back to article Kaminsky: The internet is germ-ridden and it's time to sterilize it

Dan Kaminsky, the savior of DNS and chief scientist for White Ops, has used the opening keynote of Black Hat 2016 to outline three technologies he has been working on that could make working online a lot safer – if they are adopted. First, and most importantly, Kaminsky has been developing a micro-sandboxing system that spins …

  1. David Pollard

    "[T]his is something government should be devoted to fixing long term"

    I wish.

  2. Hstubbe

    one step ahead..

    "Hopefully he won't end up like Ignaz Semmelweis, who ... ended up a crazed alcoholic."

    Kaminsky is one step ahead of Semmelweis. If you've ever seen one of his talks you'll know he already *is* a crazed alcoholic :)

    1. adnim
      Pint

      Re: one step ahead..

      I drink too much... Responsibility for IT systems is the monkey on my shoulder. Reliance on third parties is the proverbial last straw.

      1. theOtherJT Silver badge
        Pint

        Re: one step ahead..

        "High functioning" That's what I keep telling myself. I'm "High functioning".

  3. Anonymous Coward
    Pint

    So far as I can tell, not having grunted over the code in each browser, the first two concepts are already being implemented in baby steps. I wouldn't mind seeing Kaminsky's ideas directly done. Tangentially, Rustlang really is trying to generate a safer, multitaksing, multiple sandbox browser. Preventing potentially infectable code out there in the wild in the first place is a really nice idea.

    Kaminsky is one step ahead of Semmelweis. If you've ever seen one of his talks you'll know he already *is* a crazed alcoholic :) FWIW, I really diagnosed as that. I really need to see one or more of his talks if he actually thinks this way.

    Icon: 'cause I really, really need a pint. Well, several.

  4. Anonymous Coward
    Anonymous Coward

    Don't Want To End Up

    "shunned .... and ended up a crazed alcoholic."

    On the other hand, I could use the company.

  5. DCLXV

    Long story short

    Or at least as I read it: reinventing QubesOS and mixing Markov chains with MetaSploit

  6. joed

    does it even matter?

    At this point the biggest threat are the OS vendors (like MS). Sandboxing more trusted apps won't help when the big bro is overseeing the content of containers. I'd rather deal with Internet germs than bugged house.

  7. cantankerous swineherd

    "people are actually losing confidence in the internet."

    it's been a snake pit for years now. anything attached to the internet is sacrificial.

  8. Anonymous Coward
    Anonymous Coward

    Sterilize the internet? YEAH!

    Let's start with all those damned anonymous cowards! Postin' everywhere an' clutterin' up th' place! Like fekkin' cockroaches! Kill all the anonymous cowards!

    Blink. Blink.

    Oh wait... Fuck!

    (Sounds of being strangled.)

    1. Anonymous Coward
      Anonymous Coward

      Re: Sterilize the internet? YEAH!

      I would've said that a tax on such people is sufficient, but on second thoughts I suppose anonymous cowardice is more serious than merely standing in water.

  9. Christian Berger

    Kaminsky used to be cool

    Now unfortunately he seems to just drool some buzzwords around. It's sad to see a person go like this.

    Virtualisation might bring some limited security benefit, however a virtual system with no pourous boundaries is useless as you need to get data in and out. Additionally problems like "Rowhammer" and cache timing attacks to virtual systems can render those benefits moot.

    So while virtualisation can bring benefits, it's not a "slap on and you are done" solution. The far better solution, in my opinion, is to reduce complexity.

    1. Tchou
      Thumb Up

      Re: Kaminsky used to be cool

      Finally a comment on the ideas and not on the guy who made them.

      Have an upvote from me.

      ... Plus :

      - Vms can start in milliseconds, it will nonetheless trash CPU caches every time impairing any well written code (the kind that actually care about how a computer work).

      - These "sandboxes" are nothing new or desirable, FreeBSD uses since the 70's jailed processes, the benefit being that it don't need a way out of the sandBox to fully execute and leave nonetheless the "real" system that contain the jail completely safe.

      - "things are actually getting compromised" : yes and by-design. For some well known reasons, already available efficient security measures do not get the industry traction it (we) need.

      Side note on IronFrame it looks like a good technology to push web control farther, not necessarily for the user benefit.

      But who am I to know.

  10. Vic

    "We are terrible at teaching people how to make things secure. We're not paying enough attention to what they need."

    This is total cobblers - we're very good at teaching people how to make things secure. The trouble is that the people who take the decision to ship code are actively resistant to such advice, seeing it merely as "negativity". This will not change until the penalty for overseeing such a project is personally appreciable to those decision-takers...

    Vic.

    1. Christian Berger

      Actually not really

      " we're very good at teaching people how to make things secure."

      We now have universities which have turned their Informatics courses into "Learn how to program in C#/Java/C++ or whatever language if fashionable today"-courses. Nobody teaches the basics any more which are vital for writing safe code. Instead C++-style OOP is being taught as if it was an essential feature, even though most programmers will never get near a project actually making use of the additional functionality they get from the added complexity.

      Nobody teaches the most important element of security any more: Keeping it simple.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon