In comp.os.linux.advocacy, Roy Schestowitz
<newsgroups@xxxxxxxxxxxxxxx>
wrote
on Tue, 06 Mar 2007 08:52:18 +0000
<1505050.UIEuygqQa8@xxxxxxxxxxxxxxx>:
> Privacy laws could hurt the little guy
>
As they are *designed* to, if the little guy is being a pirate. ;-)
However, there's a nice large muddy gray area here.
> ,----[ Quote ]
> | InfoWorld: When the PC went on the network, there were security
> | implications that nobody thought about. Microsoft has spent the
> | last five years fixing all of the security problems that maybe
> | could have been foreseen.
Five? PC-DOS was networking as early as 1984.
Win95 had a built-in network stack (which was a slight
improvement over things such as Trumpet, mostly because
it was easier to set up). XP came out October 25, 2001.
Even the Amiga had networking capability.
Somebody at InfoWorld needs more coffee. ;-)
> |
> | Whit Diffie: Wait a minute. I think there are two issues. I
> | think you'll find that lots of them were foreseen. I think the
> | critical thing [is] that Microsoft showed that its judgment was
> | correct. If it had paid less attention to security, maybe it would
> | have had less market share.
> |
> | It had no real motivation, I think, until the last few years to
> | try to fix these things. The interesting thing to me is why it's
> | been so hard for them to do so, because they must have half the
> | smart people I know about in the industry, and in security,
> | working for them. And I think it has to do with the problems
> | of legacy code, and the legacy interface expectations of
> | their customers.
> `----
>
> http://www.infoworld.com/article/07/03/05/10NMmain_1.html?source=NLC-SEC&cgd=2007-03-05
>
>
> Related:
>
> Microsoft could be teaching police to hack Vista
>
> ,----[ Quote ]
> | Microsoft may begin training the police in ways to break the
> | encryption built into its forthcoming Vista operating system.
> `----
>
> http://www.vnunet.com/vnunet/news/2150555/microsoft-teaching-police-hack
>
Ow, my brain. Interestingly, though, this article is
dated February 2006.
>
> UK holds Microsoft security talks
>
> ,----[ Quote ]
> | "UK officials are talking to Microsoft over fears the new version of
> | Windows could make it harder for police to read suspects' computer files."
> `----
>
> http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm
>
>
> How NSA access was built into Windows
>
> ,----[ Quote ]
> | A careless mistake by Microsoft programmers has revealed that
> | special access codes prepared by the US National Security Agency
> | have been secretly built into Windows.
> |
> | [...]
> |
> | The first discovery of the new NSA access system was made two years
> | ago by British researcher Dr Nicko van Someren. But it was only a
> | few weeks ago when a second researcher rediscovered the access
> | system. With it, he found the evidence linking it to NSA.
> `----
>
> http://www.heise.de/tp/r4/artikel/5/5263/1.html
>
Ah, the truth regarding ADVAPI.DLL. However, this article is
dated September 4, 1999. Presumably this has long since
been cracked by the black hats.
>
> Data Protection Commissioner criticizes search of private PCs online
>
> ,----[ Quote ]
> | "In the case of a search via the Internet a police officer covertly,
> | without the person knowing about it, accesses a person's computer."
Hello, NAT router? BTW, the unit I have includes traps;
these can be sent to a logging facility (and presumably
frequently are). Anybody accesses my equipment, I'll know
about it, at least post-mortem. Any port, even.
(This is regardless of OS that I use. My unit's not exactly highly
special, either; I bought it for $100 quite some time ago.)
> | During such an operation he or she might copy data and obtain all
> | kinds of personal documents; the police officer was acting as a "state
> | hacker," so to speak. Mr. Schaar observed. "Such an approach is in
> | conflict with the legal obligation to protect the core of
> | individuals' privacy," Mr. Schaar stated emphatically.
> `----
>
> http://www.heise.de/english/newsticker/news/82529/from/rss09
>
>
> NSA Builds Security Access Into Windows
>
> ,----[ Quote ]
> | A careless mistake by Microsoft programmers has shown that special access
> | codes for use by the U.S. National Security Agency (NSA) have been secretly
> | built into all versions of the Windows operating system.
> `----
>
> http://www.techweb.com/wire/story/TWB19990903S0014
ADVAPI.DLL again. Dated 03-Sep-1999.
>
>
> Botnet 'pandemic' threatens to strangle the net
>
> ,----[ Quote ]
> | Cerf estimated that between 100 million and 150 million of the
> | 600 million PCs on the internet are under the control of hackers,
> | the BBC reports.
> `----
>
> http://www.theregister.co.uk/2007/01/26/botnet_threat/
>
Blackhat hackers, presumably. I'm in control of my own machine, after
all, and I do a bit of hacking -- program development, that is. :-)
>
> McAfee: Microsoft completely unrealistic on Vista
>
> ,----[ Quote ]
> | Windows Vista does not ship with antivirus software installed and active,
> | but for the first time Microsoft will be promoting their own antivirus
> | service in Windows OneCare. Alex Eckelberry, CEO of Sunbelt Software,
> | has already called Microsoft's plans predatory based on pricing. McAfee
> | is focusing its critique on operating system design, arguing instead that
> | Microsoft's decisions with Vista will simply make the operating system
> | less secure.
> |
> | In the advertisement, McAfee CEO George Samunek is quoted as saying,
> | "Microsoft is being completely unrealistic if, by locking security
> | companies out of the kernel, it thinks hackers won't crack Vista's kernel.
> | In fact, they already have." The advert continues: "With its upcoming
> | Vista operating system, Microsoft is embracing the flawed logic that
> | computers will be more secure if it stops co-operating with the
> | independent security firms."
> `----
>
> http://arstechnica.com/news.ars/post/20061002-7875.html
>
Ow. Is Vista still the most secure Microsoft OS? (Is the
Trabant the most reliable two-cylinder subcompact?)
>
> Vista still vulnerable
>
> ,----[ Quote ]
> | Vulnerabilities in Windows Vista will plague users in coming months
> | and years, a prominent security researcher warns, despite its
> | security improvements over predecessor XP.
> `----
>
> http://www.smh.com.au/news/security/vista-still-vulnerable/2007/02/26/1172338546822.html
> http://tinyurl.com/2o82lf
>
Wow, broken record. (Not your fault, Roy.) C'mon people, wake up and
smell the coffee; Linux and FreeBSD might have between them a couple of
dozen viruses, and no actives.
I lost count at 100,000 for Microsoft Windows.
>
> Digital Criminals
>
> ,----[ Quote ]
> | My concern is that Microsoft says it does all sorts of great
> | things to protect its code but doesn't like to tell anyone what
> | it is. And it's not willing to compare best practices. Other
> | people have developed a whole list of things of what companies
> | should do to protect their code. And Microsoft is not telling
> | them what they do.
> `----
>
> http://www.forbes.com/2007/02/28/clarke-terrorism
>
Dead page.
A search for "Clarke Terrorism" coughed up two pages that
appear relevant, but Forbes is being a little slow in
returning them to me, so caveat emptor. (With my luck
all three of these links have bought it.)
http://www.forbes.com/security/2007/02/28/clarke-terrorism-security-tech-security-cx_ll_0228clarke.html
http://www.forbes.com/columnists/2006/09/28/terrorism-risk-insurance-biz-cx_rh_0929terror.html
>
> Vista security overview: too little too late
>
> ,----[ Quote ]
> | So, what have we got here? An adequately secure version of Windows,
> | finally? I think not. We have got, instead, a slightly more secure
> | version than XP SP2. There are good features, and there are good
> | ideas, but they've been implemented badly. The old problems never
> | go away: too many networking services enabled by default; too
> | many owners running their boxes as admins and downloading every
> | bit of malware they can get their hands on. But MS has, in a
> | sense, shifted the responsibility onto users: it has addressed
> | numerous issues where too much was going on automatically and
> | with too many privileges. But this simply means that the ownerw
> | ill be the one making a mess of their Windows box.
> |
> | Data hygiene is still an absolute disaster on Windows. In fact,
> | it's worse than it ever was in some ways, and that's very bad
> | indeed. Browser traces still in the registry, heavy and
> | complicated indexing to improve search, new locations where data
> | is being stored. It all adds up to a privacy nightmare. Keeping
> | a Vista box "clean" is going to be impossible for all but the
> | most knowledgeable and fastidious users.
> |
> | So don't rush out to buy Vista in hopes of getting much in
> | return security-wise. I do like some of the changes, at least
> | in theory, or as a decent platform on which to build an
> | adequately secure version of Windows one day. But that day,
> | if it ever comes, will be well in the future.
> `----
>
> http://www.theregister.co.uk/2007/02/20/vista_security_oversold/
>
Ah, but the next version of Vista will have Palladium!
It'll Fix Everything(tm). (Including Microsoft's profits.)
>
> Symantec: Microsoft conflict of interest is damaging internet
>
> ,----[ Quote ]
> | Symantec's chief executive has lambasted Microsoft for a dangerous
> | conflict of interest as both the provider of an operating system
> | and seller of software designed to secure its users.
> |
> | [...]
> |
> | Thompson told RSA delegates: "You wouldn't want the company that is
> | keeping your books to audit your books. The same logic should apply.
> | You wouldn't want the company that created your company's operating
> | platform to be the one that is securing it from a broad range of
> | threats. It's a huge conflict of interest."
> `----
>
> http://www.theregister.co.uk/2007/02/07/symantec_thompson_microsoft/
Hm. Dunno about this one. While there is a Microsoftian
conflict of interest, one could make the same case about
Linux. (It would be a rather weak case, in some respects.)
After all, most distros both provide an OS and a solution
against malware. (Of course part of that solution is because
Linux is inherently more secure anyway, plus the daemons,
utilities, and GUIs on most distros are also inherently more
secure to begin with.)
--
#191, ewill3@xxxxxxxxxxxxx
Useless C++ Programming Idea #12995733:
bool f(bool g, bool h) { if(g) h = true; else h = false; return h;}
--
Posted via a free Usenet account from http://www.teranews.com
|
|
