Well, I do like fluoride in my water

| Comments (4) | SYSSEC Software
Nominum is introducing a new "cloud" DNS service called Skye. Part of their pitch for this service is that it's supposedly a lot more secure. Check out this interview with Nominum's John Shalowitz where he compares using their service to putting fluoride in the water:
In the announcement for Nominum's new Skye cloud DNS services, you say Skye 'closes a key weakness in the internet'. What is that weakness?

A: Freeware legacy DNS is the internet's dirty little secret - and it's not even little, it's probably a big secret. Because if you think of all the places outside of where Nominum is today - whether it's the majority of enterprise accounts or some of the smaller ISPs - they all have essentially been running freeware up until now.

Given all the nasty things that have happened this year, freeware is a recipe for problems, and it's just going to get worse.

...

What characterises that open-source, freeware legacy DNS that you think makes it weaker?

Number one is in terms of security controls. If I have a secret way of blocking a hacker from attacking my software, if it's freeware or open source, the hacker can look at the code.

By virtue of something being open source, it has to be open to everybody to look into. I can't keep secrets in there. But if I have a commercial-grade software product, then all of that is closed off, and so things are not visible to the hacker.

By its very nature, something that is freeware or open source [is open]. There are vendors that take a freeware product and make a slight variant of it, but they are never going to be ever able to change every component to lock it down.

Nominum software was written 100 percent from the ground up, and by having software with source code that is not open for everybody to look at, it is inherently more secure.

First, I should say that I don't have any position on the relative security of Nominum's software versus the various open source DNS products. With that said, I'm not really that convinced. The conventional argument goes that it's harder for attackers to find vulnerabilities in closed source software because it's harder to work with the binaries than the source. This is a proposition which I've seen vigorously argued but for which there isn't much evidence. Now, it's certainly true that if nobody can get access to your program at all, then it's much harder to figure out how it works and how to attack it. However, Nominum does sell DNS software, so unless the stuff they're running on Skye is totally different, it's not clear how much of an advantage this is.

Salowitz also argues that being closed source lets him hide "secret way[s] of blocking a hacker from attacking my software". This seems even less convincing, primarily because it's not really clear that such techniques exist; there's been a huge amount of work on software attack and defense in the public literature, so how likely is it that Nominum has really invented something fundamentally new? And if you did in fact have such a technique, but one that's only secure as long as it's secret, then it's far more vulnerable to reverse engineering than programs ordinarily are, since the attacker just needs to reverse engineer it once and it's insecure forever. By contrast, if they reverse engineer your program to find a vulnerability, you can close that vulnerability and then they need to find a new one.

Again, this isn't to say that Nominum's system is or isn't more secure than other DNS servers (though DJBDNS, for instance, has a very good reputation). I don't have any detailed information one way or the other. However, this particular argument doesn't seem to me to establish anything useful.

4 Comments

Well, there's certainly a type of attack that hiding the source code avoids: If I can root through the source code and find a bug that I can exploit, then I have a window during which I'm in control, before you fix the bug and distribute the fix. With some installations, slow to install fixes, I might be laughing for a long time.

I'm reminded of the old text-based "Adventure" game, which had a trick: there was a pile of magazines, and you got one point if you picked up the pile and left it in a particular room. If you finished the game with 349 points, you got the rank of "Wizard"; if you got the full 350 points, you had the rank of "Cheater"... because you must have looked at the source code (or been told by someone who had).

Of course, it's disingenuous to claim that avoiding the "magazines at Witt's End" scenario truly makes your product "more secure". What really make your product more secure are good programming practices and wide scrutiny of your source code, so that the errors that do slip through are caught early and often.

Good grief. I'm surprised that anyone is taking this guy seriously considering his comments and that the system he is hawking could be exploited by recently found vulnerabilities while various open sourced systems couldn't. He is an idiot. Even the interviewer could see that at question two.

(there are interesting advantages and disadvantages to either method of developing code - this guy's comments don't add to that debate)

Barry,

This isn't a feature of having the source code but having access to the software at
all. It's possible (and happens regularly) that people disassemble binaries and find
vulnerabilities without access to the source.

Finding problems given the source is vastly easier than finding problems given a compiled binary.

It isn't binary. All software has bugs; being open makes it easier to find. This doesn't mean you don't use it, or even that you don't use it for secure things. The open stuff can easily be more secure than the free stuff.

As someone with a history of selling closed-source software competing against open-source software, this guy seems nuts. I quite believe that his system is more secure, but saying "it's because we keep things secret!" just fails me.

Leave a comment