From: Niklas Holsti <niklas.holsti@tidorum.invalid>
Subject: Re: Canal+ crash
Date: Sun, 21 Jul 2024 11:00:36 +0300 [thread overview]
Message-ID: <lg3th4F90ggU1@mid.individual.net> (raw)
In-Reply-To: <v7icut$654$1@dont-email.me>
On 2024-07-21 10:22, Dmitry A. Kazakov wrote:
> On 2024-07-21 03:04, Lawrence D'Oliveiro wrote:
>> On Sat, 20 Jul 2024 11:08:47 +0200, Dmitry A. Kazakov wrote:
>>
>>> On 2024-07-20 09:43, Lawrence D'Oliveiro wrote:
>>>
>>>> On Sat, 20 Jul 2024 09:23:11 +0200, Dmitry A. Kazakov wrote:
>>>>
>>>>> It is about the fundamental principle that security cannot be added on
>>>>> top of an insecure system.
>>>>
>>>> Actually, it can. Notice how the Internet itself is horribly insecure,
>>>> yet we are capable of running secure applications and protocols on top
>>>> of it.
>>>
>>> Why on earth do we need security updates?
>>
>> Because computer systems are complex, and new bugs keep being discovered
>> all the time.
>
> This does not make sense. You can create a very complex system out of
> screwdrivers and still each screwdriver would require no update.
>
> Systems consist of computers and computers of software modules. There is
> nothing inherently complex about making a module safe and bug free.
> Security interactions are primitive and 100% functional. There is no
> difficult issues with non-functional stuff like real-time problems.
Well, several recent attacks use variations in execution timing as a
side-channel to exfiltrate secrets such as crypto keys. The crypto code
can be functionally perfect and bug-free, but it may still be open to
attack by such methods.
But certainly, most attacks on SW have used functional bugs such as
buffer overflows.
next prev parent reply other threads:[~2024-07-21 8:00 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-19 21:41 Canal+ crash Nicolas Paul Colin de Glocester
2024-07-20 7:23 ` Dmitry A. Kazakov
2024-07-20 7:43 ` Lawrence D'Oliveiro
2024-07-20 9:08 ` Dmitry A. Kazakov
2024-07-21 1:04 ` Lawrence D'Oliveiro
2024-07-21 7:22 ` Dmitry A. Kazakov
2024-07-21 8:00 ` Niklas Holsti [this message]
2024-07-21 9:10 ` J-P. Rosen
2024-07-21 9:34 ` Dmitry A. Kazakov
2024-07-21 11:11 ` Nicolas Paul Colin de Glocester
2024-07-21 21:53 ` Lawrence D'Oliveiro
2024-07-22 6:36 ` J-P. Rosen
2024-07-23 1:48 ` Lawrence D'Oliveiro
2024-07-21 9:19 ` Dmitry A. Kazakov
2024-07-21 11:31 ` Niklas Holsti
2024-07-21 16:49 ` Dmitry A. Kazakov
2024-07-21 21:55 ` Lawrence D'Oliveiro
2024-07-21 21:52 ` Lawrence D'Oliveiro
2024-07-22 7:16 ` Dmitry A. Kazakov
2024-07-23 1:49 ` Lawrence D'Oliveiro
2024-07-23 7:06 ` Dmitry A. Kazakov
2024-07-23 8:36 ` Lawrence D'Oliveiro
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox