Message boards :
Politics :
Can we really trust IT?
Message board moderation
Author | Message |
---|---|
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
This thread is inspired from "Can we really trust the software we use?" to be a little broader. I'll kick off with an old one that has rebounded yet again: Here we go again: New NHS patient database plan sets off alarm bells Health Sec Hunt wants your [medical] records in the cloud by 2018 At least with the present paper-based system, access is nominally gate-keepered by your doctor and his records assistant, all hopefully with a little human intelligence and rate limited to one viewing at a time and physically at your health centre... IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
James Sotherden Send message Joined: 16 May 99 Posts: 10436 Credit: 110,373,059 RAC: 54 |
This thread is inspired from "Can we really trust the software we use?" to be a little broader. My Dr. has had a paperless office for two years. At leats its not in the cloud yet. The cloud! Another way for the Gov to know everything you do. Its seems to be a growing trend in the US for mediacl records going didgital. [/quote] Old James |
Ex: "Socialist" Send message Joined: 12 Mar 12 Posts: 3433 Credit: 2,616,158 RAC: 2 |
(I don't know when online storage starting being called "the cloud" but it wasn't too long ago.) And yes the major health systems in my area are all paperless now, I know that it wasn't easily implemented for either of the two big boys in town. I remember one day where all the meds in the hospital had to be ordered by paper because the pharmacy end of the system wasn't working. You can't have those kind of failures in a hospital. I'm ok with paperless if the tech is ready, but I think none of us are on board with a nationwide online database. However, we all have all sorts of personal details already stored by many entities, in the "cloud". #resist |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30639 Credit: 53,134,872 RAC: 32 |
Interesting. Had a talk with my Doc the other day about paper/paperless. The Patient Protection and Affordable Care Act apparently contains provisions mandating paperless. PITA. But as the Doc put it, without even a VPN the Doc is presently able to log into some (unnamed intentionally) hospitals and have full access to records and prescribe. All I can say is how much of an idiot is designing this system? |
James Sotherden Send message Joined: 16 May 99 Posts: 10436 Credit: 110,373,059 RAC: 54 |
Now that is scary. I know the VA is paperless. It makes sense that a vet that can be admitted to any VA hospital and they can get access to your records. ( Well any patient I suppose from any hosiptal ) But just to be able to access any file on a whim? [/quote] Old James |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Can we really trust IT? Not according to this report.... Chip & Pin had its day? ....with a nice highly debatable ending........ "You have no control over tech security." |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30639 Credit: 53,134,872 RAC: 32 |
http://arstechnica.com/security/2013/01/secret-backdoors-found-in-firewall-vpn-gear-from-barracuda-networks/ no password backdoor in ROM. |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Good link with some highly interesting reports linked off it.... The Hunt for Red October Red October loves Java Red October goes dark....for now.... Are you sure your phone is secure? |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30639 Credit: 53,134,872 RAC: 32 |
Are you sure your phone is secure? Cui's hack works by overwriting portions of the kernel space in the phone's memory. That allows him to gain root access to the phone's Unix-like firmware system and take control of the digital signal processor and other key functions. Just wonder which Linux kernel the phone is running. And is the bug allowing the overwrite present in other flavors of that kernel running on other devices. |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Just wonder which Linux kernel the phone is running. And is the bug allowing the overwrite present in other flavors of that kernel running on other devices. Well with all the 1000's of posts on this forum alone regarding O/S'es & their weaknesses, just wonder what happened to the peer review in this case! Also, with the Red October issue - Isn't many of those systems run by governments/corporations running linux? |
Ex: "Socialist" Send message Joined: 12 Mar 12 Posts: 3433 Credit: 2,616,158 RAC: 2 |
Are you sure your phone is secure? Doesn't cisco use a highly customized, almost proprietary version of Unix/Linux family OS? In other words, I doubt it's a kernel that's commonly used, or even resembles one. But I would be curious to know. Wouldn't be surprised if it was 2.6 if it is a "normal" kernel they use. #resist |
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
Are you sure your phone is secure? Indeed so: It's an 'embedded device' that is stripped down to the minimum... Those phones first came out quite a long time ago and so are likely based on whatever kernel version was in vogue at that time... The actual flaw is: "due to a failure to properly validate input passed to kernel system calls from applications running in userspace". See: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability To exploit the vulnerability, you need to have physical access to the phone or a successful remote login. So, difficult to exploit unless you have a "James Bond" janitor wandering around reprogramming them!... That vulnerability is very obviously not on mainstream Linux kernels! No software is infallible to proprietary rush! And we become more vulnerable as we rush to ever more elaborate interconnected systems... Aside: Should those researchers now be persecuted in a similar way to Aaron Swartz for exposing something so obviously highly illegal and world-shatteringly damaging?... They've very clearly and publicly executed a 'break-in'. The USA laws are there and vague enough for doing that, for the threat of 50+ years unto bankruptcy and death... IT is what we make it, Martin Disclaimer: Merely my own personal opinion as ever... See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30639 Credit: 53,134,872 RAC: 32 |
That vulnerability is very obviously not on mainstream Linux kernels! I smell an assumption of how you want the world to be. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30639 Credit: 53,134,872 RAC: 32 |
Excellent read: NBS 500-75 Validation, Verification, and Testing of Computer Software http://books.google.com/books?id=arNTsaD5FxEC&pg=PR2&lpg=PR2&dq=nbs+special+publication+500-75&source=bl&ots=L_sOiOQKHh&sig=Vy2D5SBaPCLYOxZ8N4LZeHSPCjA&hl=en&sa=X&ei=Ar0CUaWEFMTVigLW1YGQDw&ved=0CC4Q6AEwADgK One of the main points it makes is that no matter how many sets of eyeballs look at code, unless you apply design discipline to those eyeballs, errors will be present. A couple others you should look at are, if you care about software: NBS 500-93 Software Validation, Verification, and Testing Technique and Tool Reference Guide NBS 500-98 Planning for Software Validation, Verification, and Testing, NBS 500-99 Structured Testing: A Software Testing Methodology Using the Cyclomatic Complexity Metric |
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
That vulnerability is very obviously not on mainstream Linux kernels! Well, for your disparaging assertion, please list the bug report or rather the world headlines for such a dire problem for the Linux kernel. How does that compare to Microsoft Windows? How does that compare to other proprietary systems? Can we have some real comment and links rather than the lame mud slinging please? IT is indeed what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
... One of the main points it makes is that no matter how many sets of eyeballs look at code, unless you apply design discipline to those eyeballs, errors will be present. ... Indeed so. Note also that open peer review ensures state of the art practice for suitably patronized projects. Hence, is that why Linux is steadily taking over the computing world?... We really do need a good worthy competitor system to Linux that similarly includes freedom for the users, lest we suffer the evil of there only being Linux... IT is what we make it, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Can we have some real comment and links rather than the lame mud slinging please? Already have to which you replied to one - Cisco Phones. However, no comment on the Red October issues...... ... or are you arrogantly assuming that ALL the systems hacked were Windows? |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30639 Credit: 53,134,872 RAC: 32 |
Note also that open peer review ensures state of the art practice for suitably patronized projects. suitably patronized is what, 0.1% of FOSS projects? |
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
Note also that open peer review ensures state of the art practice for suitably patronized projects. There goes your mud slinging again. What matters are those projects of significance that make a difference. Just is in natural evolution, there is a lot of wastage as new ideas are tried out by new people. The best and/or most 'interesting' survive and prosper. Perhaps that is why Linux systems have already 'taken over' for where it matters... Linux systems certainly have a far better record than certain other system for thwarting malware... IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
Already have to which you replied to one - Cisco Phones. However, no comment on the Red October issues...... Wow! Of all the widespread examples, and compared to the unmanageable blizzard of malware and exploits that Windows appears to suffer... You have just those *two* examples?... I'll let you do the leg work on those! Choose your own expense and goodness or other... IT is still what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.