+1-770-428-5000 info@itivity.net

Remote Access Solutions

Understand the challenges OEMs face and how to solve them.

The High Cost of Free Software

How to close the holes created by Open Source

“Many critical open sources projects are being worked by one part-time volunteer,” said Jim Zemlin, Executive Director of the Linux Foundation in a recent interview. “It’s completely out of proportion to the role these projects play in society and the Internet.”

OpenSSL, OpenSSH, Bash and other open source projects survive on donations of less than $2,000 a year, and that makes them vulnerable, according to Zemlin. Money pays for “eyeballs” that find bugs before products are released. Open-source development groups don’t have any.

While open source can be used free of charge, the losses can be considerable. Heartbleed, the famous OpenSSL is estimated to have cost hundreds of millions of dollars in both loses due to theft and remediation expenses.  A Zero-Day exploit of OpenSSH could run even higher with all fingers pointing at the Linux OEMs.

It’s likely a majority of Linux OEMs have installed OpenSSH on nearly every one of their  products to facilitate remote support. That makes OEM systems a highly vulnerable entry point to the entire customer network.

Zemlin called Heartbleed “a wake-up call” for the entire open-source community. He said Heartbleed happened because, “OpenSSL is really just two guys named Steve and their dog, and the dog doesn’t do code reviews.”  OpenBSD, the developers of OpenSSH, recently made an appeal for donations to literally keep the power on for their servers.

One source for the money needed to improve the security of open-source can is increased donations. The other is commercialization.

Commercialization is a “hardening” process for open-source which makes it safer. Hardening can include testing, packaging, wrapping, patching, or simply supporting the open source technology — actions which Linux OEMs do in the course of developing and/or supporting their own products. OpenSSH and its various clients are not hardened. They are implemented after the fact, often in an ad hoc manner.  They live “in the open” where they are directly exposed to exploit.

The Linux OEMs that got caught by Heartbleed had no warning and no practical alternatives. The Linux OEMs that use OpenSSH have both.

iTivity is a Linux remote access and support solution that provides a protected environment for SSH to run in.  iTivity moves SSH out of the open, so it’s no longer exposed to attack. Unlike other remote support solutions, iTivity allows support techs to continue using their favorite SSH clients as well as other Linux utilities.

iTivity was first released in 2002 and has been deployed to support more than 200,000 Linux systems worldwide ranging from small engineered devices to massive servers.  To date, iTivity has not suffered a single reported security incident.

By eliminating security risk and increasing support tech efficiency, iTivity lowers the cost of using free SSH.

The dirty secret. Linux OEMs use SSH because it’s free even though it puts customers at risk.

SSH: The Linux Solution Provider's Achilles Heel

Learn how hackers can compromise even the “safest” SSH deployments.
The Fast Track to Compliance with the IoT Cybersecurity Act

The Fast Track to Compliance with the IoT Cybersecurity Act

The IoT Cybersecurity Improvement Act of 2017 is well on its way to  becoming law. With support of several members in both the House and Senate, plus many technology lobbying groups regularly relied on by Congress, odds are good it will be law by the end of the next...

read more
Cost of Data Breaches Rising Globally

Cost of Data Breaches Rising Globally

The average total cost to a company that suffers a data breach has risen to $3.79 million per instance — up 23 percent over last year — according to the latest study by IBM and the Ponemon Institute. Lost business resulting from reputation damage was cited as the most...

read more