Engineers Develop Secure ("unhackable") Reliable Web Server

[sumdumguy]

unhackable.. i'm sure you've heard that term before.. but what do you think of this ?

snipets

Hauk and Uner applied the same rigorous techniques used to design chips that run medical equipment to the computers that run the Internet. Their first offering is a unique Web server built to run for months--even years--without human intervention.
.
.
The reason their computer cannot be hacked and won't break down, said Hauk, is its utter simplicity. It doesn't have an operating system--the millions of lines of code that run most Internet computers--but relies instead upon a "kernel" of just 4 kilobytes of code.
.
.
"This has no operating system, so all the hacks on Unix and Windows mean nothing to it," . "We even went to the point of taking viruses and copying them onto the hard drive of this thing. It ignored them. Viruses don't affect the code they wrote."

too good to be true ? read the whole article here

[problemchild]

unhackable.. i'm sure you've heard that term before..

Kind of like unsinkable..... as the iceberg said to the Titanic.

glug, glug, glug........

[aeallison]

I will almost guarrantee that these machines will be out of reach for small web hosting firms and ISP's as far as price goes, especially if they get gov. contracts for them. My experience tells me that if the govs like it, then the rest of the country will never see it, or they won't be able to afford it until its obsolete...

hehe... reading this back I see pessimism, and I am, by nature, an optimist. Whats this world coming to anyway? The world may never stop asking that question...

[cwk9]

Well I doubt its immune to denial of service attacks.

[droby10]

alright, maybe i'm an idiot - but let's think about the differential they are presenting (i didn't follow up with any other documents, so i'm assuming a lot on the architecture/technology [which may not be accurate]).

- there is a slimline kernel (ie. a process running in memory).
- there is some sort of filesystem (hdd, ramdisk, etc.)
- but there is no OS?

this get's me because i've always believed that an OS is comprised of a kernel, a filesystem and a shell. if my assumptions are correct then it's still 2/3rds of an OS. 1/2 if you throw device drivers into your definition (i gather they are sort of irrelevant in this case).

i'm assuming that the embeded functions provide most of the service capability, leaving the kernel to manage/interact with the filesystem.

so let's think about the filesystem for a minute.

if it is online (installed locally), then there would have to be some means of file management (ie. a service such as ftp). this means accounts - poor passwords and password policies, dictionary and brute force availability.

if it is remote (tftp, cifs, nfs, etc). then the housing for the remote filesystem is more than likely going to be a point of interest.


at the least it sounds as though there would be a limitation in service capability (ie. webapps, backend processes, integration, etc.). but should be adequate for static pages.
*** i didn't get whether the java reference indicated that it would be supported or not, so the above may be way off***

the most obvious downside, is that when a vulnerability is found - the resources required by both the vendor and their clients to "patch" it will be intensive.

and i had another thought/concern - but i lost it. i hate it when that happens...no sleep for me tonight.

[Jabberwocky]

i agree with droby10, if most of the functions of the server were done threw embedded systems, its really going to cut down on the functionality and versitility of the machine.

and saying it's "unhackable" is pretty bold; they must have a pretty narrow definition of the work hack. i remember reading of an old, primitive dos attack on the phone systems that consisted of nothing more then a nearby trunk box, jumper cables and a honda electrical generator. i bet the same attack could be applied here.

[Sudo]

This doesn't make any sense. These two guys think that because there is no exploits known which work against their computer, that noone will ever find any?

"This has no operating system, so all the hacks on Unix and Windows mean nothing to it," Brambert said. "We even went to the point of taking viruses and copying them onto the hard drive of this thing. It ignored them. Viruses don't affect the code they wrote."

Guess what, I went to the point of taking viruses (for windows) and copying them onto my Linux hard drive, It ignored them. Big surprise.

And these guys develop chips for pacemakers? That's a scary thought.

It may be be temporarily unhackable, but nothing is unhackable forever.

--Sudo

[gghornet]

I think it's a big line of crap.Nothing is "unhackable" and nothing ever will be.As a matter of fact I think the best way to get everybody and their brother to try and hack your system,call it unhackable.Everybody wants to be the first to make a discovery,and hacking is sure no exception.

[specs]

Most *nix kernels you can customize to be hell of a small. If you want to customize a kernel to run purely as a webserver, you'll only need few devices. Some tty's, simple hardware (for nic, kbd, hdd, etc). Run from console, your whole fs will only be a couple of mb.

Hauk and Uner have stumbled onto something that many people before have discovered: Keep It Simple [Stupid]. If you want to design something that works well, why make it complicated? You will only run into problems.

What's this about not having an OS? An OS basically, is some software on your computer, that manages hardware and resources. The main part of your OS: the kernel.

There have been many of such developments over the years. I heard of a company that has offered a challenge to anyone who can compromise their system, with a prize if someone does. The last I heard, the system was still uncompromised.

[retoor]

There has got to be alot of things missing if "kernel" size is down to 4K!

But it is built to never reboot? So the hack here would be to reboot it? I think it wouldn´t matterif you had it reboot! With that small a "kernel" it wouldn´t take long, thus wuickly being online again! Maybe thats what they mean by unhackable! But hey, my guess is as good as any!