Slashdot Mirror
Trojan Built for Industrial Espionage
xPertCodert writes "Some of the largest Israeli companies are involved in the major industral espionage case, in which private investigators implanted specially crafted Trojan horses on the computers at unsuspecting companies in a bid to obtain priviledged financial and technical data. Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors"
cunt.
Did it involve an exploit?
maybe such incidents will start companies (and Microsoft in particular) to start taking spyware more seriously
how often that goes on here.
I would like to think it doesn't, really. But I'm sure it does.
Pretty Pictures!
spies are more likely to do industrial espionage compared to spying on gov'ts. it is apparently a lot easier to get info from companies about gov't plans (through contracts, ect) than trying to spy on the NSA or CIA
but then again, this is what i have read, so take it for what it is worth
This is why security products suich as firewalls, AV, and spyware scanners need to be open source .. now come on .. everyone knows Checkpoint is a great firewall .. if they open sourced it it would be more popular. I think some are skeptical because it may have had a remote exploit in the past (can someone confirm?) .. that the conspiracy nuts say was deliberate.
I am not a script, but why did I have to type "fkmafwi" to prove it?
Did any of their officers graduate from Stanford or Harvard Business School?
But...carefully worked out plans!!!
*puts on tinfoil hat*
I like the smooth transition from Industrial espionage to M$ bashing. Next up on /.. Mothra versus 50foot Bill Gates: Who'd win in a Tokyo downtown duel?
http://www.nsa.gov/selinux/ Security-Enhanced Linux!
By its verry nature, a trogen is a program that APPREARS to be good but has an evil payload. once again, the problem is gullible users and/or techs and/or admins. not windows per-se.
that this investigation will end up with no results, or blame some 'hostile' third party that had nothing to do with it.
(By the way, what's up with the unreadable "show you're not a script" images? Give us an 'I can't read this' option...)
-5 flamebait -5 fucking moron editors who will post whatever garbage sounds good to them no matter the credibility or lack there of
I thought that Trojans were programs that pretended to be something legit but weren't. Other than finding them and putting them in a list of programs to delete in a virus scanner, is there a way to be "secure" with these?
If the company you are tailoring these trojans to runs Linux, aren't you, as the evil terrorist hacker, going to tailor the trojan to run on Linux?
Send 90% of the CEOs out there an email that says 'click here for a free iPod!' and we all know what they're going to do, whether they run Windows, Linux, or OS X.
Pulp Audio Weekly - Geek News and Reviews
>Given the current state of Windows security and
/. consumption!
>advances in spyware, probably any company has
>become a very easy target for such spy attack
>from competitors.
Oh, and I almost missed the point!
Yes, Windows sucks!
It is truly pathetic how these, sometimes interesting, articles nearly always descend to the lowest common denominator suitable for mass
Goddamn trolls.
What has the Windows OS have to do with that?
Unless you've got a firewall to detect or block outgoing connections (there are many good firewall utilities for Windows clients, BTW), you'd probably end up the same way with any client infested with spyware or Trojans.
Did they name it Project 2501? And was it secretly created by the Ministry of Foreign Affairs?
So the mods are mothra fanboys eh? How about something non-partisan like Giant Squid versus Bill "Aquaman" Gates: Who gets the key to Davy Jones Locker.
Smart people shouldn't have that kind of data on a computer that could be attacked by spyware. Keep it on a network segregated from the internet and you keep it to an insider-only problem.
Microsoft sees spyware as an opportunity for profit.
The dangers of knowledge trigger emotional distress in human beings.
Mod down he's just pointed out /. groupthink!
A dissenter hisssss!
Anyone on this thread who points out that the article was heavily biased should be modded down!
After all the article was flamebait in itself!
I'm sure glad I don't rely on closed source products for my security needs. :)
spies are more likely to do industrial espionage compared to spying on gov'ts ... easier to get info from companies about gov't plans
That's actually fairly insightful, I think.
But that view led me directly to this conclusion. --> Since "the citizens" work for the companies that have the government contracts, in principle this means that AT LEAST PART of the citizenry can see the machinations of government despite the veil of secrecy.
Well, if some of the citizens can see the facts, shouldn't all? Ie. perhaps this is halfway towards properly open government?
The usual objection of "but then the baddies will see what we do" holds no real water in a world that is, for all intents and purposes, ruled in very large part by one superpower.
If the entire scandal was percipitated by Bezek (the reigning ILEC/MaBell of Israel). Bezek was complacent about the coming of the cell phone in the early '90s and was so late to the game that it's practically a non-player.
To the contrary, Pele-Phone trademark name actually became Israeli "xerox" - every cell phone is called a "pelephone" in the vernacular. So if Bezek wanted to hurt the ungrateful competitors' market share, the trojan scandal would do nicely.
Any fool can criticize... And many do.
j00z!
The Israelis have an active military relationship with the Chinese.
The Chinese (including those in Taiwan) are experts at creating spyware, viruses, and other malware. The Chinese military simply shared some of its technology with the Israelis.
... for companies to take seriously apple and some GNU/Linux flavours ...
I have to face dozens of infected pc's every day in my university, all having services like RPC Helper, or Workstation Security Manager etc. And don't start there are ways to avoid this. There are, but they are impractical to admins and users!
On the other hand there are more benefits in apple platform than drawbacks IMHO so I suspect a serious rise in market share could come. This can happen only if people act reasonably = low chances in this management driven world :(
the doc
To quote a poster when the above is pointed out. "According to your logic, it doesn't matter if you store millions of dollars in cash under the bed, since a safe is also vulnerable to break-ins."
Ignoring the facts that security is a process, not an absolute, and technical solutions to social problems are hard. Ultimately all solutions can be twarfted, given enough time and resources. The goal however is to make whatever they want difficult enough to get, that when they do get it, it'll be worth nothing.
Were this technology to be used against the USA, would it be considered terrorism by the Bush administration? Indeed, it is well-known that the the current regime will not prosecute Israelis for crimes, and if anything, is willing to participate jointly in such acts (ie. the illegal massacre and rape of Iraq).
Cyric Zndovzny at your service.
just like uplink
I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps. When you get into linux desktop users, security takes a lot of work and attention.
Mine is Good
That Israeli companies have created sophisticated Trojan hours should not be surprising. Numerous reputable Western news sources have reported that the Israelis have been supplying weapons to China. You can find the news articles on Google.
So now Slashdot is exploting the ancient prejudices of "The Jews" and "The Yellow Peril".
What's next? Will Cmdr. Taco appear in blackface?!
....Isreal , the Jews..
Aaron seems to be a good sounding salesman that a good night sleep would overcome.... and I bet Moses knew this about his brother..
To read the Torah, its clear there was much volcanic activity going on of which the events of nature would lead to a logical sequence of events that any knowledgeable person would see comming. As it seemed Moses did, and then took advantage of it.
The country of Israel only exist out of deception of which the US helps to support.
How is it that such a country can exist and with nucular arms? Birds of a feather flock together? (WMD in iraq?? Show me!)
This all pretty much put into proper perspective of what the article is on about. A minor issue distraction? must mean they are up to something more profane?
The Torah is more human oriented and honest (you can more easily see acts of deception) than other religious work, even more popular than it.
When you have deceived everyone in the world, and such deception is a way of life for you, there is always one more to deceive..... yourself. A house fighting against itself will fall.
Maybe this article is good news...
He's a troll, he posts in every story and posts that same link, whether it's relevant or not.
GNAA exposes the dangers of hiring Latvians
Impi - Associated Press, South Africa
GNAA's wish at expressing its displeasure at the re-election of the American lap dog Tony Blair embarked on a plan to demonstrate its frustration to the world.
It was decided to strike at the heart of the American kennel in New York City, the UK consulate. After careful consideration and deliberation by our great executive leaders it was decide that Areems was expendable.
Timecop, blessings be upon him, approached our Latvian charter and recruited Areems for this glorious endeavour. Areems has a history of failure and extreme uselessness; this was his chance to show the GNAA and the world that he was capable of great things.
Unfortunately he could only find a fake hand grenade which was discarded in his bedroom after a webcam orgy session with fellow nigger bedpan.
It is with immense humility that we apologies to all our brothers across the world for the destruction of a flower pot. Areems will be summarily executed and Latvia flushed.
About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.
Are you GAY ?
Are you a NIGGER ?
Are you a GAY NIGGER ?
If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America and the World! You, too, can be a part of GNAA if you join today!
Why not? It's quick and easy - only 3 simple steps!
Talk to one of the ops or any of the other members in the channel to sign up today! Upon submitting your application, you will be required to submit links to your successful First Post, and you will be tested on your knowledge of GAYNIGGERS FROM OUTER SPACE.
.________________________________________________.
If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is NiggerNET, and you can connect to irc.gnaa.us as our official server. Follow this link if you are using an irc client such as mIRC.
If you have mod points and would like to support GNAA, please moderate this post up.
| ______________________________________._a,____ | Press contact:
| _______a_._______a_______aj#0s_____aWY!400.___ | Gary Niger
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ | gary_niger@gnaa.us
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ | GNAA Corporate Headquarters
| _"#ga#9!01__
I.E.
Exploitation of individual weakness among those with access to information.
Be it as simple as hanging out at the right bars and chatting up the right people, or as complex as hooking these people on the high life, gambling, prostitutes, golf, etc. to the point that they are willing to 'accidently' leak information in exchange for maintaining realtionship with ones circle of 'new friends', it's a hell of a lot more fun, with less risk of prosecution, than outright spying or extortion. Equally enjoyable is exploiting holes in strategic information containment. This can be done by chatting with suppliers and contractors about how their business is going...
Methods such as this are routinely used by government agencies involved in information gathering and analysis. They are also perfectly legal.
Firewall won't block the trojan connection... the trojan will inject itself in browser or other utility that can pass the firewall... only way to have a secure network is to keep it off the internet...
"... [The authorities] found dozens of FTP servers in Israel and overseas, including the US. Haephrati is suspected of transferring stolen material from other computers to these FTP servers. The police realized the extent of the affair when they examined some of the files..."
If there was ever a time to be using encrypted volumes to store files, that was one of them.
The guy has fileservers full of self-incriminating evidence, but he can't even get his act together enough to strongly encrypt the thing? That's pretty damn sloppy.
If you did it right, all the cops would have was a bunch of bits, not stuff to put you away for a long time. This tells me the guy wasn't really trying hard enough. He needs to do it again, with feeling.
http://www.thebricktestament.com/the_law/when_to_
That doesn't surprise me, they also have troyanized the government in almost all major countries...
At least they have now an own(?) country, I hope they just stay there.
Yep. But there are ways to reduce the potential there.
#1. The email client should NOT under ANY circumstances automatically run scripts or executables. This was a MAJOR problem with previous versions of Outlook.
#2. The regular user should NOT under ANY circumstances be able to run a program from his user directory/temp directory.
Now, since Linux does not have any equivalent to Outlook in example #1, that means that Linux machines are far more difficult to infect. But not impossible.
Once you've implemented example #2, then the ONLY way for a trojan to get onto a system is if the user has the root password AND goes through the regular install process.
Now, each step that the user must perform is another chance for the trojan to fail.
If, on Linux, the end user has to go through half a dozen steps or so, then Linux is going be resistant to all but the most dedicated of idiots.
And remember, the infection rate has to be higher than the removal rate otherwise the trojan dies, like any virus or worm would.
Linux can be less than 100% perfectly secure, yet still have no live trojans, viruses or worms in the wild.
"Wow some of you mods are really going to work here modding down dissenters. The article is biased, like the parent and others have said, yet you are modding them down because they point it out? I'm glad you guys like to quote the book 1984 all the time cause some of you mods and posters represent a microcosm of Orwells world."
Hey don't you know? It's OK to do so. After all there's obviously a silent unselected majority that counters the appearance of bias, and double-talking.
Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors
Yeah - like, someone who gains access to any other machine couldn't install something that the user wouldn't notice...riiiight....Gotta love slashdot idiot OPs
JEWS ARE HILARIOUS
I know this sounds almost like cussing, but could one obfuscate so efficiently a source code, to hide a trojan inside it?
That would be diabolic because it would give the false feeling of security (after all, it's "open" source, right?) and therefore be even more devastating to unsuspecting users.
Sigged!
"Security" is being treated by most vendors and companies as a pest-control business. "How many threats did we detect today?" "What are the top 10 threats this week?" "How fast can we get the virus definitions updated?" But those aren't the real threats. It's the quiet, narrowly targeted attacks that cost companies real money.
Military security people make that distinction. They're trained to view kids throwing rocks over the fence as a minor threat, while focusing on a phony cleaning guy sneaking in and getting a peek at the good stuff. Computer security people don't get this. Yet.
Look at, say, the Symantec web site. It's entirely oriented toward protecting against pest-type threats. And "pest removal". If there's a serious attack, by the time you get to "virus removal", the crucial information has long since been stolen.
In Israel, workstations in all large corporate networks are very well protected.
;-)
It's much cheaper to find a dirty sysadmin that will push a small MSI to all AD clients then actually writing a full blown Trojan that should first of all plant itself on the target computer, taking the risk of being discovered by some techy user.
So keep MS bashing for another article
The issue is not whether there ARE flaws, but how SERIOUS those flaws are, how quickly the are patches are released and how easy it is to install those patches.And walking to the corner store is "work" and running a marathon is "work". Just because they are both "work" does not mean that they are equivalent.
Here's a good example. If you install the Windows on a box, but choose not to install all of the components, then you patch it with the latest service pack and all, it should be fully patched.
Then you go back and install one of the components you didn't install initially.
Is it still fully patched? Will Microsoft's BaseLine scanner find any flaws?
No and no.
But with a Debian system (or any derivatives), you will know that your system is fully patched because installing is done from the network.It depends upon what you mean by "a lot". It takes less than 1/10th the effort of a comparable Windows installation.
That is because it is easy to setup the users without the ability to run executables that have not been setup by the root account. Which pretty much kills the trojans and viruses.
But... but... Freedom! The Iraqis are free! Why do you hate freedom? Why do you hate America?
Great Bush, Lead us to Victory! Amen.
God bless you all!! God Bless America!1
(The Lameness Filter doesn't like my ASCII flag)
Well ive never gained privileged financial and technical data from that? Am I missing something?
This comment does not represent the views or opinions of the user.
"War for oil" is false opposition.
This is yet another classic case of anti-Semitism on Slashdot. These snide attempts to degrade the right to live of Jews in Israel are disghusting. Would you be posting this article if it was not Israel conducting these operations? No. Keep in mind, economic security is a part of national security. It just goes to show how a double standard is applied to Jews -- apparently we are not allowed to maintain our national security. I'm halfway towards reporting this side and many of the posters to the Anti Defamation League.
MS is used in Nuke plants, Banks, Navy ships, and even medical equipment. How many know about the insecurities of MS esp. when compared to *nix? Every last coder on this planet. And yet, some idiot up top decided to force MS into this space. It will be that way for quite some time.
IMHO, it will take successful law suits against companies that sell Windows into high security space before the PHBs change their habits. Once they are personally threatened, then they will change.
I prefer the "u" in honour as it seems to be missing these days.
Well, it seems there is more than one problem. You're right about the platform-independent nature of getting users to install trojan horse software. UNIX based systems can't help that problem much, although they can limit the resulting damage in some cases.
The plague of adware and spyware infecting some significant percentage of pc systems is a separate issue that pretty clearly affects Windows, but not Mac OS X or Linux. FireFox users on Windows seem to receive some protection from this plague, too, so perhaps this issue is also platform independent, but vendor dependent.
If you mod me down, I shall become more powerful than you could possibly imagine.
Is this really news. The US has been doing this for a long time. The difference is, the US has been able to stay under the radar and not get caught. Heck, the US take spying more hardcore than most other countries. Why do you think the military budget is so huge? The only thing funny is the Isreal spies aren't being too careful. They need to try harder and pump billions and billions into spying like the US.
Yes, it would still be posted. In fact, when crap like this is caught in other places, it gets posted here. Just check the history. In fact, there are many here who are opposed to this stuff going on in america.
So please, finish your report and send it.
I prefer the "u" in honour as it seems to be missing these days.
Please put a lid on your conspiracy theories. If Israelis were really supplying weapons to China it would be all over the news. I watch CNN/FOX/etc all the time and have not once heard about this "alliance" you speak of.
It is alleged that the trojans were implanted by giving the victims CDROMs with labels of well known software companies on them. So take care people!
Six Million Jews died at the hands of anti-semites. SIX MILLION. No time in human history has any culture suffered a extermination more massive than The Holocaust. It was people like you who did this. People like you who turned their backs when innocent Jews were demonized in the media (Slashdot is the equivalent of the J Goebbels' newsletters of that day.) It was people like you and the liberal media whining about freedom of speech who want another slaughter of Jews. People like you who are ready to pounce on any Jew trying to compete, whether in academia or in industry. You may joke about the ADL, but they are the only ones who have stepped up to defend the right of our people to live and function and compete as all other cultures do. You could have posted your story without the word "Israel" but you deliberately used the word Israel -- to demonzie our people. Because hatred oozes from your racist pores.
This is not purely a Windows issue--although it was enabled by the wrong users having administrator rights.
The story is really about criminal conspiracy. Simply put, a clever programmer wrote trojan horse spyware and found three private investigative companies to backdoor the trojan into major company systems, collect information, and market it. Private investigative companies play a very big role in the Israeli economy because there are so many retired intelligence agents who market their skills to businesses for many purposes.
The Trojan was set up by sending target company managers in "demo" disks of software purportedly for sale. The "demo", run by a manager, would install the spyware. The investigative companies then cherry-picked valuable information (sales reports, competitive assessments, etc.) and they simply picked companies in each business category to take on as clients--one cellular phone company got another's inside information, one cable company got another's inside information, one auto importer got another's info, etc. etc.
The private investigators simply sold to the highest bidder. The really interesting thing is that it's not clear whether there are laws on the books in Israel strong enough to convict the PIs! This may just be more of what is referred to in Israel as Israel-bluff.
All laptops are without hard drives. Boot into a portible distro, unencrypt messages, type reply, encrypt, send. Want to do some work? Take super disk, unencrypt, type (spreadsheet or document), print/ encrypt, save to superdisk.
All servers are mac.
Still havn't had a single problem.
From reading the article, I did not notice the name microsoft in there. Who is to say that these trojans ran on Microsoft software? Perhaps these trojan-infected machines were running GNU-hurd or OsX? The writeup says "given the current state of Windows security", but I don't have enough information to conclude that this was a compromise of Microsoft software.
Many of the discussions on this topic seem to presume this was in fact a trojan that ran on Windows, but even though my gut tells me most trojans target Windows, there is no reason (from the news sources) to believe that this wasn't an engineered alternative OS compromise. Check news.google.com, none of the reports seems to shed any light on the OS of the compromised systems. An ftp server is mentioned, but that's about it. Why do people assume that this was a Microsoft compromise? Is this a fair assumption?
If this is a fair assumption, why don't any of the articles mention Microsoft?
MBSA is not perfect but I've never seen it ignore a product just because you didn't install it during the initial install.
But I admit that I'm nitpicking a bit here as I've learned not to trust it as the only check on what a system needs. Often times MBSA is just plain wrong. I have found that Windows Update, MBSA, and even GFI's tool will disagree on what is installed or what patches are available for your system. It is a convoluted mess.
I use Suse myself not Debian but the approach is basically the same. Offer updated packages that are prepatched so if you decide you need to run Apache you get the latest version not a buggy one that you have to add patches too.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
Israel has employed many methods of espionage, but the worst is using our own politicians to help them. Our politicians turn the back, and look the other way. What would the USA do if Syria stole USA secrets for making missiles? There would be an uproar, calls for sanctions, and planning an attack.
The USA has been selling fighter jets and bombs to Israel for a long time now. But that is not enough for Israel, they steal our secrets too.
I think Israel is the reason for all the problems in the world. All muslims hate them for good reason. And everyone else gets pulled in this war.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Has anyone considered that this has already been a major issue? Recall the whole Half Life 2 source code fiasco?
that this type of attack has most probably been going on for years, without being detected.
More sophisticated worms and trojans will happen. Think of a virus that stealthily hides on computers, moving across the network till it finds itself on a machine in domain xyz.com. Once there it promulgates quietly, doing no damage, until one of its copies finds files of the variety xxxxx.xls. Then slowly searching those files, sending bits of it back to a server on the internet disguised as mail from the user of that machine.
It gets even scarier. Imagine that virus looking for your company's cvs server?
The only thing that I can think of to combat it is to ensure that all applications are checked before being run, and that they have certification by company security infrastructure. This might prevent joe bloggs from working at home and bringing the trojan to work with him.
It can be done if the program is executed by the user without verification of certification etc.
To totally lock down your network will become very difficult in the future. Commercial antivirus vendors will have to work very closely with OS groups to actually create a secure computing environment.... and user's will not like the efforts they have to go through to participate in that secure environment.
The current efforts by software vendors and groups will not even come close to stopping such spyware programs.
Well, that's how I see it anyway... who knows for sure.
Support NYCountryLawyer RIAA vs People
A lot of the supposed loss that results from espionage is mitigated by the fact that the stolen data simply goes from one inept corporate bureaucracy to another. As much as they'd like to, most lame, ossified organizations can't do much to improve their own position regardless of the strategic worth of stolen competitor's data.
It's just 'Spy vs. Spy'; an endless expensive game that changes very little in the real world.
And regarding the use of social engineering to break into secure systems and procure passwords, it too has exagerated importance. The old fashioned tried-and-true methods of blackmail, bribery, kidnapping, and extortion work as well if not better in modern corporate and military environments as they have for hundreds of years. The stricter the corporate punishment for transgressions, the more inflexible the rules, the harder the no-tolerance policy... the cheaper and easier it is to use blackmail and bribery on the target employees. This is why the Americans can't destroy 'the base' (whose Arabic name triggers the NSA internet evesdropping software). They can't be blackmailed, bribed, or persuaded with. Hell, they can't even be found.
You want a secure corporate environment? Trust your people, pay your people reasonably, don't assume that you can judge their moral character by the molecular structure of their urine. In other words, don't act like a stupid paranoid American.
How open are banks to this kind of attack ? Or Credit Companys or anyone of the other 1000's of companys that we give our personal data to.
Jeez, where's the "-100 racist" mod option?
when this is modded lower than the original which was a major troll, then something is wrong.
This is because Windows does not have a package management system. But it likes to pretend that it does.
So, a service pack is applied, then you add a component that the service pack would have patched, but all the various tools do is to check whether that service pack is listed as being applied.
The biggest annoyance I've seen with that was the Welchia worm. Even after applying their patch, your machine would still be infected.And that's the problem. If you cannot trust the system, you cannot trust the system.
With Debian, it is easy for me to verify each and every file on that system. Here, I'll go through this.
Each file either is a user data file and should only be in those directories
-or-
It is a file installed by a package that was installed by root.
So, I go through each directory and verify that every file in there belongs to a package. Then I go through and verify that every file belonging to each package has the correct MD5 checksum. Then I verify those package checksums against the versions on the websites.Yep. And because it is such a mess, it is VERY difficult to verify that it is fully patched.Yep. Any Linux system (or other system) that uses a package management system is FAR easier to patch, verify that it is patched and keep patched than a Windows system.
Seeing it happens in Israel a small but very well technological developed country, the question is what is happening in places and big economic regions like US, EU, Asia? May be they are not as fast and developed as Israel finding trojans. And it's very common to silence this things in private rooms, a common practice when a Bank hacking happen.
More information at: IWS The Information Warfare Site
#1. Because Linux no longer uses bitkeeper does not mean that it has more security problems than before. (nor less)
#2. And, again, no one is saying that Linux has never had a security issue. Just that because of Linux's security model, those issues have been less critical and fixed faster than with Windows.
#3. You do not see articles here very often deriding Linux about its security failures
That was someone sniffing passwords. That isn't a Linux security issue.
#4. You're quoting an article quoting mi2g's "research". You should do a bit more research on them before attempting to use it to support your position.
No. "All OSes" do NOT have "huge security issues to deal with".
You are wrong. No OS is 100% secure, but that does not mean that they all have "huge security issues".
If you need confirmation on that, just look at OpenBSD.
Need another? Look into SELinux.
Reuters reports that Israel sells, to China, the second largest amount of weapons. Only Russia sells more weapons to China.
Many bigots in SlashDot distort the truth and play spin games. The bigots tend to be Chinese/Indian. How can we hurt them? We post links to reputable articles like the ones above.
The new Tiger OS now allows a Widget designer to design a widget and place it on a web site. Apple's "AutoInstall" of widgets are now going to open up a huge opportunity for spyware for us Mac users who are more then complacent about their own security.
/. a few weeks ago.
I say SHAME SHAME on Apple for allowing this setting by "Default"... As a ADC (Developer) member, I made a big stink about it, and sure plan to bend a few ears at WWDC next week.
I think this was actually mentioned on
Most people who find that their computer has become slow buy another computer, so Microsoft sells another copy of the operating system. As the OpenBSD team has shown, it is not impossible to make an OS with very, very few vulnerabilities. But the vulnerabilities make money, so apparently that's why Microsoft leaves them in, or takes a long time to fix them.
So anti-spyware software would reduce Microsoft's profits.
The above is a typical /. post with two spelling errors in bold.
I, for one, welcome our new Israeli overlords provided they can correct the errant spelling habits of the /. crowd.
(not all Israelis agree w/ the govt and not all Israelis are Jews and not all Israelis live in Israel, so I'm not sure who "them" is here.)
Why are you shocked? Slashdot has reached the sort of critical mass that if any X Slashdotters hate "them", then however small X is, at any given time at least one member of X must have mod permissions, which means that some of this shit is eventually gonna get modded up. There are enough other people w/ mod & metamod access to mod them back down, so it's not that big a deal.
Refer to that "why do smart people defend stupid ideas" story, I guess.
[o]_O
This is one of the most pathetic parts of the relationship between the US and Israel. In the US, we suffer and bleed for Israel, and they screw us in the back in every way they can. They are one of the countries that spies the most on the US, and do things behind our backs all the time. They have sold things we have sold or given to them to other countries that we don't do business with for security reasons. They have had and still have the largest number of spies within our government. Don't take my word for this, just look at the history of spies caught from Israel. Yet, thanks for people in Congress, they get anything they want from us.
During the investigation, the police remembered that a few years ago, the same suspects offered the police virus-based technology for legitimate uses, but the technology was unsuited to the police's requirements. The police had held intermittent negotiations lately, during which they examined the software's applications...
Israel Police National Fraud Unit head, Chief Superintendent Arie Edelman, said the virus was unique because, "It not only penetrated the computer and sent material to wherever you wanted, but it also enabled you to completely control it, to change or erase files, for example. It also enabled you to see what was being typed in real time." He said the extent of those involved in the affair, and the program's capabilities were "exceptional".
The police suspect that Haephrati adapted the virus for his clients' needs. He charged his clients 2,000 (NIS 17,000) per computer per month, including support.
Since the virus was adapted for each client's purposes, it was not detected by information security systems. Edelman said, "This is not a common software that anti-virus software makers have had to fix."
I'm wondering if there wasn't somebody else behind this - perhaps Mossad. And it would be interesting if somebody in the US press would follow up on the Fox News report that the U.S. Federal law enforcement wiretapping facilities have been built by an Israeli company which is likely a front for the Mossad.
The Israelies are very good at this sort of thing, which is why a lot of encryption algorithms come from Israel.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
This exploit has nothing to do with windows, firewalls or anti spyware software.
If you run a piece of software on your computer by someone - what can you expect?
This guy wrote a simple trojan, and was foolish enough to use it against the parents of his former wife...
he posted some of their personal data on the web in order to hurt them, leading to his discovery and the exposure of the who deal.
Not very clever...
People with very little technical skills were hurt from his attacks - let's face it - almost everyone falls into that category.
it's a new age, attacks like these are carried out all the time, most of the time undiscovered.
People should learn how to live with it.
paying for expensive security will not help.
Linux or mac will not salvage anyone either.
I love burekas in the morning
also are there stats on the mod up to mod down ratios? I know tend to mod up much more than down
Historically this has been the only thing that gets them to act. I don't think this time is any different.
Words of pisdom for sure. No mention of Microsoft was made in the article I read, but you and I both know that was what caused the problem. Just the same, I feel all dirty and cheap when I make fun of a $30,000,000,000 company that can't get it's act together but has such good intentions for everyone else's money.
As you probably know, Linux has its own security issues ... [and more bullshit about how hard Linux security is].
Find me a free software mail client that you can 0wn the way Outlook (also not mentioned) was 0wned. As you saw, there's a market for such skill, worth about $4,000 per infection. You'll either make up pictures and documents to send to the dumb-ass who hires you, or you will go hungry. Oh dear, so much experience and so little learned.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
How did you ever cash your paycheck?
Did it say "nameless company" on it or was it a payroll check with a blank spot where the company name would be?
Had to say it...
Gush Katif (Jewish Gaza)
Bush supports Hamas
Bush pushes Israel to "Auschwitz borders"
Pay attention.
Israel's been pumping trojans on the world's computer networks since the late 70's, all with a wink from the US.
OS security doesn't matter much if you're doing your daily routine as admin/root. People who configure Windows machines tend to solve problems of "software not running" by giving the user admin priviledges. Then any stupid email attachment can install anything. You'd have the same problem if a Unix sysadmin decides to save time solving a user's problem by giving the user root privileges. And if Linux becomes more common you'd see much more of this kind of "problem solving" ("fumble with things until they work, then don't touch anything. Don't try to solve tomorrow's problem. You're paid only to solve the current problem". Of course it works and you cease to touch it when it has to many permissions...)
The way this story was revealed was that the stupid guy who planted these trojans published publicly excerpts from his ex-wife's father (or mother's husband?) that existed only on the guy's PC. Probably that PC was a private PC that was configured exactly as shipped (i.e., single admin account). Security of the OS doesn't really matter in this setting. I think the real story here was that so many big companies (telecom, sattlite TV etc.) bought services from a guy so unprofessional as to host their stuff on the same servers that he uses for revenge against his ex-wife's parent, and then to reveal enough info so that the police can get to him! Obviously he's not a pro. Any pro would have known to use separate destinations for different trojans, and not to reveal info that leads to a single source...
...FOLLOW THE MONEY!
By this I mean that I assume industrial espionage is much more lucrative than governmental information, and therefore companies are much more likely to be a target.
As for which is easier, forget the boundaries and roadblocks, if the payoff is high enough someone will find a way around it.
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
I used to be an EKG tech (back in 1980). About 6 months I was following a set of links that lead me to a homebuilt EKG machine (IIRC, @Utah State). I seem to recall that they were had a nice linux program for interfacing with it. You may wish to look for it and see if there is not something that you can use. Not quite a polygraph, but similar data that is interpreted in different ways.
But yeah, ppl do not like change.
I prefer the "u" in honour as it seems to be missing these days.
all these trojan horses that the article talked about were installed by either tricking the computer user into installing them via e-mail or cd, or by a trusted individual that the computer user knew. The same thing could have happened with linux or mac os x.
My Gawd WTF...