From: Charles Hottel on 31 Oct 2009 13:33 "Pete Dashwood" <dashwood(a)removethis.enternet.co.nz> wrote in message news:7l2opiF3c9700U1(a)mid.individual.net... > docdwarf(a)panix.com wrote: >> In article <7kvt4jF39ambbU1(a)mid.individual.net>, >> Pete Dashwood <dashwood(a)removethis.enternet.co.nz> wrote: >>> docdwarf(a)panix.com wrote: >> >> <snip> > You raised a valid point about security, however, you seem to think that > if you have the source code everything is somehow then secure. My point is > that that is simply not the case. > > The fact that you show source code to an Auditor does not necessarily mean > that that is the source of the object code in production. Levels and > versions can be easily spoofed in object code and object libraries can be > patched by a determined fraudster. > > Having source code is no guarantee whatsoever of purity. > > At least if there IS NO source code we know that the object code we have > IS what is running. (And if it is a component, there will only be one > version of it. Nevertheless, even that could be patched or spoofed...) > > The only solid measure of integrity are the results obtained, random > checked aganst various trails, with independently balanced controls on > files and totals. > > These results can be obtained just as easily using component based systems > as with non-component based ones. > > Source code is no more a measure of security and integrity than frogs are > a measure of snakes in a pond. > <snip> Thir discusssion reminded me of an article "On Trusting Trust". http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
From: Anonymous on 1 Nov 2009 09:02 In article <nd3me5lk8ghe4grrikqo3vgc4b2i7kfh6a(a)4ax.com>, Howard Brazee <howard(a)brazee.net> wrote: >On Fri, 30 Oct 2009 13:23:22 +0000 (UTC), docdwarf(a)panix.com () wrote: > >>I did not ask what you did, Mr Dashwood, I asked 'are you writing'. >>Please notice the difference in tense... not that it is anything to get >>tense about. >> >>(wonderful language, this English) > >As with the guy who told his psychiatrist that he was a Wigwam and a >Teepee... He wore a Native American dwelling on his toupee to keep kis wig warm? Perhaps I missed a Holiday somewhere.
From: Anonymous on 1 Nov 2009 09:28 In article <7l2opiF3c9700U1(a)mid.individual.net>, Pete Dashwood <dashwood(a)removethis.enternet.co.nz> wrote: >docdwarf(a)panix.com wrote: >> In article <7kvt4jF39ambbU1(a)mid.individual.net>, >> Pete Dashwood <dashwood(a)removethis.enternet.co.nz> wrote: >>> docdwarf(a)panix.com wrote: [snip] >>>> Are you writing a 'moderately secured system' that gets reviewed by >>>> competent auditors? (longtime readers may recall something similar, >>>> years ago, when I asked Mr Dashwood about loading tables with >>>> 60,000,000 rows) >>> >>> I have written (and worked on ) major systems for 4 household name >>> Banks (even an American Bank) and 3 Insurance Companies. >> >> I did not ask what you did, Mr Dashwood, I asked 'are you writing'. >> Please notice the difference in tense... not that it is anything to >> get tense about. > >The fact that I am not currently doing something does not mean I have never >done it or know nothing about it. That was my point. Mr Dashwood, read the newsgroup and you'll find postings from folks who wrote for ICL machines and recall - some, even fondly! - directly patching load-modules. The fact that I no longer have white-blonde hair and can sing a decent soprano in no wise that I am doing so today... or am even capable of doing such. This is my point - that 'I did it before' does what was done Back Then is not, necessarily, any kind of indication of what one is doing now. > >> >> (wonderful language, this English) >> >> [snip] >> >>> There is nothing wrong or fraudulent about using certified >>> components in system design. >> >> This discussion has been going on, back-and-forth, for a few days >> now, Mr Dashwood, and this is the first mention I recall seeing about >> 'certified' components. Let me guess... that's what you intended all >> along but just neglected to mention, right? > >Not at all. Not all components are certified, or need to be. My point is >that IF there is such a need, there are such components available to meet >it. Such a clean, neat world you posit, Mr Dashwood... me, I tend to keep in mind the observation that 'The universe is a very dirty laboratory' and I do not live with the tautology of 'if the need's there then such components will be available as will satisfy the requests of auditors'. > >You raised a valid point about security, however, you seem to think that if >you have the source code everything is somehow then secure. My point is that >that is simply not the case. No, Mr Dashwood, I never stated that 'if you have the source code everything is somehow then secure', what I stated was that auditors have requested from me source code, copybooks and file dumps. That is not what you appear to have interpred it into. > >The fact that you show source code to an Auditor does not necessarily mean >that that is the source of the object code in production. Mr Dashwood, when I show something to an auditor I have done my best, before said showing, to insure - as best as an application coder might be able - that the source code matches the load module. If it does not then I supply the auditors with the discrepancies I've found and suggest they confer with the System Librarian about resolving them. >Levels and >versions can be easily spoofed in object code and object libraries can be >patched by a determined fraudster. This seems to hearken back to the 'you already accept a certain level of uncertainty... so accepting more is Just Dandy' school of argument. As I mentioned, auditors I have met do not seem to take joy in hearing this. > >Having source code is no guarantee whatsoever of purity. Having source code, however, can be a pretty solid guarantee that one has source code to supply to the auditors when they have requested it. > >At least if there IS NO source code we know that the object code we have IS >what is running. Eh? If having source code is no guarantee that the load module is the product of that code then having NO (caps original) source code gives knowledge that the object code is what is running. Makes perfect sense, aye... and I am the King of England. >(And if it is a component, there will only be one version >of it. Nevertheless, even that could be patched or spoofed...) Who would dare do such a thing, I wonder. [snip] >>>> Are these systems you have written? >>> >>> No. Absolutely not. >> >> Thanks much for the refreshing and direct answer, Mr Dashwood; it is >> very much appreciated and may be seen as setting a new bar or >> standard. > >For whom? For someone who may appreciate and see it as such, naturally. DD
From: Pete Dashwood on 1 Nov 2009 09:43 Charles Hottel wrote: > "Pete Dashwood" <dashwood(a)removethis.enternet.co.nz> wrote in message > news:7l2opiF3c9700U1(a)mid.individual.net... >> docdwarf(a)panix.com wrote: >>> In article <7kvt4jF39ambbU1(a)mid.individual.net>, >>> Pete Dashwood <dashwood(a)removethis.enternet.co.nz> wrote: >>>> docdwarf(a)panix.com wrote: >>> >>> > <snip> >> You raised a valid point about security, however, you seem to think >> that if you have the source code everything is somehow then secure. >> My point is that that is simply not the case. >> >> The fact that you show source code to an Auditor does not >> necessarily mean that that is the source of the object code in >> production. Levels and versions can be easily spoofed in object code >> and object libraries can be patched by a determined fraudster. >> >> Having source code is no guarantee whatsoever of purity. >> >> At least if there IS NO source code we know that the object code we >> have IS what is running. (And if it is a component, there will only >> be one version of it. Nevertheless, even that could be patched or >> spoofed...) The only solid measure of integrity are the results obtained, >> random >> checked aganst various trails, with independently balanced controls >> on files and totals. >> >> These results can be obtained just as easily using component based >> systems as with non-component based ones. >> >> Source code is no more a measure of security and integrity than >> frogs are a measure of snakes in a pond. >> > <snip> > > Thir discusssion reminded me of an article "On Trusting Trust". > > http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf It was an interesting article. Thanks. Pete. -- "I used to write COBOL...now I can do anything."
From: Pete Dashwood on 1 Nov 2009 10:00
docdwarf(a)panix.com wrote: > In article <7l2opiF3c9700U1(a)mid.individual.net>, > Pete Dashwood <dashwood(a)removethis.enternet.co.nz> wrote: >> docdwarf(a)panix.com wrote: >>> In article <7kvt4jF39ambbU1(a)mid.individual.net>, >>> Pete Dashwood <dashwood(a)removethis.enternet.co.nz> wrote: >>>> docdwarf(a)panix.com wrote: > > [snip] > >>>>> Are you writing a 'moderately secured system' that gets reviewed >>>>> by competent auditors? (longtime readers may recall something >>>>> similar, years ago, when I asked Mr Dashwood about loading tables >>>>> with 60,000,000 rows) >>>> >>>> I have written (and worked on ) major systems for 4 household name >>>> Banks (even an American Bank) and 3 Insurance Companies. >>> >>> I did not ask what you did, Mr Dashwood, I asked 'are you writing'. >>> Please notice the difference in tense... not that it is anything to >>> get tense about. >> >> The fact that I am not currently doing something does not mean I >> have never done it or know nothing about it. That was my point. > > Mr Dashwood, read the newsgroup and you'll find postings from folks > who wrote for ICL machines and recall - some, even fondly! - directly > patching load-modules. The fact that I no longer have white-blonde > hair and can sing a decent soprano in no wise that I am doing so > today... or am even capable of doing such. This is my point - that > 'I did it before' does what was done Back Then is not, necessarily, > any kind of indication of what one is doing now. This is so convoluted as to be totally obtuse. I have no idea what you are talking about. If you wish to have a response to what is rapidly becoming a pointless conversation anyway, could you possibly drop the pretentious display of pomposity and respond in simple, plain, concise, English? No...? Ok, never mind... Pete. <snipped as indecipherable without more effort than I am prepared to make> -- "I used to write COBOL...now I can do anything." |