Protect yourself from closed source SSH

http://www.zdnetasia.com – A basic understanding of the practical realities of privacy technologies should include an understanding of why encryption that doesn’t trust the user isn’t trustworthy. There are times, however, that we must make do with less than ideal choices for security software.

One such example is that of performing secure file transfers on a wireless network with an Android smartphone. Because the Android OS does not offer users an instance of OpenSSH as part of the standard system, and because there is not an open source SSH-based file transfer client or server application in the Android Market, the common choices are to either use a closed source tool or not use SSH on an Android device for file transfers at all.

The problem is not limited to SSH software. Any closed source software involved in the process can be a problem, from the operating system on which the SSH software is running, through password managers and any special “multimedia key” management applications for keyboards, all the way to the encryption software itself. As long as such closed source software ties into key parts of the trusted chain of operations, there is little that can be done to ensure that what should be private remains private.

Of course, open source software provides no 100 percent guarantees. Its benefits merely revolve around a much greater chance that any data leaks or malicious software designs are more likely to be caught, especially given that–unlike the case of closed source software–open source development is not typically performed by a set of employees operating under nondisclosure agreements. A community of people with equal access to the source code, many of them operating independently and some even with strong motivations to discover and publicly reveal vulnerabilities, makes for a very difficult place to hide malicious security compromises in your code.

Click here to read the full article

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: