> On Jan 18, 2017, at 4:17 PM, Steve Kinney <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >> On 01/18/2017 02:30 PM, John Newman wrote: >> Use FreeBSD, build from source ;) > > Security regression paradox: What's to prevent whoever might have > replaced the binary in the repo - or replaced it in transit to you - > from also rigging the source? So you have to audit the source. And > the compiler that makes the source useable might have already been > compromised, so audit its source and then... oops, compile the audited > compiler using a potentially compromised compiler on a potentially > compromised OS. >
lol i know, it becomes increasingly apparent how impossible a full audit of all the hardware and software that led to the software that is running your computer would be, even with a totally open source OS ;) Still, gotta take what you can get i guess.. > This problem is no reason to just give up, but it does transform the > security picture from a purely imaginary secure vs. insecure binary > state, to an ecosystem of context-dependent compromise solutions. > > The costs of an "acceptable" security result depend on this question: > What it is worth to an adversary to break your security model, vs. > how much is preventing compromise of that asset worth to you? If an > adversary spends less to successfully attack an asset than they gain > by doing so, the adversary wins. If you spend more to successfully > defend an asset than that asset is worth to you, you lose. > > This context provides a rational basis for allocating resources to > security, but alas, it rules out absolute values or one size fits all > solutions: Who are your potential adversaries, what motivates them, > what resources are available to them? Who benefits from your security > strategy, and what are they willing / able to pay - in additional > work, constraints on their behavior, and cash money - to secure the > assets in question? A security model that does not take these factors > into accounts is a snake oil security model, regardless of the quality > of the tools used. > > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (GNU/Linux) > > iQEcBAEBAgAGBQJYf9tUAAoJEECU6c5Xzmuq4lIIAMmjeyTeLr2kAvlBzbjO9ANq > /S33clrbw+kK6UgfgxIMRGuG9mtEF8UPw/aZh0NBLE2498VdG8NNo+ghLqxfzwLe > v5OXKeRDHPoOGslB0CP1TciIGSMxPS4v8YXGuM6AbgL0Eb7pE268MtdFt3xmX6ZV > z5S0aVWToIqC7CJerjrOPunlvp6EfVWX5heOuBFWSISsYh0eZyH0id5QgJWLTShF > awWi8O1BrbvlUEtWWLbnKvB5IWDAAU8/xl6tuuxtozk3ar3hcCNer9KYzjBHvPBx > NBiCb9Chg1D0B41g8/VOmQTPQFNaA+mByJ+go4dhMLTYW+HzfMf585aLm6wAxrc= > =PvlM > -----END PGP SIGNATURE-----
