Linux Security: Reflections on 2002
by Bob Toxen - Tuesday, 7 January 2003.
The growth of wireless networks will continue. With current wireless technology lacking decent security, many networks will be compromised. While many organizations do have a firewall, they fail to harden systems behind them. Thus, a single weak point such as a wireless component will allow many systems to be compromised. I advised the use of firewalls between different parts of large companies to limit the spread of a compromise in the first edition of "Real World Linux Security" back in 2000. Unfortunately, many organizations fail to do this.

I predict a major Linux virus in 2003, perhaps through Netscape via email or through Instant Messaging. A vulnerability in Java or the RealAudio or RealVideo player could be a vector for the spread of a virus. If Microsoft starts offering products for Linux in 2003, as far as security is concerned, good luck.

A blended attack is a distinct possibility. This might be a large truck bomb taking out a large building at the same time an Internet attack takes out "911" emergency switchboards and the city's traffic light system. This would prevent rescue workers from helping the victims and increase the terror.

The current copyright and licensing battles will get much nastier as the greed of Hollywood and Microsoft leads to even more onerous restrictions on users. The U.S. FBI recently allowing Microsoft goons to come along on a "raid" is a most scary trend. At least the California Supreme Court had the sense to rule that California law does not apply to someone in another state. The dismissal of DMCA prosecution of Adobe's complaint against Elcomsoft is a bit of light.

Despite Adobe claiming that the decryption code will allow massive violations of their copyright, not a single case of this was found. What makes this case especially absurd yet scary is that Adobe did not really encrypt its eBook data. It used a scheme similar to "ROT1". This is where each letter "A" is replaced with "B", "B" replaced with "C", and "Z" replaced with "A". This is such a weak algorithm that their claim that they used encryption and thus DMCA applied is debatable. I suspect that had the jury not laughed the case out of court, an appeals judge would have dismissed it.

I predict a serious U.S. Constitutional test of DMCA, with a reasonable chance of it being thrown out as unconstitutional. U.S. copyright law gives the purchaser of copyrighted material the right to use it as much as he wants so long as he does not make copies of it. In other words, you can play your CD or read your book as much as you want or sell your copy to whomever will buy it for whatever price you can get.

DMCA allows a vendor to take these rights away from someone who has purchased something. It even allows the creator to restrict when and where or how many times something may be heard or viewed. Hopefully, these constitutionally granted rights will be restored. Hollywood's lobbyists attempting to further stretch the concept of a "reasonable period of time" for copyright protection may cause a Supreme Court rollback of the duration of copyright protection. There are similar battles around the world, though I must admit to not being familiar with them.

The current interest of everyone and his brother in forensics and honeypots will die down. For other than those doing serious research in computer security, I find its only value is demonstrating to management that insecure systems will be breached.


Bob Toxen is author of the new book "Real World Linux Security: Intrusion Prevention, Detection, and Recovery, 2/e", the first edition (available in English, Chinese, and Japanese), one of the 162 official developers of Berkeley Unix, and one of the four programmers who first ported Unix to the Silicon Graphics workstation. The book's web site is An interview with Bob is available here.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th