|
Title: Hackers Invited to Break $100 Laptops Post by: don on October 03, 2006, 04:53:47 PM Quote San Diego (CA) - Cheap computers for the world's poor could mean big security headaches. The $100 One Laptop Per Child (OLPC) project is inviting hackers to break test out and even break the security on the upcoming computers. Speaking at the Toorcon computer security convention, OLPC representative Ivan Kristić said the OLPC will create the largest monoculture in history and the it will present some "very scary" security problems. The low-pricedLinux-based computers will be sold to third-world countries and will have a 500 MHz AMD processor along with 128 MB of system memory and 512 MB of Flash storage memory. Standardized hardware along with a standard software image is one reason why the machines will be so cheap, but Kristić explains that this standardization will cause security issues. If tens of millions of OLPCs are sold, the device could create one of the largest computer monocultures in history, similar to what has happened to the Apple Macintosh. One single exploit could easily wipe out millions of computers. One huge security risk, according to Kristić, is that new computers will transparently transmit application code from one computer to another. The cheap laptops are meant to operate in a mesh wireless network and if one computer doesn't have an application, then it can acquire it wirelessly from another computer. Kristić calls this scenario "bloody scary". The OLPC is also designed to be very hackable and Kristić told Toorcon attendees that there was, "a lot of value" from having kids take apart the machine. If something goes wrong, the computer is designed to be easily restored from a server, USB sticks or from the mesh network. But the same easily hackable and easily restorable machine has to be made secure and that's where hackers come into play. Kristić said, "I want to help you break these machines... before there is a billion of them out in the field." Original Story: http://www.tgdaily.com/2006/10/03/toorcon2006_olpc_securityrisks/ OLPC: http://laptop.org Don Title: Re: Hackers Invited to Break $100 Laptops Post by: LSOChris on October 03, 2006, 08:10:47 PM that's sweet!
i love initiatives that will keep me employed doing computer security stuff! Title: Re: Hackers Invited to Break $100 Laptops Post by: jimbob on October 04, 2006, 10:50:25 AM Is anyone else breaking out into a nervous sweat thinking about all those zombied machines once someone does crack them in the wild?
"a great disturbance in the Force, as if millions of voices cried out in terror and were suddenly silenced…" Jim Title: Re: Hackers Invited to Break $100 Laptops Post by: don on October 04, 2006, 11:06:41 AM First of all, great quote.
Second of all, this is no worse than a release of any major OS with holes. And MS is not the only culprit here. Third, at least these guys are willing to look at this issue before unleashing millions of these machines. On a separate note, from the picture on their site, the laptops will be running FC5. Right now, this is a good, safe bet. But the Fedora Project is known for quick releases of new versions. What happens to the millions of machines a couple years down the line when FC8 is released, and they decide to end support for the old FC5? Just a thought. Don Title: Re: Hackers Invited to Break $100 Laptops Post by: Negrita on October 04, 2006, 06:05:08 PM Personally I think that Edubuntu (http://www.edubuntu.org/Home) is more fitting, and the spirit of Ubuntu seems more harmonious with the ideals of the OLPC project.
Title: Re: Hackers Invited to Break $100 Laptops Post by: don on October 12, 2006, 01:54:16 PM Here's an eweek write up on this topic with more details.
http://www.eweek.com/article2/0,1895,2028779,00.asp?kc=EWEWEMNL100906EP14A Should we as a community contact them and get involved in this? Anyone here up for such a task? Don Title: Re: Hackers Invited to Break $100 Laptops Post by: jimbob on October 23, 2006, 03:51:27 AM How accessible are these new $100 laptops going to be to those outside of the project? I'm hoping that the value of these laptops will be so low as to keep most of them off the grey markey but the good guys and the bad guys are going to want to get their hands on them for testing.
I think we should ask to get involved from the very start. The logisitcs of updating these machines once they are in the wild will be impossible, especially since many will never see a network connection. Mind you, it's not those ones we need to worry about. Jim
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |