Slashdot Mirror


User: argent

argent's activity in the archive.

Stories
0
Comments
12,456
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,456

  1. Sadly, this is a minor problem. on New URL Spoofing Bug in Pre-SP2 IE · · Score: 2, Insightful

    Spoofing bugs are not good, and there's a lot that should be done to fix spoofing, but it's the cross-zone exploits that we really need to worry about. See, 95% of the real security holes in IE come from "security zones". And .NET is just going to embed this design flaw deeper in Windows.

    I'll accept screwed up tables if they'll just back out the damn Windows-Explorer integration.

  2. Re:What about Sony? on XBox Owner Sues Microsoft · · Score: 1

    The failure rate for hard drives, particularly in a machine that's liely to be perched precariously on a coffee table in a den full of rowdy teenagers, is far higher than for optical drives. Microsoft should have made provision for replacing the drives.

  3. Re:Alright!! on C++ In The Linux kernel · · Score: 1, Interesting

    C++ allows for much better code

    Maybe, it simplifies the work of building an OO design, but C++ also allows Heaven and Hell and all the worlds between. Good native C OO code can be just as good as C++, but I find it hard to believe that anyone could have constructed the Escher cathedral that is Mozilla with mere C.

    I might also protest about the purity of Linux' precious bodily fluids. But when people have embedded Perl in the Linux kernel (or did I hallucinate that one?) and a C compiler in the bootloader, any such declaration must of necessity be accompanied by hoots of hysterical laughter from all right minded slashdotters.

  4. Re:Michael Powell on FCC's Powell vs. Howard Stern on KGO-AM · · Score: 1

    We shouldn't shut down businesses conducting illegal activities until after they've failed their appeals several times.

    This statement bears absolutely no relationship to the message you're responding to nor to the facts of the case.

    He didn't say "continue illegal operations", he said "fight an unjust claim". Let's say, for argument, that every Howard Stern show was an illegal activity. The whole show. Let's give the FCC the maximum possible rationaly for their actions. What you're saying is a reasonable argument for the FCC shutting down the Howard Stern show.

    BUT...

    The illegal activities we're talking about were *all* in the past. What the FCC was doing was shutting them down until they paid the fines, whether or not any illegal activity was continuing. This wasn't even a judge saying "You can't run the Howard Stern Show", it was the FCC refusing to let themoperate any of their business that they were in a position to stop unless they dropped the case.

    If a private company did that they'd be in court on a RICO charge.

    What you are proposing is similar to allowing drug dealers to continue selling on the streets after conviction and fines until they've had a few appeals fail.

    No, it's not. If you want to use a drug analogy, it's similar to letting a company that's had a vehicle impounded because an employee was selling drugs out of it continue to use their other cars while they're suing to get the vehicle back. At most.

  5. Re:Hubble? Bah! on Telescope Will Have Images 10X Sharper Than Hubble · · Score: 1

    There are two known mechanisms by which an object can have an intrinsic redshift unrelated to its distance, one is intrinsic velocity unrelated to Hubble's constant (as in the relative motions of the galaxies in the Virgo group), the other is due to its own gravity.

    The option of "new physics" is good science fiction, but it requires a lot more proof than heavily enhanced photographs. You need to eliminate the possibility of "old physics" first.

  6. Piracy is marketing for Microsoft on How Cheap Can A PC Be? · · Score: 1

    What I tell pirates: the biggest effect of piracy is to drive out the low cost products, because if you can get the high end ones for free where's the market for the cheaper alternatives? Over and over again, pirated Office and Windows keeps competing products from growing to the point where they can threaten Microsoft. And so here we see the same thing happening again: Microsoft waits for widespread piracy to establish a market and then walks in and demands their cut.

  7. $212 already assembled... on How Cheap Can A PC Be? · · Score: 1

    Starting with this system and turning off options not required by the challenge, you can get a 1.8 GHz Duron for just over $200. No used parts, clearance prices, or one-day specials.

  8. What we need is NeXTPostFacto on Mac OS X Panther On A 25MHz Centris 650 · · Score: 1

    Instead of booting OS X on an emulator, the real trick would be to get NeXTstep booting native using OpenDarwin on a 68040 Mac. I'll bet it'll run faster than OS X did on my 7500.

  9. Under $200 is easy... on How Cheap Can A PC Be? · · Score: 1

    Mind you, that's a hell of a lot closer than you'll get with almost anything else.

    Using a low end Eden based board and assuming that you can build the case for $epsilon in bulk, getting under $200 is easy.

  10. Re:No benefit, short term. on Intel And AMD's Dual-Core CPUs Investigated · · Score: 1

    First, there's rarely just two tasks involved.

    If you're running two disk-intensive apps at once, then put their data on separate spindles (separate controllers if they're IDE). If one's disk-intensive because it's swapping, add memory. If you don't have two spindles, move one off to a network share and make it network-bound instead. Or use a RAM disk.

    IN the most common case, 2 CPUs makes a multitasking environment smoother. If you're in an unusual case, then you'll do better fixing the bottleneck you're dealing with first.

  11. Re:No benefit, short term. on Intel And AMD's Dual-Core CPUs Investigated · · Score: 1

    Oh, I didn't say that hyperthreading wasn't useful, and ... yes ... dual hyperthreading core would be nice. Of course then Oracle would charge you four times for their licenses... :)

  12. Re:So True on 'Opener' Malware Targets OS X · · Score: 1

    Then an app asks the user for the password, and the user enters it-- if they're unwitting and trusting or just plain inept.

    On the one hand, this means they need to be tricked twice, which is two more times than many of the attacks through Windows IE-desktop integration.

    On the other hand, you really don't need root to do damage, or infect a computer.

    On the gripping hand, it's another layer of protection... and this kit requires root to install.

  13. Re:Anonymous Coward is NOT a reputable source on Groklaw Refutes LinuxWorld Story About AIX Sources · · Score: 1

    Sorry, Anonymous Coward, I didn't mean to besmirch all Anonymous Cowards. But you have to admit, almost by definition Anonymous Coward can not be a reputable source. :)

  14. Anonymous Coward is NOT a reputable source on Groklaw Refutes LinuxWorld Story About AIX Sources · · Score: 3, Insightful

    If you have any facts to refute anything posted on Groklaw, you can post them here.

    If you don't, we have to assume you're just posting innuendo on SCO's behalf.

  15. Re:No benefit, short term. on Intel And AMD's Dual-Core CPUs Investigated · · Score: 3, Insightful

    Multiprocessing doesn't give you speed improvements for a single-threaded application, but it sure as hell makes a system a lot smoother and more responsive when it's running multiple applications concurrently.

    And don't forget, hyperthreading is like adding a second CPU that's always partly loaded. It's not the same as adding another core.

  16. No, it's Win vs EVERYONE. on 'Opener' Malware Targets OS X · · Score: 4, Insightful

    You need two things to infect a computer: a communications channel you can compromise, and a mechanism to launch the malware.

    Local communication channels come down to physical access: it doesn't matter if a computer system has firewire ports or not, for example, because firewire is a local resource. If you have physical access then you can compromise the computer... that's pretty much an axiom.

    So you need to look at any remote communication channels that can be compromised, and if are there mechanisms that can be used to launch malicious code.

    What incoming connections are accepted, then? Well, there's far fewer on just about any operating system than a Windows-based personal computer. So:

    The number of transoms on a Mac is about the same as an average PC.

    I don't know whether you're just counting physical ports (which is irrelevant), or you're suggesting that there's as many logical ports open on the Mac. If the latter, no, that's just not true. Windows installs and runs with half a dozen wide open ports, and you can not close them down without breaking basic functionality that the OS requires. The *only* way to secure it is with a firewall. What should be an extra protective layer... part of a defense in depth... becomes the whole of the security system.

    I don't know any other operating system that leaves its fly open like this.

    But IE is also available on the Mac

    Irrelevant. It's got the same name, but it's not even vaguely the same program. IE on Windows is a thin wrapper about a core part of the OS... and that core part is almost criminally badly designed. IE on the Mac is a standalone application. As is IE on Solaris.

    You get the same reaction every time people see a backdoor kit like this and immediately jump all the way to this proves 'other OS' is as open as Windows!. It ain't true, and it won't ever be true, until (and unless) Microsoft makes some deep and fundamental changes in Windows' networking and user interface design.

  17. Re:lame lame lame... on 'Opener' Malware Targets OS X · · Score: 1

    the "developers" seem to have trouble understanding what simple commands do

    Oh yes, when I saw "Try prefacing those commands with sudo ... Mac OS restricts things even for root!" I had a good chuckle.

  18. Here's what prevents it... on 'Opener' Malware Targets OS X · · Score: 4, Insightful

    There are all kinds of great malware delivery systems. It's just a matter of time. The Mac is no more exempt than Windows.

    That's not true. Windows contains many components that operate on or are exposed to untrusted objects and are not inherently secure.

    An inherently secure design is one in which there are no APIs that depend on the ability to perform trusted operations from potentially untrusted objects. The MS HTML control, for example, depends on tha ability for a document in the most trusted zone to launch arbitrary code without restructions. That means that if an attacker can get any application (ANY application that uses the HTML control) to open a document that's in that zone, it's in.

    Fixing a vulnerability of this type requires modifying the definition of the trusted zone. The result is that previously working code breaks. So the vulnerability is only fixed when there's evidence that it's known and likely to be exploited.

    Any time you have an inherently insecure design, you get this problem.

    So. Mac OS X requires normal levels of vigilance to remain secure. The most likely exploit is the same as it has ever been: social engineering. If a guy comes up to the door and asks to come in on some flimsy excuse, do you invite him in? No. If someone in your office has a habit of inviting strangers into the back rooms, do you treat that as a problem? Yes. Apply the same level of caution on your computer, remind your co-workers if they seem likely to do something unwise, and you should be safe.

    On Windows that's not true, because the design of IE and related applications is not inherently secure. It's like having a lock on your front door that will open if someone says "please".

  19. Re:One Solution... on 'Opener' Malware Targets OS X · · Score: 1

    This would be a similar solution to how Apple dealt with File Associations in a recent security update

    1. This would be all but impossible to implement. Restricting root in that way would require deep and fundamental changes in the OS... and it wouldn't solve anything... there are hundreds of other locations an attacker could hide code that relaunches their attack.

    2. Apple *didn't* deal properly with file associations in the security update. They came up with a patch for one kind of attack, but they didn't fix the underlying problem that applications that deal with untrusted documents need a different set of associations. I haven't installed that update because it breaks Paranoid Android and Paranoid Android is a better solution.

  20. Not a vulnerability on 'Opener' Malware Targets OS X · · Score: 2, Insightful

    This isn't a vulnerability in OS X, it's a tool to be installed after you get in. The only vector is social engineering. Social engineering always works: if someone can fool you into opening the door they can come in through the door, that's always going to be true. And once they have local access they can always install a back door.

    Having an OS and applications that follow good security procedures doesn't mean you can neglect elementary precautions like "don't trust unexpected email attachments".

  21. Re:Does security really matter? on Windows vs. Linux Security, Once More · · Score: 1

    This is definitely not true in XP, and I doubt it was true on Win2K.

    Sorry, Thomas, but I'll let you verify that yourself... but it was.

    On XP the wizard gives you 2 choices: computer administrator and limited.

    On 2000 you got 3 choices, the third being "Normal User" and the resulting account was a member of "Power Users".

    The only thing that I had changed in the default configuration was give myself the "change system time" privilege so that the "Date and Time Properties" control panel applet works

    I don't recall where I started adding rights as my users started finding they were missing functionality.

    But that was one of them.

  22. Re:Does security really matter? on Windows vs. Linux Security, Once More · · Score: 1

    Power Users possess most administrative powers with some restrictions.

    It's never been claimed that Power Users can't elevate to System.


    But membership in "Power Users" is expected for a regular user account in Windows. There's just so much you can't do from the so-called "regular user" account that even Microsoft has recognised this... in Windows 2000 (and I believe this is still the case in XP in XP) if you just follow their guidance and use the Wizard interface to create a "Normal User", that user will be a member of the "Power Users" group. To create what you call a regular user account you select "Restricted User".

    I tried creating a group that had rights that were between the "Users" and "Power Users" group, but pretty soon I found I had to give it rights that could be used to elevate privilege further, so I gave up. In practice, any user that's not in a kind of kiosk mode needs to be a member of the local "Power Users" group to function normally.

  23. Re:Great another one of these. on Windows vs. Linux Security, Once More · · Score: 2, Interesting

    The author needed to provide some evidence that he/she did everything possible to make the argument for Windows to be stable and secure.

    OK, I'll have to agree that there's a bias there. The language could be better, and there's a few areas that could be broadened: for one example... there are features of the Windows domain model that are neglected in this analysis... but the problem is they're not really given proper credit in pro-Windows white papers either, and the security problems of the single-sign-on environment need to be considered. From a trust point of view a group of Windows computers in a strongly configured domain can be compared to a single timeshared computer. They have the advantage of very strong hardware protection boundaries (separate machines), but a relatively weak multi-user protection model, and poor confidentiality.

    Anyway, your approach (hack the crap out of both) isn't the only way to address the question. Taking the published data and re-analysing it to a common baseline, which is the approach this paper takes, is also useful. If you tone down the language you end up with a pretty honest comparison... I didn't see a lot missing from the discussion that could strengthen the security case for Windows.

  24. Re:Does security really matter? on Windows vs. Linux Security, Once More · · Score: 1

    First, those organizations you listed are particularly exposed to attack. since they have a large community of users who are likely to have set up trust relationships through SSH or SSL. Compromise any of those boxes, set up a trapdoored ssh client, and wait.

    Regular Joe User is not part of such a community, and so is not subject to the same level of threat... no matter whether Regular Joe User is running Windows, Linux, BeOS. AmigaDOS, or Minix.

    If they can't get it right, how should the regular Joe User get it right?

    Regular Joe User shouldn't be running a server.

    If Regular Joe User doesn't explicitly run a server on Linux, then Regular Joe User is exposed to zero remote exploits.

    If Regular Joe User doesn't explicitly run a server on Windows, he's 0wned in an average of 20 minutes. That's less time than it takes to download and upgrade to the latest service pack.

    Why? UNIX does not need to expose any listening sockets to function properly, up to and including acting as a remote file system client. It takes an expert to prevent Windows from exposing listening sockets, there are no "Windows Distros" that ship in a secure configuration, and the firewall is easy to accidentally misconfigure and leave open.

    In Windows, that firewall is an essential component of the security system. Take it down, and you're owned. In UNIX the firewall is part of a "defense in depth" approach, it's a good idea to leave it up but if it's misconfigured you're OK.

    I am just saying that both of them are extremly insecure

    And I'm saying that for a client system, a properly set up UNIX box (Linux, *BSD, OSX) is significantly more secure, and that if you need to set up a server, UNIX has tools that allow a competant admin to secure it in ways that are simply impossible for a Windows box.

    If you're setting up a server and you're not a competant admin, then find one.

  25. Not ridiculously cheap. on AMD's Personal Internet Communicator · · Score: 1

    Here's what I can find just getting off-the-shelf parts. I'm sure AMD can beat my prices:

    http://store.mini-box.com/ituner/viaep50ed53f.ht ml -- $98
    http://www.memoryx.net/xar128.html -- $25
    http://store.yahoo.com/justdeals/wedi20idehad .html -- $32

    The cheapest mini-ITX case I can find is $60, but I doubt AMD is paying more than ten bucks for those cases and power supplies in bulk. So with a bit of carving and epoxy I can build a better system for about the same price... albeit without their Windows CE OS image or the modem... but this one has TV out (saving on the cost of a monitor) and ethernet (for community LAN, say). And a Linux-based platform would work pretty well.

    You could also put a PCI WiFi card in the single PCI slot for under $20. Or add a modem, likewise. And I believe this would be a significantly more powerful system.