If you write shell scrips, you should check out Dave Taylor’s latest article in Linux Journal.
He gives key examples of what can go wrong if you don’t pay attention to certain things.
For example, if you have a dot in (especially at the start of) your PATH variable, you risk running a Trojan horse that snuck sneakily into your /tmp directory. If you want the dot, put it last.
Anyway, a simple straight forward article with a few pieces of good advice: Writing Secure Shell Scripts
This is very simple, and it has more to do with the philosophy and marketing of operating systems than the technology of the operating systems themselves, though the technology does matter a great deal as well. First, lets have a look at how this ransomware attack was allowed to happen to begin with.
The vast majority of affected systems in this latest world wide cyber attack were Windows based computers that were not updated with recently available and easily deployed patch. The attack did not affect other operating systems, and Windows systems that had a recently released security patch were not affected. (I was going to put a link here to direct people to the Microsoft web page with info on what to do if you were attacked, but a minute or two of perusal on the Microsoft site mostly told me about Microsoft’s new products, and I did not find any such page. If you have a link, please place it in a snark free comment below.)
Why was the patch not deployed on so many computers? For several reasons.
Some of the operating systems were running under administrative policies that did not allow patching for some reason or another. I’ve only heard rumors of this but it sounds like a blind-future style pre-decision, in the same category of other bone-headed human processes like no tolerance policies for knives in schools and three strikes you are out sentencing policies. It works like this: You remove thinking from the process by making all decisions in advance, and then get the heck out of there with limited liability and whatever happens happens. If you do this you are probably a member of congress or a school board member planning on retiring soon. It never goes well. Telling security IT people in advance what they can and can’t do because of HR or personnel regulations is like going to a doctor and telling them what your diagnosis and treatment is going to be, in advance. You will die of something curable, eventually, if you do that regularly.
Some of the operating systems were running on computers that are, in theory, never supposed to be turned off. This is similar to the first reason in its stupidity level. For one thing, making it impossible to patch an OS ever is really not smart. For another thing, that computer you plan to never turn off is going to turn itself off now and then. But it is also bad at another level, the level of the operating system. Windows has operated, for years, under the principle that when enough stuff goes wrong, you turn off the computer and start again, and if that does not work you reinstall the operating system from scratch. Now, I know, you Windows lovers will jump in at this point and tell me that “Windows doesn’t work that way any more” but you know what? After decades of hearing how Windows Past is not Windows Present, when it really is, I don’t care what you say. Also, actual on the ground Windows users have been trained, by Microsoft policy, to reboot or reinstall for decades. Anyway, the point is, Windows can not be updated on the fly, and thus, the system utterly fails in a situation where updating is critical, which by the way is all the time and all machines, because even computers you use for nothing but curating recipes for muffins, if hooked to the Internet (where all the good muffin recipes are), can still be the platform for launching a secondary cyber attack.
Some of those operating systems were in health related fields (referring here to both of these first two excuses) and that is why so many health related facilities were hit initially.
Another reason, which is a bit tricky, is the problem with updating stolen software. If you stole the OS it might be hard to get an update or patch. It seems like a good idea for the company making the OS to do this, as it encourages buying the product and discourages stealing it. Yet, many tens of thousands of computers, maybe hundreds of thousands, are currently locked down by WannaCry because they were pirated, and not updated. This becomes a public health (cyber-health, eHealth) risk. It is like vaccination. We all suffer because so many others get the disease, even those of us who did not fail to do the right thing.
This is a moment when we look at something like computer operating systems and realize that they are actually a public good as much as, or more then, they are a commercial product. Think of roads and canals in the old days. Roads and canals were often privately owned (as were fire departments and police forces in many cases) and eventually it became apparent that these are all public goods, so they were essentially taken over by the government. Similarly, power companies and railroads. Not exactly taken over but made into quasi public entities through integration with public agencies and heavy regulation.
I’ve often argued that things like Google, Amazon.com, Facebook, Twitter, etc. have become the equivalent of public goods, like roads and the post office, etc., in a similar way. To some extent, this is also true of operating systems.
There is of course a solution to all of this. What we need is an operating system that is made by the public itself. If all interested parties simply became involved, and maybe large companies with a lot of stake in computers would put aside a meaningful amount of their own software development resources, and a few public and private agencies would provide some grants and bounties and stuff, we could have an operating system that was free, easily installed, updated every week with common updates (like, maybe, on Sunday evenings or something) with a very easy and easily automated system of updating, that would be great.
Ideally most software would come from well maintained and secure repositories that were checked for malicious code. There could be several different such repositories more or less redundant with each other but maybe tweaked to cater to different types of users. The added advantage of several different but similar repositories is this: even if some bad code gets into one repository, the fact that across users, many different repositories are used, would slow its spread.
By making the operating system free, easy, effective, powerful, flexible, and easily updated almost every one of the limitations in the way we do things that allowed WannCry to spread and ruin everything would simply not have happened. A few people would be hit, it would be a minor story.
On top of this, let’s make this new operating system have a few other security related features.
For instance, monitoring code. The way it works now with Windows, is that a finite number of paid and I’m sure brilliant individuals are in charge of coding and maintaining the operating system, and updated and patches, while a much larger number of criminal-minded nefarious but also brilliant individuals are focused on breaking the security. This means that there is an uneven arms race where day to day Microsoft will always be a step ahead of the bad guys, except every now and then when the bad guys jump ahead and make a huge mess.
I propose that this ratio be reversed, that the arms race between the good and the evil become totally one sided in the other direction. Have a very large number of individuals, a proportion of the above mentioned community of private individuals and interested corporations and agencies, working on security, swamping out the nefarious bad guys. There would be very few moments when the bad guys got very far ahead of the good guys.
In addition, the operating system itself could have other security related features. For example, the basic tools inside the operating system could be well maintained, highly traditional, really clean and neat code, and free to use. So, for example, basic tasks that any new software might use are figured out, so you don’t have to add your own new version of the code to do them. This means that new code will generally be fast, effective, clean, easier to maintain, and more secure.
Also, the operating system can work more like a prison than, say, a food court. In a food court, you do what you want to do (eat, meet your friends, hang out) in a rather chaotic environment where you can move freely from place to place. Someone puts their food down on a table to go back to the Azian Kuizine window to get the chopsticks they forgot, and you can grab their pot stickers, sit down at a nearby table, and no one can really figure out that you just sole their food. And so on.
In a prison, you can theoretically leave your cell and walk down the hall to the gym, then go to the cafeteria, then the law library. But, the entire route is blocked by a series of doors that only specific people have permission to open, at specific times, for specific reasons. Everything you do requires having permission at every step of of the way, and it is all constantly being carefully watched.
Life should be more like the food court. What happens inside computers should be more like the prison.
Of course, by now, most of you have figured out that I’m talking about Linux. Linux is an operating system that is already widely used when certain conditions pertain. Since the Android OS is based on Linux, and the majority of servers run Linux, and Linux is becoming the preferred desktop in China, it may well be that Linux is more widely deployed right now than any other operating system, though most Westerners think of it as nearly non-existent on desktops.
Critical tasks are often trusted to Linux or similar operating systems (Unix, BSD, etc.) because of reliability and security. When efficiency is required, Linux is often tapped because it can be deployed in a very efficient manner. Linux acts internally like the prison, not the food court. The system itself is constantly monitored open source code, and most of what runs on it is openly monitored as well. Software is usually distributed via secure repositories. The system is free and easily updated, there is no such thing as a pirated copy of Linux. There is a regular schedule of updates, they come out every Sunday.
Another important feature of Linux is the separation of the operating system and the surface appearance of the system. The operating system itself comes in a number of varieties, but most people use one of two: Red Hat or Debian (there are others). But the surface of the OS, the part the user sees, is not related to that at all. Most people use a “desktop” which provides the windows and stuff, the parts that you interface with, and there are several versions of this, from which users can more or less pick and chose.
Here is why this is important: The desktop provides the user experience, and the user experience sells the product. If you develop a proprietary operating system like Windows, many of your decisions, including when to produce major updates, etc. is driven by the marketing department. The development and deployment of the operating system is a complex process where designers and marketing gurus are at the same table, essentially, as security experts and developers concerned with efficiency.
In the Linux system, the security people and efficiency and functionality developers work most of the time independently from the equivalent of “marketers” or “designers” because of this two layer aspect of the system. It is quite interesting to visit the communities of desktop developers and hear what they are saying to each other, then visit the community of system developers and hear what they are saying to each other. They are pretty much two distinct conversations. There will never be a marketing or design decision about Linux that impacts security.
Linux is the female operating system in a patriarchic world. Refer to the appropriate John Lennon song for a starker analogy. It does a lot of the work, maybe most of the work, but is usually not recognized. When people make comparisons, Linux has to dance backwards and in high heels.
If I say, like I just said here, that “if Linux was widely in use, the WannaCry attack would have been much less severe” people will respond “Linux can be attacked too” and that will be taken by others, and possibly meant to begin with, as stating “Linux and Windows are the same, its just that attackers attack Windows and not Linux.” That is a pernicious falsehood that feels a lot like many sexist comments about the limitations of women. Yes, Linux could in theory be attacked. No, Linux is pretty much not attacked very often or ever, so your fantasy about how it can be attacked has no empirical back up. No, Linux and Windows are not the same in which they are developed, designed, maintained, deployed, updated, or secured, and every single one of those differences gives Linux a huge leg up on security and Windows one or more disadvantages.
If a cyber attack is a mugger, Windows is a physically small drunken person with wads of money sticking out of his pockets, staggering down a dark ally near the convention hall during a mugger’s conference, while Linux is a hundred sober and smart well trained Navy Seals each driving a separate armored car in undisclosed locations.
Yes, you can attack the Navy Seals. But if you do that, they’ll make you wanna cry.
The terrorists have defeated the railroads, and by extension, the people. Well, not totally defeated, but they won a small but important battle.
We have a problem with the wholesale removal of petroleum from the Bakken oil fields, and the shipping of that relatively dangerous liquid mainly to the east coast on trains, with hundreds of tanker cars rolling down a small selection of tracks every day. I see them all the time as they go through my neighborhood. These trains derail now and then, and sometimes those derailments are pretty messy, life threatening, and even fatal.
There has been some effort in Minnesota to get the train companies to upgrade their disaster plans, which is important because about 300,000 Minnesotans live in the larger (one half mile) disaster zone that flanks these track. A smaller number, but not insignificant, live int he blast zone, the place where if a couple of train cars actually exploded you would be within the blast area. For the last couple of years, my son was at a daycare right in that blast zone. I quickly add that the chance of being blasted by an oil train is very small, because the tracks are in total thousands of miles long, derailments are rare(ish), and the affected areas can be measured in city blocks. So a blast from a Bakken oil train may be thought of as roughly like a large air liner crash, or may be two or three times larger than that, in terms of damage on the ground.
But yes, the trains derail at a seemingly large rate.
Now, here is where the terrorists come in. And by terrorists I specifically mean Osama bin (no relation) Laden, or his ghost, and that gang of crazies that took down the world trade center in New York. When that happened, we became afraid of terrorism, and everyone who could use that fear for personal gain has since exploited it. I’m pretty sure that the rise of the police state in America has been because of, facilitated by, and hastened due to this event. For years the American people let the security forces and related government agencies do pretty much whatever they wanted. The Patriot Act, you may or may not know, is a version of a law that conservatives have been pushing in the US for decades, a draconian law that gives great power to investigative and police agencies. That law never got very far in Congress until 9/11. Then, thanks to Osama bin Laden, it seemed like everyone wanted it. Only now, years later, are we seriously considering rolling it back (and to some extent acting on that consideration).
So now, the railroads have been forced to come up with a disaster plan related to the oil shipments. And they did. But for the most part they won’t let anyone see it. Why? Because, according to one railroad official, “… to put it out in the public domain is like giving terrorists a road map on how to do something bad.”
What does he mean exactly? As far as I can tell, the disaster plan pinpoints specific scenarios that would be especially bad. These scenarios, if they fell into the hands of terrorists, would allow said terrorists to terrorize more effectively.
I’m sure this is true. But I’m also sure this is not a reason to keep the plans secret. There are three reasons, in my view, that the plans should be totally available for public review.
1) If you want to know what the worst case scenarios for a rail tanker disaster are, don’t read this report. It is easier to get out a map, maybe use some GIS software if you have it, and correlate localities where the train tracks cross over bridges, cross major water sources, and go through dense population areas. A high bridge through an urban area over an important river, for instance. This is not hard. Indeed, I call on all social studies teachers with an attitude (and most of the good ones have an attitude) to make this a regular project in one of your classes. Have the students try to think like terrorists and identify the best way to terrorize using oil trains. The reason to do this is to point out how dumb the railroads are being.
2) Secret plans are plans that can be exploited or misused by those who make them. We will see security measures taken that, for example, limit public access to information unrelated to oil trains, with the terroristic threat used as an excuse. I’m sure this has already happened. It will continue to happen. It is how the police state works.
3) The plans can be better. How do I know this? Because all plans can be better. That’s how plans work. How can you make the plans better? Scrutiny. How do you get scrutiny? Don’t make the plans secret.
MPR news has a pretty good writeup on this situation here. MPR is fairly annoyed at the secrecy, as they should be, but frankly I’d like to seem this and other news agencies, as well as the state legislators involved, and everyone else, more fired up. We should all be working harder against the police state.
I want to end with this: I like trains, and you should too. Trains are among the most efficient ways to move stuff across the landscape. Those of us concerned with things like climate change should be all for trains. Ultimately, I think we can increase the use of trains to move goods and people, and at the same time take the trains off fossil carbon. They are already mostly electric, using liquid fuel to run generators. That liquid fuel could be made, largely, from renewable biodiesel and a bit of grown biodiesel, and more of the trains can probably go all electric. But this secrecy thing is not OK.