Gates and Lasser on Palladium

A rather funny juxtaposition this morning - Bill Gates or someone with his signature stamp sent a spam-gram to pretty much everyone who receives any sort of Microsoft email: Bill only mentions Digital Rights Management in one throw-away sentence. And like most other spam, he promises it's a one-time mailing. On the other hand, Jon Lasser of Think Unix fame takes a harsher look at Microsoft's vision of a world where your computer is trusted against you.

Nice FUD but ... Re:Palladium is E-V-I-L

[gilroy]

Blockquoth the poster:

Of course, how many times has Microsoft been hacked? Not their misconfigured software set up by users in the field, but their truly important computers, the ones they pay attention to.

Never.

Hmmm. A quick search on google yielded:

• http://www.attrition.org/security/commentary/ms16. html : Including the Windows Update site -- which I suspect they "pay attention to".
• http://www.computeruser.com/news/01/01/25/news9.ht ml
• http://www.vnunet.com/News/1115617
• http://cert.uni-stuttgart.de/archive/isn/2001/05/m sg00028.html

Indeed, that first page includes the interesting fact:

This makes the 17th time a Microsoft Web site has been defaced including the corporation's global sites in Brazil, Slovenia, New Zealand, Mexico, UK, Saudi Arabia and South Africa as well as six servers from their corporate headquarters.

So I guess for Microsoft, "never" has the same definition as "always" does for their uptimes: some short duration.

Microsoft IP

[gwernol]

One of the ...ahem... interesting things Bill says is: "We're also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information or malicious code that falsely appears to be from trusted senders." (emphasis added)

Bob Cringley has written a couple of good articles on eactly this, the second related directly to Palladium. Check them out.

Cringley also has an article on the consequences of Palladium not working.