View Poll Results: Do you encrypt your data?

Voters
37. You may not vote on this poll
  • Everything....twice

    2 5.41%
  • Only at work

    5 13.51%
  • Sometimes

    16 43.24%
  • My data doesn't need to be encrypted

    12 32.43%
  • Encryption...What's that?

    2 5.41%
Page 1 of 10 123 ... LastLast
Results 1 to 10 of 92

Thread: Who is more knowledgeable when it comes to computer security?

  1. #1

    Who is more knowledgeable when it comes to computer security?

    Who is more knowledgeable when it comes to computer security?

    After reading several great pdf(s) on "thoroughbred" security and the math that backs it....... I've come to the realization about who's smarter when it comes to the topic.

    This mans name can be seen in the depths of the security pdf world. He is noted in five out of every ten pdf's I've read. James P. Anderson

    David Bell and Len LaPadula ......... Clark-Wilson........etc...... etc.......

    http://csrc.nist.gov/publications/history/#paperlist I promise you these are all great reads.

    "Computers are nothing more than a collection of finite logical switches. It is not only possible to make something perfectly secure, but it has already been done by the good people at Ford Aerospace." ~ catch

    I love that quote because in the face of reality you can't argue with it.

    So I'll let James P. Anderson represent those guys.

  2. #2
    Banned
    Join Date
    Jun 2005
    Posts
    445
    There is no patch for human stupidity.

  3. #3
    The mind is a terrible thing to close.

    I'm talking about people who have paved the way for systems that are many generations old, which are so validated; they're retiring without ever needing a patch. Finite state machines.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Interesting spin young Will.

    First principles. Read Marcus Aurelius. Of each particular thing ask: what is it in itself? What is its nature? What does he do, this man you seek?

    What is the first and principal thing he does, what need does he serve by educating?

    Now then, the quote that catch has thrown out there is excellent, but I have seein it word for word on other forums. I'm curious of the source and if Ford Aerospace has actually achieved this and under what conditions and requirements. Knowing how their automotive research division operates, my confidence is not high.

    And finally, the answer to your question is, there is no answer. Perpsective will dictate how you answer. Perspective is not objective. If it's not objective, it's nearly impossible to measure.

    I vote choice 3, none of the above.



    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Originally posted here by thehorse13
    Ford Aerospace has actually achieved this and under what conditions and requirements. Knowing how their automotive research division operates, my confidence is not high. --TH13
    Doctor, did you see the PDF 6th from the list?

    ford78.pdf Ford Aerospace, Secure Minicomputer Operating System (KSOS): Executive Summary Phase I: Design, Western Development Labratories Division, Palo Alto, CA 94303 (April 1978)

    That scanned type hurts your eyes because it's been typed.

    http://csrc.nist.gov/publications/history/ford78.pdf

  6. #6
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    I'm talking about people who have paved the way for systems that are many generations old, which are so validated; they're retiring without ever needing a patch. Finite state machines.
    Every computerchip is a finite state machine, but how many states does a pentium 4 have? About a several zillion? Being able to map all freakin states is theoretically possible, but it's not gonne make stuff more secure. A computer virus is a list of "legal" instructions too, yet it ****s up your computer. Now if you're gonne map all possible series of states, you'll still have an infite number of scenarios. You can't map that.
    Double Dutch

  7. #7
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    I'm with TH13, I'll take choice 3.

    -Maestr0

    The PSOS umbrella also supported CSL's early work on Information Flow. Given the HDM SPECIAL specifications for a security kernel, Rich Feiertag's flow analyzer (report CSL-109) produced would-be theorems that were fed to the Boyer-Moore theorem prover. This approach was used to analyze the multilevel security of KSOS (Ford Aerospace's Kernelized Secure Operating System), and found security flaws and covert channels in 16 of the 34 kernel functions. (The generation of would-be theorems and their proof efforts took 2.5 hours to run.)
    http://www.csl.sri.com/programs/secu...-projects.html

    There's the math to prove it for ya.
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  8. #8
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    The only way a computer can be formally and verifiably "secure"
    is by limiting the number and type of machine instructions so
    that no unexpected or unanticipated code can execute. Simple
    computers like digital watches come to mind. Or, the control
    systems in automobiles. A car's computer can't accept any
    programming except by replacing or reprogramming a PROM
    containing its entire repertoire of routines. Pretty safe.

    A personal computer is multi-purpose. For better or worse,
    it allows you to do as you please. The flexibility is necessary;
    the vulnerability is acceptible, and can be mitigated by good
    programming and user behavior.

    Trying to make a fool-proof computer, complex, useable,
    and productively useable by morons and malicious geniuses
    is a fool's errand. It's a simple dilemma. Either make the system
    self governing and rigidly unuseable (at least for tasks unforeseen
    by its designers), or design it wide open, with known and published
    behaviors, and limit whose fingers are allowed to touch the keyboard.

    Formal security is the Maginot line of the computer world, admittedly
    impenetrable but irrelevant to the strategy the enemy is likely to use.

    The Three Mile Island nuclear accident happened because, if the operators
    had heeded every warning, they would have shut the thing down every
    few hours for another over-sensitive alarm, Take the human operators out
    of the loop, and the automatic mechanisms wouldn't have permitted it
    to operate at all. People always bypass safety features because it's
    the only way to make things work.

    More formal, top-down security designs will only make this worse.
    At some level you have to trust someone, even if that someone
    is yourself.
    I came in to the world with nothing. I still have most of it.

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Doctor, did you see the PDF 6th from the list?
    Yes I have young Will but apparently the detail that escaped your attention did not escape another young agent by the name of Meastr0.

    lol.

    Now, if you'll excuse me, I'm having an old friend for dinner...
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    Doctor, did you see the PDF 6th from the list?
    I never read PDFs. It's a sure sign that the author is a moron.
    I came in to the world with nothing. I still have most of it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •