Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. Why is that mod'ed "troll"? on U.S. Deploys Orbital Communications Jammer · · Score: 1

    It's correct. We can go to war and kill people and break things ... and if that's how you define "winning" then we will win (even without this satellite).

    If your criteria are other than killing people and breaking things, then this won't be necessary.

    We've gone through how many wars in the past 50 years without this tech and the people we'll be fighting in future wars will STILL be fighting with tech and tactics recognizable 50 years ago.

  2. Mod parent +25. on Firefox 1.0.7 Released · · Score: 3, Insightful

    It seems that certain organizations are trying to hype every vulnerability that can be associated with FireFox. From my point of view they'd be ranked like this:

    #1. Remote root access that does NOT require human intervention or other app running.

    #2. Remote non-root access that does NOT require human intervention or other app running.

    #3. Local root access that does NOT require human intervention or other app running.

    #4. Local non-root access that does NOT require human intervention or other app running.

    #5. Local root access that requires some human interaction or some combination of apps.

    #6. Local non-root access that requires some human interaction or some combination of apps (this is where this exploit is)

    #7. Remote OS crash

    #8. Remote app crash

    #9. Local OS crash

    #10. Local app crash

    This is MY opinion. Get your own opinion. There is no way this exploit is "critical". It's one step above a stupid DoS attack and would NOT affect ANY of my servers.

  3. Different approaches. on Firefox 1.0.7 Released · · Score: 4, Interesting
    Any data kept in your home directories SHOULD be backed up by the sysadmin.

    The worst that should ever happen is that you lose any new data (from this morning until now).

    The really important data is usually kept inside databases that the user does not have rights to delete.

    Wiping out your home directory is only "annoying" (unless you have an important meeting in a few minutes).

    Infecting the system is "BAD" because then EVERYONE's data is vulnerable AND you cannot trust last night's backups. You must go back and find out when you were infected and, in some cases, recreate ALL of the data that was in those databases since that point.

    Sure, the user might be pissed that his spreadsheet was deleted by the "cool screensaver" that he just tried to download AND he has a meeting with the division president in the next 15 minutes ........

    but that don't mean jack when the CFO notices that none of the numbers match for the last 3 months anymore.
    I'm really tired of people claiming that not running as root is a miracle cure. Yes, it prevents some really nasty trivial attacks, but it doesn't protect your most valuable data (e.g. -- yours) and it doesn't prevent a lot of attacks that are perfectly happy to run in non-privledged space.
    It's not a "miracle cure" but it does protect the most important information the company has.

    Ideally, the user's home directories will be set to non-execute so that crap they download won't destroy their data.

    Even with both of those in place, I still get people who DELETE THEIR OWN FILES and need them restored from the night before.

    Security is all about IDENTIFYING the risks and REDUCING them.

    I can reduce the risks of everything else to a point below that of regular human stupidity. But nothing will ever save you from that.
  4. Because you cannot ... on Korean Mozilla Binaries Infected · · Score: 4, Informative
    Care to support that assertion with some solid facts and numbers?
    http://securityresponse.symantec.com/avcenter/ve nc/data/linux.cheese.worm.html

    http://securityresponse.symantec.com/avcenter/venc /data/tfn2k.html

    http://securityresponse.symantec.com/avcenter/venc /data/linux.adore.worm.html

    http://securityresponse.symantec.com/avcenter/venc /data/linux.hijacker.worm.html

    http://securityresponse.symantec.com/avcenter/venc /data/linux.jac.8759.html

    You see? All but one had "number of sites" between 0 and 2.

    They
    Do
    Not
    Spread

    Linux's security model is far more effective than Microsoft's one for Windows.

    Anyone can write a virus/worm/trojan for Linux, but they cannot get them to spread beyond any machine that they themselves do no have access to.
  5. No, it is not. on Korean Mozilla Binaries Infected · · Score: 2, Insightful
    And re "this is not a flaw in firefox" yes you are right, this time, but comments like the OP pop up every time, and is a (possible)flaw in the distribution system not a flaw in the software?
    Duh! Of course it isn't. The software is the code.

    The distribution system is how people get the code.
    I know it's a common situation where software is downloadable from different sources but still there appears to be a problem (not that I have a solution) You know none of the users will check the md5sums from the original website (moz.org)
    If the md5sums from the main site would be valid, then why not download from the main site?

    Once you start installing apps from random sites you open yourself up for all kinds of problems.
    if some windows flaw is posted everybody goes "boo ms" even though you are also required to run as admin and whatever, but if it's an OSS flaw they go "this isn't a flaw because I secure my pc"
    Yeah. Keep believing that. Maybe you've heard of this stuff called "spyware" that infects machines via IE's ActiveX implementation.

    Or maybe you haven't heard that a restricted user cannot use IE because the permissions aren't correct.

    So, on Windows, you must have elevated permissions just to use the various apps and THAT is what results in so many infections.
  6. And that is "insightful"? on Korean Mozilla Binaries Infected · · Score: 2, Insightful
    Comparing Microsoft's ActiveX implementation (installed on every Windows box) to an infected Mozilla binary hosted on some Korean site that I'll never download from is "insightful"?
    Please, I like firefox as much as the next poster, but please apply equal standards when comparing/recommending firefox.
    "equal standards"? You're comparing ActiveX to an infected binary on some Korean site.
    If you still believe firefox is Perfect, surprise, no software is.
    Again, this was not a flaw in FireFox. It was some Korean site putting up infected binaries.

    ActiveX is a stupid security model. That is why so many exploits for it exist and why you have to keep your anti-virus signatures updated every day.

    There is no equivalent in FireFox.

    Anyone, anywhere can put up infected FireFox binaries. Whether anyone will ever download and install them is another matter.
  7. Viruses are a failure of the security model. on Korean Mozilla Binaries Infected · · Score: 0

    Anti-virus apps are REACTIONARY patches to hide that failure of the security model.

    I will continue to run Linux WITHOUT anti-virus software because I understand how viruses/worms/trojans work.

    Why should everyone degrade their system just because one site put up an infected binary?

  8. You don't understand "vulnerable". on Korean Mozilla Binaries Infected · · Score: 4, Insightful

    Writing a virus for Linux is easy.

    Getting that virus onto someone else's box is very difficult.

    Getting that virus to spread from that box is even more difficult.

    Linux viruses have an infection rate that is lower than their removal rate so they die in the wild.

    The real question is how did that virus get into that code? Linux viruses tend to have total infection numbers of less than 100 machines.

  9. If Microsoft did it, it would be Microsoft. on Korean Mozilla Binaries Infected · · Score: 5, Insightful
    I believe the point is if MS did this, it wouldn't matter how fast they removed the infected binaries, there would be a string of posts pontificating on how this clearly demonstrates linux/firefox as superior. And they'd all be modded +5.
    If Microsoft distributed infected binaries, then it would be Microsoft distributing infected binaries.
    Of course saying the reverse here will quickly get you troll/flamebait/overated down to -1.
    You do realize that you're completely wrong.

    This is not about Mozilla distributing infected binaries. Mozilla did not. If they had, your analogy would be correct.

    This is about a 3rd party site distributing binaries of compiled Mozilla code that were infected.

    The only Microsoft comparision that can be made would be if HP (or some OEM) shipped WinXP computers with a virus.

    The real question is how did that virus get there in the first place. It's been around for a while but it doesn't spread.
  10. When this happened to me ... on Pre-Selling Domain Names? · · Score: 1

    yes, it also was Network Solutions, and I had to fax in a copy of my drivers license to get them to change their info.

    Since then I haven't had a problem with them.

    The only issue would be if you were NOT listed as ANY of the contacts (tech, admin or registrant). And in that case, I wouldn't let you change anything either.

  11. Why not both? on Learning to Code with a Boardgame · · Score: 1

    In certain script situations, I use goto for the main loop which is comprised of a series of gosubs.

    The main trick is writing the gosubs so that they execute cleanly and return the state of the sub-routine when they return to the main loop.

  12. Not for me. on The Implications of Google's Digital Library · · Score: 1

    Digital books are great for quick searches, but I still prefer the physical book (hard cover if possible) and will still purchase the physical book.

    Why not incorporate both technologies and offer hard cover reprints of books that people request? Can anyone tell me how difficult it would be to do a single printing of a book? How expensive? Or what the minimum order would have to be to get the price down to $50 or less?

    I have a lot of worn paperbacks that just are not available in hard cover.

  13. No. on IE More Secure Than Mozilla? · · Score: 2, Insightful
    Anyone who uses any browser online should still be running virus-detection software. This will never change, no matter what OS or browser you use.
    I'm running FireFox with the NoScript extension. That way, no JavaScript runs from any site I don't specifically whitelist. So, no exploits from that side.

    FireFox, by default, requires you to whitelist sites to install software from them. So, no exploits from that side.

    And so on and so forth.

    The key to security is to reduce the avenues of attack.

    If my browser will not run any code from your site and I will not download any apps from your site, then I do not have to worry about being cracked via my browser going to your site.
    That said, response time to threats is better for Firefox. The total threat posed is probably less, because the time of exposure is a fraction of IE vulnerabilities.
    No. That only applies if 100% of the population (or close to it) applies those patches as soon as they're released.

    You cannot depend upon the users applying patches so you must focus on removing the threat before the user is involved. That is where FireFox's whitelists beat Microsoft every time.
    But Mozilla faces a tough road ahead -- if they maintain or gain market share, they have to be very cautious, as their vulnerabilities will begin to be targeted seriously by malware.
    Again, that is only the case if the vulnerabilities can be exploited. If I don't allow Java or JavaScript or installs from a website, then it is going to have to be a pretty dramatic vulnerability for me to be infected.

    And until that vulnerability is shown to exist, the discussion is purely theoretical while the discussion of IE's exploits is documented fact.
  14. And that is why you'll continue to see these. on Computer Security Still Totally Inadequate · · Score: 5, Insightful
    The "experts" writing these "articles" will be out of a job as security increases.

    From TFA:
    According to the latest edition of Symantec's Internet Security Threat Report, 25 vulnerabilities were disclosed for Mozilla browsers and 13 for Microsoft Internet Explorer in the first half of 2005.
    And that statistic means absolutely nothing. Simply counting the vulnerability ANNOUNCEMENTS does not tell you anything about the vulnerabilities themselves.

    Is a vulnerability that causes FireFox to crash the same as a vulnerability that automatically installs an ActiveX control? Nope.
    Graham Pinkney, head of threat intelligence EMEA at Symantec, said that switching from IE to Firefox as a way of minimising security risks was no longer valid advice.
    Yeah. Whatever. How about you do a survey and find out how many FireFox machines have been compromised via FireFox? Huh? How about that?
    "Cross-site scripting attacks have been used to attack more vulnerabilities in Mozilla browsers over the last six months than IE," Pinkney told an IDC security conference last week ahead of the publication of Symantec's threat report today.
    And he has determined that ... how?

    Seems to me that IE's still being hit by spyware and such crap. Or didn't he mean those attacks?
    John Cheney, chief executive of email filtering firm BlackSpider, replied that the release of Firefox had "helped Microsoft to raise its game" in terms of browser security.
    "We sincerely thank the person who killed our daughter because it makes us appreciate our son so much more now." Does that make sense to anyone?
    As well as making comments that will doubtless irk Firefox fans, Symantec has renewed its assault of the perceived security advantages of Apple Macs.
    Hmmmm, Symantec sells anti-virus software and the like.

    Macs don't seem to be having massive virus/trojan/worm problems.

    Something doesn't look right.
    "Mac users may be operating under a false sense of security as a noteworthy number of vulnerabilities and attacks were detected against Apple Mac's operating system, OS X," Symantec said, reflecting comments in the previous edition of its threat report that OS X was an emerging target for attack.
    When "emerging" becomes "successfully attacked and cracked" it will become an issue. Until then, the "threat" is purely theoretical.
    "While the number of vendor-confirmed vulnerabilities in OS X has remained relatively constant during the last two reporting periods [12 months], Symantec predicts this could change in the future."
    Again, it isn't the number of vulnerabilities, it's how they can be exploited.

    Yet I keep seeing references the the NUMBER of vulnerabilities announced.
    Symantec's analysis on a rootkit (OSX/Weapox) reveals it is designed to take advantage of OS X.
    #! /bin/bash
    cd /
    rm -R

    Oh my GOD!!! It's a trojan that is designed to exploit the bash shell on LINUX!!!
    "This particular trojan demonstrates that as OS X increases in popularity, so too will the scrutiny it receives from potential attackers."
    As does my example with regards to bash and Linux.

    It isn't whether someone can write a virus/worm/trojan. It's whether they can get such onto your box.
    Away from the desktop, Microsoft enterprise applications remain the top hacker target.
    Why "away from"?

    Aren't they also the top target on the desktop?

    How about "As well as the desktop, Microsoft's enterprise apps are targets for attack"?

    Nothing but more crap from a vendor who's seeing their gravy train getting ready to leave the station on its last run.
  15. That isn't the question. on Ulrich Drepper On The LSB · · Score: 1

    The question isn't why someone would not re-implement the rpm app.

    The question is why the various distributions have not included the LSB package format in their default package management apps AND why those LSB packages are not as easily managed as the default packages for those systems.

    Until that happens, the LSB will continue to be irrelevant and no ISV's will support it.

    Instead, you have the .rpm format which is only used and supported by default via Red Hat-based distributions.

    But the ISV's would rather deal directly with Red Hat and certify their apps on Red Hat than getting them LSB certified.

    The LSB "standard" is up to version 3.0 now and still there aren't any ISV's supporting it.

    Why is that?

  16. A better approach. on Ulrich Drepper On The LSB · · Score: 2, Interesting

    #1. Define the format of the package that LSB apps will be shipped in.

    #2. Define the functionality needed by the package management system to install, update/upgrade, remove those packages.

    #3. Let the various distributions add that functionality to their own systems IN ADDITION to the functionality they already have.

    Never define a app as the "standard".

    Always define the functionality so anyone can write an app to that standard.

  17. Destruction would yield better protection. on The Next 50 Years of Computer Security · · Score: 1

    Right now, the worst that happens is you have to reformat your hard drive when the pop-ups and re-directors stop you from doing anything online.

    If the systems were destroyed, you'd see a lot more effort put into protecting them.

  18. Who's mod'ing that? on Windows Vista To Come In 7 Flavors · · Score: 1, Offtopic

    Moderation +2
        50% Insightful
        20% Interesting
        20% Overrated

    Okay, I can see the "Overrated" mod ... but giving it the other mod's just doesn't make sense from a technical viewpoint.

    Windows boxes STILL have BSOD's. So why would an anonymous post questioning someone who made a joke about such BSOD's be mod'ed "Insightful"?

  19. No, you're wrong. on Ready For the Big Mac Virus? · · Score: 1

    You're missing two key concepts.

    #1. You need the avenues of attack. That means open ports for worms, user writable executables for viruses and user stupidity for trojans.

    So, looking at that, the only avenue for attacking a Mac is a trojan. And that takes more effort to run on a Mac than on Windows.

    Which brings up the second concept.

    #2. If the infection rate is lower than that uninfection rate, the malware dies. In order to spread, it has to infect more computers than it is being removed from. That is because it needs a base to spread from.

    With those two basic concepts you can see why there aren't many viruses/worms/trojans IN THE WILD for the *nix systems.

    Anyone can write one for *nix (Mac or Linux or whatever) but they remain limited to the classroom/lab.

    "Immunity" isn't the issue. No one will ever be "immune".

    But being part of a HIGHLY resistant community is just as good as being "immune" for 99.99% of the people.

  20. Mod parent up! on Advice for the K12 Tech Guy? · · Score: 2, Insightful

    Take some time and examine your goals here. What are you personally looking to get out of this assignment?

    The facts are:
    #1. Any changes you make will be "wrong" compared to what the last guy did.

    #2. Unless something is done about the water, your systems will eventually fail (and you will be blamed because the last guy never had that problem).

    #3. You'll be spending a lot of time and effort on making friends just to accomplish your technical goals.

    #4. No matter how great you are, there will always be someone on staff who talks to a friend who uses Windows and will tell everyone that no one else is having the problems you have with Windows.

    If you're going to put yourself through all that stress, be sure you understand why you are doing that to yourself. And it is you doing it to yourself.

    Too many times we tend to see the people who use the systems as the problem. Maybe they don't agree with your goals, but is that really a problem? Instead, examine your goals and see if you really want to fight that fight, under those conditions to achieve your goals.

    And be realistic in your goals. They will not worship you for bringing them to the promised land of a firewalled sub-net. They don't even know anything is wrong. The best you can do is to be respected by a bunch of people who can't remember their own username/password's.

    Sometimes not getting involved in a disaster is the best option.

  21. Don't you mean ... on S3 Graphics Comes out of Hiding with Chrome20 · · Score: 1

    ... your "employment solution" for just a month and half post-"educational solution"?

  22. 3rd party verification ... on What is Responsible Disclosure for Security Flaws? · · Score: 1

    http://www.eeye.com/html/research/upcoming/index.h tml

    Looks like certain software companies sit on the issues for a long time (and are still sitting on them).

    In their defense, most of the KNOWN viruses/worms/trojans are written after the public release of the patch when the less capable people can see the exploitable code.

  23. Mod parent up! on Munich Delays Linux Conversion · · Score: 2, Insightful

    Massive changes almost never work.

    The best way to approach this is to have a lot of small steps. That way, any minor advance that has a problem can be rolled back without killing the entire project.

    The trick is to space out the changes that the end user has to deal with so they don't get overwhelmed by them.

    And neither do your techs.

    It's all about the migration plan.

  24. But would Kroger co-release it? on Comparing MySQL and PostgreSQL 2 · · Score: 2, Interesting

    Would a Kroger executive talk enthusiastically about your new "partnership" with them?

    Usually, companies don't want to be seen publicly supporting nutcases who try to make a news story about buying some toothpaste.

    SCO can have the press conferences it wants and tell everyone whatever they want ... but it changes when another company is quoted as saying anything more than "we sold them a license and we'll sell you one too!"

  25. Not exactly ... on Comparing MySQL and PostgreSQL 2 · · Score: 4, Insightful

    If I go to the store and buy a copy of MSOffice, that's one thing.

    If I get a site license from Microsoft, that's something else.

    If Bill Gates and I do a press release about our new partnership, that's an entirely different thing.

    SCO and MySQL AB did the press release thing. That's not the same as SCO buying a license to distribute.