Note the end of the article: "It's also important to note that the ability of limited users to override these settings is not due to a bug in Windows, but rather enabled by design decisions made by the Microsoft Group Policy team."
That's another example of Microsoft's mindset, in my opinion. It appears to me that Windows is deliberately weak. It's not an accident that Windows has low security.
I agree with what you said. There are other issues, too.
It has been my observation that Microsoft takes security vulnerability to a whole new level. Microsoft Internet Explorer has had the most extremely serious vulnerabilities of any software I've seen.
Below is something I wrote for customers about this week's astounding Microsoft vulnerability. Microsoft customers of any version of Microsoft Windows after Windows 3.1 can lose control over their computers just by visiting a web page. Security experts are saying it is the worst security vulnerability they have ever seen.
It's been there for 7 years. How many countries have secret police or espionage departments that have used this vulnerability?
Microsoft is taking a leisurely approach to fixing the problem. The company plans to release a patch on January 10. Part of the problem is that there is an ENORMOUS conflict of interest. Many customers, when they discover that their computer has become slow, don't realize that it is infected. They buy another computer. They don't want to spend the money to learn another operating system, so the new computer has another copy of Windows. So Microsoft profits from security vulnerabilities. Corporations are usually a group of generally moral people, but it has somehow been established that the corporation can be allowed to be immoral.
I wrote the instructions below for those of my customers who are interested in protecting their home computers, and have the minimal technical ability required. These instructions and the explanation will help them understand the importance of the work we do for them, and the problems we face in helping them.
________________
New, Very Severe Security Vulnerability
In Windows
There are big problems now with a new, very severe security
vulnerability In Windows. You can become infected even if you merely
visit a malicious web site. See the
articles linked below.
The vulnerability exists in all
versions of Microsoft Windows, including Windows 98, except Windows NT.
Macintosh and Linux computers are not affected.
NEVER follow
instructions like those
here unless you verify they are correct by reading an official source!
In this case, you can see the instructions in the Microsoft article
linked below. To see the instructions, load the article in a browser,
click on "Suggested Actions", click on "Workarounds", and click on
"Un-register the Windows Picture and Fax Viewer".
Temporary Fix -- Here is the temporary, incomplete fix given in
the
Microsoft article linked below. This adjustment does not make a computer secure, it just makes it more secure:
Log in as a user with
Administrative
privileges. (If the command below runs successfully, your login account
has administrative privileges.)
Copy this command to
the Clipboard:
regsvr32 -u
%windir%\system32\shimgvw.dll
Left-click Start/
Run/. The Run window
will open.
Paste the command into
the Run window.
Press the Enter key.
You should see a
window that has
"succeeded" as the last word.
This command, un-installation,
will disable the
automatic loading of graphics
files in Microsoft Picture and Fax Viewer. That is better than risking infection of
your
computer with viruses, spyware, and other malware.
After un-installation, you will need to open a graphics program to view
photos and other graphics. You can use Microsoft Paint, for
example:
Start/ Programs/ Accessories/ Paint. However, be careful to open only image files from trusted sources. If you view an infected graphic with Microsoft Paint, your computer will be infected.
Graphics in email programs like Mozilla and Thunderbird and Opera will
display normally after un-installation.
Before the un-install, if your computer is about to be infected, you
will see a pop-up message from those three em
Bjarne Stroustrup seems to be the only person who has the mental capacity to guide the development of C++. However, he is taking a very leisurely view of improving the language, in my opinion. We need those improvements 8 years ago.
Java is attractive, but writing in it means getting involved with Sun's mismanagement, which is so bad it may eventually kill the language.
C# is attractive, but using it means being under the influence of Microsoft, a company which is often adversarial toward its customers.
As in other fields, we suffer greatly because of the poor quality of our leadership.
We've found that a minimum of 10x optical zoom is nice. Photos are much nicer when the subject fills the frame.
There needs to be an external flash for many photos, and that requires an external flash connector. It's much better to bounce the flash off the ceiling than to aim it directly at the subject.
Companies storing sensitive data could be expected to use software that provided error correction codes (like those generated by ICE ECC).
Laws about this would enable companies to spend the money without worrying that they were making themselves uncompetitive because of expenses. They would know their competitors must do it also.
Top managers are generally not wise about technology; they need someone to guide them toward doing the right thing.
All backup software should encrypt the backups. Unfortunately, backup software is still very primitive.
Backup software should also automatically do a compare and determine if the backup is actually usable. In about 5% of our tests, Acronis TrueImage software, for example, has made a backup that it won't read.
It's simple enough to solve Marriot's problem. Pass a law that anyone storing more than 100 credit card numbers must use encryption. Provide cross-platform open source backup software that meets the requirements of the law. The law should provide guidance concerning the keeping of the passwords.
We must work together to fix this bug.
on
Firefox Secrets
·
· Score: 1
Robinjo, I agree with what you said, but it does not apply in this case. The only way to fix this very serious bug is to interact with the developers. In 2 1/2 years, we have never come close to that. They've always wanted more than can be given.
I have, many times, described how to reliably reproduce the bug. But the developers want to fix bugs that are much easier than the Firefox/Thunderbird/Mozilla CPU and memory hogging bug.
1) Not open external (not embedded) image files. This is the default.
2) Not run scripts. This is the default.
Thunderbird cannot run ActiveX. That gives me perfect safety. Enigmail should support what Thunderbird supports.
Many programmers have very limited in social abilities, so they don't like to or want to communicate. Also, many programmers are, maybe surprisingly, not big users of their computers. They program at work, using just a few applications. When they come home, maybe they play games, maybe not.
Programmers should not be allowed to dictate what features we need.
Sorry, not a law. An executive order is being ignored. If you visit the NSA web site, and don't know how or forget to delete cookies, you are being tracked.
The U.S. government's present problems with corruption are aided enormously by people who pretend to discuss politics but in fact are acting out their anger. They haven't read any books. They haven't educated themselves, although they parrot things said by other angry people, which may make them seem educated. They make very strong statements, and they try to intimidate people with an informed view.
You said, "The NSA doesn't have anything to hide."
The NSA is a secret agency. Sometimes information about the secrets becomes available. However, you don't know what the NSA does, and neither do I, and we don't have any way of discovering.
The Slashdot story is about the NSA ignoring the law. That should give anyone the idea that the NSA may at other times ignore the law.
It has been said over and over again in many, many books written by those who
were participants, that the U.S. government's secret agencies do illegal
things by having the secret agencies of other governments do them. For
example, if they want someone killed, they may have an Israeli secret agency
do the work. That way they can claim innocence.
There are other tricks. Did you notice that the CIA agents who did
illegal things for former President Nixon were "former" CIA employees? When
someone is discovered, he or she becomes a "former" employee. In that case,
President Nixon was allowed to leave office, and was pardoned by the next president.
The illegal acts were discovered only by accident.
A government that does anything in secret is not a secret government.
Also, those who are willing to take a secret job are often amazingly
psychologically unstable.
The U.S. government has decided that it can secretly force companies
to help in surveillance. This means that companies in the U.S.
cannot be trusted.
The problems caused by secret action are called "Blowback" by some in
the U.S. government. Blowback is not seen as a bad thing, because if decreases
the political stability in the world, which means that employees of U.S.
government secret agencies will get raises and promotions. See the link to the book
"Blowback" below.
Tips: Don't say "we", as in a U.S. citizen saying "we" kill Iraqis.
When there is secrecy there is no "we". Don't think there is violence over oil. The violence is over who gets
the profit from selling the oil. Oil is sold on the open market; the price is
determined by the market. Before Saddam Hussein got some of the profit from
selling Iraqi oil. Now many of the contracts involve citizens of the United
States.
The following books show some of the history of the U.S. government's
secret agencies, and help explain much of the underlying reasons for U.S. government violence
in the Middle East. Often the secret agencies have acted for special interests
and against the good of the people. For example, the CIA overthrew the
democratically elected president, President Mossadegh, because he wanted his
country to receive more of the profit from oil pumped from his country. The
U.S. government's political interference eventually resulted in a violent
revolution in Iran, and a determination by Iran to strike back.
Unholy Wars: Afghanistan, America, and international terrorism
by John K. Cooley, 2000, Third edition, Pluto Press, London,
England and Sterling, Virginia, USA. Reviews:
Powell'sBarnes
& NobleAmazon
Osama bin Laden is "the personification of
blowback". You can read more about how the CIA created a political climate
very supportive of Osama and his ideas in an article by Jane's, a very
well-respected publication devoted to military issues. The article was
published 3 days after the second World Trade Center bombings, on September
14, 2004: Why?
An attempt to explain the unexplainable.
The CIA brought Arabs to the U.S. and trained them in terrorism. The rules
by which al Qaeda operate seem to come from the CIA training.
Blowback: The costs and consequences of American empire
by Chalmers Johnson, 2000, Metropolitan Books, New York, New York, USA. Also,
there was a new edition in 2003 with a new introduction. Reviews:
Powell's
When I read that, I assumed he meant that a Slashdot editor could check his IP address.
I know that Slashdot editors sometimes read the stories they post, because, when I criticize the Bush administration, sometimes I am moderated down multiple points, without the moderation appearing in the karma points summary at the end of the comment. In the middle of the night, while Slashdot editors are presumably sleeping, people in other countries moderate the comment to +5. The comment is then bulk moderated down when it is morning in the United States. Just guessing, but it is plausible.
This comment may seem a little off topic, other than being an answer to an on topic thread, but it is relevant because encryption like that provided by TrueCrypt is more necessary in times of political instability and government corruption.
"Which means tax evasion, which means they risk significant jail sentences next."
That's what spammers want everyone to think, so that fewer people decide to go into the spamming business.
In actuality, the government almost certainly will not be able to prove how much money was made.
Here's another example of what I was talking about above: Circumventing Group Policy as a Limited User.
Note the end of the article: "It's also important to note that the ability of limited users to override these settings is not due to a bug in Windows, but rather enabled by design decisions made by the Microsoft Group Policy team."
That's another example of Microsoft's mindset, in my opinion. It appears to me that Windows is deliberately weak. It's not an accident that Windows has low security.
It's important to read this story the way prospective spammers read the story.
From the QC Times story: "Kramer said then that he likely will not see any of the judgment money."
Prospective spammers read this as: "A loss of a court case will not cost anything, because all the money is moved to secret bank accounts.
From the QC Times story: "... the judgment also prohibits McCalla from accessing the Internet for three years."
Prospective spammers read this as: "Who cares? I have a low-level employee who does the work."
The entire issue is read by spammers as a small bump in the road.
It has been my observation that Microsoft takes security vulnerability to a whole new level. Microsoft Internet Explorer has had the most extremely serious vulnerabilities of any software I've seen.
Below is something I wrote for customers about this week's astounding Microsoft vulnerability. Microsoft customers of any version of Microsoft Windows after Windows 3.1 can lose control over their computers just by visiting a web page. Security experts are saying it is the worst security vulnerability they have ever seen.
It's been there for 7 years. How many countries have secret police or espionage departments that have used this vulnerability?
Microsoft is taking a leisurely approach to fixing the problem. The company plans to release a patch on January 10. Part of the problem is that there is an ENORMOUS conflict of interest. Many customers, when they discover that their computer has become slow, don't realize that it is infected. They buy another computer. They don't want to spend the money to learn another operating system, so the new computer has another copy of Windows. So Microsoft profits from security vulnerabilities. Corporations are usually a group of generally moral people, but it has somehow been established that the corporation can be allowed to be immoral.
I wrote the instructions below for those of my customers who are interested in protecting their home computers, and have the minimal technical ability required. These instructions and the explanation will help them understand the importance of the work we do for them, and the problems we face in helping them.
________________
New, Very Severe Security Vulnerability In Windows
There are big problems now with a new, very severe security vulnerability In Windows. You can become infected even if you merely visit a malicious web site. See the articles linked below.
The vulnerability exists in all versions of Microsoft Windows, including Windows 98, except Windows NT. Macintosh and Linux computers are not affected.
NEVER follow instructions like those here unless you verify they are correct by reading an official source! In this case, you can see the instructions in the Microsoft article linked below. To see the instructions, load the article in a browser, click on "Suggested Actions", click on "Workarounds", and click on "Un-register the Windows Picture and Fax Viewer".
Temporary Fix -- Here is the temporary, incomplete fix given in the Microsoft article linked below. This adjustment does not make a computer secure, it just makes it more secure:
regsvr32 -u %windir%\system32\shimgvw.dll
This command, un-installation, will disable the automatic loading of graphics files in Microsoft Picture and Fax Viewer. That is better than risking infection of your computer with viruses, spyware, and other malware.
After un-installation, you will need to open a graphics program to view photos and other graphics. You can use Microsoft Paint, for example: Start/ Programs/ Accessories/ Paint. However, be careful to open only image files from trusted sources. If you view an infected graphic with Microsoft Paint, your computer will be infected.
Graphics in email programs like Mozilla and Thunderbird and Opera will display normally after un-installation.
Before the un-install, if your computer is about to be infected, you will see a pop-up message from those three em
The Borland of today seems better than the Borland of before, but I got scared by Borland's previous bad management.
I agree.
Bjarne Stroustrup seems to be the only person who has the mental capacity to guide the development of C++. However, he is taking a very leisurely view of improving the language, in my opinion. We need those improvements 8 years ago.
Java is attractive, but writing in it means getting involved with Sun's mismanagement, which is so bad it may eventually kill the language.
C# is attractive, but using it means being under the influence of Microsoft, a company which is often adversarial toward its customers.
As in other fields, we suffer greatly because of the poor quality of our leadership.
MOD PARENT UP!!!
I spent a lot of time reviewing the Panasonic DMC-FZ20S. It's awesome. A friend has one, and his photos are excellent.
We are very happy with our Olympus camera with a 10x optical zoom. Many times if you don't have 10x zoom, you just can't get the picture.
You said, "... if the picture is bad, you were not close enough...".
New rule of thumb for photographers: If you got eaten by a lion, you were too close.
We've found that a minimum of 10x optical zoom is nice. Photos are much nicer when the subject fills the frame.
There needs to be an external flash for many photos, and that requires an external flash connector. It's much better to bounce the flash off the ceiling than to aim it directly at the subject.
On topic, since the discussion was started by the Slashdot editor: U.S. Federal Deficit by Political Party.
Additional comments to my parent post:
Companies storing sensitive data could be expected to use software that provided error correction codes (like those generated by ICE ECC).
Laws about this would enable companies to spend the money without worrying that they were making themselves uncompetitive because of expenses. They would know their competitors must do it also.
Top managers are generally not wise about technology; they need someone to guide them toward doing the right thing.
All backup software should encrypt the backups. Unfortunately, backup software is still very primitive.
Backup software should also automatically do a compare and determine if the backup is actually usable. In about 5% of our tests, Acronis TrueImage software, for example, has made a backup that it won't read.
It's simple enough to solve Marriot's problem. Pass a law that anyone storing more than 100 credit card numbers must use encryption. Provide cross-platform open source backup software that meets the requirements of the law. The law should provide guidance concerning the keeping of the passwords.
Well said.
Robinjo, I agree with what you said, but it does not apply in this case. The only way to fix this very serious bug is to interact with the developers. In 2 1/2 years, we have never come close to that. They've always wanted more than can be given.
I have, many times, described how to reliably reproduce the bug. But the developers want to fix bugs that are much easier than the Firefox/Thunderbird/Mozilla CPU and memory hogging bug.
Interesting.
There was no serious public discussion of GM in the United States. I presume someone paid the politicians, as has happened in so many other areas.
Support campaign finance reform!
McCain has the right idea.
I write long reports that need to be formatted.
Thunderbird can be configured to:
1) Not open external (not embedded) image files. This is the default.
2) Not run scripts. This is the default.
Thunderbird cannot run ActiveX. That gives me perfect safety. Enigmail should support what Thunderbird supports.
Many programmers have very limited in social abilities, so they don't like to or want to communicate. Also, many programmers are, maybe surprisingly, not big users of their computers. They program at work, using just a few applications. When they come home, maybe they play games, maybe not.
Programmers should not be allowed to dictate what features we need.
Enigmail does not handle HTML.
You said, "... you know what the NSA does."
In my opinion, you should not think you know what the NSA does, or the effects of its actions.
You said,
"The NSA is a large organization, with a population of a small city performing many disparate activities."
This, of course, ignores my entire point. More accurately, you should have said,
"The NSA is a large SECRET organization, with a population of a small city performing many disparate activities."
How can there be democracy when the government reserves for itself the possibility of doing things in secret? There cannot.
Sorry, not a law. An executive order is being ignored. If you visit the NSA web site, and don't know how or forget to delete cookies, you are being tracked.
The U.S. government's present problems with corruption are aided enormously by people who pretend to discuss politics but in fact are acting out their anger. They haven't read any books. They haven't educated themselves, although they parrot things said by other angry people, which may make them seem educated. They make very strong statements, and they try to intimidate people with an informed view.
You said, "The NSA doesn't have anything to hide."
The NSA is a secret agency. Sometimes information about the secrets becomes available. However, you don't know what the NSA does, and neither do I, and we don't have any way of discovering.
The Slashdot story is about the NSA ignoring the law. That should give anyone the idea that the NSA may at other times ignore the law.
There are other tricks. Did you notice that the CIA agents who did illegal things for former President Nixon were "former" CIA employees? When someone is discovered, he or she becomes a "former" employee. In that case, President Nixon was allowed to leave office, and was pardoned by the next president. The illegal acts were discovered only by accident.
A government that does anything in secret is not a secret government. Also, those who are willing to take a secret job are often amazingly psychologically unstable.
The U.S. government has decided that it can secretly force companies to help in surveillance. This means that companies in the U.S. cannot be trusted.
The problems caused by secret action are called "Blowback" by some in the U.S. government. Blowback is not seen as a bad thing, because if decreases the political stability in the world, which means that employees of U.S. government secret agencies will get raises and promotions. See the link to the book "Blowback" below.
Tips: Don't say "we", as in a U.S. citizen saying "we" kill Iraqis. When there is secrecy there is no "we". Don't think there is violence over oil. The violence is over who gets the profit from selling the oil. Oil is sold on the open market; the price is determined by the market. Before Saddam Hussein got some of the profit from selling Iraqi oil. Now many of the contracts involve citizens of the United States.
The following books show some of the history of the U.S. government's secret agencies, and help explain much of the underlying reasons for U.S. government violence in the Middle East. Often the secret agencies have acted for special interests and against the good of the people. For example, the CIA overthrew the democratically elected president, President Mossadegh, because he wanted his country to receive more of the profit from oil pumped from his country. The U.S. government's political interference eventually resulted in a violent revolution in Iran, and a determination by Iran to strike back.
Unholy Wars: Afghanistan, America, and international terrorism by John K. Cooley, 2000, Third edition, Pluto Press, London, England and Sterling, Virginia, USA. Reviews: Powell's Barnes & Noble Amazon
Osama bin Laden is "the personification of blowback". You can read more about how the CIA created a political climate very supportive of Osama and his ideas in an article by Jane's, a very well-respected publication devoted to military issues. The article was published 3 days after the second World Trade Center bombings, on September 14, 2004: Why? An attempt to explain the unexplainable.
The CIA brought Arabs to the U.S. and trained them in terrorism. The rules by which al Qaeda operate seem to come from the CIA training.
Blowback: The costs and consequences of American empire by Chalmers Johnson, 2000, Metropolitan Books, New York, New York, USA. Also, there was a new edition in 2003 with a new introduction. Reviews: Powell's
"... you are probably just another liar."
Ahhh, the civilized and polite interaction for which Slashdot is famous.
"... how exactly do we check your ip address?"
When I read that, I assumed he meant that a Slashdot editor could check his IP address.
I know that Slashdot editors sometimes read the stories they post, because, when I criticize the Bush administration, sometimes I am moderated down multiple points, without the moderation appearing in the karma points summary at the end of the comment. In the middle of the night, while Slashdot editors are presumably sleeping, people in other countries moderate the comment to +5. The comment is then bulk moderated down when it is morning in the United States. Just guessing, but it is plausible.
This comment may seem a little off topic, other than being an answer to an on topic thread, but it is relevant because encryption like that provided by TrueCrypt is more necessary in times of political instability and government corruption.