Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Code on the Internet Battlefield Needs Body Armor



 By: Peter Coffee
2006-09-18
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Opinion: Reverse engineering is both a tool of attackers and an instrument of national policy.

Continued controversy over U.S. military spending makes it a useful allegory of issues that arise in allocating IT resources. In the same way that defense planners find billions for high-tech systems but fall short in simple tasks like armoring soldiers, IT planners may be constructing vast new server farms that offer up key intellectual property as a much too easy target.

Its hard enough to protect mere data in customer-facing systems: eWEEK Labs has shown, in four international hacking challenges, that theres a worldwide community of knowledgeable experts with both the tenacity and the access to online resources that are needed to find and exploit database vulnerabilities. Much more hazardous are the systems that expose applications, or actually download executable code, to client devices and their users.

"Releasing .Net and Java applications without obfuscating them is tantamount to distributing the source code," observed Senior VP Sebastian Holst at Preemptive Solutions in response to one of my columns earlier this year—and as I said in that column, failing to take reasonable protective measures may be tantamount to yielding ownership rights. Yes, Holst has a dog in this fight: His company produces source obfuscation tools. That doesnt mean hes wrong, as anyone can independently determine by aiming any of several free decompilation tools at a companys code base.

Resource Library:

Moreover, any issues of protecting intellectual property become even more complex as international markets become the major opportunities for sales growth—and also major centers of potential competition in commercial software development. I spoke last week with one software development executive who preferred not to have her company named, saying that theres no advantage to be gained in defying potential attackers to take them on: "We found international companies that do reverse engineering and arent really prevented from doing that," she said, and "We found companies whose technology has been cracked and you can get the unblockers online; we found other companies whose solutions required compilation of their code into the executable, which would affect our release schedules."

This conversation points up the role of reverse engineering, not just as a tool of attackers, but as a matter of national competitiveness. Some have argued, for example, that recent antitrust actions against Microsoft in Europe are the migration into the courtroom of a war that couldnt be won in the laboratories.

These developments shine the spotlight on todays announcement by V.i. Laboratories of Waltham, Mass., of that companys CodeArmor 2.0 technology for adding reverse-engineering protections to executable code. My conversations with V.i. developers and with the above-quoted customer of the company suggest that the product addresses an intimidating portfolio of possible attack modes, including some that Id never before considered involving code crackers use of sophisticated emulation environments.

As Ive previously observed, nothing is too hidden to hack, but the V.i. Labs customer that I interviewed last week was realistic about that. "Its a lock on the door," she said. "It wont last for 10 years, but it will protect something for as long as it takes us to put out our next release in six months." Thats a realistic perspective on a critical need for anyone whose code has to go out there and fight for a living.

Tell me what youre protecting, and how, at peter_coffee@ziffdavis.com.





  Reader Comments: Code on the Internet Battlefield Needs Body Armor
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Peter Coffee
 


x}ks㶲*Q3皢H푦dKIJ|,Lj I)!){< /=hɏLb["h4{$sG3L{Jz(ٟ;ȧGoMzIj}ݻ@CiFN)#c3rD廚fw2v#S;^ > \?g#Q;Y|%x_'Щ=ѩ&€dF,hw|J|Oo\R_ƾQ/?5'MLbq&٤@#: rWü%~poFNBaUw0vK]K?$co |'3l ֱb䅠1FE8 {wCՠL4Gd`jI:D"4Ԙc2R!1;T*%R*67-晚u@|͖|ulAf@dnQTBp`V?J9y'Cܻ ۱ȭC¿{ײ߂cMz6³̂]b6jۆ@ظ?0HO L"3N9ˡ,kFp0閩mȺus*r] GjR/G{Q.gچs[bTyݙ* {v#GAݍƖfmh[N"ijQP'WAtH.:qc'HH_L Z.JX<'ȇ Tzg`qf%èտpKT/H-]jGz[zOa`%MpfQB9'sKbع:d99;vN}b)̠T PAfPKe+5ԩ^u\9H{ +|v15 0\6:jZvn`KK'^CEnXCyCm0Mߑjr]Rr~hO/;d@ˏdx"al;' =M%˝%w< ,+R7#ǚ M=2ȜSHu t9~cM'zf-ͨf #di.m#w a4F@4&h)5?&ƎqϚb.L2o:~JmR—^(Pe!P샚_.[ jƫrdoF" 2#r!DKI8d8c{l.S4epq^oVW͉:]X]uUjZnE?´Tw9yi ?^udpٿS3>t`g%",$Mm{QVJ,ՎJPPW GUL F̶-a[e)uN5~G>:mNS'm95ż1l;4}t>჆$>hhƋMriLrӇtu@L;ͣn]?&tao7,Aba`Ω6rjLP#iAтMx>tTڎ]6}l299 L&&zrt` VPC[h' )@}9\P_9QmV3-mlZ`1 5:%Km@i0x1CEģ ݓ]HPw9J B!\0H=`P|/;.Vʥ\.y"m':Ν3R/ڹLX.QY,p[/ ͙JRdQu Q="`&Qea*0pDKak`FZ, GZMz:G == 3´ ҂%Lla50OiH\U}ɲM0ss"m'ȓcRr׃ _V̚ =Q] k{2niMsӆg$rTDhL˄rf6}:eR#O>h0k8 wcys347Nm~|򀞚FpIN3hy:grGֶLoj@~)&](LuΩJJ&k:HX3j-r< 9:ȭ}3nR>ra*j ?{`MLE2a=?%ӻfR/0}̙S3BZsOsR| ~2-[K7˦Ruc"$l veXZ @)*4@0V+,;7(kc:+_iihH*6@\\3,# %G!1~ha2('m;B=rl=5'0_ܰ/EE.ϠLYZsXj:NXS \OL \v 6*'l|0ː ;sm C5,v&Ԕfj:Y[^|'+{gб箩ˋppY]4<~1'l2^u:Cd= 0͉V*a0؋TM~?x;HycI_)>I)D ȸla,Ce9ִ&3q,˹& zfd;'a(JuѧIϴ9&zQ4*$No+F#O/Oј*#؉Wko` )2l3w&/fr|pE% y# ,c?`7 $̮$fG` cP.')[HF(k1z TNJ R0=Gwf^9/즮?!'j7pe}0ǾhݤS,Hɘ-qVcYw7ZAU[Mލ쮫F'F vg3(0fӦ Rxsֿe=VN_)"ڿcqi@ۍ`L ؇`m/JZZt "X썿+CbQLi^;p jN&ӁjFB-8k*_ V{0q3f;/ 39t? <{~cq 4 }E^;:$#?\?^n&øDoٷ)P K)#F16fd+]=+ao/[vt0lgahy- @$ap 8ՇIŏEGJ:7_;z܉Z, YG# BwZW Ǎ Bk;d4)(3~I]a3 "n@Kݹ̂KӜ$"Z*?N3dn *~Z; ºY PH2>(_a #{ z H)'49:\b$B R`2"(BShDO§,9_8S%j_}FN&/JNANR-[I7c+t,'D{_q+ sz4~& \3Z9n~"B2Nlp jwySrF4/%/poEp!ASB9kթ-pOӖO|BXaTwJd$zbeafIlx8g%RJ锐']'C8 z>RB'T ˓$/+IYO)eqhd*꒐~*~(i&'ءؠҡ۳\.'8{Hp.+%;yRb}b%&h8W߅M^N4~x=Na.OսLU9$gy/uϏ*zUbm DӞ81u;2Q =dFPw [_YN.t0믾쏰#9]#ޣd=tWc\'Sv,Qg}{t7X>3q=vbϓ{~\@FsgOɵ2sC/ nWg5FHO.C:vH 09J jBGH4|9yÿ§  [s\g伉q+ɛޠl{5[dؗ{vOKn<]1h阧lLSI"+WUw7}YpJ@.ȔWN HXd1WP2vA J' [gȞx~C7׷bGS o?'X}& ~W*];r@oqw~=mҲ(r_ZDNpw5jyIJ\<~^]䑽DXHڃ}co D:*pS޸06NХ?@EN gLI{ŏ#*@+= eO |˼eMnˉޅZ/)p7>fm͞RY m~D[KXyPt0>Zgi3v _ѥIN/)}N 0:geem"QdܻQg(h hnˏAD^Jb:>l\7d(΀,SG}X?fNi P6N1pazȂl򸌛(s' b# &zU[ĭNN"|p4aYDbB8flȎ\qS9$ItnIsbr>T\g&*GeԾ0dɦt ZtAKǸ'eܦӝH6@Bx$0xo) Gq]{S k3 ҄Tٝ ͝&_| P!q.lI&_4X,~/4f89nk HMtGf ;R$dCT'؉kRޖˏg8~"/ R[H+w`? LtjJ *Q͇AC3EZ7P%(O ̽boCTO Ouwվ6AX;T5ѨG>:7ٽ%twHAG2(XPYC>_>QN7wz}%EYRJrT V$f0a@“n_2măe/pAeCgF$zZ9+AmOMxfXb1 ܀Rs8EvkkƅB؂ܲ)uʨga9sݺlI1RC(<'BB({$! kv4p=Z2ȻceGQ&"PlqC8Dդ^B= puF̸)~$ ^17hq:]j;KJQ)U*K߄0i䐈D> 9BH랑2!QC#*mDg[Rr斯:k3)`{LMK.jD@o 2*_:ϤR^7po@;a $j !oᕰK,"sPssb#US,DwN:;']I X,;`u;@0͎  +]p .oo嗝Є ] S0+|$1ص*w|/~- [SadJE%w=ɎhIUI4D|s wY== qK>,7 pq :t{3C;xt!ho$  g _5>R!DSjomgߝEoۏt2v|U&   =.>_ŗ`<ɽmPmn▃^{./:Eܮi7Y%FZځWVaUH ,vB2i.mīU]ҁC^+m۔FmI $M݇^w'>I0A[nU0E"U^`nbfc #~ٍ+ڥci770^nwsWtUϾ"RCX5KRogYCvFA&)a^dU_v|hAW6%o#1X7.&MmV`^@*p7d#yۼ %#V qn|y,\ӐyLpn_^3yĬXH1~Co|oIם` @Yz\2}r`+f<3o!.f@o(׏A=.oo\5ãUYgBރCYɿt47m3 e#扆_g[^Z.^ȸa븚e)4&^"['y NFW )FL<1Uݶ Q2.=6;7oSvJcco39n[Aͽ=V4'4 n:pXE(q;Os]@]1{tҕ oJYv Y_ͮGbplۼl؂_ FRce։ !V$> T)L4ske(YX(o=|zc98\!O<@1;>qέco P!런p_Kݪ_rQm}┓`P2죖e-NړhiİOiX ъÑBu}sTn$1n! F\=Y1ޝS\8;7~(Z;(X67Ng+h崉V9ۂJbj>lMC0%:-FR/^;IS 0.$o,SO%ͦ0aA(oCu&yWr@~%3^`] 4;8~/e~ j~l1<:[Oɸ))w^-OsC=`$]Ox2|~=q^W z]kA9-0SWd._!/~壸l{@R(X5XsHT#|r  K,_Yя T޾.~/xhnk J\kH({ô00~bbPHB!h!,q Ds5f3GcA3l;*3#l@/=lص/LxG8Ow| 􄼥-J4sWgJ"]ts::P}sˡ-* ;,Mt%A.]v@|ƌmC#حZM)RӰp-|ri?NRu/*3%UbwxSVV_|ީy-0pj(OYZ+)`c(\Pd< O ؝!/S#W*9ǐ՞9P= Փ>-,bGc0/Ř`^.b¼y=ft1` H1%OC(у~#?v"AfhF~ҟ㌛4^pr|w\כ9I@.,('`1W $00"w ^Vb"W7#ߒ6;/0ڱ]stW >Ѓ3B[sl^?Rm{ι\`{c+K`_/0̊۲Tm5΅4K$¨Ӕ=d3İmj6h@$ꦆ/HJMTկDJ=lq1j,9,?`iUh%!mF6(qqwix*<3S/ L5& J!4_.Gqko{q+X o[&e~#*p/;KTdZMt MxE& I>.MoJ@QofGRi4:0l@)"6r?"LI:Nalc r+/J\Ixk \vDfCVY `Oh$~bH]-SWld""LD浜6;,='yg8\ ^ cyY6 檁u&n4{sT R{ ƒsH ](zVg8a< cC^1& -l \S-r9Gc#ѹbPxJIݽ`?Ø {V<Z"VR1@Q>ɹj0`MN;vBE< ,i  YC) Q?O+mHb Ř!wL[ 6#&|ꀄH2At<|w/  T6CĊ1gGi>'@Yzv$w Djk/%ғAS "PV: /  c!QĔv767p>9mYX,a0# \<+Ln3An2? :S/"[oN5 |{c` > c[7ΥiAVzxL ]ǒ 4B1h^+s+;:B<@Iw]a]LݗY*AaGP8Z  +zjJP&uOG"3KINJRuȧxI"^*͊g2Vq&JZ!`xFNRsdehz?J- L]; >f͈u8Xf39_9t{9/xZӷp+tso>_~>^t.\`&hT/湶L]$,C rzu8s'q&c"Gd;πW}V X\mB((%^َ/!bҋSe0/LL`fS+~k!??@ƋxYb֯SCf0l 1m/\f&7bQw9 Ik&5/m;g ?gd_Apj+r6Р(?@ |PqsY7S\ȜHW0fY ksqCb>s2 'գ6oL~yfi3Q K{5ýEYRW80׀zc2׃>Zqz`AUw= !ڋy>Y}PfJC#Dk(1=:5\h֟QCʘ,e 'ݢȗጽIۯXJ ā`R1K1@ͽe^*q0*r1f%Q<8 d.>&]\ʠaC7a,sv[z |wN3,OSxkN0\9+h]V=ȾwF=CSx3l1@й z 0}zOs$ lJ//ӡU I$/ADlZen`DYo S [2FlX XJrXwNq`ػKl>d3E(s {}|Aӟ}Q!2TӲO^yAjiOƁs(K1&-c ]޾ znu X c5}&+c6bZI֠}QN YZ-#"9ţ:aё(Yc{XnD823-;/2ӋT.,wb9 C@E=y G9K2poa`a?& (Tզz 6IϐR$zƠc)evuZ`-ă n='IDOnӦuMf@gYl)VxRDZ9=vļKl[nh"E a'B | WzeC[gI2T~gN=*P=fZRO} n"0Yz'Io=Gmk_VeńK!z>^I;.~i皫z|5(H@%Gb9G8]! MAE`A]|eD$uЧ ;EϨf3C>X5./;vgsF)f'NFp)hN<}u?ڢ u+ğ? \ cwH VLt>;Oulם8G# PA\7 o1>!A]=_v{[=/'R`{~w!' 0tczcRdGB~@dagZ/u~ҕ^)If`cQd+8*)ؐsk`4bOP1,,oԛÌ'TS*4.v>ϭ_:sϢq9q{g#^5u%ӫrXotlQozc|>[z0XjtP9͓ a0+=:`-hs&w3ǂ!0ѕD1F(-,1_\,@<փP=`#hxf<nh1)d'kI''R&la,;r3 ~Ej F.t1R04xqBaʩȩ(v}_|JѬd;//Q>i*g\`$_z`o g|oUAtMz'14mEg,3lW'BVR۽wߺ"f/On6%c(|NKII7Ɨ46!v07Nw6̈́ В^&Ůvbes W!