-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Open Source is Inherently More Secure, Says Red Hat
,----[ Quote ]
| But in the closed source world, you have
| to trust your vendor completely. All you
| get to see are binaries, so you have no
| way of knowing how they were built.
| President Reagan was fond of saying to
| Soviet leader Mikhail Gorbachev, "Trust,
| but verify." With proprietary software,
| you simply have to trust.
|
| Microsoft, for example, pushes out
| security updates on the second Tuesday of
| every month. Bressers said they can't do
| that. Microsoft has the advantage of
| hiding security flaws and working on them
| at their leisure, but with open source
| software, that's not possible because
| everyone can see that there's a problem
| and they expect it to be fixed right away.
|
| And if a security hole isn't plugged
| quickly enough, you can fix it yourself,
| Bressers explained.
|
| An example of the power of open source is
| the ping of death bug. Back in the late
| 1990s someone figured out that if you send
| a giant ICMP packet to a computer, just
| about any computer, it will crash. The bug
| affected every operating system, routers,
| printers, etc. When the problem was
| discovered, the open source Linux
| operating system had the bug squashed in
| about 2 hours, Bressers recalled. The
| closed source operating system vendors,
| however, took days, weeks and even months
| to make and distribute a patch for the
| ping of death.
`----
http://www.esecurityplanet.com/features/article.php/3890616/Open-Source-is-Inherently-More-Secure-Says-Red-Hat.htm
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
,----[ Quote ]
| Nearly a month after a Google engineer
| released details of a new Windows XP flaw,
| criminals have dramatically ramped up
| online attacks that leverage the bug.
|
| Microsoft reported Wednesday that it has
| now logged more than 10,000 attacks. "At
| first, we only saw legitimate researchers
| testing innocuous proof-of-concepts. Then,
| early on June 15th, the first real public
| exploits emerged," Microsoft said in a
| blog posting.
`----
http://www.computerworld.com/s/article/9178768/Microsoft_10_000_PCs_hit_with_new_Windows_XP_zero_day_attack?taxonomyId=85
Hackers target Microsoft Windows XP support system
,----[ Quote ]
| Hi-tech criminals are "escalating" attacks
| on an unpatched bug in the Windows XP help
| and support system.
|
| Microsoft said it had seen more than
| 10,000 machines hit by the attack that, so
| far, it has not found a fix for.
`----
http://news.bbc.co.uk/1/hi/technology/10473495.stm
Recent:
Netgear modem/router giving your browser âPage Not Foundâ errors? Blame Windows 7, then hit it with a hidden hotfix.
,----[ Quote ]
| Windows XP and Vista are not affected. Linux
| is not affected. Itâs not a problem with the
| router.
|
| See: KB983528 â The TCP receive window
| autotuning feature does not work correctly in
| Windows Server 2008 R2 or in Windows 7
|
| Microsoft, probably in an attempt to cover up
| Windows 7 defects, jury rigged that article
| to not show up in search engines. Go ahead
| and google as hidden it, deliberately, with
| robots.txt tfor KB983528 and youâll see that
| Microsoft hrickery.
|
| Anyway, if anyone is similarly afflicted, try
| whacking it with that Hotfix and tell me what
| you get. :)
`----
http://izanbardprince.wordpress.com/2010/06/28/netgear-modemrouter-giving-your-browser-page-not-found-errors-blame-windows-7-then-hit-it-with-a-hidden-hotfix/
Microsoft issues 'silent' patches; AT&T to pay for slow DSL speeds
http://www.networkworld.com/podcasts/360/2010/050610-nw360-daily.html
Microsoft "silently" patches vulnerabilities, leaves admins in the dark
http://www.zdnet.com/blog/hardware/microsoft-silently-patches-vulnerabilities-leaves-admins-in-the-dark/8239
Security Firm Makes Noise About Microsoft Silent Patching
,----[ Quote ]
| Note that a policy such as this implies that
| Microsoft will not patch known, internally-
| discovered vulnerabilities if an externally-
| sourced vulnerability of the same or lesser
| severity is not available for the silent
| patch to piggyback on. They'll sit on it, and
| we won't know for how long because they don't
| document it.
`----
http://blogs.pcmag.com/securitywatch/2010/05/security_firm_makes_noise_abou.php
US government finally admits most piracy estimates are bogus
,----[ Quote ]
| We've all seen the studies trumpeting
| massive losses to the US economy from
| piracy. One famous figure, used literally
| for decades by rightsholders and the
| government, said that 750,000 jobs and up to
| $250 billion a year could be lost in the US
| economy thanks to IP infringement. A couple
| years ago, we thoroughly debunked that
| figure. For years, Business Software
| Alliance reports on software piracy assumed
| that each illicit copy was a lost sale. And
| the MPAA's own commissioned study on movie
| piracy turned out to overstate collegiate
| downloading by a factor of three.
|
| Can we trust any of these claims about
| piracy?
|
| The US doesn't think so. In a new report out
| yesterday, the government's own internal
| watchdog took a close look at "efforts to
| quantify the economic effects of counterfeit
| and pirated goods." After examining all the
| data and consulting with numerous experts
| inside and outside of government, the
| Government Accountability Office concluded
| (PDF) that it is "difficult, if not
| impossible, to quantify the economy-wide
| impacts."
`----
http://arstechnica.com/tech-policy/news/2010/04/us-government-finally-admits-most-piracy-estimates-are-bogus.ars
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwvT68ACgkQU4xAY3RXLo6T8QCgs4//AMCklEhp4bBzctpZv8xk
LVcAn2C4UB0hvolrjgdg8jwggynoj0OW
=6eiU
-----END PGP SIGNATURE-----
|
|
