It is currently Mon Aug 19, 2019 2:22 am

All times are UTC




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 100 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author Message
 Post subject:
PostPosted: Sun Feb 01, 2009 8:38 pm 
Offline

Joined: Sat May 20, 2006 5:30 am
Posts: 66
OK, you're right. If I don't trust the person, indeed I won't use the person's shard. But I think a point has been missed. Security matters in all parts of the system.

How many machines hosting UU servers were broken into? I don't know the answer, but I am aware of at least three incidents. In UU, a cracked server was relatively harmless for the player. Now think about code, whether it is the client executable, or Python, being downloaded to the player's computer from the server. Would you want to be running code from a compromised server?

The server operator checking the code up front is very important but it cannot be the only defense; it does not protect anyone if the client isn't getting what the person running the server intends. So client security matters even if the server operator and age creators are all trustworthy people. As I said, security also depends on being able to verify you actually received what was checked, tested, and accepted. At some point you have to trust people, but you shouldn't trust servers, they are computers and are incapable of being trustworthy.



I think it's a bit of a shame that people seem to think of security as some kind of struggle between client security and server security. Why are they at odds? Why would anyone feel the need to say, "I want server security at the cost of client security" or vice versa? The concern should be securing the whole system.

Until now, people have talked about addressing server security in various different ways, but the client is always left to fend for itself. If you don't think client security is worth anything, fine. But don't block those of us who do want client security. It is actually not difficult from the server's point of view to provide the necessary functionality for securing the client, and client security does not preclude the server from being able to control what the client runs under normal usage.

Under any kind of actual attack, your plan to force players to use your client, libraries, Python, whatever, does not even work. In the end, you cannot control what your attacker runs on his computer. All you can do is make sure normal users are using the right stuff, and you can make it more and more difficult for an attacker, but you cannot stop him that way. The only way that truly works to achieve server security is to validate all input from the client.

Once you accept that you cannot force an attacker to use your client, then you can actually set up the whole system in a way that provides the server control over what non-attackers are using while also providing what is necessary for client security instead of making it impossible. What is wrong with that goal?

It's perfectly fine for the server to expect a certain client, and to arrange for checks for it. What is not perfectly fine is denying me the ability to choose a client and code that I know is safe. So long as a server operator refuses to let me obtain a client and Python code in a way that verifies it is what he and I both intended me to have, that operator is denying me the ability to be safe, without gaining any true security himself. If you want to go that route, I won't visit your shard. However, it doesn't have to be that way for everyone. Let the rest of us secure our clients in peace.

- a'moaca'


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Feb 01, 2009 9:27 pm 
Offline
Obduction Backer

Joined: Tue May 09, 2006 10:13 pm
Posts: 3426
Location: Lost in the void
I agree with your last post. My point was that trying to wrestle away data distribution from the server side is IMO a dead end.

Anyway, we are now planning to include Python code checking as part of the GoMa age inspection process.

_________________
D'Lanor (ɹǝʇunч puǝƃǝן uɐqɹn)

KI#


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Feb 01, 2009 11:46 pm 
Offline

Joined: Wed May 17, 2006 11:30 pm
Posts: 1115


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Feb 02, 2009 12:52 am 
Offline

Joined: Wed Nov 08, 2006 10:20 pm
Posts: 303

_________________
Avatar: Anaerin
Ki: 118686


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Feb 02, 2009 2:07 am 
Offline

Joined: Tue May 09, 2006 7:48 pm
Posts: 100


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Feb 02, 2009 3:41 am 
Offline
Obduction Backer

Joined: Mon May 15, 2006 10:02 pm
Posts: 2266
Location: Tigard, OR

_________________
MOULa KI: 26838 | | Visit to explore Myst, Uru, and D'ni communities!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Feb 02, 2009 9:37 pm 
Offline
Obduction Backer

Joined: Tue May 09, 2006 10:13 pm
Posts: 3426
Location: Lost in the void

_________________
D'Lanor (ɹǝʇunч puǝƃǝן uɐqɹn)

KI#


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Feb 03, 2009 12:03 am 
Offline

Joined: Fri May 19, 2006 4:35 pm
Posts: 137


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Feb 03, 2009 2:16 am 
Offline
Obduction Backer

Joined: Wed May 10, 2006 2:16 am
Posts: 167
Location: Fort Worth, Texas, USA

_________________
"Look he cries when I hit him with his stupid umbrella. I can't believe he made these incredible promises of wonderful new umbrellas. Cry umbrella man! Cry!" - CyanBill


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Feb 05, 2009 8:01 am 
Offline

Joined: Sat Nov 11, 2006 2:28 am
Posts: 687
Location: Bevin Field Office - KI: 01350736


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Apr 13, 2009 2:13 pm 
Offline

Joined: Tue Feb 05, 2008 6:11 pm
Posts: 1969
Location: Land of Confusion
What about the way they keep the ULM and the UAM secure can you use the same method they use to prevent malicious software from being downloaded?

_________________
When You have eliminated all other possibilities What ever is left must be the solution

E=mc2
Energy = Milk x Coffee Squared


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Apr 14, 2009 11:07 pm 
Offline

Joined: Sat May 20, 2006 5:30 am
Posts: 66
Well, in short, ULM and UAM have the same security issues. They are not inherently more secure. The major difference is that the code is downloaded separately, so you are able to double-check the integrity using a checksum from a separate source or something, or inspect the files yourself for safety.

If you don't do that after a download and before starting up the game, ULM and UAM are really not secure either.

But I should point out, this is really no less secure than any other downloading of unsigned applications which you do not double-check. It is exactly the same, except your anti-virus will help you even less.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Apr 15, 2009 6:04 am 
Offline

Joined: Tue Feb 05, 2008 6:11 pm
Posts: 1969
Location: Land of Confusion
So unless I read into this whole thing wrong, open source is basically the honor system.

One thing just came to mind Advertising Which can be a double edges sword, Im not that familiar with all this tech stuff but I do know that if the site is advertised and is safe and securer you are more likely to get a larger number of clientèle interested in Uru live and therefor more revenues, some Good advertising for Cyan, and possibly increased interest in the other products Cyan is working on developing.

However the other edge to this sword is that some might see this "safe and secure site" as a challenge and that being the first to compromising it would give them that feeling of accomplishment that some one gets for being "the first"

_________________
When You have eliminated all other possibilities What ever is left must be the solution

E=mc2
Energy = Milk x Coffee Squared


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Apr 20, 2009 8:50 pm 
Offline

Joined: Wed May 10, 2006 3:12 pm
Posts: 2190
Location: Houston

_________________
Waymet


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Apr 20, 2009 9:30 pm 
Offline

Joined: Thu May 11, 2006 5:22 pm
Posts: 1810
Location: California
MJ, I'm not sure I would call it the honor system... however, that is pretty accurate, but...

With the source available anyone can examine it. Therefore trust is not really an issue for open source because it is full disclosure. With a number of people using it the whistle-blower factor goes up. Many of us think OS software is more secure and safe then many commercial products.

_________________
Nalates - GoC - 418 - MOULa I: Nal KI#00 083 543, MOULa II: KI#00 583 875Nalates 111451 - Second Life: Nalates Urriah


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 100 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6, 7  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to: