[OLPC Security] olpc security - wetware issues
Ka-Ping Yee
laptop at zesty.ca
Thu Feb 8 18:21:13 EST 2007
On Thu, 8 Feb 2007, alien wrote:
> >I couldn't disagree more. That normal users would ever have to know what
> >logs are, let alone check them frequently, is nothing but a gross
> >failing of our field, and a failing that Bitfrost is partially trying to
> >remedy.
>
> Don't you want to know when someone has been in your house? You can't
> rely on machines to take care of everything, especially when the
> machine may be compromised. Occasional log review is the safety net,
> the opportunity for a human to notice that he or she may have been
> burglarized, or that something else is not functioning proprerly.
I doubt that log review is a good thing to require of users. Any
system that is capable of logging the fact that an attack occurred
is capable of preventing the attack in the first place.
I'm not against providing history and feedback in the context of a task
(e.g. if the user has voluntarily shared a file, the ability to see
when it has been accessed is useful) -- but i don't think it should be
relied upon in order to prevent attack.
-- ?!ng
More information about the Security
mailing list