokia marketing wants to use but it does help with security somewhat. 4) Linux generally does not run applications as a superuser. After they are installed, apps on the tablet generally run as the user "user" and that gives them much less leverage on the system. They can affect files in /user/home and /media/mmc*, maybe communicate via the various communication interfaces but that is about it. Certainly they have the leash to create a great deal of havok but it is limited havok should a security hole get exploited that way. This is in stark contrast to a Windows world where you are actively encouraged to run as an Administrator (and cutting the leash on anything you run) since so many things just don't quite work right if you don't. 5) The tablet is not always on and always connected to the network. Being mobile, it is jumping from network to network and spending a lot of the time sitting off and not talking to anyone. Most of the other part of the time, it is connected to an wireless access point that masquerades the network connection and often has a firewall built in. This greatly reduces the opportunity for network-based remote attackers to even try to exploit servers running on your tablet. The addition of the Wimax line of tablets sheds this significant layer though. Another axiom that goes along with "security is layering"; "Security is also always a trade-off". So that is a (by no means exhaustive) list layers that provide a security patchwork that attempts to have 100% coverage of all possible exploits. Never can any anything ever achieve this goal. The security of the available application trust system is certainly a problem that throwing out buzz-phrases like "sandbox" is not going to solve ... sandboxes can be breached too. Nor does it mean that what you have currently is a pile of crap. Hopefully people continue to think about security and making things more secure but I am not laying awake at night worried that someone is going to pwnz0r my l33t b0xx0r. Nokia made a wise choice to go with Linux in that respect since it has a inherent security infrastructure and culture. |
Re: Security on Nits?
Oops! I said that Android is likely to replace maemo, when I should have written qtopia - which does have a safe execution environment, and is the reason most analysts believe that Nokia bought Trolltech. As I said, typos happen!
Here's the page at Trolltech that probably represents the future of security on Nokia Linux devices: http://troll.no/support/consulting/q...archterm=patch - Very much the sandboxing virtual machine approach I would have expected for a modern mobile OS, as opposed to the cruder approach used by Nokia on their current flagship consumer platform: https://www.symbiansigned.com/app/page |
Re: Security on Nits?
Quote:
From the page. "SXE is not an anti-virus application or a firewall." - I guess we're screwed. |
Re: Security on Nits?
Quote:
|
Re: Security on Nits?
Quote:
Quote:
Quote:
Quote:
Btw, given the openess to attack, does anyone expect to see maemo run on a phone, wiith the the potential for telecommunications dos attacks? Quote:
ii. One of the previous posters already thought of a way around the above, even on the occasions that your logic is correct... iii. Which will probably be quite rare. Most people will use their nit at home and won't have nearly so paranoid an environment. Quote:
Quote:
Quote:
|
Re: Security on Nits?
Quote:
Anyway, SEL (I think like AppArmor) is about providing native Unix processes with security protocols. This has very little to do with the SXE approach, which is about implementing a safe virtual machine (which makes more sense in a heterogeneous hardware environment because if it is implemented correctly, as for some versions of Smalltalk and Lisp rather than Java, gets you cross platform capability without re-compilation.) Unlike SEL, SXE *is* a specific implementation - which includes, but isn't limited to, a Linux OS. So in summary, SXE and SEL are about as unlike as two computer security initiatives can be. Standard vs implementation; native code vs virtual machine. |
Re: Security on Nits?
As a rule, if I'm in a public place, unless I can verify that an access point is "safe" I generally don't connect to it and start logging onto my online banking or webmail/instant messaging accounts.
I've been in too many places where SSID's come up as "FREE INTERNET" or "PUBLIC ACCESS POINT" and then don't connect to anything. That leads me to wonder about what it really is. If I can verify the device (for example, I've used the one at my public library simply because the AP was sitting on the floor between two lounge chairs...not good security per se either but at least I knew where it was) then I'll connect to it. Same with places like Staples that have well-known hot-spots and subscription services like T-Mobile where you're required to authenticate. I mean, think about it. You could configure your N8x0 as an adhoc AP with a nice innocuous SSID like "Public Cafe Internet", set up Apache and trap everyone with a fake website, a DHCP server, and a hosts file redirecting well-known sites to a packet sniffer in the background. Then wander around an airport, hotel or train station, or loiter around a Starbucks grabbing everyone's login info. Heck if you really wanted to play a gag, have Apache serve up porn to everyone who connects to it :) But like I said, Internet Tablets are tiny and mobile. Like laptops, the biggest security issue is that they're more likely to get stolen than hacked. |
Re: Security on Nits?
Quote:
Quote:
|
Re: Security on Nits?
<COUGH> Not that I'd actually do something like that </COUGH>
|
All times are GMT. The time now is 11:25. |
vBulletin® Version 3.8.8