September 25, 2016 at 00:45 John Doe, a system administrator and security engineer was doing the thing most that most sysadmins do: monitoring his remote servers while playing Prince of Persia in a DOSBox. Despite the game’s dreadfully sticky controls and difficulty level, he’d been playing it long enough to allow his mind to wander on to one of his most recurring thoughts: cyber security.
“How does one deal with security all those different platforms? Patching one will not patch any of the others…”
In a world where more and more devices are becoming “smart”, the Linux kernel has moved away from its common uses in desktops, servers and embedded systems to become ubiquitous in “Internet of Things”, IoT, consumer electronics, too. Since all these devices were running the same kernel, they shared the same possible security vulnerabilities that a standard desktop or server may face. The difference? Where Linux-based servers are run by professionals, and can receive security updates, many consumer electronics can’t or won’t because manufacturers seldom, if ever, release updates. The logical step seemed to secure the Linux kernel and educate manufacturers and vendors about securing and maintaining systems. But manufacturers and vendors, even educated, may simply ignore the warnings. Also, this did not account for non-Linux devices. Many routers, for example, use firmware derived from BSDs, and though they share a common Unix-alike ancestry, they are very different. It didn’t end there. There many different operating systems form hand-helds and other smart devices, from Linux-based Android, to IOS, to Windows. “How does one deal with security all those different platforms? Patching one will not patch any of the others,” John Doe thought. “The biggest players on any platform seldom cooperate. They’d never modify their OS to help secure others.”
“I’ve found the single point of failure in all technologies! What’s more, I think I can patch it!”
It was then John had a thought that was so radical, he almost choked on his cold coffee, causing him to die in Prince of Persia. “That’s it!” he cried, standing swiftly and killing his DOSBox session. Immediately he called a friend of his to pitch his idea. “What if there was a single patch that was platform and architecture agnostic, available to every user that worked for all devices!?” he yelled as the call, connected. His friend was still half asleep and barely able to string a response together when John proclaimed, “I’ve found the single point of failure in all technologies! What’s more, I think I can patch it!” Although his friend had been catching up on much-needed rest, John’s idea went surging through him like a shot of adrenalin straight to the heart. The two immediately began their work as John outlined the plan details.
Two days without sleep later, John unveiled “JoDo beta”, the John Doe Security patch for for all things, and made it freely available across the web. It doesn’t require installation on the device, firmware flashing, or anything beyond the abilities of even the most technophobic user.
While he admits this patch won’t solve everything, John estimates it would mitigate around 80% of everyday vulnerabilities. Below you’ll find a link to the patch. It’s easy to activate on all devices from whatever you’re reading this on.
“I know it doesn’t fix every issue, but I feel that this patch does away with the biggest problems which leaves developers free to focus on the important ones,” John said nearing the end of our Linphone conversation. After that he explained he needed some rest and would probably not be ready for the mass media for a few days. “[I] need to crash for twelve hours. Then I’m going to order myself a pizza and sit playing Centipede in my DOSBox. Afterwards, I might dust the old PlayStation off, invite some friends round and do a Tekken 3 marathon. Then, I may even see if I can remember how to breed a Gold Chocobo. At this point, I just want to chill,” John explained before disconnecting.