Communications of the ACM
Ghosts in the Machine Language
A number of previously undiscovered software exploits made themselves known in a big way this year, yet aging software based on UNIX is potentially more dangerous.
Credit: Alamy
Four of this year's most dangerous software exploits--Heartbleed, Goto Fail, Shellshock, and POODLE--were all examples of vulnerabilities that lay undiscovered in widely utilized code for years. When they eventually were discovered, their impact was deep and far reaching, a phenomena that likely will only get worse as the use of open source software proliferates.
Meanwhile, the wide-ranging use of software and operating systems (OSes) based on decades-old code is potentially more dangerous. For example, both Android and the Apple OSes have roots in the 1970s-era UNIX OS, as do numerous embedded devices such as set-top boxes, routers, and game consoles. Along with the useful elements of UNIX, these devices and OSes also often include vestigial bits of code that is decades old and widely available, creating innumerable opportunities for new exploits emerging in code people have forgotten to monitor.
The threat is especially insidious in simpler embedded devices, which often require only enough code to carry out a few simple tasks, but nevertheless contain a complete operating system. John Hopkins cryptographer Matthew Green says this creates a situation in which "nobody knows all the [device's] features, let alone all the bugs."
From The Economist
View Full Article
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA
No entries found