I
On Mar 22, 2015 10:51 PM, "chitz" <chittra.03_at_gmail.com> wrote:
> I have one question
>
> Open source software is available for public means at the reach of anyone
>
> Having a security engineer to hardened it is good. But do you think 80% it
> will be secure.
>
Due to the integration of complex components, this is difficult. For
example, can we say that OpenSSL is bug free ? It is secure until the next
hole is discovered.
> There can be chances that some codes went unnoticed or hidden.is there a
> possibility?
>
This possibility exists. However, now, you also see a lot of focus on
vulnerability mitigation. For example, say I have xz which decompresses an
untrusted file from the network. I don't want it to run with access to all
of the system resources. So, I'd be happy to have it running in a sandbox.
A highly secure n/w will be 80% secure
> no s/w or h/w s 100% secure.
> On 22 Mar 2015 22:40, "Loganaden Velvindron" <loganaden_at_gmail.com> wrote:
>
>> On Sun, Mar 22, 2015 at 5:55 PM, chitz <chittra.03_at_gmail.com> wrote:
>> >
>> http://www.cnet.com/news/fridge-caught-sending-spam-emails-in-botnet-attack/
>> >
>> > The attack sent out over 750,000 spam emails, in bursts of 100,000
>> emails at
>> > a time, three times a day, with no more than 10 emails sent from any
>> one IP
>> > address, making them difficult to block. Over 25 per cent of the emails
>> were
>> > sent from devices that weren't conventional computers or mobile
>> devices. It
>> > is the first documented case of common appliances being used in a cyber
>> > attack -- but that doesn't necessarily mean it was the first time it
>> > occurred, and it certainly won't be the last.
>>
>> If you look closely at those embedded devices you will noticed how
>> much of their core code is based on Open Source software :-)
>>
>> You could trick those devices if you have malicious javascript code
>> running on a machine within the same network. e.g laptop.
>>
>> I'm not saying that Open Source is not secure. You still need a
>> security engineer who will analyze the firmware, and think of ways of
>> hardening it.
>>
>>
>>
>>
>> --
>> This message is strictly personal and the opinions expressed do not
>> represent those of my employers, either past or present.
>>
>
Received on Mon Mar 23 2015 - 06:35:31 PST