Slashdot Mirror
Microsoft Sits on Security Flaw for Six Months
pmf writes "Yet another critical vulnerability affecting Windows 2000/XP/2003 has been just announced by eEye. It is worthy to note, that it took Microsoft over 6 months to fix it. The bug affects ASN.1 library and is remotely exploitable through authentication subsystems (Kerberos, NTLMv2) and applications that make use of SSL certificates." The AP has an overview.
Go bill!
Hmmmmm.... what exploits are the MyDoom viruses currently using? (i actually dont know, but i'm curious)
http://github.com/gbook/nidb
georgewbushlicksbigcocks@yahoo.com
jimrobinsonlicksbigcocks@yahoo.com
anncoulterlicksbigcocks@anncoulter.org
mattdrudgelicksbigcocks@drudgereport.com
first post!!! you lame assholes... I can post first because my XBox is a american product and my pride in my great country and my great XBox accelerate everything...
If only they would make games for that bitch... IAve played Metroid Prime and it ruled... I hope M$ will buy those japanese bastards and port Metroid to my great american console system!!!
Modded informative? You fucking morons.
the PHPs will not give up Outlook and PowerPoint untill there is a superior linux analog.
Are you talking about PHP 3 or PHP 4? Either way, I prefer mod_python for my server-side scripts.
Trustworthy Computing
Microsoft White Paper
Craig Mundie - Senior Vice President and CTO, Advanced Strategies and Policy
Pierre de Vries
Peter Haynes
Matt Corwine
Microsoft Corporation
October 2002
The following is a revised version of the paper on Trustworthy Computing we published in January 2002. It represents our synthesis of the vast amount of valuable input we have received on the subject since the original paper saw the light of day. To everyone who offered their thoughts and help: many thanks.
Why Trust?
While many technologies that make use of computing have proven themselves extremely reliable and trustworthy-computers helped transport people to the moon and back, they control critical aircraft systems for millions of flights every year, and they move trillions of dollars around the globe daily-they generally haven't reached the point where people are willing to entrust them with their lives, implicitly or explicitly. Many people are reluctant to entrust today's computer systems with their personal information, such as financial and medical records, because they are increasingly concerned about the security and reliability of these systems, which they view as posing significant societal risk. If computing is to become truly ubiquitous-and fulfill the immense promise of technology-we will have to make the computing ecosystem sufficiently trustworthy that people don't worry about its fallibility or unreliability the way they do today.
Trust is a broad concept, and making something trustworthy requires a social infrastructure as well as solid engineering. All systems fail from time to time; the legal and commercial practices within which they're embedded can compensate for the fact that no technology will ever be perfect.
Hence this is not only a struggle to make software trustworthy; because computers have to some extent already lost people's trust, we will have to overcome a legacy of machines that fail, software that fails, and systems that fail. We will have to persuade people that the systems, the software, the services, the people, and the companies have all, collectively, achieved a new level of availability, dependability, and confidentiality. We will have to overcome the distrust that people now feel for computers.
The Trustworthy Computing Initiative is a label for a whole range of advances that have to be made for people to be as comfortable using devices powered by computers and software as they are today using a device that is powered by electricity. It may take us ten to fifteen years to get there, both as an industry and as a society.
This is a "sea change" not only in the way we write and deliver software, but also in the way our society views computing generally. There are immediate problems to be solved, and fundamental open research questions. There are actions that individuals and companies can and should take, but there are also problems that can only be solved collectively by consortia, research communities, nations, and the world as a whole.
Setting the Stage
History
Society has gone through a number of large technology shifts that have shaped the culture: the agrarian revolution, the invention of metalworking, the industrial revolution, the advent of electricity, telephony and television-and, of course, the microprocessor that made personal computing a reality. Each of these fundamentally transformed the way billions of people live, work, communicate, and are entertained.
Personal computing has so far only really been deployed against white-collar work problems in the developed world. (Larger computer systems have also revolutionized manufacturing processes.) However, the steady improvement in technology and lowering of costs means that personal computing technology will ultimately become a building block of everybody's home and working lives, not just those of white-collar professionals.
Progress in computing in the last quarter century is akin to the first few decades of electric power. Electricity
I'm afraid AFAYKIVFOTS (As Far As You Know Isn't Very Far On This Subject.)
The tape delay was a decision CBS made on their own. The FCC doesn't mandate broadcasters using specific technology (outside of certifying transmitter equipment, antenna systems, and the like,) only requires the broadcaster to take responsibility for any "oopsies" that they broadcast. In order to avoid responsibility for future "oopsies" (and show they've taken steps to correct the problem Janet's nipple created) they self-imposed use of a 5-minute delay.
Who did what now?
(This gets really OT now...)
:)
:)
Thank you for this additional information
Would you mind giving me an idea of how much "taking responsibility" for an "oopsie" would cost, roughly, in dollars and/or PR deficit, for channels like CBS ?
Afterwards, would you like to elaborate further about the choice the channels still have under these conditions ?
(No flame intended, just looking for ideas).
Karma cannot be described by words alone.
You guys are so uptight about this nipple thing. Someone on UK TV said "F**king c**ts" with 12 million people watching, and only about 80 people complained.
Get your own free personal location tracker
Really, I don't think Janet would like Balmer to be her dance companion. Just look at those pit stains!
Karnal
$5 / month hosted VPS on linux = awesome!
If you check the "terms and privacy" link you can read that it is not a news story:
"Note: This is not an actual news story. This is the prologue to a Flash video game.
PSD TOOLS
END USER AGREEMENT AND SOFTWARE LICENSE TERMS
BEFORE YOU CLICK ON THE ACCEPT BUTTON AT THE END OF THIS DOCUMENT, CAREFULLY READ ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT. BY CLICKING ON THE ACCEPT BUTTON, YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CLICK THE "DO NOT ACCEPT" BUTTON AND DO NOT DOWNLOAD OR USE THIS SOFTWARE. PLEASE PRINT OUT A COPY OF THE TERMS OF THIS AGREEMENT FOR YOUR FUTURE REFERENCE.
This PSD Tools End User Agreement (the "Agreement") is a legal agreement between you and PSD Tools ("PSD Tools"). In this Agreement, the term "Software" means the "PSD Tools Instant Messenger Client", including computer software and associated media and printed materials, and may include "online" or electronic documentation. The term "You" or "you" means the company, entity or individual who is acquiring the license to use the Software under this Agreement. The term "use" means storing, loading, installing, executing or displaying the Software. "Computer" means a single computer which is not a server.
License Grant - Usage in General. Except as otherwise specifically set forth below, (a) PSD Tools grants you and you accept the non-exclusive, non-transferable right to use the Software in object code form only, on a single Computer; and (b) you may not modify the Software or disable any licensing or control features of the Software. You acknowledge that the Software may contains software procedures or other mechanisms ("License Enforcement Mechanisms") that enforce use restrictions and that may disable functionality of the Software and prevent access to data using the Software at the end of any evaluation period or upon violation of the terms of this Agreement.
Content. To the extent that the Software enables you to access (on-line or otherwise) materials, including goods and services, not supplied by PSD Tools ("Content"), you should be aware that such Content is the property of the applicable Content owner and may be protected by applicable copyright law. This License grants you no rights to Content. If any damages are incurred by PSD Tools, including but not limited to any fines, penalties, or legal costs, due to your failure to comply with any applicable restrictions on the access and use of the Content, you agree to indemnify and hold harmless PSD Tools and its suppliers and affiliates from and against any and all fines, penalties, losses, liabilities, damages, claims and costs (including reasonable attorneys' fees and court costs) arising out of or incurred as a result, directly or indirectly, of that failure. PSD Tools is not responsible for the Content and the use of the Software to access the Content does not act as an endorsement of any such Content. Your access to any Content is at your own risk.
Services; Modifications to Your Instant Messaging Client. The Software provides you the opportunity to access Content for no charge. In return for the right to access this Content, you acknowledge and agree that the Software contains additional software products provided to PSD Tools by its suppliers which will periodically deliver additional Content such as, but not limited to, advertisements and promotional messages to your Computer and programs that may alter your home page to offer you Content. In addition, the Software will interoperate with your current instant messaging client so as to permit the automatic sending of advertising messages originating from your Computer to your contact or "buddy" list regarding Content offered by PSD Tools or its suppliers. If you desire to stop this activity, you may elect to stop the messages by navigating to the "buddylinks.net" entry in your "Start Menu", selecting the "buddyl
Why TF mod this troll? It is an education on how to use HTML tags which many /. posters (seemingly) don't know how to use. It is not troll it is +++informative!