It seems that he confuses the real issue here, Security, with another, Safety. These are different trust acts. If I believe in the safety of my car I may drive it. If I trust the security of it I would leave my laptop in it, but of course I would never do that and I dought if the auto industry has the motivation to make a more secure vehicle ever. I also really dought that MS has that motivation either, beyond a simple PR game. As long as the OS doesn't get used for things like airplanes or nuclear plants safety is not an issue for MS OS's. If OS crash caused death...well then we would know were most Windows users would be.
I worry that the industry on all levels, (vendor, developers, admins) will never gain that leave of trust because security is not the priority for us and we often drop the ball, just MS drops it the most and in very big ways. But still this issue is important for everyone in the industry not just the vendors, though considering their position they play their role is the most important. Lets face it all OS and Apps have security issues, some a lot more than other, and even the most secure system is made moot if the admin or developer is not awaire of security issues relating to their jobs.
On another note there were some very good suggestion on how to improve security in the other articles. The one that caught my eye is using the most secure default settings. I work in a MS world and a lot of my development work is web based Enterprise apps, so I have a IIS box on my home machine to play with and learn on. One of my favorite games is to expose my box to the internet and see how secure I can make it. In the case of default setting in IIS and NT this is a lot of work. The funny thing is that I started this game prior to the release of code red. My box survived it, much to my suprise. So MS made all these fancy patches to address security problems that partically could have been avoided by better default settings. Of course that would not address the fact that many of these feature had/have huge security holes, but the effect of code red and friends would have been greatly reduced with better default settings. From looking at the log that I keep on HTTP requests I recieve, Perl and REG EX are a wonderful things, the majority of infected requests at my door come from @home installs. Of course the percentage is due more to the nature of how these worms scan the net (start local then go more global).
but who is to say that new functionality can not be added without major changes in hardware. A software upgrade would be cheaper and easier. Do you think MS is not awaire that consumers are getting a bit tired of the upgrade thing? I mean expecting them to buy an new box in a year? Also if they are thinking of the web tv market I am sure the idea didn't just hit them last week. This change has been coming for a long time and has been thought out.
but after the tech set up my machine I just ran ipconfig to get the DHCP etc settings and reimaged my machine. I still get the same port scan from them on a regular basis and their DHCP server send a strange option to my client, but it works and they have not complained or tried shut me down.
oh wait a second that was a white guy. Good thing no racist assumptions were made then, oh wait it was just logical to start blaming those from the middle east for the bombing even though it was wrong.
Maybe when MS sees 4 million people logged on as $L4$hd0t it'll realize that the people don't want to be uniquely identified in EVERYTHING they do.
If you don't want to identify yourself than don't use it, Come on it's not like they are providing some essetial service, like medical care. Wait a second I have to identify myself to get medical care. Damn hospital.
I was trying to argue against the point of this whole thread, but then I realized there wasn't one.
Have you ever hear a little thing call nimda? Are your virus definitions current? Does it scan your Internet Temporary Files automatically? Do you like to live dangerously? Why not put these little numbers in your IE browser 24.219.119.125.
THIS SITE IS INFECTED WITH NIMDA, SO IF YOU USE IE AND KNOW WHAT IS GOOD FOR YOU DO NOT GO HERE
If your a bit curious what can happen, when your virus definition is current then go hear. On the Brink. You may notice that there is no pic of the download dialog box popping up, because it doesn't. This is an eml file and it is safe, right;^P
For a laugh check out another post on this thread by me about a friend of mine who did not have current definitions for his AV.
Like myself and others have pointed out nimda does this already with no warning what so ever.
Norton AV will get it when it comes, but if you do not have a good quality AV, Definitions uptodate and set up correctly you would never know.
I have this friend who is a total MS fan and very ingorant about what happens on his computer. I convinced him to put Norton AV on his machine, because at the time he was not using anything. One day I was at his house and he wanted to show me something on his machine and the a pop up to update Norton comes up. Right then he complains that why did I convince him to install this application, because it always asks to download updates and they just took too long. I asked if he had been doing the updates, but he says no because they were in his words "too much of an inconveniance.
Now stay with me it gets better. A couple of weeks later he phones me up and starts talking about this funny thing he say on the net. Another friend of his, some sort of Rocket Scientist;^) says "hey you have to check out this web site, of some company or aonther, that has on its main page America Suck in big red letters." His friend adds that it was infected by one of these internet worms. So my friend of course goes and checks it out. He proceeds to laugh at me because I do development in the MS world and a lot of my work involves making B2B web apps. He tells me that, in his enlightened opinion:^0, only a fool would run that stuff on the web.
Now here is the good part. I ask him if the only reason he call was yank my chain, and he says no. He called because his Outlook quit working and his machine was acting really slow. I told him to phone his other buddy, the one who suggested the web site, and ask him if he was having the same problem. I have not heard from either of them since. I think he figured out that I was not coming over to help him fix his damn machine for a couple of beers. For those that have not been keeping up, his box was infected by nimda when he visited the site in his IE browser, because his AV definitions were not current he was infected WITH NO WARNING. How do I know this is the case you ask? Because I have visited sites, with IE, that get logged on my home IIS box, by ip addy? Everytime Norton tells be it found one in the web page and has put it in the penalty box. Now if I only knew how to disect one of these puppys. Each page says America Suck in bold red letters.
The funny thing is that my clients and my own employer have had zero, ZERO problems with any of the worms or viruses that have been getting headlines lately. These are all big corporation, and we all use Outlook, IE, IIS etc. Like I always say it doesn't matter what box you use, but the work you do. My paw always said a poor craftsman blames their tools.
I always laugh when these linux hobbists that have to work in the NT world to make a living have stories about how their IIS box at work was infected or some user opened an attachment that had a virus and act like it was all some suprise to them. Like they didn't realize that features can be fire or users will do dumb things. I mean who is the one getting paid to keep the system running and safe. From the way I see it the wrong person that's who.
It is fourty below and I don't give a...
You have to love this quote from Time
on
This is IT?
·
· Score: 1
software so sophisticated it puts Microsoft to shame.
I thought I skipped to an article on Linux by accident. But come on now lets talk about the MAJOR achievements.
It seems that Shaw, my provider, Cogeco and even Rogers are sufficiently prepared for this event. Of course old Ted Roger is going to lose a bit of his shirt on this thing and they have been slow to react because of their interests in @home and partnerships with AT&T, and there are still lots of people questioning if Rogers can support all of their customers. Atleast 10% may be without service tonight.
Shaw made the conversion months ago, mostly due to poor service from Excite, especially with email.
But thank god for out socialist interfering government, because by 2004 they are promising us broadband in every pot. Now if everyone had a computer too. Even the CRTC is not going to interfere with the net at this point anyway. Beside it is because of there regulations that I pay less for my cable service, only $40 Cnd, that is like 5 US, and I get more bandwidth and better service.
We may not be able to support a useful military, but we all can get streaming video of the latest war to our home from cnn.
Excuse me while I download the latest Suse version.
Like many truely geeky and inquisitive types have pointed out there are many ways around this. A month doesn't go by here when some "super secure" format (adobe), copyright protection (SDMI), authentication (anything from microsoft) etc being broken and exposed for all to see. Do you think a bounch of suit with badges can do any better at hidding there little back door. I am sure within a few week of release the dreaded virus someone will have posted on some hacker site or maybe alt.binaries.crack a scanner or detecter for this trojan mule. You would think they would have better use for there resources, like checking for known terrorist at the border or in airports.
You have to wonder if Sym and other were put under tremendous pressure from the Feds for this jesture. It seems to me like Sym and other are giving them the big FU. "We will do what you want mister secret agent man, but see if it does you any good."
It just makes me think of all this crazy shit you would see in the media about hidden messages in jpegs and such. As if these guys have to get that high tech to pull this stuff off. The FBI doesn't even have the ability to pick up the individuals that are already known terrorists. I mean shit they had picture of some of these assholes and showed us video of them on there way to boarding the plane. It is like giving a net admin job to someone who can't even set the time on their vcr. Anyway these guys new what they were going to do before they even entered the country. There was no passing of indepth information over the wires. The only info the master mind of this plot had to send out was a date, which flights to take and where to fly if that. "We are having a party to celebrate my brother's new job in new york at the WTC. It all happens on Sept 11 at 7:15. See you there."
When I hear how the powers that be plan on making us safer I do not feel so safe.
Have to go I just got an alert from my firewall "do you want FBIKeyStroker.exe to act as a server?"
I just recently installed a sample web application from M$, yes it was.Net, and it came with one of these MSDE databases. When I opened up the server manager I was suprise to see several ip addresses in it. There are severaly @home user with SQL Server installed and many with no sa password, don't ask me how I know that. Many of these boxes also have infected IIS installs too. As if I don't get enough code red/ namba hits as it is. I glad I uninstall that thing, because I am sure it didn't have a password and I am not sure how I could set it.
Does anyone know about the functionality of the little engines and are they effected by this worm.
LT
I really do not see the point. It will not be like running *nix, what ever that means, and there will be few if any features that Windows already has. It is bad enough that everyone is focused on out windowing Windows, but no we have to try and do it on a M$ OS. I hope they had fun doing it because that is the only reason to even try, for the fun of it. It is bad enough that so many of the distros are trying so hard to be like Windows, and it is succeeding. Look at all the new bug that are coming out because of the push to add more feature and get them out quickly. One has got to ask themselves how different is this than M$. If I want to have pretty pictures and one hand computing the boot up Windows, but if I want to think, burn and type Slackware.
Well at least there are still fixes going on for 2.2, M$ just stops fixing older OS's until they drop them all together i.e. Win95 or just don't offer you the features i.e. no ASP.NET for IIS 4 and NT 4.
C++, C#, Perl, VB, OK I don't use VB anymore. I have always worked this way, but now I have a platform that is designed for it. It is a good thing I am more interested in programming than analysing someones business practices.
Fourty below and I don't give a...
I went back to school at 35 and now at 37 I have quickly moved up to a senior developer job with an excellent consulting company. Being older with experience can get you a lot of milage and having another degree, I am also a phil major, is very useful, i.e. I can read, write, think for myself, and learn, more than I can say for most of the kids that I went to school with that wanted to be game programmers.
On the SA think, don't do it. Development and Architecture are better job, and fiddling with the box is a good skill to have and something you can do on your own time.
Good Luck
LT
Slashdot Mirror
It seems that he confuses the real issue here, Security, with another, Safety. These are different trust acts. If I believe in the safety of my car I may drive it. If I trust the security of it I would leave my laptop in it, but of course I would never do that and I dought if the auto industry has the motivation to make a more secure vehicle ever. I also really dought that MS has that motivation either, beyond a simple PR game. As long as the OS doesn't get used for things like airplanes or nuclear plants safety is not an issue for MS OS's. If OS crash caused death...well then we would know were most Windows users would be.
I worry that the industry on all levels, (vendor, developers, admins) will never gain that leave of trust because security is not the priority for us and we often drop the ball, just MS drops it the most and in very big ways. But still this issue is important for everyone in the industry not just the vendors, though considering their position they play their role is the most important. Lets face it all OS and Apps have security issues, some a lot more than other, and even the most secure system is made moot if the admin or developer is not awaire of security issues relating to their jobs.
On another note there were some very good suggestion on how to improve security in the other articles. The one that caught my eye is using the most secure default settings. I work in a MS world and a lot of my development work is web based Enterprise apps, so I have a IIS box on my home machine to play with and learn on. One of my favorite games is to expose my box to the internet and see how secure I can make it. In the case of default setting in IIS and NT this is a lot of work. The funny thing is that I started this game prior to the release of code red. My box survived it, much to my suprise. So MS made all these fancy patches to address security problems that partically could have been avoided by better default settings. Of course that would not address the fact that many of these feature had/have huge security holes, but the effect of code red and friends would have been greatly reduced with better default settings. From looking at the log that I keep on HTTP requests I recieve, Perl and REG EX are a wonderful things, the majority of infected requests at my door come from @home installs. Of course the percentage is due more to the nature of how these worms scan the net (start local then go more global).
but who is to say that new functionality can not be added without major changes in hardware. A software upgrade would be cheaper and easier. Do you think MS is not awaire that consumers are getting a bit tired of the upgrade thing? I mean expecting them to buy an new box in a year? Also if they are thinking of the web tv market I am sure the idea didn't just hit them last week. This change has been coming for a long time and has been thought out.
but after the tech set up my machine I just ran ipconfig to get the DHCP etc settings and reimaged my machine. I still get the same port scan from them on a regular basis and their DHCP server send a strange option to my client, but it works and they have not complained or tried shut me down.
oh wait a second that was a white guy. Good thing no racist assumptions were made then, oh wait it was just logical to start blaming those from the middle east for the bombing even though it was wrong.
First off it does not have to be written by a brit or anyone at the reg. Some Linux geek from the US could have written it and sent it in.
Also if you are awaire of differences in British and American use of the English language, what makes you think they are not.
I can't beleive you have a 2 for that insightful comment.
Karma is highly overrated.
It's just the others that run it on their desktop have yet to figure out how to config their modem or get tech support from their cable provider. ;^)
...
It's fourty below and I don't give a
Hmmmmmm.
Is that drool on my shirt.
If you don't want to identify yourself than don't use it, Come on it's not like they are providing some essetial service, like medical care. Wait a second I have to identify myself to get medical care. Damn hospital.
I was trying to argue against the point of this whole thread, but then I realized there wasn't one.
It's fourty below and I don't give a
Are you confident about that.
;^P
....
Have you ever hear a little thing call nimda? Are your virus definitions current? Does it scan your Internet Temporary Files automatically? Do you like to live dangerously? Why not put these little numbers in your IE browser 24.219.119.125. THIS SITE IS INFECTED WITH NIMDA, SO IF YOU USE IE AND KNOW WHAT IS GOOD FOR YOU DO NOT GO HERE
If your a bit curious what can happen, when your virus definition is current then go hear. On the Brink. You may notice that there is no pic of the download dialog box popping up, because it doesn't. This is an eml file and it is safe, right
For a laugh check out another post on this thread by me about a friend of mine who did not have current definitions for his AV.
It's fourty below and I don't give a
Like myself and others have pointed out nimda does this already with no warning what so ever. Norton AV will get it when it comes, but if you do not have a good quality AV, Definitions uptodate and set up correctly you would never know. I have this friend who is a total MS fan and very ingorant about what happens on his computer. I convinced him to put Norton AV on his machine, because at the time he was not using anything. One day I was at his house and he wanted to show me something on his machine and the a pop up to update Norton comes up. Right then he complains that why did I convince him to install this application, because it always asks to download updates and they just took too long. I asked if he had been doing the updates, but he says no because they were in his words "too much of an inconveniance.
;^) says "hey you have to check out this web site, of some company or aonther, that has on its main page America Suck in big red letters." His friend adds that it was infected by one of these internet worms. So my friend of course goes and checks it out. He proceeds to laugh at me because I do development in the MS world and a lot of my work involves making B2B web apps. He tells me that, in his enlightened opinion :^0, only a fool would run that stuff on the web.
...
Now stay with me it gets better. A couple of weeks later he phones me up and starts talking about this funny thing he say on the net. Another friend of his, some sort of Rocket Scientist
Now here is the good part. I ask him if the only reason he call was yank my chain, and he says no. He called because his Outlook quit working and his machine was acting really slow. I told him to phone his other buddy, the one who suggested the web site, and ask him if he was having the same problem. I have not heard from either of them since. I think he figured out that I was not coming over to help him fix his damn machine for a couple of beers. For those that have not been keeping up, his box was infected by nimda when he visited the site in his IE browser, because his AV definitions were not current he was infected WITH NO WARNING. How do I know this is the case you ask? Because I have visited sites, with IE, that get logged on my home IIS box, by ip addy? Everytime Norton tells be it found one in the web page and has put it in the penalty box. Now if I only knew how to disect one of these puppys. Each page says America Suck in bold red letters.
The funny thing is that my clients and my own employer have had zero, ZERO problems with any of the worms or viruses that have been getting headlines lately. These are all big corporation, and we all use Outlook, IE, IIS etc. Like I always say it doesn't matter what box you use, but the work you do. My paw always said a poor craftsman blames their tools.
I always laugh when these linux hobbists that have to work in the NT world to make a living have stories about how their IIS box at work was infected or some user opened an attachment that had a virus and act like it was all some suprise to them. Like they didn't realize that features can be fire or users will do dumb things. I mean who is the one getting paid to keep the system running and safe. From the way I see it the wrong person that's who.
It is fourty below and I don't give a
I thought I skipped to an article on Linux by accident. But come on now lets talk about the MAJOR achievements.
So what does that say about evolution? or maybe your understanding of it.
It seems that Shaw, my provider, Cogeco and even Rogers are sufficiently prepared for this event. Of course old Ted Roger is going to lose a bit of his shirt on this thing and they have been slow to react because of their interests in @home and partnerships with AT&T, and there are still lots of people questioning if Rogers can support all of their customers. Atleast 10% may be without service tonight.
...
Shaw made the conversion months ago, mostly due to poor service from Excite, especially with email.
But thank god for out socialist interfering government, because by 2004 they are promising us broadband in every pot. Now if everyone had a computer too. Even the CRTC is not going to interfere with the net at this point anyway. Beside it is because of there regulations that I pay less for my cable service, only $40 Cnd, that is like 5 US, and I get more bandwidth and better service.
We may not be able to support a useful military, but we all can get streaming video of the latest war to our home from cnn.
Excuse me while I download the latest Suse version.
It is 40 below and I don't give a
Like many truely geeky and inquisitive types have pointed out there are many ways around this. A month doesn't go by here when some "super secure" format (adobe), copyright protection (SDMI), authentication (anything from microsoft) etc being broken and exposed for all to see. Do you think a bounch of suit with badges can do any better at hidding there little back door. I am sure within a few week of release the dreaded virus someone will have posted on some hacker site or maybe alt.binaries.crack a scanner or detecter for this trojan mule. You would think they would have better use for there resources, like checking for known terrorist at the border or in airports.
You have to wonder if Sym and other were put under tremendous pressure from the Feds for this jesture. It seems to me like Sym and other are giving them the big FU. "We will do what you want mister secret agent man, but see if it does you any good."
It just makes me think of all this crazy shit you would see in the media about hidden messages in jpegs and such. As if these guys have to get that high tech to pull this stuff off. The FBI doesn't even have the ability to pick up the individuals that are already known terrorists. I mean shit they had picture of some of these assholes and showed us video of them on there way to boarding the plane. It is like giving a net admin job to someone who can't even set the time on their vcr. Anyway these guys new what they were going to do before they even entered the country. There was no passing of indepth information over the wires. The only info the master mind of this plot had to send out was a date, which flights to take and where to fly if that. "We are having a party to celebrate my brother's new job in new york at the WTC. It all happens on Sept 11 at 7:15. See you there."
When I hear how the powers that be plan on making us safer I do not feel so safe.
Have to go I just got an alert from my firewall "do you want FBIKeyStroker.exe to act as a server?"
It's 40 below and I don't give a....
I just recently installed a sample web application from M$, yes it was .Net, and it came with one of these MSDE databases. When I opened up the server manager I was suprise to see several ip addresses in it. There are severaly @home user with SQL Server installed and many with no sa password, don't ask me how I know that. Many of these boxes also have infected IIS installs too. As if I don't get enough code red/ namba hits as it is. I glad I uninstall that thing, because I am sure it didn't have a password and I am not sure how I could set it.
Does anyone know about the functionality of the little engines and are they effected by this worm.
LT
I really do not see the point. It will not be like running *nix, what ever that means, and there will be few if any features that Windows already has. It is bad enough that everyone is focused on out windowing Windows, but no we have to try and do it on a M$ OS. I hope they had fun doing it because that is the only reason to even try, for the fun of it. It is bad enough that so many of the distros are trying so hard to be like Windows, and it is succeeding. Look at all the new bug that are coming out because of the push to add more feature and get them out quickly. One has got to ask themselves how different is this than M$. If I want to have pretty pictures and one hand computing the boot up Windows, but if I want to think, burn and type Slackware. Well at least there are still fixes going on for 2.2, M$ just stops fixing older OS's until they drop them all together i.e. Win95 or just don't offer you the features i.e. no ASP.NET for IIS 4 and NT 4.
C++, C#, Perl, VB, OK I don't use VB anymore. I have always worked this way, but now I have a platform that is designed for it. It is a good thing I am more interested in programming than analysing someones business practices. Fourty below and I don't give a ...
I went back to school at 35 and now at 37 I have quickly moved up to a senior developer job with an excellent consulting company. Being older with experience can get you a lot of milage and having another degree, I am also a phil major, is very useful, i.e. I can read, write, think for myself, and learn, more than I can say for most of the kids that I went to school with that wanted to be game programmers. On the SA think, don't do it. Development and Architecture are better job, and fiddling with the box is a good skill to have and something you can do on your own time. Good Luck LT