funsec mailing list archives

Previous By Date Next
Previous By Thread Next

AusCERT 2007: IT Industry Has Failed in Desktop Security

From: "Fergie" <fergdawg () netzero net>
Date: Mon, 21 May 2007 05:55:20 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via ZDNet Australia.

[snip]

The AusCERT 2007 conference kicked off this morning with a keynote speaker
who blasted desktop computer security -- including that of Windows, Linux
and Apple Mac -- because it is based on a 35-year-old premise where
software can run with the same privilege as the user.

Ivan Krsti&#263;, director of security architecture for the One Laptop per
Child project, told delegates that the IT industry has failed when it comes
to desktop security.

"The number one broken assumption of desktop security ... is this very
simple premise that all executing software should execute with the full
permission that its user possesses.

"There are a bunch of programs that ship with all major operating systems
- -- including Linux, Mac OS and Windows -- that can format your hard
drive,
spy on your computer, spy on you with your microphone and camera and turn
over control of your computer to third parties," said Krsti&#263;.

One example of such a program, said Krsti&#263;, is Minesweeper -- a game that
has shipped with virtually all versions of Microsoft Windows.

"This is no exaggeration. There is nothing in place to say that Minesweeper
cannot do these things. That tells me something is pretty badly broken," he
said.

[snip]

More:
http://www.zdnet.com.au/news/security/soa/IT-industry-has-failed-in-desktop
- -security/0,130061744,339277628,00.htm

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)

wj8DBQFGUTRCq1pz9mNUZTMRAllCAKDu47cZ8AJ5dpe/4OpHYzPo7f1XrwCeJmqa
V8U5H65v9xR1dbnSZyIgp/8=
=mJLo
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: