* Posts by PuffyBSD

5 publicly visible posts • joined 10 Aug 2010

Bloke, 26, accused of running drug souk Silk Road 2.0 cuffed by Feds

PuffyBSD
Unhappy

Re: Another one bites the dust (@ Jack of shadows)

Actually, according to either the book Freakonomics or Superfreakonomics (the sequel) if governments really wanted to stop the drug problem in society they would execute drug users publically . Few people would risk using drugs in that scenario and the few who did would be eliminated so problem solved. However, most people don't have the stomach for this kind of stuff so the best solution is the Libertarian solution of legalizing drugs (think of this humane solution more as damage control). I'm a Libertarian so I agree with the legalization of drugs not the public executions.

Linux kernel purged of five-year-old root access bug

PuffyBSD
Black Helicopters

OpenBSD is totally immune from this type of bug in the article

A quote from the above article :

"One important aspect the attack demonstrates, is how difficult it is to bring security to a desktop platform, where one of the biggest challenges is to let applications talk to the GUI layer (e.g., X server in case of Linux), which usually involves a very fat GUI protocol (think X protocol, or Win32 GUI API) and a very complex GUI server, but at the same time keep things secure,”-- Joanna Rutkowska, a fellow security researcher at Invisible Things Lab blogged.

OpenBSD has achieved the so called 'difficult' a secure implementation of GUI X functions : server and client. It achieved this two ways. It uses, for instance, a thoroughly audited aperture driver e.g. xf86 (this specific driver is for the x86 platform) kernel aperture driver (that doesn't even run at security level 0. OpenBSD has various runtime security levels), for xenocara. Xenocara is OpenBSD's implementation of Xorg. The reason why OpenBSD uses its own forked version of Xorg is because Theo De Raadt has long known that stock Xorg is insecure (some platforms worse than others e.g. x86) Xenocara is OpenBSD's secure version of Xorg. So that is why OpenBSD is not vulnerable to such a security bug and Linux is. OpenBSD's security is epic and this is just one small example of why.

http://xenocara.org/

http://www.openbsd.org/cgi-bin/man.c...86&format=html

PuffyBSD
Boffin

OpenBSD's security is epic

*note I made a mistake in my first reply to this message in that I said the xf86 aperture driver was only for the x86 platform so I'm reposting this with the correct info* :

"One important aspect the attack demonstrates, is how difficult it is to bring security to a desktop platform, where one of the biggest challenges is to let applications talk to the GUI layer (e.g., X server in case of Linux), which usually involves a very fat GUI protocol (think X protocol, or Win32 GUI API) and a very complex GUI server, but at the same time keep things secure,”-- Joanna Rutkowska, a fellow security researcher at Invisible Things Lab blogged.

OpenBSD has achieved the so called 'difficult' a secure implementation of GUI X functions : server and client. It achieved this two ways. It uses, for instance, a thoroughly audited xf86 kernel aperture driver (that doesn't even run at security level 0. OpenBSD has various runtime security levels), for xenocara. Xenocara is OpenBSD's implementation of Xorg. The reason why OpenBSD uses its own forked version of Xorg is because Theo De Raadt has long known that stock Xorg is insecure (some platforms worse than others e.g. x86) Xenocara is OpenBSD's secure version of Xorg. So that is why OpenBSD is not vulnerable to such a security bug and Linux is. OpenBSD's security is epic and this is just one small example of why.

http://xenocara.org/

http://www.openbsd.org/cgi-bin/man.c...86&format=html

Anti-virus defences even shakier than feared

PuffyBSD
Black Helicopters

A combination of things is key

When running windows (for the home user at least) :

1.) You have to know what you are doing #1 (Geeks like us know what we are doing) that means you are less likely to even get infected in the first place.

2.) You have to have a really good firewall running for Windows, like CoreForce, which is based on OpenBSD's PF firewall so when the anti-virus scanners miss malware you can at least block the malware on your system or just use an extra box with OpenBSD on it acting as a firewall/NAT box instead of CoreForce et. al.

3.) Run a good anti-virus scanner or better yet three free ones that don't conflict with each other (as some do) and : AVG free antivirus, malwarebytes anti maleware scanner and some other free spyware scanner.

The point is don't just rely on anti-virus scanners but incorporate them into an overall larger security framework : so don't throw the baby out with the bath water. That works for me on my XP box. I have three FreeBSD , OpenBSD and Windows XP computers. OpenBSD is the most secure and my favorite to use, by far, but certain software is non-trivial to port to it or get to run in binary emulation so I run Windows, as well, for that reason. I believe OpenBSD is the one true way in security but you have to know what you are doing : any idiot admin can make anything insecure.

PuffyBSD
Thumb Up

That OS is OpenBSD

.... and that OS is called OpenBSD.