Slashdot Mirror
Microsoft Security Whitepaper
An anonymous reader writes "Microsoft last week published a document on its Web site that describes how the company manages security on its own 300,000 node corporate network. The document is basically a dry discussion of IT risk management strategy, with lots of references to 'asset classes' and 'stakeholders,' and about five, nearly identical 'cycle of life' type diagrams showing how one risk management strategy leads to the next and so on, in a never-ending process. However, the document does open a window on how the biggest, richest software company in the world does security: from the deployment of 65,000 smart cards (let's see, at $50 a piece, that comes to....?), to MS's admission that 'there is a medium to high probability that within the next year, a successful attack will occur that could compromise the High Value and/or Highest Value data class.' According to the document, that includes things such as source code or human resources data."
Or get an equally unobtrusive and effective plug-in for IE. Like this one.
A quick Google search ("russian hackers microsoft") comes up with:
0 52.txt
http://www.newsmax.com/articles/?a=2000/10/27/180
There's tons of others. It made a big splash on the tech news circles- and then was apparently promptly forgotten for some unknown reason. Strictly speaking, MS has already had one of their critical breaches they talk about and they couldn't have instituted a scheme like they're talking about in the timeframe from when this was discovered to now (i.e. It pretty much had to be in place or largely so because of the scope and scale of the effort in question...).
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Except that you forgot to mention that the "compromise" of the kernel never happened and the Debian compromise was a password issue and again nothing serious happened.
The difference between open source and closed source is that due to open source being so open the developers on it tend to trust no one. Closed source projects tend to be a little more lax because the closed nature of the project makes it easy to get sloppy.
No, its not really excessive. When I worked there, I usually had 4 machines for myself, in my office, and I did development work. Oh, and I had a laptop as well. Testers often used, many, many more machines.
Then add the build machines, servers, a laptop for many people, machines for temp/consultants, people VPN'ing in from home, and it easily makes 300k.
-- Ryan Watkins vamp@vamp.org http://www.vamp.org/
During the original Code Red incident, for a short time, the Windows Update webpage was showing "Hacked by Chinese Worm".
(There was concrete evidence of this but unfortunately I don't have it.)
Here it is.
For some reason you wrote:
"Realisticly, what is the point of trying to exploit linux? Why exploit the little guy when you can go after the big fish?"
Apache is the single most prevalent web server on the internet. Why then is it that hackers "target" IIS? Maybe because it's easier?
and decided to continue:
" they do employ some of the best and brightest in the world. I imagine some of you may not believe that, but I do."
Have you seen Balmer lately? The problem with working for MS is that, even though you may be smart your just wasting your time. Who cares that you can give a lecture on some brilliant way to link corporate data to business users if your entire architecture needs to fit into a proprietary MS 5 year plan for the enterprise?
MS has had 20 years and billions in funding and the best they can come up with is Windows XP. XP solves problems that Unix, Apple, X, NeXT, Amiga, et als. solved a decade ago. MS produces over architected under engineered gaming consoles that are'nt even compatable with themselves.
If your looking for "fair and balanced" where are you going to go? Read a frigin Windows rag if you want to "balance" Slashdot. I'm sure there are plenty of fine articles on .NET just waiting to provide you with hour of fun filled and objective learning experiences.
Kind Regards
"A few great minds are enough to endow humanity with monstrous power, but a few great hearts are not enough to make us w
Oh get over it already. It doesn't take 20 scripts and ten screens of typing to make an OS powerful or functional. Some 'power users' actually like the idea of using a couple of clicks to print photos or play music with the OS UI model.
Without dismissing the usefulness of a GUI I would argue that an OS that does not have a simple yet powerful framework for scripting and command based interface is not a powerful OS. Although GUIs can be useful, there are many tasks that are much more cumbersome with a GUI then with a command based interface. Compare the MS Windows graphical Find Files facility, with the UNIX find(1) command.
Anyway, personally I feel the GUI of Windows XP sucks. It sucks up more screen real estate for no apparent enhancement in usability over its predecessors. Of course a slack-jawed mouth-breather must think differently.
This reminds of DOS/UNIX people bashing all GUI interfaces in the 80's.
You show your ignorance by associating DOS and UNIX. The two have practically no historical connection and very little common philosophy. Where there is common ground, it is always a case of the later versions of DOS borrowing from UNIX (not the other way around).
Futhermore, GUI systems were developed on UNIX systems, including W and X, long before Mac OS and Windows.
Are we really back to the days of using words like WIMP and telling everyone that GUI's are inherently bad, or are we just saying that ones that are easy to use are bad?
You are overly sensitive. The use of the WIMP acronym dates back to Xerox and Apple. Its use was considered completely innocuous.
The open source world needs to learn a little about UI consistency and try to make things easy to use if any Open Source OS is ever going to be taken seriously on the desktop or in the home.
So What? I, and many others, have no vested interest in seeing Linux or *BSD succeed on the desktop (whatever that is). We use it because it works for us, nothing more. Anyway, Debian Linux has been used in my home (my non computer savvy family members) as what many would consider a Desktop operating system. As far as I'm concerned, Debian Linux is taken seriously on the desktop.
A little insecure are we?
Answer here.
Basically, it's an official report from a company/government meant to be released to the customers/public.
They're more fundamental than that. A buffer overflow allows you to execute code in ring 0 that would otherwise not be ran. This isn't the same thing as something like MS Blaster and it's ilk. Now, those were found the same way as the buffer overflow exploits, but they could have been even more easily found via an audit of the source code. Under Open Source, the code's looked at by MANY people- it's likely to be found and corrected. In Closed Source, it's not so likely and it's more likely that a code leak will result in someone else doing an audit and finding weaknesses and exploiting them.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas