> On Jan 18, 2017, at 4:17 PM, Steve Kinney <ad...@pilobilus.net> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
>> On 01/18/2017 02:30 PM, John Newman wrote:
>> Use FreeBSD, build from source ;)
> 
> Security regression paradox:  What's to prevent whoever might have
> replaced the binary in the repo - or replaced it in transit to you -
> from also rigging the source?  So you have to audit the source.  And
> the compiler that makes the source useable might have already been
> compromised, so audit its source and then... oops, compile the audited
> compiler using a potentially compromised compiler on a potentially
> compromised OS.
> 

lol i know, it becomes increasingly apparent how impossible a full audit of all 
the hardware and software that led to the software that is running your 
computer would be, even with a totally open source OS ;)

Still, gotta take what you can get i guess..



> This problem is no reason to just give up, but it does transform the
> security picture from a purely imaginary secure vs. insecure binary
> state, to an ecosystem of context-dependent compromise solutions.
> 
> The costs of an "acceptable" security result depend on this question:
> What it is worth to an adversary to break your security model, vs.
> how much is preventing compromise of that asset worth to you?  If an
> adversary spends less to successfully attack an asset than they gain
> by doing so, the adversary wins.  If you spend more to successfully
> defend an asset than that asset is worth to you, you lose.
> 
> This context provides a rational basis for allocating resources to
> security, but alas, it rules out absolute values or one size fits all
> solutions:  Who are your potential adversaries, what motivates them,
> what resources are available to them?  Who benefits from your security
> strategy, and what are they willing / able to pay - in additional
> work, constraints on their behavior, and cash money - to secure the
> assets in question?  A security model that does not take these factors
> into accounts is a snake oil security model, regardless of the quality
> of the tools used.
> 
> 
> 
> 
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
> 
> iQEcBAEBAgAGBQJYf9tUAAoJEECU6c5Xzmuq4lIIAMmjeyTeLr2kAvlBzbjO9ANq
> /S33clrbw+kK6UgfgxIMRGuG9mtEF8UPw/aZh0NBLE2498VdG8NNo+ghLqxfzwLe
> v5OXKeRDHPoOGslB0CP1TciIGSMxPS4v8YXGuM6AbgL0Eb7pE268MtdFt3xmX6ZV
> z5S0aVWToIqC7CJerjrOPunlvp6EfVWX5heOuBFWSISsYh0eZyH0id5QgJWLTShF
> awWi8O1BrbvlUEtWWLbnKvB5IWDAAU8/xl6tuuxtozk3ar3hcCNer9KYzjBHvPBx
> NBiCb9Chg1D0B41g8/VOmQTPQFNaA+mByJ+go4dhMLTYW+HzfMf585aLm6wAxrc=
> =PvlM
> -----END PGP SIGNATURE-----

Reply via email to