[ale] Linux in SIGINT

Michael B. Trausch mike at trausch.us
Mon Mar 2 17:50:46 EST 2009 

On Mon, 2 Mar 2009 13:42:24 -0500
"Jeff Lightner" <jlightner at water.com> wrote:

> I don't really see this as clueless.  Essentially he is saying it is
> easier to hack a known standard than to hack something proprietary.
> Folks might infer from the way he wrote it that Linux is somehow a
> security issue but he doesn't actually say that.  It may well be his
> intent to imply that but since we're not mind readers we can't really
> say it is.

Yes, but that is relying on security by obscurity.  Real security comes
when the standard is known, well-reviewed, and constantly scrutinized.
Sure, there is still a guarded secret, be that a private key or a hell
of a long passphrase---but really.  I *dare* someone to crack open one
of my encrypted emails without (a) stealing my computer, (b) stealing
the computer of a recipient of one of those emails, and (c) finding a
way to crack the password of the key for either system.  It *might* be
possible for it to be done, but it's not likely to happen with the
present state of technology no matter what governmental agency might
be interested in it.  Some development may occur at some point that
makes all present-day encryption weak, but until it does...

Really.

Stating that "The older systems, being custom made, were much more
difficult to hack into. But Linux based stuff is not" is a clear sign
of cluelessness---a system built around Linux is going to be as
(in)secure as the operator wants it to be, save for security bugs, and
those are typically patched very quickly in the core open stack of
most distributions.  The example is flawed; today, one can acquire
everything needed to receive an unencrypted feed with a reasonable
amount of money and a little bit of work interfacing the equipment with
the computer system.  Nearly nobody had the money for that three
decades ago when satellite was open access for anyone who could afford
a dish and a box.

Furthermore, you cannot crack something that is unencrypted, and the
person who wrote the article seems to mistake "hack" for crack.  First
clue was in the direct quote at the top of the previous paragraph.

I'd say the author of that article was clueless at least when it was
written.  Perhaps there has been a good deal of change in that, there's
been several days since it was written and a fair amount of emails have
probably flown into the publisher's INBOX.  Hopefully comments like the
ones from "Dave_In_Pa" on the site weren't in the majority... well, one
can hope, anyway.

	--- Mike

-- 
My sigfile ran away and is on hiatus.
http://www.trausch.us/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/ale/attachments/20090302/00184c64/attachment.bin

More information about the Ale mailing list