Slashdot Mirror


User: Bert64

Bert64's activity in the archive.

Stories
0
Comments
12,200
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,200

  1. Re:You know what else you need? on New SimCity To Require Constant Internet Connection · · Score: 1

    With my internet connection out for a week, i think i'd be playing more games in my spare time since i wouldn't be able to read slashdot or do many of the other things i pass my time with.

  2. Re:Freedom of speech... on UK Man Jailed For 'Offensive Tweets' · · Score: 1

    If you truly believe that, then why are you posting here?

    What if i decided that your comments were offensive and hurtful, and decided to kill you for making them, or to commit suicide? Would this be your fault for commenting that you disagreed with me, or would it be my fault for taking your comments as more than just words?

    Fact is, as other people have pointed out, it is not the words that hurt or maim anyone, it is the actions taken by those who take the words for more than what they are. And if someone is willing to commit suicide or murder over something so trivial then they are clearly unstable, and just a ticking bomb waiting for the slightest of nudge to set them off.

  3. Re:BB on Ask Slashdot: Most Secure Mobile OS? · · Score: 1

    In all cases i've seen, the phone is able to power up and start receiving data without requiring any user input, and user input is only required before it will let you view the data. It is not only able to receive data, but also process it in its unencrypted form, because it will alert you about calendar appointments etc, without requiring you to first enter your password.

    In order to do this, even if the data is encrypted, the encryption key must be stored on the device in order for it to access the data. Therefore it's only a matter of time and skill for someone to find out how the key is stored, and how to extract it.

    Contrast this with say a full disk encryption system running on a laptop, where the system is unable to boot at all without entering the key because it can't read any of the data until you provide the key for decrypting it. Is there any phone that works like this?

    If you tried doing that to a standard BlackBerry you'd get 10 chances before it wiped itself.

    This assumes that you are going in the front door and using the provided interface...
    If you go in at a lower level, then the 10 chances logic isn't running.
    Software access control systems are irrelevant if you have access to the kernel level.

    This is a very common misconception, just because the interface you normally see requires you to enter a password, and wipes the device if you enter it incorrectly, doesn't mean someone can't go in at a lower level and modify/remove the code that implements that logic, while leaving the code that provides access to data.

    Movies are a bad influence here, think "missile launch codes"... Just because a missile is designed to be fired by entering a code, doesn't mean that with physical access and sufficient knowledge you couldn't remove that requirement, you have all the components you just need to make them do what you want. The code, just like an immobiliser in a car or any number of other measures only makes the process more complicated and slows it down.

  4. Re:The Most Secure Mobile OS on Ask Slashdot: Most Secure Mobile OS? · · Score: 1

    Default Windows installs (for all modern values of "Windows") block those ports at the firewall. There is software listening on them behind the firewall, yes, but the same is true of things like the X11 server on most Linux installs.

    Does this not strike you as stupid?
    If you are able to firewall a service off completely and have the system still work then that service is simply not required! If you get any instance in which the firewall fails to operate (windows firewall doesn't run when it believes its connected to a trusted network for instance) then those services are exposed.
    Linux does not do the same, X11 for instance is configured without network support on most distributions by default because it is extremely rare that people would use that function.

    There's nothing magical about the security of repositories, they're simply a source you trust for your software. Similar sources exist on Windows too. Access to one of them is even built into the OS (ever wondered why it was called "Add/Remove Programs"?), though nobody short of major coporations seems to use it.

    Nothing magical perhaps, but they teach better practices. Getting users into the bad habit of downloading and running binaries from random websites is extremely dangerous, and is one of the biggest reasons why social engineering attacks are so often successful.

    The group policy you speak of is not how you actually secure a system, it's how you restrict a user experience.

    Absolutely, and yet the number of sysadmins who think its a security option and rely on it as such is truly staggering. You may claim that such sysadmins are incompetent, and rightly so, yet windows has always been marketed as not requiring competent (and thus expensive) sysadmins... Putting options like that in, which mislead unskilled admins into a false sense of security is not good design when your product is marketed at such individuals.

  5. Re:The Most Secure Mobile OS on Ask Slashdot: Most Secure Mobile OS? · · Score: 3, Interesting

    Default windows install still has ports 445, 135, 139 open by default (even if they encourage you to hide them behind a firewall - a kludge at best)...
    Default linux install has nothing open, you have to explicitly install SSH on most desktop oriented distros.

    Linux has a repository from which to install software, while windows encourages users to download and run arbitrary binaries.

    Windows has things like stack randomization and non executable pages, but so does linux and has done for much longer.

    Windows uses file extensions to identify file types, and hides them by default, making social engineering attacks more likely (nude_girl.jpg.exe !), on windows simply downloading a file which has a name ending in .exe makes it executable, whereas on linux you require an additional step.

    Windows has a lot of "security features", but a lot of them are pure theatre and do little or nothing to actually improve security...
    Take group policy "folder restrictions" for instance, designed to prevent you browsing certain areas of the filesystem (eg the windows dir, or the root of the hd), and sure enough if you type c:\ into explorer you will get an error... But what if you open a subdir (eg browse the temporary internet files dir using the option within the ie settings), and then keep hitting the up option... Also you can bypass these restrictions by using a program that doesn't use the standard explorer file selection dialogs (eg a command prompt)...
    Linux doesnt have "features" like these because they are pointless, if you want to prevent users from accessing a given area you need to use file permissions.

    There are plenty more examples like this, of "features" that look good on paper, but in reality provide no benefit and are easily circumvented anyway.
    Things like this generally exist for shallow reviews, and security certification checklists, where the presence of an explicit feature gives you a tick in the box and the certification/review is not in depth enough to verify it properly.

  6. Re:The Most Secure Mobile OS on Ask Slashdot: Most Secure Mobile OS? · · Score: 1

    There are plenty of supercomputers with direct internet access, or at least the control node (of a large cluster) will even if the individual nodes will be on internal addresses. Quite a few of the top500 list of supercomputers are used for academic research, and they generally collaborate with institutions around the world so having the system accessible on the internet is required.

    Servers also, are often accessible on the internet in one form or another because they need to be, they are servers after all... Imagine a web server where the http service was not accessible, it would be completely useless. Desktops on the other hand have no reason to be running any listening services at all, since they arent generally intended to be used remotely.

  7. Re:The Most Secure Mobile OS on Ask Slashdot: Most Secure Mobile OS? · · Score: 1

    Most Linux users don't even realise they are using Linux... Linux runs on my TV, and it's hardly an exotic model.

    Repositories on Linux are a very sensible model... Most users have no need to go outside of them, and they get users out of the bad habit of running arbitrary binaries from random sources. Look at phones, it is only geeks that want to go outside of the repository, everyone else is perfectly happy.

    Exploiting the user becomes harder if the user doesn't have the ability or the habit to execute arbitrary binaries by default. If someone is used to installing packages from the repository, they are going to find it strange if someone tells them to download and run a binary. On the other hand, downloading and running binaries is the default way of installing software on windows.

    Walled gardens are actually a sensible approach for 99% of users who have no desire to learn anything about the machines. On the other hand, there needs to be flexibility for those of us who want it... Computers that actively discourage users are extremely detrimental to youngsters looking to learn... Kids need computers like the old C64 etc, where users are encouraged to experiment and cant break the system.

  8. Re:The Most Secure Mobile OS on Ask Slashdot: Most Secure Mobile OS? · · Score: 1

    In my world (I'm a principal security architect for Microsoft)

    So hardly an unbiased view...

    Yes, Macs do have far more software vulnerabilities than Windows computers. If you don't believe me, go to any vulnerability database (I like Secunia's advisory database) and compare any operating system or application from Apple and Microsoft, head to head, over the same time period during the last five years.

    Can't really do that, Secunia has a "Mac OSX" category, while Windows is separated according to version.
    On the other hand, if you compare OSX (all versions) for 2011 to Windows 7 for 2011 you get:

    http://secunia.com/advisories/product/96/?task=statistics_2011
    http://secunia.com/advisories/product/27467/?task=statistics_2011

    39 advisories for windows 7, vs 8 for OSX..
    0% extremely critical for OSX, 3% for windows
    Although OSX declares that 13% are unpatched, the unpatched one is a DoS in the mail application.

    2010 paints the same picture, 47 vs 12, criticals for windows none for osx, one low severity dos vulnerability unpatched in osx.

    I think this qualifies as head to head over the same time period during the last five years... Tho i'm not convinced that counting advisories is a valid comparison.

    Among the leading OS vendors, Apple has been the last to implement nearly every important security protection. Apple was last to implement anti-buffer-overflow memory protections. Apple was the last to implement address space layout randomization (ASLR). Apple was the last leading operating system vendor to offer full disk encryption (in the recently released Mac OS X Lion).

    Microsoft were also very late to the party on this, most of these protections originated in Linux or OpenBSD...

    Apple is also typically the last among these vendors to patch software bugs, sometimes months after they become publicly known.

    This is an inherent problem with closed source code, and microsoft are often just as bad as apple... Plenty of ms vulnerabilities go unpatched for months after people have been actively exploiting them in the wild.

    And it came as no surprise when Dmitry Sumin, president of Password Inc., told me last week that Apple's Mac OS X Lion was the only popular operating system to store login passwords in plain text in memory.

    Not good, but then windows stores passwords in memory in a hashed form, while simultaneously allowing authentication using the hash instead of the plaintext (google for pass the hash if you don`t believe me)... Therefore, the hash is the equivalent of plaintext, and is arguably even worse because it creates a false impression of security.

  9. Re:The Most Secure Mobile OS on Ask Slashdot: Most Secure Mobile OS? · · Score: 2

    Windows "security features" are more theatre than anything else...
    A someone who has conducted penetration tests against lots of networks, most of which were windows based, its pretty trivial to bypass pretty much all of these "security features" you talk about.

    The vast majority of companies operate on the idea that people inside are trusted, while the external firewall provides the sole line of protection, so the vast majority of the windows services are hidden away from the outside. Of course this all breaks down very badly if someone malicious gets inside.

    Those IT departments generally have no knowledge of anything other than windows, and have a fear of the unknown.

  10. Re:BB on Ask Slashdot: Most Secure Mobile OS? · · Score: 1

    Have a read of what was said at last year (or was it the year before) pwn2own contest, A guy there successfully compromised the blackberry handset and concluded that its mostly security through obscurity, where the perceived security of blackberry handsets is based on the fact that very few people have taken the time to investigate and understand the system in depth.

  11. Re:The Most Secure Mobile OS on Ask Slashdot: Most Secure Mobile OS? · · Score: 2

    Linux desktop market share is tiny, but Linux market share as a whole (embedded, supercomputers, servers, phones etc) is pretty high.

    Servers and supercomputers especially are high value targets, very attractive for hackers so there is considerable effort made to find vulnerabilities in linux. A 24/7 server on a high speed (full duplex) connection is far more useful for a hacker than a desktop connected to a typical end user connection with limited upstream bandwidth.

    Windows phone 7 only exists in one market, and its share of that is miniscule.

  12. Re:The Most Secure Mobile OS on Ask Slashdot: Most Secure Mobile OS? · · Score: 2

    Don't MS often complain that windows is only perceived as insecure because its ubiquitous and therefore commonly targeted, and that other systems only appear more secure because noone bothers to target a small marketshare...

    Surely then, the same applies to windows phone, it has a tiny marketshare and therefore very few people are interested in attacking it.

    Also worth noting, windows phone has a tiny market share period... Linux only has a tiny share on the desktop, its big in servers, supercomputers, embedded etc.

    The windows phone kernel is based on windows ce, which is inherently a single user os, im fairly sure that once you get down to it, the system is considerably less secure than android or ios, both of which are based on tried and tested multiuser kernels.

  13. Freedom of speech... on UK Man Jailed For 'Offensive Tweets' · · Score: 1

    People are too over sensitive these days...
    So someone voices his opinion, and you don't agree with it... No reason to throw him in jail, would be much better for freedom of speech to allow other people to say exactly what they think of this guy. After all, its only words, noone was actually injured by anything this guy said.

  14. Re:who cares on Microsoft Blocking Pirate Bay Links In Messenger · · Score: 1

    A lot of those who were using MSN have since moved to Skype, which is now also owned by MS...

  15. Re:The good old days... on Science Reveals Why Airplane Food Tastes So Bad · · Score: 1

    You used to get good meals at 56,000 feet on Concorde too...

  16. Re:Alternatively: sweets, raw veg and fruit on Science Reveals Why Airplane Food Tastes So Bad · · Score: 1

    Quite a few airlines offer something cold like a sandwich on short flights...
    In Europe especially, you have a choice between the budget airlines (where you pay - a lot - extra for any kind of food), and the proper airlines where you typically get a sandwich or salad on a short flight.

  17. Re:The good old days... on Science Reveals Why Airplane Food Tastes So Bad · · Score: 1

    A rule that does very little to prevent liquid explosives, but serves only to increase the profit for the retailers in the airport (who charge obscene prices).

    Vodka is sold in airports and is highly flammable, you could do plenty of damage with a bottle of vodka you bought in duty free before boarding the plane.

  18. Re:No justification for the current media pricing? on With Cinavia DRM, Is Blu-ray On a Path To Self-Destruction? · · Score: 2

    There are plenty of products which are legal some places and not legal in others, guns for instance, and various kinds of drugs...

    Region restrictions have nothing to do with this whatsoever...

    Back in the days, if you released a movie in one country then very few people outside of that country would even know it existed...
    And even in the days of VHS, you had NTSC and PAL, incompatible systems in different countries which created a barrier...
    This lack of communications and unintentional incompatibility allowed movie publishers to arbitrarily delay release in other countries, gouge them on price or even shut them out entirely.

    Region restrictions then, are an attempt to subvert global standards and communication, in order to cling on to the gouging profits of the past.

  19. Re:No justification for the current media pricing? on With Cinavia DRM, Is Blu-ray On a Path To Self-Destruction? · · Score: 4, Insightful

    If they were cheap, free of drm and free of region restrictions i would have lots of them...

    The players would be considerably cheaper if they were not forced to both license and implement the drm schemes...

    I imagine the time and money spent on implementing these ridiculous schemes is massively more than what the cracking groups expend to break them.

  20. Stupid... on French President Proposes Jail For Terrorist Website Visitors · · Score: 4, Interesting

    Jailing someone for familiarising themselves with a subject is wrong...

    Guides on how to commit acts of terrorism could be perceived as interesting, and are useful reading for someone working on the other side of the fence looking to prevent, deter or even just detect such acts... In fact this is a common problem, those looking to prevent a given activity simply don't understand how those who want to carry out such activities think... Wether it's hacking, burgling, terrorism, piracy etc, and you end up with wholly ineffective measures that look really fancy but are easily circumvented by those who are serious about doing it, while providing significant disruption for innocent civilians.
    There seems to be a generally flawed mindset out there that concentrates on big fancy front gates, while totally forgetting about the rotten wooden door at the back.

    Personally i think the more people understand about how terrorists think, the greater the chance of their activities being discovered and stopped. Imagine you live next door to someone who keeps bringing bags of fertiliser into their house, are they a keen gardened or can fertiliser be used to make bombs? Have you seen any evidence of well cultivated plants in their back garden? Can you smell canabis coming from their roof space? Or can you smell other chemicals you've read about in the jolly roger's cookbook?

    Child porn is entirely different, most people simply won't want to look at it, even if they should stumble across it accidentally.

  21. Re:And showing every bit of its age too, apparentl on GCC Turns 25 · · Score: 1

    Depends largely on the size of your cpu cache, although i was pretty sure gcc (or maybe it was some other compiler) had some options to take cache sizes and relative performance of different level caches vs ram into account when generating optimized code.

  22. Re:It goes without saying on Amiga Returns With Lackluster Linux-Powered Mini PC · · Score: 5, Insightful

    All these half assed linux distros, especially those that used to ship with netbooks give linux a bad name...
    They need to use a mainstream well known distro with a decent package repository available.

  23. Re:First on Former Nokia Exec: Windows Phone Strategy Doomed · · Score: 1

    I know you're probably saying that as if it's bad, but in reality Google offers effectively no support to manufacturers who make devices for Android. Microsoft offers legal support to all manufacturers, and for Nokia they are offering technical engineering support and cash, which is a pretty good deal compared to what Android is offering.

    Depends wether the cash from MS outweighs the cash they would have got from actual paying customers, had they gone the Android route...

  24. Re:Boycott on The Numbers Behind the Copyright Math · · Score: 1

    Which only serves to further justify piracy, how can you purchase media that's not for sale anymore? Your only option is to find a copy from somewhere else.
    With physical goods, supply can often outstrip demand, causing a price increase...
    With digital goods, the supply is infinite, trying to artificially limit it is ridiculous and just results in someone else stepping up to cater to that demand.

  25. Re:Losses, but due to piracy? on The Numbers Behind the Copyright Math · · Score: 4, Insightful

    Approach it from another point of view...

    As you point out, people hate DRM and the various laws being pushed by these groups...

    Any money you spend on buying music from RIAA affiliated labels will be used to push the above... How can you justify purchasing music, knowing that your money will be used against you in this way?