____/ Linonut on Saturday 01 December 2007 17:19 : \____
> * Ramon F Herrera fired off this tart reply:
>
>> "The past year has seen a massive increase in the number of flaws
>> found in Microsoft software, according to vulnerability-scanning
>> company Qualys. Between 2006 and 2007, there was an almost threefold
>> rise in Microsoft flaws, Qualys said on Wednesday."
>>
>>
http://www.news.com/Study-Huge-jump-in-Microsoft-flaws-since-last-year/2100-1002_3-6220719.html
>> http://tinyurl.com/2b6psd
>
> Refactoring is a bitch.
>
> Even with their new software "processes".
>
> Alan Paller, director of research for the Sans Institute, a
> computer-security training organization, said that the reason more
> vulnerabilities were being found was that it was becoming increasingly
> profitable for crooks to target the software.
>
> "It isn't that Microsoft isn't doing a better job," Paller said. "The
> reason (is that) it is so lucrative to find vulnerabilities in Excel and
> Word, so there are a lot of (hackers) searching for them."
>
> Microsoft declined to comment for this story.
>
> What, alluvasudden it is more lucrative to crack MS software? Huh?
For all I can tell and gather, some vulnerabilities in Microsoft's software in
in general are there _by design_. The government need points of access (I kid
you not, but why ask me? Ask security Gurus).
Duh! Windows Encryption Hacked Via Random Number Generator
,----[ Quote ]
| GeneralMount Carmel, Haifa – A group of researchers headed by Dr. Benny
| Pinkas from the Department of Computer Science at the University of Haifa
| succeeded in finding a security vulnerability in Microsoft's "Windows 2000"
| operating system. The significance of the loophole: emails, passwords, credit
| card numbers, if they were typed into the computer, and actually all
| correspondence that emanated from a computer using "Windows 2000" is
| susceptible to tracking. "This is not a theoretical discovery. Anyone who
| exploits this security loophole can definitely access this information on
| other computers," remarked Dr. Pinkas.
|
| Editors Note: I believe this "loophole" is part of the Patriot Act, it is
| designed for foreign governments. Seriously, if you care about security,
| privacy, data, trojans, spyware, etc., one does not run Windows, you run
| Linux.
`----
http://www.linuxelectrons.com/news/general/14365/duh-windows-encryption-hacked-via-random-number-generator
Chip Design Flaw Could Subvert Encryption
,----[ Quote ]
| Shamir said that if an intelligence organization discovered such a flaw,
| security software on a computer with a compromised chip could be "trivially
| broken with a single chosen message." The attacker would send a "poisoned"
| encrypted message to a protected computer, he wrote. It would then be
| possible to compute the value of the secret key used by the targeted system.
|
| Trouble with Design Secrets
|
| "Millions of PCs can be attacked simultaneously, without having to manipulate
| the operating environment of each one of them individually," Shamir wrote.
`----
http://www.crm-daily.com/story.xhtml?story_id=11200BH5USIO
"Trusted" Computing
,----[ Quote ]
| Do you imagine that any US Linux distributor would say no to the
| US government if they were requested (politely, of course) to add
| a back-door to the binary Linux images shipped as part of their
| products ? Who amongst us actually uses the source code so helpfully
| given to us on the extra CDs to compile our own version ? With
| Windows of course there are already so many back-doors known and
| unknown that the US government might not have even bothered to
| ask Microsoft, they may have just found their own, ready to
| exploit at will. What about Intel or AMD and the microcode on
| the processor itself ?
`----
http://tuxdeluxe.org/node/164
Who do You Trust with Your Computing?
,----[ Quote ]
| Helios was speaking out against trusted computing (TC) and Digital
| Rights Management (DRM) that is humming softly at the hardware and
| software level inside YOUR computer right now. That's right! Chances
| are, it's already made it on a chip on your and my motherboards...but
| it's there. Soon, if what can happen does happen...we'll all be so
| very unhappy at being told how we can and can't operate our PCs.
|
| Some of you may be asking, "what the heck are you talking about?
| They can't tell me how I can use my computer inside my own home".
| Unfortunately, that statement is false. DRM chips are already on a
| majority of motherboards and even built into some processors (viiv
| anyone?). All it takes is a flip of the switch and you'll do what
| Microsoft or any other company that wants to manage your rights
| for you tells you to do whether you like it or not. That is, ofc
| ourse, unless you use Linux :) Linux has always been about
| choice...we choose to compute in ways WE want to...not ways
| that are defined for us.
`----
http://linux-blog.org/index.php?/archives/176-Who-do-You-Trust-with-Your-Computing.html
Microsoft exec calls XP hack 'frightening'
,----[ Quote ]
| "You can download attack tools from the Internet, and even script kiddies can
| use this one," said Mick.
|
| Mick found the IP address of his own computer by using the XP Wireless
| Network Connection Status dialog box. He deduced the IP address of Andy's
| computer by typing different numerically adjacent addresses in that IP range
| into the attack tool, then scanning the addresses to see if they belonged to
| a vulnerable machine.
|
| Using a different attack tool, he produced a security report detailing the
| vulnerabilities found on the system. Mick decided to exploit one of them.
| Using the attack tool, Mick built a piece of malware in MS-DOS, giving it a
| payload that would exploit the flaw within a couple of minutes.
`----
http://news.zdnet.com/2100-1009_22-6218238.html
Why proprietary code is bad for security
,----[ Quote ]
| Tho Skype is using an encrypted protocol, it’s still their own, non-disclosed
| code and property. So we don’t know what it contains.
|
| [...]
|
| It’s time to stop accepting that we are the bad guys, and to stop consuming
| things we just don’t understand (and cannot, because they are proprietary,
| closed-source systems).
|
| Say no to companies, or even governments who treat you like this. Start using
| open sourced products and protocols wherever you can. Even if you could
| still never understand the code used in these systems, there are still lots
| of people who can, and who will examine it. The magic word here is “peer
| review” - your friend or buddy or neighbour may be able to understand all
| that, and to help. No, not with Skype or Windows or any black box from Cisco.
`----
http://wolfgang.lonien.de/?p=394
Did NSA Put a Secret Backdoor in New Encryption Standard?
,----[ Quote ]
| Which is why you should worry about a new random-number standard that
| includes an algorithm that is slow, badly designed and just might contain a
| backdoor for the National Security Agency.
`----
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
,----[ Quote ]
| "Is this a good idea or not? For the first time, the giant software maker
| is acknowledging the help of the secretive agency, better known for
| eavesdropping on foreign officials and, more recently, U.S. citizens as
| part of the Bush..."
`----
http://www.schneier.com/blog/archives/2007/01/nsa_helps_micro_1.html
Microsoft could be teaching police to hack Vista
,----[ Quote ]
| Microsoft may begin training the police in ways to break the
| encryption built into its forthcoming Vista operating system.
`----
http://www.vnunet.com/vnunet/news/2150555/microsoft-teaching-police-hack
UK holds Microsoft security talks
,----[ Quote ]
| "UK officials are talking to Microsoft over fears the new version of
| Windows could make it harder for police to read suspects' computer files."
`----
http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm
Austria OKs terror snooping Trojan plan
,----[ Quote ]
| Austria has become one of the first countries to officially sanction the use
| of Trojan Horse malware as a tactic for monitoring the PCs of suspected
| terrorists and criminals.
|
| [...]
|
| Would-be terrorists need only use Ubuntu Linux to avoid the ploy. And even if
| they stuck with Windows their anti-virus software might detect the malware.
| Anti-virus firms that accede to law enforcement demands to turn a blind eye
| to state-sanctioned malware risk undermining trust in their software, as
| similar experience in the US has shown.
`----
http://www.theregister.co.uk/2007/10/23/teutonic_trojan/
--
~~ Best of wishes
Roy S. Schestowitz | Windows all-in-one: Word, IE (for E-mail) & iTunes
http://Schestowitz.com | RHAT GNU/Linux | PGP-Key: 0x74572E8E
run-level 2 2007-10-30 19:49 last=
http://iuron.com - help build a non-profit search engine
|
|
