[maemo-developers] Security Guidance for N800 OS development

From: Mark Eichin eichin-maemo-developers at thok.com
Date: Mon Feb 19 19:49:35 EET 2007
ISTR that the "attack surface" rhetoric originates with Microsoft,
because windows has traditionally had a fairly large one, and that it
was a good handle for describing "what needs fixing" on the Microsoft
side.  (It has made a big difference there.)

Linux (through it's unix roots) starts off from a better stance, and
while there are plenty of things to work on, it's not a matter of
needing to fix everything.  (You mention online banking - the
important issue to linux users there is Phishing and password
management, *not* packet level attacks, because the user is (as
always) the weakest link - so, for example, security labelling in the
Maemo UI might be an interesting topic...)

That said, it would be interesting to see uses of SE/Linux in embedded
devices like this - but it would *only* be "interesting", from a
security-geek perspective, it's not going to save the world...

More information about the maemo-developers mailing list