Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Solar Wind is perhaps the biggest story in this area right now, but Red Hat is getting pushback on the way it wants to have more fluid updates on servers. Tom's has an article on how Firefox, Chrome, and Edge are being hacked with a type of background "update."
The potential for disaster with OS and browser automatic updates was obvious (at least to me) from the beginning.
I'm not quite sure what the best defensive strategy will be. My initial thought is read-only copies of critical software that cannot be changed by any outside code claiming to be an "update." It is hard (technically not impossible, though) to hack a brick wall.
The sandbox idea is great for browsers, a little harder for servers and the Red Hat issue. Many users don't have such options readily available, esp. if what they use is dictated by powers that be.
Dave - Nah, yer a mentsh. It is the way computers and software have been twisted that is fakakta.
The sandbox idea is great for browsers, a little harder for servers and the Red Hat issue. Many users don't have such options readily available, esp. if what they use is dictated by powers that be.
Dave - Nah, yer a mentsh. It is the way computers and software have been twisted that is fakakta.
Servers shouldn't be getting software or OS updates. This should be handled by simply updating the AMI (or equiv) and redeploying. Unless you're still using physical servers... which I doubt anyone is anymore.
Redhat must have thought this through for AMIs.
Worst case, you can just switch the Linux Distro. It's rather painless.
For browsers, if you're just talking about browsing the web, I'd just use an AWS Workspace.
This is a good opportunity to become familiar with how (and by whom) your browser is being packaged. That build of Firefox or Chromium has to be compiled somewhere and for most people, it is likely the official builds supplied by Mozilla, Google, etc.
One way to distance yourself from such updates is to run the long term support builds, as generally, new features and anti-features alike tend not to be implemented into these builds. At least not right away.
Or even better, there are lots of teams who take the time to declaw these anti features and release their own builds. I won't drop any names but any web search will yield several projects which reconfigure and rebrand Chromium or Firefox into more user-respecting downstream derivatives. Pick your poison.
Solar Wind is perhaps the biggest story in this area right now, but Red Hat is getting pushback on the way it wants to have more fluid updates on servers. Tom's has an article on how Firefox, Chrome, and Edge are being hacked with a type of background "update."
The potential for disaster with OS and browser automatic updates was obvious (at least to me) from the beginning.
I'm not quite sure what the best defensive strategy will be. My initial thought is read-only copies of critical software that cannot be changed by any outside code claiming to be an "update." It is hard (technically not impossible, though) to hack a brick wall.
So then any updates/enhancements requires a full removal and reinstallation of the product? What would that look like for companies that have thousands of servers?
Also - the Solarwinds issue (which is still being worked on) would make this even more of cluster. What happened is essentially the update you got was compromised (the engine itself, actually). So it matters little how you update your software. This is like buying a brand new software off the shelf. Except that the software vendor was compromised and their code was embedded with malicious software.
That said - this is a very valid point in that the supply chain was compromised.
So then any updates/enhancements requires a full removal and reinstallation of the product? What would that look like for companies that have thousands of servers?
Also - the Solarwinds issue (which is still being worked on) would make this even more of cluster. What happened is essentially the update you got was compromised (the engine itself, actually). So it matters little how you update your software. This is like buying a brand new software off the shelf. Except that the software vendor was compromised and their code was embedded with malicious software.
That said - this is a very valid point in that the supply chain was compromised.
Valid points, and any minor knowledge I had on servers is long out of date, and what goes on now is beyond my pay scale.
Updates (a word worthy of politicians) are often bug fixes, feature creep, a hidden method of revenue generation - such as background data gathering to be sold, and marketing in a competitive arena.
If the program cannot be hacked because it is read-only, and a hack of any platform is similarly frustrated or short lived, much of the legit rationale behind constant updates is gone. Yeah, the "latest and greatest" mantra is screwed, but it may be getting time for that level of maturity in some areas. Or not. Again, above my pay scale.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
