Berkeley CSUA MOTD:Entry 34770
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/04/04 [General] UID:1000 Activity:popular
4/4     

2004/11/9 [Computer/SW/Security, Computer/SW/Virus] UID:34770 Activity:high
11/8    http://www.fcw.com/fcw/articles/2004/1011/web-manh-10-15-04.asp
        So the NSA wants a ned center to work on, in part, detecting
        malicious code hidden in software.  How is this any easier than
        'solving' the halting problem?
        \_ Dubya can do anything he sets his devious and evil monkey mind to.
        \_ The fact that a problem is undecidable in general does not stop
           entire industries from springing up around it (anti-virus stuff
           comes to mind). -- ilyas
           \_ Remedying parts of a problem (anti-virus stuff comes to mind)
              but not eliminating the problem entirely is better than not
              doing anything at all, unless your partial measures create a
              false sense of security (anti-virus stuff comes to mind).  This
              is especially true for infosec.  Even if AV vendors create
              false panic & hysteria, there is nonetheless a real problem out
              there, which they are partially addressing.  The same with this
              malicious code initiative.  I have corporate clients who have
              enormous issues with this; it is a real problem just crying for
              someone to do something, anything, about it.  Infosec problems
              cannot ever be 100% solved.  -John
              \_ "infosec". This sounds like something Orwell or Philip K
                 Dick would come up with.
                 \_ Sorry, you're right.  We've just all taken to calling it
                    that here, you get used to it.  You have always been at
                    war with Eurasia.  -John
                    \_ Damn eurocommunists. -- ilyas
                       \_ Mao!  Mao is the standard!
                          \_ Ooh mao mao, ooh papa mao
                          \_ Are you chinese?  Do you understand the
                             effects opium trade had on china!?
                             effects holocaust had on china!?
                             \_ No I don't, explain it to me.
                          \_ Penalty.
2025/04/04 [General] UID:1000 Activity:popular
4/4     

You may also be interested in these entries...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil
4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil
11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...
2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil
11/11   MacOSX's Sandbox security hole:
        http://preview.tinyurl.com/7ph2wtg [arstechnica]
	...
2011/2/10-19 [Computer/SW/Security] UID:54034 Activity:nil
2/9     http://www.net-security.org/secworld.php?id=10570
        Summary: iPhone passwd storage is unsafe after all
	...
Cache (2432 bytes)
www.fcw.com/fcw/articles/2004/1011/web-manh-10-15-04.asp
The National Security Agency's top information security official disclose d plans this week for a government-funded research center devoted to imp roving the security of commercial software, calling the initiative a mod ern-day Manhattan Project. Comparing the proposed high-assurance software initiative to the famous a tomic bomb research project of the 1940s, NSA's director for information assurance, Daniel Wolf, said the research would focus on tools and tech niques for writing secure software and detecting malicious code hidden i n software. Before NSA officials can create the center, the Defense secretary must ap prove the concept and find money for the project, Wolf said. The quality and trustworthiness of commerci al software has become a matter of increasing concern to NSA officials, who are responsible for the security of Defense Department and intellige nce software. NSA officials anticipate that many companies on whose soft ware DOD and intelligence users rely will be moving significant portions of their commercial software development overseas within a few years. NSA officials cannot force companies to develop software a certain way, W olf said, "but we would like to get them to a point where they are produ cing commercial products that meet the needs of our users." About 95 per cent of the agency's desktop PCs run Microsoft's Windows operating syste m, Wolf said. The high-assurance software center would have a small staff of researcher s who would work with other researchers at NSA, the Defense Advanced Res earch Projects Agency, the Homeland Security Department, the National In stitute of Standards and Technology, federally funded research centers, academic institutions, and corporations. "We talk about something like a Manhattan Project because of the magnitude of what we're trying to do," Wolf said. Creating commercial software of high quality and trustworthiness is immen sely difficult using existing tools and techniques, he said. "You want s oftware that does all the things that it is supposed to do and nothing m ore," he said. It is especially difficult to know whether commercial sof tware contains hidden malicious code. Current detection tools produce to o many false positives, he said. As an agency, NSA has 50 years' experience with writing cryptographic cod e, Wolf said. "What we bring to the table is the ability to analyze soft ware and find vulnerabilities," he said.