Re: signed applets a solution?

[Bennett Todd <bet () rahul net>]

1997-12-18-03:06:02 Hal:
> [...] In sum, its like the old saying: can't live with it, can live
> without it.

Sure, you can live without it. Easily. The only ones who can't are
people like web site reviewers for Wired magazine, and truly jaded fools
who have no work to do and are using their office computer as a babble
box. Servicing the first customer segment is easy; just set 'em up in
the DMZ. And servicing the second segment is even easier; just say ``get
serviced''.

> [...] Its not always possible to enforce a policy that restricts
> something user don't perceive as a problem.

That's a critically important point. I agree 100%. If the user has been
allowed to retain a perception that (e.g.) ``applets don't threaten the
security of my organization'', then the security admin hasn't done their
job. That's why I really love the super-easy-to-use exploits; my
favourite way get people with the program is to set up a sacrificial
machine wherever it needs to be to demo the problem (in the case of
applets, out in the DMZ); let the user log in to it; then let them run
exploits. E.g. have them visit the hostile applets web site.

Back in a previous generation of security worries, when crack was young
and ypx was obscure, I had trouble motivating some people to schedule
doing the /var/yp/securenets fix. So I wrapped crack and ypx in nice
packaging, added a glue script called ``logonto'', and demonstrated
``logonto machinename'' doing exactly that --- stealing a copy of the
passwd map, successfully cracking it, and logging on with the first
account crack popped out. Suddenly securenets was a priority and crack
was in use.

If the users don't know any better, the security admin needs to start
doing their job.

-Bennett