Can we really trust IT?

Message boards : Politics : Can we really trust IT?

1 · 2 · 3 · 4 . . . 10 · Next

Author	Message
ML1 Volunteer tester Send message Joined: 25 Nov 01 Posts: 7112 Credit: 3,681,712 RAC: 906	Message 1328436 - Posted: 17 Jan 2013, 22:56:45 UTC Last modified: 17 Jan 2013, 22:59:51 UTC
	This thread is inspired from "Can we really trust the software we use?" to be a little broader. I'll kick off with an old one that has rebounded yet again: Here we go again: New NHS patient database plan sets off alarm bells Health Sec Hunt wants your [medical] records in the cloud by 2018 At least with the present paper-based system, access is nominally gate-keepered by your doctor and his records assistant, all hopefully with a little human intelligence and rate limited to one viewing at a time and physically at your health centre... IT is what we make it... Martin ____________ Mandriva Linux A user friendly OS! See new freedom Mageia2 The Future is what We make IT (GPLv3)
	ID: 1328436 · Reply Quote

James Sotherden Volunteer moderator Send message Joined: 16 May 99 Posts: 6050 Credit: 14,655,582 RAC: 23,942	Message 1328704 - Posted: 18 Jan 2013, 17:49:23 UTC - in response to Message 1328436.
	This thread is inspired from "Can we really trust the software we use?" to be a little broader. I'll kick off with an old one that has rebounded yet again: Here we go again: New NHS patient database plan sets off alarm bells Health Sec Hunt wants your [medical] records in the cloud by 2018 At least with the present paper-based system, access is nominally gate-keepered by your doctor and his records assistant, all hopefully with a little human intelligence and rate limited to one viewing at a time and physically at your health centre... IT is what we make it... Martin My Dr. has had a paperless office for two years. At leats its not in the cloud yet. The cloud! Another way for the Gov to know everything you do. Its seems to be a growing trend in the US for mediacl records going didgital. ____________
	ID: 1328704 · Reply Quote

Ex Volunteer moderator Volunteer tester Send message Joined: 12 Mar 12 Posts: 2883 Credit: 1,157,255 RAC: 858	Message 1328706 - Posted: 18 Jan 2013, 17:55:41 UTC
	(I don't know when online storage starting being called "the cloud" but it wasn't too long ago.) And yes the major health systems in my area are all paperless now, I know that it wasn't easily implemented for either of the two big boys in town. I remember one day where all the meds in the hospital had to be ordered by paper because the pharmacy end of the system wasn't working. You can't have those kind of failures in a hospital. I'm ok with paperless if the tech is ready, but I think none of us are on board with a nationwide online database. However, we all have all sorts of personal details already stored by many entities, in the "cloud". ____________ -Dave #2 3.2.0-33
	ID: 1328706 · Reply Quote

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 10313 Credit: 5,072,793 RAC: 6,250	Message 1328781 - Posted: 18 Jan 2013, 20:22:52 UTC - in response to Message 1328706.
	Interesting. Had a talk with my Doc the other day about paper/paperless. The Patient Protection and Affordable Care Act apparently contains provisions mandating paperless. PITA. But as the Doc put it, without even a VPN the Doc is presently able to log into some (unnamed intentionally) hospitals and have full access to records and prescribe. All I can say is how much of an idiot is designing this system? ____________
	ID: 1328781 · Reply Quote

James Sotherden Volunteer moderator Send message Joined: 16 May 99 Posts: 6050 Credit: 14,655,582 RAC: 23,942	Message 1329016 - Posted: 19 Jan 2013, 6:31:45 UTC
	Now that is scary. I know the VA is paperless. It makes sense that a vet that can be admitted to any VA hospital and they can get access to your records. ( Well any patient I suppose from any hosiptal ) But just to be able to access any file on a whim? ____________
	ID: 1329016 · Reply Quote

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 6669 Credit: 1,280,517 RAC: 674	Message 1329048 - Posted: 19 Jan 2013, 10:02:48 UTC
	Can we really trust IT? Not according to this report.... Chip & Pin had its day? ....with a nice highly debatable ending........ "You have no control over tech security." ____________
	ID: 1329048 · Reply Quote

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 10313 Credit: 5,072,793 RAC: 6,250	Message 1330803 - Posted: 24 Jan 2013, 18:28:56 UTC
	http://arstechnica.com/security/2013/01/secret-backdoors-found-in-firewall-vpn-gear-from-barracuda-networks/ no password backdoor in ROM. ____________
	ID: 1330803 · Reply Quote

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 6669 Credit: 1,280,517 RAC: 674	Message 1330967 - Posted: 24 Jan 2013, 23:27:07 UTC - in response to Message 1330803.
	Good link with some highly interesting reports linked off it.... The Hunt for Red October Red October loves Java Red October goes dark....for now.... Are you sure your phone is secure? ____________
	ID: 1330967 · Reply Quote

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 10313 Credit: 5,072,793 RAC: 6,250	Message 1330972 - Posted: 24 Jan 2013, 23:40:14 UTC - in response to Message 1330967.
	Are you sure your phone is secure? Cui's hack works by overwriting portions of the kernel space in the phone's memory. That allows him to gain root access to the phone's Unix-like firmware system and take control of the digital signal processor and other key functions. Just wonder which Linux kernel the phone is running. And is the bug allowing the overwrite present in other flavors of that kernel running on other devices. ____________
	ID: 1330972 · Reply Quote

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 6669 Credit: 1,280,517 RAC: 674	Message 1330986 - Posted: 25 Jan 2013, 0:57:26 UTC - in response to Message 1330972. Last modified: 25 Jan 2013, 0:59:39 UTC
	Just wonder which Linux kernel the phone is running. And is the bug allowing the overwrite present in other flavors of that kernel running on other devices. Well with all the 1000's of posts on this forum alone regarding O/S'es & their weaknesses, just wonder what happened to the peer review in this case! Also, with the Red October issue - Isn't many of those systems run by governments/corporations running linux? ____________
	ID: 1330986 · Reply Quote

Ex Volunteer moderator Volunteer tester Send message Joined: 12 Mar 12 Posts: 2883 Credit: 1,157,255 RAC: 858	Message 1331020 - Posted: 25 Jan 2013, 3:38:34 UTC - in response to Message 1330972. Last modified: 25 Jan 2013, 3:39:12 UTC
	Are you sure your phone is secure? Cui's hack works by overwriting portions of the kernel space in the phone's memory. That allows him to gain root access to the phone's Unix-like firmware system and take control of the digital signal processor and other key functions. Just wonder which Linux kernel the phone is running. And is the bug allowing the overwrite present in other flavors of that kernel running on other devices. Doesn't cisco use a highly customized, almost proprietary version of Unix/Linux family OS? In other words, I doubt it's a kernel that's commonly used, or even resembles one. But I would be curious to know. Wouldn't be surprised if it was 2.6 if it is a "normal" kernel they use. ____________ -Dave #2 3.2.0-33
	ID: 1331020 · Reply Quote

ML1 Volunteer tester Send message Joined: 25 Nov 01 Posts: 7112 Credit: 3,681,712 RAC: 906	Message 1331136 - Posted: 25 Jan 2013, 13:58:26 UTC - in response to Message 1331020. Last modified: 25 Jan 2013, 14:01:31 UTC
	Are you sure your phone is secure? Cui's hack works by overwriting portions of the kernel space in the phone's memory. That allows him to gain root access to the phone's Unix-like firmware system and take control of the digital signal processor and other key functions. Just wonder which Linux kernel the phone is running. And is the bug allowing the overwrite present in other flavors of that kernel running on other devices. Doesn't cisco use a highly customized, almost proprietary version of Unix/Linux family OS? In other words, I doubt it's a kernel that's commonly used, or even resembles one. But I would be curious to know. Wouldn't be surprised if it was 2.6 if it is a "normal" kernel they use. Indeed so: It's an 'embedded device' that is stripped down to the minimum... Those phones first came out quite a long time ago and so are likely based on whatever kernel version was in vogue at that time... The actual flaw is: "due to a failure to properly validate input passed to kernel system calls from applications running in userspace". See: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability To exploit the vulnerability, you need to have physical access to the phone or a successful remote login. So, difficult to exploit unless you have a "James Bond" janitor wandering around reprogramming them!... That vulnerability is very obviously not on mainstream Linux kernels! No software is infallible to proprietary rush! And we become more vulnerable as we rush to ever more elaborate interconnected systems... Aside: Should those researchers now be persecuted in a similar way to Aaron Swartz for exposing something so obviously highly illegal and world-shatteringly damaging?... They've very clearly and publicly executed a 'break-in'. The USA laws are there and vague enough for doing that, for the threat of 50+ years unto bankruptcy and death... IT is what we make it, Martin Disclaimer: Merely my own personal opinion as ever... ____________ Mandriva Linux A user friendly OS! See new freedom Mageia2 The Future is what We make IT (GPLv3)
	ID: 1331136 · Reply Quote

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 10313 Credit: 5,072,793 RAC: 6,250	Message 1331145 - Posted: 25 Jan 2013, 15:01:29 UTC - in response to Message 1331136.
	That vulnerability is very obviously not on mainstream Linux kernels! Disclaimer: Merely my own personal opinion as ever... I smell an assumption of how you want the world to be. ____________
	ID: 1331145 · Reply Quote

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 10313 Credit: 5,072,793 RAC: 6,250	Message 1331199 - Posted: 25 Jan 2013, 17:29:20 UTC
	Excellent read: NBS 500-75 Validation, Verification, and Testing of Computer Software http://books.google.com/books?id=arNTsaD5FxEC&pg=PR2&lpg=PR2&dq=nbs+special+publication+500-75&source=bl&ots=L_sOiOQKHh&sig=Vy2D5SBaPCLYOxZ8N4LZeHSPCjA&hl=en&sa=X&ei=Ar0CUaWEFMTVigLW1YGQDw&ved=0CC4Q6AEwADgK One of the main points it makes is that no matter how many sets of eyeballs look at code, unless you apply design discipline to those eyeballs, errors will be present. A couple others you should look at are, if you care about software: NBS 500-93 Software Validation, Verification, and Testing Technique and Tool Reference Guide NBS 500-98 Planning for Software Validation, Verification, and Testing, NBS 500-99 Structured Testing: A Software Testing Methodology Using the Cyclomatic Complexity Metric ____________
	ID: 1331199 · Reply Quote

ML1 Volunteer tester Send message Joined: 25 Nov 01 Posts: 7112 Credit: 3,681,712 RAC: 906	Message 1331258 - Posted: 25 Jan 2013, 20:05:14 UTC - in response to Message 1331145.
	That vulnerability is very obviously not on mainstream Linux kernels! I smell an assumption of how you want the world to be. Well, for your disparaging assertion, please list the bug report or rather the world headlines for such a dire problem for the Linux kernel. How does that compare to Microsoft Windows? How does that compare to other proprietary systems? Can we have some real comment and links rather than the lame mud slinging please? IT is indeed what we make it... Martin ____________ Mandriva Linux A user friendly OS! See new freedom Mageia2 The Future is what We make IT (GPLv3)
	ID: 1331258 · Reply Quote

ML1 Volunteer tester Send message Joined: 25 Nov 01 Posts: 7112 Credit: 3,681,712 RAC: 906	Message 1331259 - Posted: 25 Jan 2013, 20:08:58 UTC - in response to Message 1331199.
	... One of the main points it makes is that no matter how many sets of eyeballs look at code, unless you apply design discipline to those eyeballs, errors will be present. ... Indeed so. Note also that open peer review ensures state of the art practice for suitably patronized projects. Hence, is that why Linux is steadily taking over the computing world?... We really do need a good worthy competitor system to Linux that similarly includes freedom for the users, lest we suffer the evil of there only being Linux... IT is what we make it, Martin ____________ Mandriva Linux A user friendly OS! See new freedom Mageia2 The Future is what We make IT (GPLv3)
	ID: 1331259 · Reply Quote

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 6669 Credit: 1,280,517 RAC: 674	Message 1331297 - Posted: 25 Jan 2013, 21:43:57 UTC - in response to Message 1331258.
	Can we have some real comment and links rather than the lame mud slinging please? IT is indeed what we make it... Martin Already have to which you replied to one - Cisco Phones. However, no comment on the Red October issues...... ... or are you arrogantly assuming that ALL the systems hacked were Windows? ____________
	ID: 1331297 · Reply Quote

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 10313 Credit: 5,072,793 RAC: 6,250	Message 1331353 - Posted: 25 Jan 2013, 23:45:44 UTC - in response to Message 1331259.
	Note also that open peer review ensures state of the art practice for suitably patronized projects. suitably patronized is what, 0.1% of FOSS projects? ____________
	ID: 1331353 · Reply Quote

ML1 Volunteer tester Send message Joined: 25 Nov 01 Posts: 7112 Credit: 3,681,712 RAC: 906	Message 1331372 - Posted: 26 Jan 2013, 1:14:14 UTC - in response to Message 1331353.
	Note also that open peer review ensures state of the art practice for suitably patronized projects. suitably patronized is what, 0.1% of FOSS projects? There goes your mud slinging again. What matters are those projects of significance that make a difference. Just is in natural evolution, there is a lot of wastage as new ideas are tried out by new people. The best and/or most 'interesting' survive and prosper. Perhaps that is why Linux systems have already 'taken over' for where it matters... Linux systems certainly have a far better record than certain other system for thwarting malware... IT is what we make it... Martin ____________ Mandriva Linux A user friendly OS! See new freedom Mageia2 The Future is what We make IT (GPLv3)
	ID: 1331372 · Reply Quote

ML1 Volunteer tester Send message Joined: 25 Nov 01 Posts: 7112 Credit: 3,681,712 RAC: 906	Message 1331373 - Posted: 26 Jan 2013, 1:16:47 UTC - in response to Message 1331297.
	Already have to which you replied to one - Cisco Phones. However, no comment on the Red October issues...... Wow! Of all the widespread examples, and compared to the unmanageable blizzard of malware and exploits that Windows appears to suffer... You have just those two examples?... I'll let you do the leg work on those! Choose your own expense and goodness or other... IT is still what we make it... Martin ____________ Mandriva Linux A user friendly OS! See new freedom Mageia2 The Future is what We make IT (GPLv3)
	ID: 1331373 · Reply Quote

1 · 2 · 3 · 4 . . . 10 · Next
Post to thread

Message boards : Politics : Can we really trust IT?