[OLPC Security] olpc security - wetware issues

alien alien at MIT.EDU
Thu Feb 8 22:03:22 EST 2007 

You raise a good point-- the first step would be to decide what would
be important to log in this environment. Off the top of my head, you
might want to track who has logged in and out, when programs were
installed, when updates were applied, perhaps unusual uses of
privilege, account creation/deletion or when/by whom shared files were
accessed. What do you think?

Certainly at a minimum, I imagine reviewing who has logged into the
system is a good start and a concept that any child should be able to
understand. 

alien


"Simson L. Garfinkel's Treo 700p" writes:
>what 'logs' are you thinking there are to review?
>___
>Sent with SnapperMail
>www.snappermail.com
>
>...... Original Message .......
>On Thu, 08 Feb 2007 18:43:04 -0500 "alien" <alien at MIT.EDU> wrote:
>>
>>Sure. Reviewing logs doesn't prevent attacks-- but it can tell you
>>when someone else has been using your computer without your
>>knowledge. It needn't be required, but it should be trivial for
>>interested users to discover and peruse system logs, and it might be
>>nice to include system maintenence guidance for children who are
>>interested.
>>
>>As you suggested, keeping a history of when shared files are accessed
>>might be handy, too.
>>
>>
>>Ka-Ping Yee writes:
>>>On Thu, 8 Feb 2007, alien wrote:
>>>> >I couldn't disagree more. That normal users would ever have to know 
>what
>>>> >logs are, let alone check them frequently, is nothing but a gross
>>>> >failing of our field, and a failing that Bitfrost is partially trying 
>to
>>>> >remedy.
>>>>
>>>> Don't you want to know when someone has been in your house? You can't
>>>> rely on machines to take care of everything, especially when the
>>>> machine may be compromised. Occasional log review is the safety net,
>>>> the opportunity for a human to notice that he or she may have been
>>>> burglarized, or that something else is not functioning proprerly.
>>>
>>>I doubt that log review is a good thing to require of users.  Any
>>>system that is capable of logging the fact that an attack occurred
>>>is capable of preventing the attack in the first place.
>>>
>>>I'm not against providing history and feedback in the context of a task
>>>(e.g. if the user has voluntarily shared a file, the ability to see
>>>when it has been accessed is useful) -- but i don't think it should be
>>>relied upon in order to prevent attack.
>>>
>>>
>>>-- ?!ng
>>>_______________________________________________
>>>Security mailing list
>>>Security at laptop.org
>>>http://mailman.laptop.org/mailman/listinfo/security
>>_______________________________________________
>>Security mailing list
>>Security at laptop.org
>>http://mailman.laptop.org/mailman/listinfo/security
>>
>

More information about the Security mailing list