Totally--- in fact, checksum hashes are one of the several methods for one
to specify allowed code when defining SAFER restrictions on XP/2003. It was
just the words "hash" and "audit" that got my attention. Actually, it was
just the word "hash." Ah, Lebanon.
t
http://www.ISAserver.org
Oh no, I agree with you on that. It won't verify -functional- integrity at all. What I'd need is to verify that the code has not -changed- since it was released from the vendor.
Heck if it erases the disk drives and installs FreeBSD on the system that's for QA/QC to catch..... =?) I just expect to know if someone slipped me a different version or not.
Ah, but then again, you are referencing internal developed apps vs. a 3rd party application acquired from Microsoft. I am not strong in the way of code-fu, so I can not comment on how bank/remittance/saving and loan auditor do that portion of it. All I usually have to do is prove that I knew exactly what and where that executable came from, and a hash can supply me with the ability to do that. For instance - Program A has hash "XYZ" and came from Bob's Computer-Programs-R-Us and matches their hash of "XYZ" which is version 1.2.3.4.5 which is approved for use.
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Wednesday, October 05, 2005 11:42 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA get EAL4+ rating
http://www.ISAserver.org
Read one? Dude, I can't even *spell* EULA. Oh, wait... Anyway, I guess we have different auditors... Before I joined Anchor, I had a private development company. My base included financial/banking institutions-- I designed varied algorithms to calculate finance rates, verify disclosed rates against "true" rates (as dictated by Appendix J of the FTC's Reg Z
documentation), balloon payments, mid-term rates based on odd-days before first payment and all kinds of other crap that made my head hurt... I then wrote the code that integrated said algorithms into various applications as well as stand alone apps.
Never once was I asked to provide file hashes for my executables, even from the auditors. They did, however, require sit-down audits with me and the source code to verify my math theory, implementation, and exception handling...
So I guess we just have two different viewpoints- from mine, any audit that uses a file hash to verify operational integrity is worth about as much as hen poop on a pump handle. ;)
t
http://www.ISAserver.org
True, but have you ever read a EULA? Basically it says that a bunch of monkeys could have banged on the keyboard and accidentally had it compile into a program and that they aren't liable if it makes your computer start on fire.
The integrity of the bits is all an auditor cares about; since there is no warranty as to what the software does, if anything at all. If it can prove that the software on the disk that I have is what Microsoft says it should be, then it's good enough. It's the software's fingerprint, nothing more, nothing less. Right now, I can't even be sure it's the correct software that they are referencing. If I don't know that, then what it does is a moot point.
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, October 05, 2005 10:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA get EAL4+ rating
http://www.ISAserver.org
Good point.
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Wednesday, October 05, 2005 10:47 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA get EAL4+ rating
http://www.ISAserver.org
I'm not so sure... If the true concern is surviving an audit, a published file hash is worthless, really. I can publish the hash of any of my Hammer o' God tools, but unless you have the source code and compile it yourself, you have no way of knowing what I'm really doing in my code when you run it. The presence (or absence) of a hash has nothing to do with the integrity of a tool's operation, purpose, or effect - it's only the integrity of the bits.
t
----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, October 05, 2005 6:58 AM
Subject: [isalist] RE: ISA get EAL4+ rating
http://www.ISAserver.org
Good point.
Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls
________________________________
From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx] Sent: Wednesday, October 05, 2005 8:49 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA get EAL4+ rating
http://www.ISAserver.org
That Integrity Check Tool is a joke. Where's the published known good file hash for me to verify that it has not been tampered with before I downloaded it? Sure as heck isn't on the web page that you can download it from.
Using an unverified tool to verify another piece of software would have any auditor laughing at you pretty dang quick.... Just like a cashier at a store shouldn't be comparing the back of your credit card to your signature but to your state/government (hopefully checked and) issued ID, since anyone can sign a credit card after it's been mailed out.....
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, October 04, 2005 10:00 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA get EAL4+ rating
http://www.ISAserver.org
I did ;-P
Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls
________________________________
From: Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxx] Sent: Tuesday, October 04, 2005 9:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA get EAL4+ rating
http://www.ISAserver.org
same to you :p
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, 5 October 2005 12:54 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA get EAL4+ rating
http://www.ISAserver.org
Blog.
Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls
________________________________
From: Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxx] Sent: Tuesday, October 04, 2005 9:51 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA get EAL4+ rating
http://www.ISAserver.org
got a link?
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, 5 October 2005 12:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA get EAL4+ rating
http://www.ISAserver.org
'nuf said.
Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com
------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com
------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this network has been scanned for viruses
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx