This column explains how to write secure applications; it focuses on the Linux operating system, but many of the principles apply to any system. In today’s networked world, software developers must know how to write secure programs, yet this information isn’t widely known or taught. This first installment of the Secure programmer column introduces the basic ideas of how to write secure applications and discusses how to identify the security requirements for your specific application. Future installments will focus on different common vulnerabilities and how to prevent them.
Maybe they could fix some of the holes in OpenBSD. I had more intruders with that running than with DOS. Can you buy anti vrus products that will protect OpenBSD.
The Peon’s Guide to Secure System Development: http://m.bacarella.com/papers/secsoft/html/
Maybe they could fix some of the holes in OpenBSD. I had more intruders with that running than with DOS. Can you buy anti vrus products that will protect OpenBSD.
Yeah… intruders with DOS. Because you know DOS was popular for its powerful firewall and amazing network security. Comparing DOS to OpenBSD in this way makes little sense to me.
It’s true, the ORIGINAL DOS is secure to internet attaces. Because it dosn’t has a TCP/IP stack.
While the article itself was interesting, it once again only discusses Mircosoft with closed source. This is like doing a comparison between Japanese and American cars. For the Japanese cars, u only compare using Hondas (I am in no way saying MS is as realiable as a Honda, but this is how the example came to me
). For the American cars, you use Chrysler, GM, Cadillac, Saturn…etc (if one car company owns another, use your imagination).
MS has always given people what they want. Now that network security is important to people, MS will deal with it and chagne its code and the OS mentality.
I would really like to see a study done based on the number of serious open source users who review and modify code versus the number of assinged coders/testers/verifiers that MS (or any other propiertary software) has on a similar product.
In either case, I wish the article went into more specific details. Not necessarily using code examples, but perhaps addressing rights, buffer overflows, input handling…more specifically.
Yamin
“It’s true, the ORIGINAL DOS is secure to internet attaces. Because it dosn’t has a TCP/IP stack.
”
Yeah. But once you started running a BBS, DOS security was horrible. Like if a poorly programmed door game crashed and dropped the remote user to a DOS prompt. (not unheard of).
Yeah, i know what you mean.
From http://openbsd.org:
“Only one remote hole in the default install, in more than 7 years!”
Jesus christ, how the hell am I supposed to keep up with security updates when they are released that frequently? Aargh.
BTW, nice homepage.
I particularly liked Ben Hout’ post on the Linux 2.6 thread. He wants to know if there is a cocoa version of the Linux 2.6 kernel for Mac’s available.
Of course, remember that a fairly large percentage (the majority?) of the security advisories released for any linux distribution (well, I speak from personal experience with Debian here) are either pre-emptive fixes for vulnerabilities that have been found but are not being actively exploited or fixes for *local* exploits. The OpenBSD definition of “hole” conveniently ignores all of these.
If someone were to make a fair(er) comparison, they’d have to a) limit themselves to advisories concerning the base install [use something like Debian for this] since OpenBSD doesn’t give any guarantee as to the security of the ports tree and b) discard all advisories pertaining to vulnerabilities not being actively exploited at the time of the fix being issued.
“The CIA recently learned that Osama bin Laden’s al Qaeda terrorist organization has “far more interest” in cyber-terrorism than previously believed.”
Prove it. Oh, wait, they can’t do that, because it’s top-secret. We’ll have to take their word for it. After all, we’re in safe hands, right?
Let’s hope this intelligence is as reliable as that which said that Saddam Hussein had an arsenal of Weapons of Mass Distruction ready to launch at the time invasion, and the claims that Saddam was attempting to obtain uranium from Africa.
“The CIA recently learned that Osama bin Laden’s al Qaeda terrorist organization has “far more interest” in cyber-terrorism than previously believed.”
Prove it. Oh, wait, they can’t do that, because it’s top-secret. We’ll have to take their word for it. After all, we’re in safe hands, right?
You’re absolutely right, they should release all the information they have so the terrorists would know how they are being spied on, who US assets are, where the terrorists organization’s security is weak, etc. Stupid evil CIA for not wanting to help the terrorists. IT’S ALL A RIGHT WING PLOT, ALL HEIL STALIN AND MAO!
Let’s hope this intelligence is as reliable as that which said that Saddam Hussein had an arsenal of Weapons of Mass Distruction ready to launch at the time invasion, and the claims that Saddam was attempting to obtain uranium from Africa.
You expect intelligence agencies to be perfect against an enemy that knows of their existance, knows they are targetted, is well funded and well supported? You know, if someone said “Hitler has weapons of mass destruction and that’s why we have to invade him” and then we found no weapons of mass destruction in Germany, would you have cared? (pretend you were alive in 1945) Even if they said that was the MAIN reason they were going into germany, I still say: who cares? Hitler and Saddam commited enough evil to warrent their removal, and if the US had to make up lies so that the silly ass population wouldn’t be idiots and overlook their evilness, I don’t have a problem with that, not that I’m saying the US lied on iraq, but if they did, why are you crying? “Oh but the dead Iraqi children!” What about the MANY MANY more dead german children, maybe we could have negotiated with Hitler some more.. Oh well, you’ll probably just say I’m a “nub” for bringing up Hitler, leftists don’t seem to want to debate to enlighten everyone, just to shout down those they disagree with (I realize many right wingers are just as bad, just seems not as many to me.)
Maser:
This is completely off topic. You obviously had something to get off your chest, but this is not the forum to do so.
The original poster only stated that the intelligence of a statement like that only needed some facts to back it up, and gave the “WMD” line as an example of a reason why facts are crucial to support any argument. The poster never commented on whether the invasion was or was not justified. Please don’t jump the gun and take it for more that it was.
Personally, the assertion that it is ok for the US to create lies to protect the people is _really_ messed up. Think about the point that you are trying to get across. If the governemnt of your ‘enemy’ was truely as evil as you assume, don’t you think that the facts alone would be enough to justify any force? Also, you’re nuts…
Congratulations !!
You have won a
/——–
|- GOD -|
|- WIN -|
|- POINT -|
——–/
Btw, you lose, and this thread stop right now.