Brad gets real!

[Dave Aitel via Dailydave <dailydave () lists aitelfoundation org>]

https://www.youtube.com/watch?v=F_Kza6fdkSU

So I wanted to highlight this talk from Brad Spengler about the state of
Linux security. It's a damning report if you read even a little bit between
the lines. And on many levels. As Halvar points out, Android deliberately
avoided investing what they knew they needed to invest in platform security
in the effort to gather significant early market share, even knowing it
would harm their user-base in a multitude of ways.

And this kind of philosophical trade off taken by companies filters into
the Linux security ecosystem, creating Ogres of various sorts, like
Calamity Gannon's corruption of various parts of Hyrule. For example,
phones often run on an older Linux kernel, which means there is economic
incentive to backport features and security fixes to those kernels, or
pretend you can.

Likewise, much of the effort of the Linux security community is focused on
KASLR, which Brad points out, is largely a waste of time.

He also talks about Syzkiller, automated exploit generation, and a host of
other things. Well worth a listen!

-dave

_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org