Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

on kill switches

From: David Farber <dave () farber net>
Date: Mon, 11 Aug 2008 19:09:13 -0400


Begin forwarded message:

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: August 11, 2008 12:56:32 PM EDT
To: dave () farber net
Cc: "ip" <ip () v2 listbox com>
Subject: Re: [IP] Re: iPhone can phone home and kill apps? - says yes 

On Fri, 8 Aug 2008 09:01:20 -0700
David Farber <dave () farber net> wrote:


The question is why is OS/X on the iPhone so vulnerable and, for that
matter, why are the cellular protocols so vulnerable.


Unfortunately, the state of the art is such that we can't solve the
problem. We fundamentally do not know how to build large-scale software
platforms that are secure or even robust against non-malicious failures.

Now -- "can't be secure" is not the same as "can't be better".  We can
build better systems than most we see today.  Some of it requires
better education of system architects and programmers (buffer
overflows, anyone?), some of it requires more humility (to a security
guy, the phrase "active content" translates to "game over, we lose",
which means we don't want to see it in our systems), and some of it
requires a much more expensive development process. This -- especially
the last point -- translates to money: how much security (or
robustness) can Apple (or Microsoft or whomever) afford and still make
money?  How much are you willing to pay, whether in money or in
decreased functionality or glitz, for a stronger system?

I don't like kill lists and the like, but there are good and bad
reasons for having them.  It's interesting to read the URLs on the
Mozilla kill list -- most refer to plug-ins that are (a) known to be
buggy, and (b) kill the browser.  One -- the Vietnamese language pack
-- is known to be contaminated with a Trojan horse.  Kill lists can be
abused, of course -- would Mozilla some day ban the adblock or noscript
plug-ins because they interfere with web sites making money? -- but
they can also be seen as an engineering response to real problems: if
you run this code, you *will* be hurt.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: