Slashdot Mirror
U.S. Gov't Planning To "Help Us" Secure Computers
BahdKo writes: "CNN reported today in this article that the U.S. government is working out a plan to help protect Cyberspace from attacks by "hackers and terrorists." This plan will include the distribution of government-provided software to help clean up insecure Windows installations. It's hard to picture myself executing government provided software on my workstation (we were supposed to be *increasing* the security of the PC's, right?)"
One more reason why operating systems should be less bound to a commercial entity and be more like a publicly funded/designed infrastructure.
slashdot!=valid HTML
I already installed that patch...
I'll not trust them until they install the same thing on their own PC's first.
It's almost like the US gov't has a list of things techies hate, and they're going down the list and doing each thing, just to piss us all off.
never let it be the governments job do a half-fast :) job of doing something for you when you can do a better job yourself! Keep them out of my computer always!
Anything you say will be held against you.
the gov't or micro$oft?
Anyone think its time us techies got together and voted these idiots out of office?
Eric Aitala
www.f1m.com
If ever the phrase "The blind leading the blind" applied, it sure applies here.
Is this the new Magic Latern distribution?
This comment is fully compliant with RFC 527.
Remeber that the government has released security extensions to linux already. so don't be to quick to beat them down. If the software they provide is open and auditable then why not?
[Please type your sig here.]
I wonder if it will be free (either way) and/or open source? I'd bet not.
Absolutely. After all, this OS has twice, or three times the amount of bugs posted to Bugtraq as does and Windows system.
Force Windows users to get a new Mac! Since BSD is dead, less people will be attacking it (Even though Jobs says there are 3x as many BSD boxes as Linux -- in your face Tux!)
mod this guy down, and let's move on, ok?
Maybe they could put the Internet in the same lock box they put Social Security in? Doesn't get any safer than that!
Linux IT Consulting and Domino Development in Michigan
So will I be installing the FBI or CIA patch....?
Decisions, decisions.....
Crapdot
News from birds. Stuff that splatters.
This just in ... US Government provides patches to Windows users that will disable their Windows operating system and replace it with Linux, in an effort to clean up insecure Windows installations.
The only setback is said to be the choice of Linux distribution to use.
www.timcoleman.com is a total waste of your time. Never go there.
Why home users? In my experience as a sys admin (and a "home user"!) its mainly companies that spread around viruses and are far more likely to get attacked than the average home user. Lets just hope this doesn't escalate and the government poses "requirements" that your PC must maintain....... :\
Isn't this one step closer to having parts of the OS controled by Big Brother? What next? Only approved programs will be allowed to be installed?
Or I will help disassemble
nope, not a troll, just paranoid about my constitutional rights is all...
I know one puppy who ain't installing that little patch...
--Keeping the flame wars alive, one post at a time
The effort has brought together some of the biggest names in business, including computer chipmaker Intel Corp., Chevron and Visa -- part of the group that helped create the standards and is encouraging their use.
So, these three mega-corps (among others. [like who]) are providing the USGov. with recommendations on how to secure W2K? Huh?
We can be sure that Intel, Chevron, and Visa are making recommendations that keep their own corporate goals at heart.
Try my nuts to your fist style!
Now, the general populus isn't paranoid about their gov't, but even so most people will balk at the gov't saying, "Here's some nice friendly software courtesy of Uncle Sam that we'd like EVERYONE to run on their computer. It, um, looks for flaws 'n stuff."
For myself, and I assume most of the geeks here, I'd want to read every single line of any code given to me to run by the gov't, compile it myself, and run it. Love your country, yes. Trust your country, never.
The only tool you've got against psychosis is experience.
Besides, isn't it Microsoft's job to make Windows secure? How about making them rewrite their EULLA to address security of user data etc. That should be the first step.
"The effort has brought together some of the biggest names in business, including computer chipmaker Intel Corp., Chevron and Visa -- part of the group that helped create the standards and is encouraging their use"
Holy fucking shit. I didn't know gas companies, credit card companies, probably some banks and insurance companies too care so much of a shit about my cybersecurity they're willing to coopt with the Pentagon to do it.
And what have these nimbots come up with. oooooh yeaaahhhhhh! some hardening instructions for Windows code.
Can I get a Wit-nesss!
Honestly this is muy lame-o. What kind of MS or other vendor driven crap are they going to 'certify'???? These wankers lead the known universe in their utter fucking indifference to what you or I want or need, so what do you think they're going to accomplish, aside of course for some more lobbying opportunities.
Boo-Yah,
But does that necessarily mean that the source is too? I think it does, but I'm just wildly guessing now.
[PowerPoint] is a tool for capitalist presentation
Why is it cool to think that the United States Government is out to spy on everyone and in general fuck things up?
Slashdot views are so far to the left that they've wrapped around to those of the ultra right Montana Freemen.
Because governent computers are so secure themselves... HA!
For more info, including pdf docs and downloadable programs, see: http://www.cisecurity.org/bench_win2000.html
Exterminate! Exerminate! EXTERMINATE...!
"Welcome to the USA-SECURE installation program. Please stand by while the installation wizard looks for security problems on your computer and fixes them."
[..30 seconds pass..]
[..BSOD appears..]
"An error has occurred in file MAGICLANTERN.VXD at 0000-00CF-B0E3. Press Ctrl-Alt-Delete to restart your computer."
then George W. will break it.
Thank you very much Florida.
Je t'aime Stéphanie
Was this the best way the Government could think of to distribute it?
www.slightlycrewed.com - Because aren't we all?
Isn't it ironic that a few days ago /. posted an article about how 1984 DIDN'T happen. Now the U.S. Govt is trying to make it happen? ;)
I think the word you are looking for is oxymoron, not redundant.
Time to emigrate to Canada.
After all Everything I know I learned by Ignoring Military Intelligence
Tcd004
Why is my tax money going to secure a commercial system???? Shouldn't they be taking this outta MS's $40 bill hide???
It's people's free choice to install and run an insecure system. And if they're stupid enought to do it, then they deserve the consequences of it.
Is time again for a Boston Tea Party style insurrection???
I don't forsee this initiative going too far. Most people barely know how to use their computers to send email or read Slashdot, much less secure their systems from attack.
On the other hand, if anyone is going to try to design such a package of software, I imagine that the NSA knows their stuff pretty darned well. They have been advertising security-enhanced Linux on their website for a while now. I've never tried it, so I can't testify to its usefulness.
Sharpies don't just sniff themselves.
So basically I can open up my computer to anybody in the government who wants to see whats on my computer. I might as well call up the CIA/FBI and ask with they want to come over and spend the weekend.
More Attacks on Linux than Windows
it's an old joke any damn way.
Cretin - a powerful and flexible CD reencoder
Forgeting for a second about any paranoid feelings we might have about what the govt wants to put on our computer.
Can we expect every software house that writes incredibly insecure software in the future to get a free security patch from the govt. If so, that could really cut down on the programing time for everyone in the future if we don't have to worry about security and just let the govt put out tax dollars to work!
This is the best Windows software for time synching I've found. It's free too!
s .h tm
http://www.boulder.nist.gov/timefreq/service/it
1) insert windows boot floppy
2) a:\format c:
3) insert linux install cd
4) restart
5) install linux
6) boot computer
7) repeat #6 as long as you own a computer
* NOTE: those who run any sort of *NIX already (eg Linux, *BSD, Mac OS X, Solaris, HP/UX, etc) can skip driectly to #6, just don't forget to configure your firewall.
"The chief enemy of creativity is 'good taste'" -Pablo Picasso
http://www.cisecurity.org/
And to clarify alot of paranoia,
These tools were built in conjunction with the Federal government, major manufacturers, service providers and academia. The are basically scanners that look for the most common vulnerabilities on systems. And no, you're not installing an NSA/CIA/FBI/TLA backdoor onto your system.
The gov't is going to spend tax money making Microsoft secure? after declaring them a monopoly?
Exit, pursued by a bear.
From the makers of Carnivore, comes a new an exiting new product! ...
What I would like to see is Government "grants" to better security at other federal and state agencies like universities, police departments, DMVs, etc. Then open it up to businesses and whatnot. My Unv would love to find a grant to help offset the costs of a good security solution. Our physical security is a joke. Odds are, you can walk right through our office, into our server farm, take a server, and leave with it with minutes, hours, maybe even days to spare before someone even notices it's gone. A grant to help pay for a keycard system and remodeling to accomadate heightened security would be great.
And I feel pity for whoever you guys that are.
So let me get this straight. They're saying "download and install this software, which looks for security problems that are most commonly caused by users being too lazy to download and install software (updates)". Does anybody else find that amusing?
Unix is user friendly, it's just selective about who its friends are.
Everyone knows to _NOT_ be a terrorist you need the NSA patch. Oh wait, Windows comes with it? nevermind.
http://www.extremetech.com/article2/0,3973,386905, 00.asp
Love the country, yes. Trust the government, only when appropriate.
[o]_O
Shaun
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
> (we were supposed to be *increasing* the security of the PC's, right?)
;)
;)
I mean if the government was that incompetent, we'd already know who really killed JFK, right?
At any rate, I happen to work for the government, and I've also held a few commercial jobs, and speaking on a reletivity scale, the government network has a much better security model than any place I've ever worked.
They also have a fanatical security "reaction" team that enforces security policy, scours vulnerability lists, and watches logs daily for signs of intrusions. When that apache hole came out a few weeks ago.. they gave every website at the facility about three days to fix it, otherwise they would start black hole-ing ports of machines running unpatched servers.
Now whether we're an exception or a rule I'm not qualified to state, but the government isn't quite as stupid as you're suggesting.
Did I just read that right? The US government reckon Windows is so insecure it represents a threat to national security? Billg's lawyers better start deciding what to spend the overtime payments on.
Time is an illusion, lunchtime doubly so.
Dateline: March 19, 2003
Today the government ordered all TIPS volunteers to carry class 4 rated wire cutters (from GH Defense Inc., $399) and to cut all connections to computers suspected of being involved with any activity they think is not OK. Full story at 11.
Okay, jokes about Windows bugs and government inefficiency are probably warranted. But when all is said and done, I don't mind this idea, at least in concept.
The need for a central source for security updates and patches is extremely glaring. I noticed this during the recent Apache exploit's publicity. I wanted to patch my installation, but I had no idea to whom to turn to get the patch. This is a big problem for all computer users, both at home and in business.
So, we accept the necessity of a central source for bug fixes and security patches. Now who will do it? Personally, I'd be more willing to place this responsibility in the hands of our government, which has no ulterior motives, than in the hands of some greedy business.
Let's not throw the baby out with the bathwater here. And if we need to play it safe, we might want to consider saving the bathwater, too.
Karma: Good (despite my invention of the Karma: sig)
Funny how this remind me Metal Gear Solid 2. US Gov distributed a Y2K patch that was then used to control the internet... Is it me or ---> Reality is now like a big video game ???
This could be a good thing. Standardized security platforms that help PCs to be just that: Secure is a good idea. Now there are so many routes to go for a "Secure system". What is secure for one person/business is totally unacceptable for another. If the government stepped in and gave everyone a "All-In-One-Grand-Security-FireWall-Intrusion-Alar m-Type-Program"(tm), users could then have "acceptable" security. Yea, I know. How the hell is the Gov't supposed to know what security means. But it would be better than it is now. It seems that 90% of the people I know have no idea about open ports or filesharing.
Anyway, back to the point: Hopefully this discussion won;t turn into a bunch of people yelling (and getting modded up for yelling) "Big Brother-Ware! I'll Never install this."
Trust the Gov't a little. This might be what it takes to get Average Joe Blow User to stop sharing his C drive on the phone company's DSL network.
flogger
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor
If MS is really serious about security (ahem), why don't they do this themselves? It would certainly help their reputation, and would fall in line with the *new* corp. responsibillity that good 'ol GW is talking about.
And then I woke up!
That someone that won't take the effort to keep his system patched, won't run zonealarm or virus scanners, and happily contributes day after day to the sircams, iloveyou's, melissa's, and others, but THIS someone will take the initiative to run the government's software. How is THAT supposed to happen?
:)
Of course, if they bundle it with Kazza, it might be effective. Heavens only knows, a good percentage of the computers in the world install all the spyware crap, it couldn't really hurt any more. All security aside, I have my own problems with running government software on my personal computers, but thats beside the point.
-Restil
Play with my webcams and lights here
I'll take a "hacker" inside my pc over the government anyday.
You're right. But there is no +1 Important.
Since I already fucking paid for it!
"And like that
This is fucking great! I wonder if one of the million Stalin-esque informants will help me install this software?
I mean, it's really good that the same government that busts into a house, shoots an elderly black man, and then realizes the grand drug bust was supposed to go down across the street is going to help me secure my homeland. Yeah, I'm enduring my fucking freedom more and more every day!
Dominion
Sooner or later the government will force Microsoft to insert it into the operating system.
Didn't the NSA already have a backdoor?
All that Microsoft has to do is incorporate this as a patch to one of their numerous security fix and your tagged.
Your choices will be leave you PC with the security hole or install the patch. It will be up to you to decide.
I understand the reason but I do not understand the execution. Ignoring all "magic lantern" issues, this is just the wrong way to fix it. The government and some companies (Chevron??!) are going to audit the security of Windows, find the flaws and distribute a program to alter it so they are fixed...
:)
This is easier than just asking Microsoft to design a secure version of Windows? Come on, you already found them guilty of being a monopoly, perhaps a nice sentence would be "make a secure version of Windows".
If Windows insecurity is such a threat to homeland defense, shouldn't the government be cracking down on the company making the laughably insecure software? Or perhaps simply not using it since it is (by the government's own admission) insecure?
Or just demand the source code and distribute their own secure version. It worked with NSA-Linux
Finkployd
Can someone please tell me why this is not the responsibility of Microsoft?
Have there not been many discussions about increased liability for fscked up, insecure software?
I've downloaded and looked at it, but I haven't really brought myself to install it.
I'm sure it's legit through and through, but my Orwellian tendancies flare up when I think about patching the kernel of my machine with something developed by one of the most secretive organizations on the planet, whose primary job is snooping on everybody and everything...
It's really not the place for the goverment to encouraging people to start installing goverment sanctioned patches. If your a goverment agency, that's a different matter. What the goverment should do is lean very hard on those who are providing unsecure software and enviroments.
Here's the problem I have...
The Senate and House of represenatives are way too friendly with big business (read: DMCA/SSCEA), this includes the current administration as well... What this means is that I don't trust them to not put all kinds of provisions to entitle them to stomp all over my civil and constitutional rights based on the premise that they're doing the common good... 'cause their not, they're merely ensuring that the current regime keeps it monopolyies.
Yes Francis, the world has gone crazy.
Who cares if joe blow shares his c drive? Does that affect the national security of country? I think not... Of course this is going to be BigBrotherWare, and most Americans are gullible, complacent, dumb, or just ignorant and will let this shit happen. I'll be lmao when in 5 years this "recommendation" becomes "mandatory".
Who is going to pick up the tab for this soon to be debacle?
Aiigh! This suddenly reminds me (particularly that juicy, slurpy opening quotation) of those old '50s propaganda items like Appreciate America, where "patriotism" and "being a good American" (whatever that means) are automatically equated with "doing your part" (not incidentally what everyone else is doing).
So let's all be good Americans, well, those of us who are Americans (--points finger--), and spy on our neighbours, secure our piece of cyberspace, and whatever else our fearless leader says we should do, because then those damn Commi^H^H^H^H^Hterrorists won't be able to eat us all up as we sleep in our (all-American) beds at night.
Theme music: "Exhuming McCarthy," REM, Document
I'm not a geek, I'm just a clever script.
so the US Government wants to distribute software patches to stop terrorists and *hackers*, i'm sure this software will include a backdoor to be used by the fbi, cia etc for purposes of 'homeland security', now with a government controlled backdoor on every windows machine what do you think the special intrest groups are going to do, the RIAA and MPAA already tried to sneak some sort of permision for a virus that destroyed pirated media files onto the counter terror bill or whatever, i'm sure with enough soft money they'd be allowed access to this counterterror backdoor and wreak havoc on any windows box they wanted, and i'm sure the government would love it if M$ started shipping windows with with their backdoor software in it all over the world... (coherent post disolves into wild iluminati conspiracy rant)
"Sic Semper Tyrannosaurus Rex."
Incorrect.
All government developed software is *NOT* public domain.
Propping up that such poor 'down-on-its-luck company'? I think that the government should FINE Microsoft for each standard hole that each customer out there has; not fix the problems for it using public money.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"Wow, so I can bring my computer up to government standards?
Sorry. I prefer to set my standards MUCH higher.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
Not fully if it's just a Binary, but in the Windows world often a Binary is the only option, and I'd put more trust in a Binary from the Federal Government than in some "Secure Win" Binary I downloaded off a free beer software site or even bought from a company that I hadn't checked out throughly.
Quemadmodum gladius neminem occidit, occidentis telum est
"Windows Update is downloading critical security updates and service packs to your computer. Time remaining: 2 hours, 34 minutes at 53kbps."
[Clicks "Cancel".]
(The above, of course, applies to MS operating systems.)
*Begin Sarcasm*
The government? Trying to help... the People? What's the catch?
*End Sarcasm*
So often people seem to treat their relationship with their government as a monarchy: word comes down from on high, we pay taxes to be protected from other kingdoms, and we pay them or they will do mean things to us.
Maybe it doesn't speak well for the government but its odd how that when the government tries to help people seem to think they are lying.
Have things gotten that bad?
What is music when you despise all sound?
"from attacks by "hackers and terrorists."
Enough statements like this and there will be no effective difference between the two.
Watch out, script kiddies: first you could get the death penalty, now you may not get a trial.
Alas, Babylon.
"This plan will include the distribution of government-provided software to help clean up insecure Windows installations."
so they will be providing *nix install disks?
This plan will include the distribution of government-provided software to help clean up insecure Windows installations.
Clean up eh? And have a poke around at the same time, no doubt. Hmm...
J
Some of us run OLDER versions of Windoze (NT 4.0, for example). Is the government gonna help us, or is it a conspiracy to get everybody to fork over more bucks to Macrosloth?
<SARCASM>It may also violate the EULA Bush agreed to by opening the shrinkwrap on Microsoft's campaign donations, so it probably won't be happening.</SARCASM>
O.K. guys... I work for the government in a IT capacity. I just went through training on what these security updates are supposed to do. They were developed by a certain three letter company based in Atlanta in cooperation with the Department of Defense/NSA. If you download them and look at what they do it makes sense. Stuff that makes perfect sense in the *nix world like making sure that the last successful login doesn't appear after that user logs out in W2K (and therefore giving a potential h4x0r a login name) People might think that it is malicious code designed to run on a Windoze box to give a back door to your system. I would say to them that you should never accept or run programs/reg hacks/anything else from a company or someone you may or may not know without understanding what it does. I know what these "security baselines" do and have no problem applying them to my home machines (for my wife and kids of course - I am the linux geek in the family) So - flame away!! :)
I got a chance to tinker with the beta firewall product that the US Gov't is developing. It's obvious they spent a lot of time on user-interface so that the general populace will be able to fight cyber terrorism. Check out this screen shot, you'll see what I mean.
So let me install the same lock on your door and my door...I get to be the only one with the key :D
Does anyone else see this as the Government cleaning up Microsoft's mess. Microsoft makes really bad code to be first to market that needs patch after patch to update then Uncle Sam picks up the tab to make sure everyone updates.
Install as many firewalls as you want, plug every hole in your system, scan every port you want. You can only make organizational systems secure to a point.
When the chips are down, social engineering is the hole that no patch can fill. What good is an invincible system for which tech support can be tricked into giving the password?
Secure is a good idea. But even the government has different levels of security.
My personal web server does not need triple DES public key kryptography with kerberos login via retinal scan, key fob and password. The computers that initiate missile deployment from our nuclear subs probably do.
But the core question is this: Why would yoo advocate spending taxpayer $$ to fix the problems caused by a greedy predetory monopoly because of their low (lack of) corporate morals?
If Ford sold billions of cars that the economy relied on, and those cars where known to frequenly cause traffic jams that disrupted or crippled traffic flow, should we the taxpayer be forced to pay for repairs/upgrades to those cars?
Article X: The powers not delegated... by the Constitution...are reserved...to the people
...a program developed by Arthur Anderson accounting will soon be released to Quicken and Quickbooks users concerned about flaws in their bookeeping systems.
This is my post. There are many others like it. If you don't like what you read here, go try one of the others.
combined with operating TIPS is a bit scarey....
Suck had a great article on "Scare quotes". They almost seem amateurish these days.
Rather pathetic to see them in an article like this; seriously, we expect Microsoft to do sneaky and scary things with their software, and everyone's on the watch for it. If we find something, there are no repercussions on them at all, it seems.
If the *government* were to be caught doing something sneaky on people's PC's, there would be a *huge* stink, heads would roll, etc.. Unlike Microsoft, they *are* accountable to the public,j especially with something as obvious as this. They're not stupid enough to put spyware or backdoors in stuff. With the slashdot crowd out there, they'd be caught in a second.
Anyone who's really worried about this has watched too many x-files episodes. Go out for a walk, get some fresh air, dudes.
Love many, trust a few, do harm to none.
I thought the gonvernment had already released such software.
I keep trying to write something witty and insightful, but I keep getting scared thinking of installing gov. software on my computer and the only thing my fingers type is...BAD, VERY, VERY, BAD.
Abiit, excessit, evasit, erupit.
hahahahahahahaaaaaahahahahhahahahh
Got friends?
Incorrect.
All government developed software is *NOT* public domain.
The AC is right on this one - all government-developed software is most assuredly not PD.
You are running Windows, and you feel that running a program from the government reduces your security?
Think about it - if the ONLY backdoor your Windows machine has is Uncle Sugar's, you are doing pretty well, what with all the Trojans, spyware, viruses, and bugs.
www.eFax.com are spammers
will do. Otherwise I'll be off into some sort of paranoiac rant, black helicopters, aliens, secret societies...
That is a fact that has been widely recognised by most security proffessionals and people that take computer security seriously.
For example banks do not use secret algortighms for their communications. They use well known algorithms so the mathematics community can examine them and point out any problems.
Another example - computers games. They are usually closed source and yet almost every famous multiplayer game has been hacked.
So no closed source doesnt give you much security.
Open source would provide much more security because it would allow every one to check the code and correct mistakes.
Don't blame Florida.
Blame the puffy, middle aged guys named Chuck who think that the right to own firearms is the only civil libery that matters, since it's the only civil liberty you can use to make an exciting loud noise and put holes in cans.
Blame the old people who don't understand the modern world, and as such believe all of the knee-jerk blame laying that demagogues spew out on cable news channels 24 hours a day.
Blame people who see the whole world in moronic stereotypes. Blame the people who think that speech ought to be free only when it matches their own opinions. Blame the people with severely outdated understandings of capitalism who believe that big corporations can self-police and the market can self-regulate. Blame the people who are so cowardly that one terrorist attack which kills a few thousand people is justification enough to toss our most valued rights out the window. Blame the people who think that the flag (and not the hard-won liberties it symbolizes) is sacred. Blame the people who think that their religion should be forced on everyone, and think the founding fathers secretly wanted it that way despite rather obvious evidence to the contrary.
Most of all, then, blame an education system that doesn't teach people how to think in an objective or independant manner. Blame parents who don't teach their kids to evaluate information or ask questions.
But don't blame Florida -- those ballots were pretty confusing.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
"It's hard to picture myself executing government provided software on my workstation"
Don't worry. They'll grant Forgent a patent on all pictures of you NOT executing the government code, for security purposes. You will only be allowed to picture the above-mentioned process as all other pictures of you will be proprietary.
A security recall will be necessary so you can have the new jpeg-filtration chip installed in your head, but the government is confident in their ability to perform this surgery due to the recent rallying of public monies and support for increased security projects.
Hmm... So along with protecting us from aliens, maybe the "Men in Black" will also run Windows Update for us too? ("Was that a security update?", "Nope, just a weather baloon." *flash*)
Ahhh I remember.. I just got divorced. I've had a vasectomy. I won't come in your mouth. I'll respect you in the morning. and finally the #1 saying: I'm from the Government, and I'm here to help you! 'nuff said?
1. Seat warmer George W. Bush
2. President Cheney
3. President-Vice Rumsfeld
Check out the Center for Internet Security where you will find posted the new Win2k and WinNT standard benchmark. Interestingly enough, there have already been benchmarks for other systems, such as Linux.
Come play Moral Decay!
1) insert windows boot floppy
2) a:\format c:
This makes it almost childishly easy for the government to identify terrorists and hackers. You pick your side: either install the software or join the Axis of Evil. The Evil Doers *will* be hunted down and captured.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
Simple rule of the thumb:
- Hacking is legal, it's done by hackers.
- Cracking is illegal, it's done by crackers.
I hope some journalist readsa few years back i downloaded all the rainbow books (at 28K, that was a big deal) and perused them.
has the government discontinued or updated that series? it had some good info on securing large scale computer systems such as those in big buisness and the banks as well as infrastructure control systems.
Suppose that most computers are insecure. The (MS)OS gives up the HD to anyone who asks,users won't apply patches, the admin is an idiot, whatever.
The Feds are already wherever they want to be and I think that they would rather be the only ones there. I still want to keep out the rest of the world and the Feds want to help. How could this be any worse than what we have.
The really paranoid (or sensible) people will use strong encryption which is more to the point.
All your database are belong to U.S.
All your database are belong to U.S.
They're releasing this software to check how well their backdoors inside America's Army worked. Duh!
It occurs to me that when security tools such as nmap, or crack or airsnort or SATAN come from places OTHER than the government, they are seen as threats to Internet security. Some people in government even want to make them illegal.
But when the government itself comes out with software to expose security holes, it's called the "Gold Standard".
What gives?
-------------------
This is my SIG. There are many like it, but this one is mine.
Anyone who would run this software on their computer deserves whatever they get.
Here it is.
Ali
Ph33r m3!!!
How about the perl script it runs? If anyone bothered to prowl around the site, they'd find that the binary is a wrapper to run a perl script and that there are instructions to run the perl manually from your very own secure and audited interpreter.
Technically, you're correct, all govt. property is owned by the public. So, technically, Area 51 is public property, but that doesn't mean you're going to get a tour of the place. That would be a security risk, and in the eyes of whatever govt. agency that developed this software, releasing the source would be too. In fact, I'd bet that reverse engineering it would be considered an act of terrorism.
If you don't have anything nice to say, shut up you stupid prick.
That is not entirely accurate. All government developed software may wind up as public domain, but I would guess that most, if not all, of it will not be available for at least 20 years after it's written. If all the software (and especially source) was public, we'd have some major security holes and exploits possible. Just think about it.
We've got gov't programs running major systems (though NT on Aircraft Carriers, IIRC). A lot of gov't created systems are running gov't machines. Much of the software is so specialized that it's probably not much use to any of us, but there's a few pieces that if crackers got a hold of would be disastrous.
Just to illustrate this, one of the guys I worked with (he left, maybe a week after I started) had worked with the DoD before working here. Me, being the inquisitive student, asked about it. He told me that most of their programmers and engineers don't know what they're working on. The engineers get told, "build this part," not "build this part for this machine."
Programmers are treated more or less the same way. They're not told to write a program. They're told to write a class, or maybe just a function. They aren't told what they're working on, just to code. The higher ranking/clearance guys then put it together.
So, eventually, yeah, maybe we'll get to see the code. But there is a lot of classified stuff in the government. You don't get to hear about everything.
And, correct me if I wrong, we don't even get to see the code for the America's Army game, do we? Of course it wasn't developed by them, just for them. Thoughts?
besides the docos and exes, there's the perl script which the binaries wrap and instructions to use that directly. see the FAQ -- http://www.cisecurity.org/bench_FAQ.html#2.4 -- "I'm concerned about running an untrusted binary on my system. Can I run the benchmark test without running the cis-scan binary?"
/usr/bin/perl, change the first line of tester.sub ("#!/usr/bin/perl") to use the appropriate path name.
/opt/CIS/tester.sub
A:Yes. The cis-scan binary is really a simple wrapper program which has been linked against a copy of the Perl interpreter library (libperl.a) so that sites can run the tester without installing the Perl distribution. cis-scan simply runs the Perl code in the tester.sub file.
Assuming, your system already has Perl installed, you can run tester.sub directly with only minor modifications:
1.Edit the tester.sub file and locate the line which reads
sub tester {
Add an additional line above this line so that the file reads
&tester();
sub tester {
2.If Perl is not installed on the local machine as
3.Save your changes to tester.sub and exit the editor
4.Execute tester.sub directly by running
Thats what they should create instead of making it MS easy, instead of MS doing its job let the US goverment do it.
:)
Not that i care. 1 i dont live in the US, 2 i dont use MS products.
Quazion
According to many online sources (e.g. the U.S. Copyright Office or Lawnotes), works created by the U.S. Government are not copyrightable. However, the government can aquire copyrights for works created by others.
Oxymoron would imply that Window$ is actually secure. The point of the joke is to point out that it is not hence, redundant. But thanks anyway. No one else seems to understand it either. Oh well...
If brevity is the soul of wit, then how does one explain Twitter?
Wow, so I guess anyone who believes there's room for improvement in the federal government is a terrorist! Wow, how can we trust a government or a culture that labels reformers as terrorists? They don't trust us, we don't trust them, so they don't trust us.... Something's got to give.
Sounds like the government is trying to co-opt faith for itself.
Isn't it bad enough that they've started using the word "terrorist" for anything and everything that disagrees with the status-quo?
-- thinkyhead software and media
can Microsoft be sued if terrorits use holes in M$ operating systems to do cyberspace attacks that can cause real victims? ..thinking about the death penality introduced for "hackers" guilty of death of people via computer attacks..
on the other hand, YES I KNOW that gnu/linux, BSDs, etc. have holes, but who're you going to sue for linux? the owner of the name 'linux'...? Or maybe m$ cannot be sued because of their EULA that denies any responsibiliy...?
funny..
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
"(we were supposed to be *increasing* the security of the PC's, right?)"
How long ago did the NSA release their security templates for Windows 2000? In that time, have there been any documented rootings of a Windows 2000 machine that is using said security template? Anyone?
They are not copyrightable, but they may still be secret. Suppose software used to develop new weapons were public domain?
First of all, I'm not an american, so you decide my bias...
This may sound whiny and naive, but, really, when you think about, this would help a lot. At least that's the way I see it. Cryptographic signing, secure communications, the whole lot.
Looks like they just want access to the US citizens' computers, even if the intentions seem good on the surface.
Well, that's what I think, anyway.
If the Government about security it would stand behind OpenBSD. How many YEARS without a root exploit?
And not just stupid but fanatically dangerous, at least as much so as those they are attempting to whip up hatred and paranoia against. At least those guys had an honestly held ideology, rather than just a policy of screwing everybody simply for more personal and institutional power, bigger budgets and further promotion.
Oh great ... now I'll have >100 U.S. Government CDs laying around ...
Will they pack them in tins?
FTHI (for the humor impaired): This is a spoof of AOL, this is only a spoof. Move along there is nothing else here.
Karma? Karma? I don't need no stinkin' karma.
Ignoring people's opinions on the quality of any security scanner Microsoft might develop, isn't the Baseline Security Analyzer pretty much the same thing? And it's only made by one shadowy evil coproration, instead of many shadowy evil corporations AND the shadowy evil government!
Rock over London, Rock on Chicago. Wheaties: Breakfast of Champions.
How about the government fixing the problems and charging Microsoft for the cost? I wouldn't trust a Microsoft solution for the problems they created themselves. If the problem is really as serious as the article author wants us to believe, a serious and hard-working government would impound the Microsoft source code and contract a team of experts to create a solution.
I wonder who came up with this "bright" idea... In my opinion i *might* do (none/one/many) of the following: 1) Run Gov't@Home seti clone for NSA's cause 2) Provide Feds with some inforamtion/backdoor 3) Provide means of updating XP with bogus licenses? 4) Make all thinking people more paranoid than one can image?
Clipper XP
karma capped
The Government can't even secure their OWN computers ... Why would any semi-intelligent person even allow them to try to secure their's.
Blame the puffy, middle aged guys named Chuck who think that the right to own firearms is the only civil libery that matters, since it's the only civil liberty you can use to make an exciting loud noise and put holes in cans.
For the most part, I agree with you, but not with this crack about firearms. If you where trolling, or being sarcastic, I'll bite regardless.
It may be the only civil liberty that matters, because as armed citizens, it allows us to preserve all the other civil liberties. The world, or our nation, is not so utopian, so full of people looking out only for their brethen, so lacking in criminals, as to allow us to disarm ourselves.
Criminals prowl our streets. But they do so with far less frequency in areas where even a 20th of the population is likely to be armed (florida-they still go after tourists- Vermont, New Hampshire, or, for the Europeans out there, switzerland.) The police have no obligation to protect you (see Riss vs. New York City)so you must protect yourself. The surest way to do that is to own a firearm, and know how to use it.
Our government is infringing on our rights more each day- being a low user number slashdotter, I'm sure you've been reading about the DMCA and it's ilk for quite some time. How long before our own government becomes as oppressive as Great Brittain was originally? Betcha it'll be a lot longer- if ever- as long as the populace is well armed. Incidentally, the United Kingdom now has the strictest gun control laws in Europe- and the highest violent, confrontational crime rate. (Google cache of Boston Globe)
Gun Restricting laws protect no one but criminals, because only honest people obey them. If someone is willing to ignore laws about theft, rape, and murder, what makes you think they'll obey gun laws?
The right to live includes the right to defend one's life effectively. This was once best done with a spear, then a sword, then a musket, now a handgun. The right to defend our lives against the lawless, and ourselves against tyranny, ensures all other rights. Without the natural right (listed, not given by the 2nd Amendment) to arms, all your other rights are disposable at the conveinance of criminals or the ruling class.
Karma to Burn, do your worst moderators
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
This confirms what I humbly call my 'circle theory'. In essence, anything pushed to an extreme wraps around and becomes its own opposite. Witness the macho man, who works out shirtless with other men and hates women, we think of him as a super-male, but he is so male, he becomes a homosexual.
Capitalism, especially in the US, combined with your taste for religion, has turned into communism.
Where to flee? the more rational among you ask. Canada? Hardly. We're the US' little lapdog, the annoying little curly-haired with the high-pitched yelp kind.
No, you have to go where circle theory has also had time to work, but from another starting point: RUSSIA. That's going to be the next great country to live in. Russia needs YOU to make it a great country.
Let the US become increasingly insular and insane. There's nothing you can do with a mental patient the size of a country anyways.
Even if I was running the world's most insecure operating system, which waved it's little electronic "tool" in the face of every hacker, skript-kiddie, and 733t-wannabe out there on a continual basis ...
THERE IS NO WAY I AM GOING TO RUN GOVERNMENT MANDATED SOFTWARE ON ANY COMPUTER I OWN.
I will destroy my computers first, as painful as it might be.
That is my final word on this subject.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
Think of it this way: AOL made it a point, for the longest time (they may still be doing so), to plaster everyone they could think of with CDs via mail. There's no reason to assume Our Government would be any different.
In both cases, the solution is the same, and you don't even have to take the CD out of the mailer.
First, place the whole thing in a microwave oven and blast it for about three seconds. Next, mail it back to Lord Protector Ashcroft with a note explaining that you'd found a virus on the disc, and that it has been destroyed to prevent the further spread of such.
If nothing else, it'd be good for the amusement value.
Bruce Lane, KC7GR,
Blue Feather Technologies
Why can't you just use the already provided NSA guidelines to secure your windows machine.
"i'm with the government, i'm here to help" Janet Reno -- Waco TX 1993
Aside from the obvious removal of privacy... Ever think that this could be the culmination of EVERYTHING?
*fade to an office overlooking Capital Hill*
Congressman 1: What are we going to do? We've got so many things we've got to do before the next Congress... There's Microsoft, that wants us to stop bugging it about its bugs and monopoly and instead make it illegal to write open-source code... There's the RIAA/MPAA that wants us to make sure that only RIAA-representatives assigned to every households can unlock a CD for a single play after paying them $200... And there's the whole "terrorism" thing so we can take away privacy...
Congressman 2: I've got the solution to all of our problems!
Congressman 1: Eh? What?
Congressman 2: How about... We spend millions of tax dollars to code something that allows us to look at everyone's data on their hard drive, and monitors for any sound card and video card activity whatsoever... Reporting that to the MPAA and RIAA so they can charge people for it!
Congressman 1: Sounds good... But I'm not sure we could get it through all the angry protesters...
Congressman 2: I'm not done yet! I'll get to that! First... We need to make it Windows-only...
Congressman 1: I'm listening...
Congressman 2: Make everyone have to PAY for it...
Congressman 1: This idea is sounding better...
Congressman 2: And make a law requiring that this specific Windows-only software be installed on every single computer, RETROACTIVELY! Regardless of whether it has Mac OS, Linux, or Windows! Or else they'll be put in jail for 5 years...
Congressman 1: It's still missing something though...
Congressman 2: Let's tell everyone that it's a patch for Windows that will make it more secure!
Congressman 1: THAT IT! Brilliant my esteemed collegue! Simply brilliant! Let's bring this up in the Senate tomorrow! They won't be ABLE to say no!
Nowadays, in the post 911 days it seems, as fas as computers are conserned, you are either a hacker or a terrorist, but what has happened to the straight forward criminal doing computerfraud?
Maybe a hacker hacks computers,
a criminal steals computers,
and a terrorist blows up computers.
These are such confusing days...
Privacy is terrorism.
well stated; glad to think that reason still exists somewhere. thanks for taking the time to write this.
if i'm a grammar nazi, you're an illiteracy nazi.
I'd be more worried about when they require everyone who accesses the internet to be running thier "security" program.
Remember, kids, the fire department works for the government, too. Just think about what they're really doing when they bust down your door and trash the place just because there was smoke pouring out of the windows.
I'm just trying to figure out how they trick people into plugging 10 computers into one outlet in the first place.
(Note: this is a backlash against the paranoia above. The government is not out to get you. Some parts of it will do things you don't like, and you have a right to complain. Other parts actually do Good things. They're all trying to do the Right Thing, but sometimes they fail really miserably.)
The recommendations would not be mandated by law, Clarke said
For now. Until govt. sites get hit by DOS attacks from unsuspecting users who got infected while downloading updates from Windows Update.
There is way too much room for abuse from both the users and the authorites.
From my experience with security, centralizing or creating a standard program like that creates one point of failure of the whole security system.
e.g one could create a similar program and send it unsuspecting users...
What they should do is create a standard guideline for the likes of M$ to create efficient methods of updating and patching software. If they don't adhere to the standards, fine them heavily.
Who was that; the KGB?
I like how the gov sets this up as a "help service" for people. Created by the CIA, NSA, and "Private Corporations". Must be really good software.
Hmmm... Isn't a Trojan Horse supposed to look appealing?
Then they prattle about how they want the "Vendors" to be responsible. Who pays?
We make the bugs, they ship them. They don't need a bill for this either I bet. No wrangling around in a senate because it is a good for them thing.
Nice manuevering by the gov and corps. Doens't anyone understand why they get to take the money? Because they are "Smoove" enough to be able to get at it. And we are all sheep.
Line up.
Thanks, Steve
Actually, you can file a FOIA request for any gov't software, including source code. As with printed documents, they can either blank out sensitive information (leave out code) or deny the request for national security or privacy reasons.
I print, therefore I am.
/.
I was working at an aerospace center that Shall Not Be Named, doing various things related to testing missiles and preparing for a rain of thermonuclear death on the dirty commies (now superseded by dirty sand-nxggxrs).
This suit from Lockheed comes in, and says "Let me see the checksum on your disks". To which I cogently replied "whurahuh?"
The suit self-importantly explained that when the Navy did tests, they first performed a "checksum" on the data storage devices attached to their data acquisition systems. By comparing the checksum to a number he had cleverly kept in his wallet on a soiled scrap of index card, he could tell that the insidious Reds had not tampered with the system in order to mislead God's Own Nation.
A light went on, and I said "Oh! You'd like a cyclic redundancy check code to be used on all the system and testing code, to ensure that change procedures are adequately followed! We can do that, I'll do some research on the algorithms and whip something right up for you."
"No!" the suit cried, "I want to CHECKSUM the DISKS, not the PROGRAMS! I must have a checksum of everything, to ensure the safety and security of America! And don't try to hoodwink me with your technical mumbo-jumbo, I'm an ENGINEER!"
I (patiently and tactfully, I thought) explained that this was impossible - I was quite familiar with the systems the Navy was using, and there were highly volatile swap areas on the hard drives that changed constantly. I even (unwisely) attempted to explain that checksums were nearly useless, and that what most people meant when they said "checksum" was ECC or CRCC, a more useful technique.
The suit stormed off to report my recalcitrant incompetence to my boss. My boss called, and asked me what the hub-bub was about. I replied, to the best of my remembrance, "That idiot wants to make sure the test environment doesn't undergo unaudited code changes or random bit-rot. I can provide the level of security he wants, we just buy a nice Mosler safe, sink it into the concrete bunker wall, and give him the keys and combo. We label a full set of disks 'lockheed' and let him keep them in the safe when we aren't doing Lockheed tests."
The boss said, "That isn't what he wants. He wants security just like the Navy does it. Give him his checksum."
I got annoyed, and pointed out that anyone with physical access to the systems could readily substitute a program that simply printed out the same number every time.
The boss said, "Now you're getting it. What do you think the Navy does?"
"Every American relies upon cyberspace and every American has to do something to secure their part of cyberspace," Clarke said of the plan, which will be released September 19 in Silicon Valley. . . Clarke spoke to reporters as well as government and corporate officials to announce government-wide standards for securing Microsoft's Windows 2000, the most commonly used operating system for government and corporate computers.
I'm doing my part. I'm using a Macintosh.
Laws affecting technology will always be bad until enough techies become lawyers.
I bet it comes with lots of extra cool features like "Magic Lantern" and a nice little utility that searches and catalogs all potentially illegal files on your hard drive. Even a phone home program that reports suspicious activity! Wow, I'm just dying to have this on my computer! Especially with the government's concern over its citizen's civil rights, freedoms, and privacy despite the war on terror.
In other news today:
Multiple flying pig sightings reported...
IRS desolved...
Congress votes itself a paycut...
Blizzard conditions reported in Hell...
God kisses Satan; onlookers applaud...
Shall I go on? Think about it; who's security is really thier top priority?
Any sufficiently advanced influence is indistinguishable from control.
they want World Domination, Control of all things Monetary, even your labor potential.....
It has been a long time since a political agenda was not transparent as well...make as much money for your corporate master as possible...
errr....umm...*whooosh* *whoosh* Is this thing on ?
To all the libertarian and Ayn Rand-obsessed morons who think that corporations are the end-all and be-all to the worlds problems and exist to keep the government in check, please go away.
Quite frankly, the government IS accountable to the people and DOES have to pay the penalty when they do something Bad. When MS does something bad, 94% of the computer-using public just has to bend over and take it. (The rest use a Mac.)
Although it smacks of scary conspiracy theories and trojan horse monitoring programs, the government CAN'T do something like that. The US Government is not Kazaa. It will not install Gator on your PC. This is not a hidden backdoor to allow Carnivore to track your every move. Do you think something like that could remain hidden for ANY length of time with the amount of scrutiny this program will receive? No.
And if it turns out *to* have a monitoring program in it, stand up for your rights (if you're a US citizen) and VOTE. Call your congressmen and senators. Bang on their doors until they explain themselves and do something about it.
Quite frankly, I'd install this over the next version of Windows Media Player any day. Who knows what random shit MS will try to do with that...
Hire a Linux system administrator, systems engineer,
Want bugs out fast? Call The Man!
An Orkin Commercial which struck me as funny in light of this story.
If it was free as in beer (or speech), I'd give it a look. They can't make my windows xp install any less secure than it is fresh off the cd, and I don't think they'll install some sort of evil spyware. Not saying I'd keep it, though, just because I don't really havy any need for better than marginal security, and this if this is anything more than a registry-tweaker, if it's an app than runs in the background, I probably won't want the overhead.
I'm the stranger...posting to
Well, other than 'classified' stuff, isn't it usually released into the Public Domain?
And about the Army game, they don't really own the code to that. The engine is licenced from Epic Games, so it's not really theirs to distribute.
[PowerPoint] is a tool for capitalist presentation
You apparently never got a security clearance. It IS the FBI's job. So there.
It sounds like a really good idea.
But with the constant abuse of the word 'security' by both companies and lawmakers when it's used in the context of DRM, sharing and creativity, I'm not sure if the program could be trusted.
Unless they release the source, of course, because then we'll find out if they're doing what they're saying.
Blame the old people who don't understand the modern world, and as such believe all of the knee-jerk blame laying that demagogues spew out on cable news channels 24 hours a day.
Blame people who see the whole world in moronic stereotypes.
Although I may agree with many of the sentiments of the parent post, I must ask--does anyone else see the rich irony of opening the message with the first two statements above, only to follow with the third...?
~Idarubicin
I quit! Now my tax dollars are going to pay for software to protect Windows from their own shitty design!
Some days it doesn't pay to get out of bed!
I have been reading today about new tools that hackers are delivering for Windows users as well as Linux such as a way of encrypting files inside GIFs or BMPs. And new P2P ways of going through WWW.
Would anybody comment about the peekabooty project?
Rwe obliged 2 save our future by choosing:O3 hole-greenhouse effect instead of accepting everydays gossip-nonsense chat?
Or are the terms Hackers & Terrorists becomming more closely related in recent days?
How long before hacking becomes synonomous with terrorism in the Media?
And who is then next?
Insert something insightful here, or I'll insert something painful there.
Umm.. if all govt. software is public domain, then where the public accessiable source for the project Carnivore virus brought to you all by the FBI in the name of "National Security", the spyware installed unknowingly on various system to "Monitor for illegal activity"? Keep in mind people that your govt. dumped biochemical weapons on their own people during Vietnam. You think YOUR best interests are at hand with their new "Secureware"?
I have used file sharing software.
I have purchased illegal drugs.
I have snooped around my university's computer system when I was younger because I was curious, even though I probably shouldn't.
I have made a joke about the sobriety of the pilot on an America West flight.
I also am a patriot and love America. Why the fuck does the government, media, and corporate world keep wanting to throw me in the same catagory as a bunch of psychopathic assheads who fly airplanes into buildings?
The Internet is generally stupid
you need to brush up on your trollin' skills, young padawon.
We're from the government and we're here to help...
We are talking about the most massively unAmerican activity since voluntary compliance income taxes. The government wants me to install software on my computer, specific to a certian insecure comercial operating system I don't trust to begin with. No fucking way. At any rate, I happen to work for the government, and I've also held a few commercial jobs, and speaking on a reletivity scale, the government network has a much better security model than any place I've ever worked
They got M$? They are incompetent, fanatical or not because they can not possibly autit all of M$'s massive core of crap, nor can they trust the tools M$ provides them. M$ has no security at all.
This new uberpatch will NEVER accomplish it's stated goal. IT WILL BE A CARNIVORE that uses your machine's cycles to do it's dirty work. There's an obvious cure for this, the use of free audited operating systems. If they would come out and advise that I'd be much much happier, and NO I don't need your stinking secret patch.
Remember the fourth amendment? You know, security in your personal papers and effects? This is NOT the kind of security the the bill of rights had in mind.
Mr. Ashcoft, I call on you to remember your oath of office to uphold the constitution of the United States of America. Let me remind you exacly what you swore to uphold:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
This should scare the ever lovin' crap out of lots of people when the see what a pullulating dish of agar their office, SOHO and home systems are.
Its not just M$, (though people will be throwing a few of these out the window when they see sheer size of the system "vulnerability list",) but this should be part of the connection "pre-flight" process for everybody who is connecting to the net.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
OpenBSD
I can't believe they think that yet another uber patch is going to fix Windoze. We all know the answers, and we all know that the ablsolute worst freaking securtity possible will come from a monoculture of M$ junk. This is NOT an honest move and it indicates that someone is serious about nationalizing computing through M$ .NET, Paladium/dongle hell.
Yes, now is the time for hysteria.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
You may notice that OpenBSD now claims "One remote hole in the default install, in nearly 6 years!" If OpenBSD utilized an SE Linux type security system, the remote exploit from two and a half weeks ago would have been far more limited in its scope.
Security Enhanced Linux was the motivating factor for the security framework being incorporated into the 2.5 Linux kernel. I would hardly consider that a waste of my tax dollars.
With a low number like 255371, I figured you have been reading /. for a while already, no? Or did you find that account in a crackerjack box? Security thru obscurity isn't. When are people going to get this? Also, other replies mention blanking our portions for security reasons - that would be the sensitive data, it shouldn't really be the code/method that is blanked.
Works produced by government employees on government time are effectively public domain. However, this does not require the goverment to distribute copies of such works. It just means that should you somehow acquire a copy of such a work they can't sue you for copyright infringement should you make copies of it.
Works produced by government contractors are not public domain, even if the government paid for their production.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Hey, I have a better idea... Why don't ENGINEERS WRITE SOFTWARE THAT DOESN'T HAVE SECURITY HOLES. In this rare case, the intrusive government is actually doing something to help individuals overcome the problems created by programmers. HORAY for the government that I bash on such a regular basis, and shame on programmers who created the problems in the first place.
;)
BTW, You don't have to explain to me why engineers don't have time to write solid code, its all about making a living. But, don't you think that MS guy who made thousands of servers vulnerable could have spent a little less time downloading pirated porn and a little more time reviewing code?
Well, you're absolutely right, with the guns people are allowed to purchase now, your average citizen would stand no chance against artillery or light armor. You might want to consider, though, how likely it would be that anyone would order domestic artillery or light armor strikes, no matter how difficult the situation. But it's late at night, and I don't feel like arguing that point right now, so I'll move on.
Firearms are tools, Period. They can be used for self-defense, for crime, or in some historic events, revolution. The history of the US, and the history of Switzerland, and now even Israel, show that honest folk are the majority, and the more of them that go around armed, the less crime there is, or the lesser the impact of it. (armed Israeli citizens where instrumental in stopping a recent machine gun attack at a shopping plaza. Armed El Al employees stopped the July fourth attack at LAX, not any US cops or TSA employees)
So if you think that Concealed Carry Permit holders should be licensed like drivers, I agree with you, provided they are licensed exactly like cars.
1. There are no restrictions on the possession or use of an automobile on private property. You can let your twelve year old son drive your F-350 across the family farm if you care to. The F-350 need not be registered or insured, though you'd have to pay taxes on it. The same should be true for guns- no restrictions on the possesion or storage of any reasonable firearm on one's own private property. (I happen to think reasonable is anything short of Anti Aircraft Batteries. Think it's crazy? The swiss allow their citizens to own anti aircraft guns. Your line may be different.)
2. Licenses are issued without question to all who qualify.
3. Associated costs are not so high as to prevent those who may need to defend themselves the most- poor inner city folk, for example.
4. A Concealed Carry Permit in one state is valid in any other.
5. There are no waiting periods associated with purchasing guns, nor any limit to the amount of guns one may purchase.
6. Operating or brandishing a firearm while intoxicated would definatly be illegal.
As for the brady bill saving lives- the Journal of the American Medical Association seems to think they haven't done a thing: "Our analyses provide no evidence that implementation of the Brady Act was associated with a reduction in homicide rates. In particular, we find no differences in homicide or firearm homicide rates to adult victims in the 32 treatment states directly subject to the Brady Act provisions compared with the remaining control states."
Full text here
Based on that, I would have to say that the Brady Bill hasn't stopped any domestic disputes from turning into murder, Unless you find the AMA to be less than authoritative in matters of public health.
I personally think that waiting periods are actually more dangerous to women, as if they know they are in imminent danger from an estranged husband or boyfriend, they are unable to arm themselves. A woman with a gun can stop an attacking man. A woman without a gun stands much less of a chance, as most men are physically stronger and larger than most women.
Quoting Jacob Sullum from reason online (only because he says it well)Supporters say a waiting period allows potential murderers time to "cool off." But anyone who leaves the scene of an argument, drives to a gun shop, buys a weapon, loads it with ammunition, and returns to kill his interlocutor can hardly be said to be acting in the heat of the moment.
I was going to post alot more, then I realized you're in support of handguns for self defense, so if I prattled on, it would be pointless.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
Given debuggers and disassemblers, people are going to "read" it anyway. But there's no sense in them being spiteful about withholding source.
DNA just wants to be free...
You'll need to boot from clean boot media that wasn't in the machine at the time of installation.
Otherwise you could be booting a modified kernel that would hide any changes made.
DNA just wants to be free...
This should be a valid option in any election. If the majority of people want to live free in 4 year increments, then so be it.
If you aren't hiding anything then why do you care? Only bad people care about hiding something.
Sir llort
I would rather sand-paper a bobcat's ass in a telephone booth than install "government approved" software on my systems.
No thanks, I secure my own systems.
The example for programming is not the norm, but an extreme case your friend told you to impress you. In my experience, if you're working on a program for some DoD project, you're either cleared and mired in it or your uncleared and stay 100 feet away from it. In the few cases where it's possible, you could be doing something like what you mentioned, working with the parts that seperate are unclassified until they are brought together. I've done that once, but not because I wasn't cleared. I just didn't understand it. :-D
Or maybe that's just with the FFRDCs... but I thought they did the majority of the DoDs engineering work.
But anyway, yeah most code doesn't see the light of day not so much because the DoD is involved but that it is "owned" by the RDC or the group within the DoD that was responsible for it. In the case of the RDC, there's no legal requirement to disclose the code at all to the public, but the sponsor (DoD) can still check it out.
Black holes are where the Matrix raised SIGFPE
Hi, I read some book on internet and unix security put out by o'reilly and IIRC there was some security-related audit software the government had then (Spring 2000). It came in a binary form so I was a bit suspicious but nothing wicked became of it.
To think, the system is so fucking scared that it will resort to good ol' spying in the name of freedom. How long will it be till they take the bite that proves to be their last? They know that someday there will be people with the guts to throw a monkey wrench in the gears and they want to stop it before it happens. They might achieve some part in their plan but thay can't get us all. It is my firm belief that they will get what they deserve and the victors will stand strong and proud. Thats if it is really spyware cause you dont really know till you see the source; But I can't get over this not trusting the goverment thang that plagues me...maybe im just nuts. Oh well, back to reading Marx and dreams of utopia.
I once caught my nemesis watching me through a window but to my surprise it wasn't a window...it was a mirror.
I believe software published (not stuff developed for in-house) is "open source" (cuz of FOIA I believe). The gov't can't copyright products, but it can get patents.
This is what decompilers and the strings command are for. You'd be amazed how much you can learn about what a binary does by running the .exe through a decompiler and just leafing through the symbols. You might think most apps strip all useful symbols out, but it's not true. You can have yourself an old school literate programming session and leaf through the binary code like a book, if you have a few assembly references handy and limited understanding of addressing modes.
.exe, it's not like you _can't_ ever know what it will really do when you run it. You just need some time, some tools, some brains, and some nerve.
So even if the file is
Democracy. Whiskey. Sexy. Pick any two.
well, sir, I live in switzerland, I was born here, and can probably be considered a typical swiss guy. And as that typical swiss guy, I must tell you that the general opinion towards the US' gun policy is: "funny, but in a tragic kind of way". It is correct that almost every male between 18 and 50 is forced to have an assault rifle with ammuniton at home in switzerland. It is also a fact, that every gun holder has to practice the use of his gun once a year, or pay a rather large fee. Nonetheless, carrying a gun when you are not rewuired to by law is widely considered embarrassing. Hell, I even find it embarassing to carry my gun when I'm doing my yearly military service. By most of the population, guns are seen for what the are: necessary evil for people working in security, and phallic compensation for those who carry them volontarily. Please do not compare the numbers of government enforced guns possesions, with actual private gun purcheses, which are quite rare in Switzerland. The US is obsessed with guns, and you should know that most of the civilized world is laughing at you, and waiting for you to grow up.
...communism is a good idea too.
Criminals prowl our streets. But they do so with far less frequency in areas where even a 20th of the population is likely to be armed (florida-they still go after tourists- Vermont, New Hampshire, or, for the Europeans out there, switzerland.)
I almost snorted coffee up my nose when I read 'Switzerland'. Let me explain something to you, and please think about it because it may help you realise why the rest of the world finds the USAs attitude towards guns really sad and frankly bizarre. Switzerland has a low crime rate mainly because the Swiss people are good, honest, non-violent people. The requirement for men to own a rifle is so that Switzerland can defend itself in the case of war. They do not carry the rifles around with them but keep them locked up.
. . . when it's a Bill Clinton cigar.
Oh yes, specially military, classified software.
you fscking asshole DON'T click that link!
if you didn`t already get it, a part of the american govmt is the holy M$.
time someone stood up and dropped a bomb on them (wordplay-wise)
Bet me $50 that whatever software the IRS uses to run its computers, it isn't public domain.
Someone you trust is one of us.
WHat they released was a security template that amounts to the minimum that security experts have been advocating since roughly the dawn of time. The babble Clark was talking about (I really hate it when poeple old enough to be my grandparents use buzzwords like cybersecurity instead of information security or computer security, it makes them sound like dotcommies without a clue) is just political fluff. Without funding, visiblity and a plan of execution nothing will happen in a government program, it's a law of nature. As for the template, I'm still evaluating it, but so far I think it's a decent thing to put on a w2k pro box/ std image especaily if you do work for the gov. I'm just glad to see the government actually doing something security wise that will benift the smaller civil agencys and administrations.
Spyder
if the government released the source code with the program, then I might be inclined to install it. I would want to know what they are doing before running it.
I atteneded this breifing, the gold standardis just a document that was put together by SANS, NIST, CIS,and the NSA showing (step by step) how to set up good security on your machine. The only software talked about in this briefing was a read only tool to verify your settings against the GOLD standard. This is something that all government system admins will have to follow when deploying machines to their clients, and is being released publicly to help private users secure their own machines.
I think this is a joke. Microsoft should fix their own security holes, and if they can't they
are liable. Or... the public should switch to a real Operating System like BSD, Linux, or OS/X.
What a joke.
From the article on CNN: Keeping your home computer's antivirus software updated is not just sensible -- it could be a way to demonstrate your patriotism.
I love this way of life. Actually, patriotism makes it's way down to everything americans do. I think cleaning your teeth will soon become that much patriotic too. This will of course piss of Bin Laden, who's teeth are so yellow and smelly! F00!
Honestly, I'm very happy for Americans, because they still know what patriotism is. I'm typing this from Israel, which has always been meant to be a patriotic country, built solely upon patriotism, but IMHO it just fails to keep it's feet on this patriotic way! Look at how the society is split up between right & left, russian & jewish, etc.! I bet there's no such thing in th US, cause after 9/11 people got connected with each other by patriotic ties which don't need any sort of propoganda! I know how every and all Americans felt that day, and I've seen those pictures on CNN showing people in New York who saluted the firefighters. This really rocks. So now back to securing American computer systems - it's just the same thing. Those "firefighters" would now be governmental hackers, who'll actually do the work of securing the cyberspace, and this IS patriotic!
By the way, don't think this would affect your privacy, even if the Big Brother would like to watch you masturbate in the shower. Gee.
Not anymore. They tossed those rules and replaced them with rules that say they can decide to sell the IP rights to a private company who CAN patent/copyright.
Democrat delenda est
Maybe it's just me, but I'm not rich and neither is anyone in my family, nor do I hold a high position in a multi-million dollar corporation. I have no history of shady business dealings and I do not have to gloss over my past to avoid scandal. I am not an elitist hypocrite who seeks to take things away from the little people while keeping them for myself. I do not suddenly change my thoughts on "the issues" so that I'll become popular with a new group of people. And so on, and so on, and so on...
No, the elite of this plutocracy are not like me and I doubt they are like you either.
Is ArmyOps the first step. I have not been assasinated / bombed yet. Or maybe they are analysing my game stategy so when the seals arrive, they will know my every move..
Mind you, I am English, so being shot at by the American Army is nothing new.
Why would Uncle Sam want to force M$ to secure windows, when it presently allows 'us' access to 'enemy' nation's boxen? Let's just fix ours! (Isn't that what the NSA is all about?)
- vidic0n
Volvo, Video, Velcro - I came, I saw, I stuck around
Man, things have just gone downhill. At least in the days of George Bush Sr. we knew that we were safe from broccoli
"Live Free or Die." Don't like it? Then keep out of the USA
Gun Deaths != crime.
:
Allow me to explain.
According to the United States FBI and Do Health & Human services, in 1995, there where 13,790 firearm homicides in the US (about 5.51 per 100K). The same year, there where 18,503 gun suicides in the US, or 7.4 per 100K. Why guns? Because they're a very effective way to kill oneself. People who are intent on killing themselves will do so with the quickest means possible.
Don't believe me? Ask your beloved Japan, who had a suicide rate of 16.72 in 1994 International Journal of Epidemiology (1998)
Now, our total homicides (a category much clearer than the deceptive gun deaths) of 5.70 is still about 4 times higher than England's 1.41, but not 34 times higher, as your numbers might suggest to the uncritical reader.
So you feel safe in Europe, huh? How about london? Where you're twice as likely to get mugged, robbed, or assaulted then in New York City?
Quoting the Weekly Standard
The same pattern can be seen throughout Europe--indeed, in much of the developed world. Crime has recently hit record highs in Paris, Madrid, Stockholm, Amsterdam, Toronto, and a host of other major cities. In a 2001 study, the British Home Office (the equivalent of the U.S. Department of Justice) found violent and property crime increased in the late 1990s in every wealthy country except the United States. American property crime rates have been lower than those in Britain, Canada, and France since the early 1990s, and violent crime rates throughout the E.U., Australia, and Canada have recently begun to equal and even surpass those in the United States. Even Sweden, once the epitome of cosmopolitan socialist prosperity, now has a crime victimization rate 20 percent higher than the United States.
Americans, on the other hand, have become much safer. Preliminary 2001 crime statistics from the FBI show America's tenth consecutive year of declines in crime. While our homicide rate is still substantially higher than most in Europe, it has sunk to levels unseen here since the early 1960s. And overall crime rates in this country are now 40 percent below the all-time highs of the early 1970s. In 1973, nearly 60 percent of American households fell victim to property crimes. In 2000 (the most recent data available), only about 20 percent did. Among the economically powerful democracies in the Group of Seven, only the Japanese now have a lower victimization rate than the United States.
Great Britains own Home Office, with a vested interest in preserving the status quo, shows that the US, with it's lax gun control laws, has less crime. And that using categories like 'property crime' and 'violent crime,' which clearly indicate that it's one person commiting a crime against another, contrary to your "Gun Deaths."
Also, none of this has mentioned how often guns are brandished or used to prevent crimes. (A legitimate gun death- where someone acted in self defense- would not be listed as homicide)Defensive gun uses have been estimated anywhere as low as 4.32 (National Crime Victimization survey) per 100K to as high as 103 (Dr. Kleck, Florida State University). If the truth lies in between, as is likely, the presence of guns offers a net benefit to society. Defensive Gun Uses include instances where simply brandishing the fire arm was enough to deter the criminal, and other instances where the criminal was shot)
Now, the article I cite goes on to list other reasons why the US crime rate has fallen, outside of firearm possesion. All things being equal though, I would much rather have the option to defend myself, my family, and my friends with the most effective means available- a firearm. Your gun control clearly doesn't make you any safer.
Also, if you think only cops should have guns- in the US, Police shoot the wrong person 11% of the time. Private citizens do so only 2% of the time.
I think I'll keep the loose United States gun laws, thank you, and you Europeans can laugh until the armed thug knocks on your door. Natural rights exist regardless of how bizzare you think they are, and you're better off exercising them then not.
Set. Bump. Spike. Thank you, come again.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
IMHO: If we really need to "secure insecure windows installations" then why doesn't someone put together a consortium of white-hat's to find holes and more descretely have them patched up? Hey, and image that...they could make a living do it. Get paid. That's the American way, now isn't it?
Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
Molotov Cocktails tend to make short work of armor. Artillery is just as vulnerable to infiltration and sniping as it is counter-battery fire. If it is mobile artillery, see "Molotov Cocktail."
The danger from an armed populace isn't that they have massive military might; it is that you cannot determine who is or isn't an enemy. Artillery and guided missiles are no longer your enemy; the guy delivering the produce for lunch mess, or the girlfriend of the unit's LT, or the Eagle Scouts who accidently hiked through your camp become the enemy.
Of course, as anyone working with security knows, having the source code ONLY helps you crack a product if the product wasn't developed with security in mind, and using a reasonable security paradigm.
If you use a reasonable key system, just having the source shouldn't let you magically hack into it (although it will help if that key system is flawed).
OTOH, if you use a complex scheme like XOR (as certain monopolistic companies who shall remain nameless have done in the past)... then I guess you're pretty well screwed either way.
Blame people who see the whole world in moronic stereotypes.
At least you're willing to take responsibility for what you've done.
Hmmm, this seems really stupid. Consider an analogy: you buy a car, many instances of said car turn out to be a road hazard but you are driving it on the public infrastructure (roads), does the government give you stuff to fix your car? No, they tell the car manufacturers to clean up their act ... maybe instead of helping us they should be busting M$ chops for providing dangerous products -- get rid of the no-liability-for-software clause for all software sold without access to the source.
actually, I blame Nader.
The Kruger Dunning explains most post on
Anyone else thinking their 'cleanup mechanism' is gonna be Carnivore?
[insert witty comment here]