* [9fans] Chaos anyone?
@ 2003-06-05 1:32 A. Baker
2003-06-06 9:58 ` Douglas A. Gwyn
0 siblings, 1 reply; 11+ messages in thread
From: A. Baker @ 2003-06-05 1:32 UTC (permalink / raw)
To: 9fans
I'd be (wildly) interested in comments of the security
persuasion.
(Plan 9s current model vs Unix (yes I RTFM, TYVM :-)
vs Process-Based Security(PBS), vs ... ?
See This?
http://story.news.yahoo.com/news?tmpl=story&cid=620&ncid=620&e=4&u=/nf/20030603/bs_nf/21652
(in essence)
HydraOS
"It is "the first hack proof Web-services appliance
-------------8<-------------
(Welllll?)
http://www.thirdpig.com/brickserver.htm
-------------8<-------------
which can defend against such an attack and will never
crash," Bodacion Technologies chief software architect
Eric Uner told NewsFactor. "The server's combination
of complex mathematics and embedded systems makes it
impervious."
The Hydra operating system (OS) is composed of a small
real-time nano-kernel, TCP/IP networking stack, Web
server, FTP server and file system designed by former
Motorolasoftware engineers Uner and Eric Hauk.
Hydra's kernel is loaded from flash memory rather than
disk, according to company specifications. Each time
Hydra loads the kernel, it checks for viruses, then
constantly scans the kernel in RAM for any viruses or
unauthorized changes.
"Hydra's embedded kernel is one aspect that makes
Hydra so revolutionary," Bodacion's documentation
claims. "Hydra constantly checks its small kernel for
corruption, making Hydra immune to viruses."
Bodacion's Hydra server uses biomorphic mathematics --
a derivative of Chaos Theory used to model the random
growth of living things -- to generate series of
pattern-less numbers that cannot be deciphered by
hackers, even if they possess the basic mathematical
formula, Uner told NewsFactor. No two Hydra users ever
receive the same session ID, customer ID, order ID, or
any other digital identification. Nor will any hacker
be able to discern a pattern and predict the next
number, Uner added."
http://hydra.hellug.gr/download.html
Also has anyone honeypotted, -netted Plan 9 (yet)?
http://www.honeypots.net/
http://www.securityfocus.com/infocus/1506/
Alllll those big words!
I've been gone awhile and am trying to catch up. I'm
actively(?!) putting off the gauntlet of hardening my
sacrificial (Unix) Gnu(g)oat.
Many thanks,
=====
Boojum
__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [9fans] Chaos anyone?
2003-06-05 1:32 [9fans] Chaos anyone? A. Baker
@ 2003-06-06 9:58 ` Douglas A. Gwyn
2003-06-06 10:12 ` Lucio De Re
2003-06-06 11:15 ` northern snowfall
0 siblings, 2 replies; 11+ messages in thread
From: Douglas A. Gwyn @ 2003-06-06 9:58 UTC (permalink / raw)
To: 9fans
A. Baker wrote:
> Bodacion's Hydra server uses biomorphic mathematics --
> a derivative of Chaos Theory used to model the random
> growth of living things -- to generate series of
> pattern-less numbers that cannot be deciphered by
> hackers, even if they possess the basic mathematical
> formula, Uner told NewsFactor. No two Hydra users ever
> receive the same session ID, customer ID, order ID, or
> any other digital identification. Nor will any hacker
> be able to discern a pattern and predict the next
> number, Uner added."
In sci.crypt we call this "Snake Oil".
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [9fans] Chaos anyone?
2003-06-06 9:58 ` Douglas A. Gwyn
@ 2003-06-06 10:12 ` Lucio De Re
2003-06-06 11:15 ` northern snowfall
1 sibling, 0 replies; 11+ messages in thread
From: Lucio De Re @ 2003-06-06 10:12 UTC (permalink / raw)
To: 9fans
On Fri, Jun 06, 2003 at 09:58:17AM +0000, Douglas A. Gwyn wrote:
>
> A. Baker wrote:
> > Bodacion's Hydra server uses biomorphic mathematics --
> > a derivative of Chaos Theory used to model the random
> > growth of living things -- to generate series of
> > pattern-less numbers that cannot be deciphered by
> > hackers, even if they possess the basic mathematical
> > formula, Uner told NewsFactor. No two Hydra users ever
> > receive the same session ID, customer ID, order ID, or
> > any other digital identification. Nor will any hacker
> > be able to discern a pattern and predict the next
> > number, Uner added."
>
> In sci.crypt we call this "Snake Oil".
"Obfuscation with intent to deceive" would be a good legal
description, to my mind.
++L
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [9fans] Chaos anyone?
2003-06-06 9:58 ` Douglas A. Gwyn
2003-06-06 10:12 ` Lucio De Re
@ 2003-06-06 11:15 ` northern snowfall
1 sibling, 0 replies; 11+ messages in thread
From: northern snowfall @ 2003-06-06 11:15 UTC (permalink / raw)
To: 9fans
>
>
>> Bodacion's Hydra ...
>
> In sci.crypt we call this "Snake Oil".
Maybe thats why it's called hydra... :)
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [9fans] Chaos anyone ?
2003-06-11 23:17 ` boyd, rounin
@ 2003-06-13 8:38 ` Douglas A. Gwyn
0 siblings, 0 replies; 11+ messages in thread
From: Douglas A. Gwyn @ 2003-06-13 8:38 UTC (permalink / raw)
To: 9fans
"boyd, rounin" wrote:
> From: "A. Baker" <boojum_42@yahoo.com>
> > I'd (still) be (wildly) interested in comments of
> > the security persuasion.
> i'm sure Doug Gwyn can explain it far better than i have attempted to.
It could turn into a very long technical discussion.
The basic thing to appreciate is that chaotic behavior
is far from random behavior. In fact it typically has
long-range order that can be exploited. There is at
least one published chaotic bit generator that has not
yet (so far as I know) been shown to be distinguishable
from a uniform-random bit generator, but since it is
based on a simple deterministic formula one should feel
uneasy about what developments the future might bring.
(The simple formula is offset by a potentially
unbounded amount of internal state; otherwise cracking
the generator would be trivial.)
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [9fans] Chaos anyone ?
2003-06-11 23:09 A. Baker
@ 2003-06-11 23:17 ` boyd, rounin
2003-06-13 8:38 ` Douglas A. Gwyn
0 siblings, 1 reply; 11+ messages in thread
From: boyd, rounin @ 2003-06-11 23:17 UTC (permalink / raw)
To: 9fans
From: "A. Baker" <boojum_42@yahoo.com>
> I'd (still) be (wildly) interested in comments of
> the security persuasion.
i'm sure Doug Gwyn can explain it far better than i have attempted to.
^ permalink raw reply [flat|nested] 11+ messages in thread
* [9fans] Chaos anyone ?
@ 2003-06-11 23:09 A. Baker
2003-06-11 23:17 ` boyd, rounin
0 siblings, 1 reply; 11+ messages in thread
From: A. Baker @ 2003-06-11 23:09 UTC (permalink / raw)
To: 9fans
>> I'd (still) be (wildly) interested in comments of
>>the security persuasion.
>> (Plan 9s current model vs Unix (yes I RTFM, TYVM
:-)
>> vs Process-Based Security(PBS), vs ... ?
>err, describe your 'threat model'.
> 1) what have you got to protect?
> 2) how much will its compromise 'cost'?
> 3) how much are you prepared to 'pay' to protect
>it?
>it's not black and white ... it's grey ...
GREY! We're full color! ;-)
1)
Xinet server add on
WebNative
http://www.xinet.com/
2)
Realistically? in money?
2 days with backups, times the look on the owners face
... PRICELESS.
3)
As far as an appliance? Not sure (were poor lately),
so I'm hanging around trying to talk to smart people,
such as you fine folks here.
Mostly I'm just lazy, not incapable with the state of
things.
I think D. Ritchie(?) was quoted saying:
"Unix administration is a nightmare."
Yes. Yes, it is.
=====
Boojum
__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* [9fans] Chaos anyone ?
2003-06-10 2:54 [9fans] Chaos anyone ? A. Baker
2003-06-10 3:06 ` boyd, rounin
@ 2003-06-10 18:09 ` Joel Salomon
1 sibling, 0 replies; 11+ messages in thread
From: Joel Salomon @ 2003-06-10 18:09 UTC (permalink / raw)
To: 9fans
Could anyone make a guess as to how long it would take to re-implement IX
under plan9? This is not a request, I see little use for such a beast, but
would make an interesting discussion.
How much of what *isn't* snake-oil in the Hydra article (or similar,
'legitimate' products) was left unanswered in the IX papers?
--Joel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [9fans] Chaos anyone ?
2003-06-10 2:54 [9fans] Chaos anyone ? A. Baker
@ 2003-06-10 3:06 ` boyd, rounin
2003-06-10 18:09 ` Joel Salomon
1 sibling, 0 replies; 11+ messages in thread
From: boyd, rounin @ 2003-06-10 3:06 UTC (permalink / raw)
To: 9fans
> I'd (still) be (wildly) interested in comments of the
> security persuasion.
> (Plan 9s current model vs Unix (yes I RTFM, TYVM :-)
> vs Process-Based Security(PBS), vs ... ?
err, describe your 'threat model'.
1) what have you got to protect?
2) how much will its compromise 'cost'?
3) how much are you prepared to 'pay' to protect it?
it's not black and white ... it's grey ...
^ permalink raw reply [flat|nested] 11+ messages in thread
* [9fans] Chaos anyone ?
@ 2003-06-10 2:54 A. Baker
2003-06-10 3:06 ` boyd, rounin
2003-06-10 18:09 ` Joel Salomon
0 siblings, 2 replies; 11+ messages in thread
From: A. Baker @ 2003-06-10 2:54 UTC (permalink / raw)
To: 9fans
>Bodacion's Hydra server uses biomorphic mathematics
--
>a derivative of Chaos Theory used to model the random
>growth of living things -- to generate series of
>pattern-less numbers that cannot be deciphered by
>hackers, even if they possess the basic mathematical
>formula, Uner told NewsFactor. No two Hydra users
>ever receive the same session ID, customer ID, order
>ID, or any other digital identification. Nor will any
>hacker be able to discern a pattern and predict the
>next number, Uner added."
>>Bodacion's Hydra ...
>
>In sci.crypt we call this "Snake Oil".
----
>Maybe thats why it's called hydra... :)
----
>"Obfuscation with intent to deceive" would be a good
>legal description, to my mind.
----
http://www.interhack.net/people/cmcurtin/snake-oil-faq.html
http://www.counterpane.com/crypto-gram-9902.html#snakeoil
Yeah, it did sound like they were swingin' their *icks
:-)
I'd (still) be (wildly) interested in comments of the
security persuasion.
(Plan 9s current model vs Unix (yes I RTFM, TYVM :-)
vs Process-Based Security(PBS), vs ... ?
Searching for some silver bullets.
Thanks,
=====
Boojum
__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* [9fans] Chaos anyone?
@ 2003-06-06 10:20 Andrew Simmons
0 siblings, 0 replies; 11+ messages in thread
From: Andrew Simmons @ 2003-06-06 10:20 UTC (permalink / raw)
To: 9fans
> Bodacion's Hydra server uses biomorphic mathematics --
> a derivative of Chaos Theory used to model the random
> growth of living things -- to generate series of
> pattern-less numbers that cannot be deciphered by
> hackers, even if they possess the basic mathematical
> formula, Uner told NewsFactor. No two Hydra users ever
> receive the same session ID, customer ID, order ID, or
> any other digital identification. Nor will any hacker
> be able to discern a pattern and predict the next
> number, Uner added."
>In sci.crypt we call this "Snake Oil".
In New Zealand, we call this "Complete and Utter Bollocks"
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2003-06-13 8:38 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-06-05 1:32 [9fans] Chaos anyone? A. Baker
2003-06-06 9:58 ` Douglas A. Gwyn
2003-06-06 10:12 ` Lucio De Re
2003-06-06 11:15 ` northern snowfall
2003-06-06 10:20 Andrew Simmons
2003-06-10 2:54 [9fans] Chaos anyone ? A. Baker
2003-06-10 3:06 ` boyd, rounin
2003-06-10 18:09 ` Joel Salomon
2003-06-11 23:09 A. Baker
2003-06-11 23:17 ` boyd, rounin
2003-06-13 8:38 ` Douglas A. Gwyn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).