The signature is not stored in the binary, it is in a separate file on the ftp site. And to my knowledge, the Mozilla Foundation does not provide this information necessary to verify the signature (ie: that it exists, where you can get it, and that you can check it).
How do you know which machine has the material you're looking for on it until after you examine it? (ie: you seize all machines to find the 30 you're looking for)
"IE Hard" is the "IE Enhance Security Configuration" component in the Win2k3 install. It basically sets the most secure options for IE that you can select.
You can do this yourself if you really want it. But you won't like it.:)
I wonder how long you could use the rocket thrusters to maintain proper orientation of the station.
That would really depend on how much fuel they have stored on the station at any given point in time. I'm going to guess at a minimum they have enough to maintain the station's orientation long enough to evacuate the crew, but more likely I would guess that there is enough fuel kept on board to maintain the orientation long enough for an emergency repair to occur.
I hope they aren't using the same gyros Mir did.:)
The ISS has 4 gyros, and it is a very big deal when they fail (they're supposed to last for 8.5 years). There are rocket thrusters in place to serve as backups should the gyros fail.
The station is supposed to be able to maintain its orientation with 2 gyros in operation using minimal thrusters.
Indeed. But they should have evac'd or done something ASAP about it.
That's like saying you should turn around and go home because you see traffic stopped 2 miles ahead.
They knew how much food they had. They still had some left when the supply ship docked. Ergo, it wasn't an emergency that required evacuating the station.
I mean, what would have happened if the Russian Supply Ship (god forbid) went down?
My guess is that they'd do whatever it is they need to do to make sure the thing doesn't fall apart with nobody on it and go back to earth on the escape module. I doubt it was a coincidence that they had 7 days of food remaining when the supply capsule docked.
The crew aboard ISS would have been royally SOL (Shit Outta Luck).
They wouldn't have. The ISS itself would be SOL, but that's another story entirely.
WTF is complex about signing a binary? The technology has existed for almost a decade.
You're making the assumption that you know malicious code is running in the first place. I, the user, think Mozilla is running. I trust Mozilla, and when it asks me for my admin password to complete the install, I give it to the software. The trojaned binary now takes over my system. I've just been owned, because as a user I didn't know any better, because I thought the software I was running was Mozilla and could be trusted.
Are you saying that it is impossible for a skilled hacker to get access to the signing key?
You should treat the signing key like the secret recipie for coke. In other words, you never expose it to a network and keep access to it highly restricted.
Send your browser over to ftp://ftp.mozilla.org/. No, it may not be the easiest method, but the logical definition of "necessary" is not "the easiest way to do something".
The point I'm trying to get at is that if the only way to obtain a verifiable binary is not described on the website, it might as well not exist. Someone wanting to download firefox isn't going to go to an unlisted ftp site. They're going to the website. There isn't a way, starting at the website like 99.9% of normal people will, to get a download of Mozilla from the ftp site (well, there might be, depending on how their download function works...); you get it from a random mirror, and you aren't even given an option of which mirror to fetch it from.
The dialog box says nothing of the sort. With XP SP2 (I don't think previous version of IE prompted you for files downloads) you'll see:
Do you want to run this software?
Name: Microsoft DirectX 9.0c Runtime Publisher: Microsoft Corporation
[ ] Always run software from "Microsoft Corporation" [ ] Never run software from "Microsoft Corporation" [X] Ask me every time
[^] Fewer options [Run] [Don't Run]
While files from the internet can be useful, this file type can potentially harm your computer. Only run software from publishers you trust. _What's the risk?_
The dialog is slightly different for unsigned components; Instead of a "What's the risk" link, there is a "How can I decide what software to run?" link. Clicking on it brings up a help window with the following content:
Should you run downloaded software that has no valid digital signature?
Probably not. A valid digital signature identifies the publisher of the software and verifies that the software has not been tampered with since it was signed. Without a valid digital signature, you have no way to verify that the software is what it claims to be.
If you have software on your computer that you downloaded from the Internet, don't open or run it without asking these questions:
Did you ask for the software?
Did you click a link on a Web site to start this download, or did the software show up without any action on your part? If you did not start the download, you should be very cautious. If you don't need the software, cancel the download. If you choose to run the software, make sure you know what it is for and what it will do to your computer before you proceed.
Do you know who published the software?
If the file has no valid digital signature, you cannot be certain that the software is actually from the source it claims to be from, or that it has not been tampered with. You should not run the software unless you trust the publisher and know what the software will do to your computer.
Do you know what the file will do to your computer?
The Web site providing the file should tell you what the file is for and any special details you need to know about the file to run it. If this information is not available, you should be cautious about downloading the file.
Older versions of IE (whatever is on my Win98 box) would display a dialog for ActiveX controls, but it still doesn't say anything like the text you quoted; another sample:
Do you want to install and run "Cortona VRML Client" signed on 12/16/03 6:49 AM and distributed by:
ParallelGraphics LTD
Publisher authenticity verified by VeriSign Class 3 Code Signing 2001 CA
Caution: ParallelGraphics LTD asserts that this software is safe. You should only install this software if you trust ParallelGraphics LTD to make that assertion.
[ ] Always trust software from ParallelGraphics LTD
See, and so does Microsoft, and that's why their security will continue to suck.
And this is another wonderful example of what little you understand about security. You never ever depend on something to be impenetrable.
I think insuring the integrity of binaries is very important. I just think that Microsoft's particular implementation is done poorly.
I see a lot of huffing and puffing but little evidence.
Sorry, but you are wrong: you can verify the integrity of your Firefox download even on Windows, and on Linux it's done automatically for you.
Nobody is saying you can't. It is an involved manual process that my mother isn't capable of performing. It OUGHT to be something that is automatic.
The fact remains that millions of Windows machines will send your CC information to an email account in South America, while you'd be hard pressed to find one Linux or Macintosh machine that does that.
More talk, no proof. I especially like how you take statements I make and twist it around to mean something completely different.
This season has actually been pretty decent. I suspect they fired all of the writers from the first couple of seasons... either that, or they sobered up long enough to write something that sort of makes sense.
Farscape was still the #2 rated show on the SciFi network (even after shuffling the schedule around and randomly running new episodes).
Apparently having a full night of good TV was too much for them to handle... So instead we now have to have Stargate and Stargate Atlantis back to back... soon to be followed by Startgate Goes to the Moon and Stargate, the Jedi Returns. *sigh*
It's the day before the 4 day Christmas break. Of the 3 brokers actually at work today, I'm going to guess they're calling their travel agents and confirming reservations or something...
What they can't do is use their monopoly on operating systems to aid them getting one in media players. Those are the rules you have to play by once you are in a monopoly position
Windows has shipped with a media player since at least Windows 3.
Most real-world users are incapable of making educated decisions; therefore, code signing is a useless security measure for most users. (And the ones that could make educated decisions would prefer not to be bothered by this sort of noise.)
Most real-world users aren't capable of it because they've been trained by people like you to ignore it and just click yes.
At some point people have to realize that the software isn't asking the question to be annoying, it's asking the question because it doesn't have enough information to make a decision for you. In other words, until the software knows that you trust content signed by that provider, it isn't noise. It's a decision that has to be made.
Given the number of unsigned components people have to install on their Windows machines in order to get them to run, Microsoft is clearly unable to enforce that all software is consistently signed. As a result, Windows users are constantly bothered by pointless warnings about unsigned code, and important warnings are drowned out by all that noise.
This isn't Microsoft's problem. It's a problem due to people like you who don't think that signed binaries are important. It is probably that same line of thinking which results in the flagship OSS product not giving me the ability to verify that I'm using an official build and not a custom 1-off that will send all of my CC information to an email account in South America.
What is better is to use a sensible and effective way of preventing infections and security problems.
That is indeed a layer. It isn't the only layer you should rely on. I'd argue the more layers you have the better.
But even if that were "sufficient", you can only control those layers on processes you manage. Once your binary leaves your hands and is given to a 3rd party, YOUR security doesn't matter. THEIRS does. And guess what? You can't control their security.
If managed correctly, they do. Someone who hacks the site does not have access to the signing key. Any binary they modify will not pass any signature check.
Well, one thing can. Downloading and inspecting the source and compiling it yourself.
Logically this is true. In practice it is not. If inspecting the source code were sufficient to catch and prevent this sort of thing, it would also be sufficient to eliminate all bugs from software (which obviously is not true). Add onto that the amount of time that it would require an individual to do this (assuming of course every individual who uses the software is a skilled programmer) would render such an approach impracticle.
Your previous post stated that you only trust software downloaded from mozilla.org. I found a way you can get firefox straight from mozilla.org. Case closed.
Great. Now show me how the average person gets access to that information. The "download" button on the site takes you to a mirror, not to the mozilla ftp site.
RTFA. The origional quote did not use that qualifier.
True, true. But the whole discussion has centered around downloading content and verifying its authenticity... One would assume that requiring the content to be downloaded would have been somewhat implicit...
Well, since Microsoft now uses code signing, it is obvious that code signing is neither necessary nor sufficient for preventing that sort of thing.
Signing doesn't prevent anything. It gives the user the tools necessary to make an educated decision instead of rolling the dice.
In fact, Microsoft's inept use of code signing actually aggravates the problem.
Care to elaborate on that point?
Yes, and with code signing in place, the developer would have signed the virus-infested application and still shipped it.
AFAIK, the infection happened at the cd stamping factory. But yes, if your build machine is fucked code signing isn't going to do anything. So, which is better? One point which has to be monitored, or every point between the build machine and the location stamping the cds (this includes any intermediate locations that you do not have physical control over).
Thanks for stating again so clearly your fundamental lack of understanding of security.
As opposed to your statements, which I think are based in some sort of fantasy land where the bad guys only try to exploit problems after they've been fixed...
Slashdot Mirror
But secondly, no, you don't need Binary XML, all you need to do is Gzip it on the wire. It gets as small as Binary XML.
And it becomes even slower to parse as a result. Binary XML's advantage isn't its size, it is its parsing performance.
You can also use a pen and paper to add two numbers together, so why would you need to use a calculator?
The signature is not stored in the binary, it is in a separate file on the ftp site. And to my knowledge, the Mozilla Foundation does not provide this information necessary to verify the signature (ie: that it exists, where you can get it, and that you can check it).
How do you know which machine has the material you're looking for on it until after you examine it? (ie: you seize all machines to find the 30 you're looking for)
"IE Hard" is the "IE Enhance Security Configuration" component in the Win2k3 install. It basically sets the most secure options for IE that you can select.
:)
You can do this yourself if you really want it. But you won't like it.
That isn't what they were saying at all. They were afraid that another worm like blaster would hit before they shipped SP2.
I wonder how long you could use the rocket thrusters to maintain proper orientation of the station.
:)
That would really depend on how much fuel they have stored on the station at any given point in time. I'm going to guess at a minimum they have enough to maintain the station's orientation long enough to evacuate the crew, but more likely I would guess that there is enough fuel kept on board to maintain the orientation long enough for an emergency repair to occur.
I hope they aren't using the same gyros Mir did.
They most definately are not.
The ISS has 4 gyros, and it is a very big deal when they fail (they're supposed to last for 8.5 years). There are rocket thrusters in place to serve as backups should the gyros fail.
The station is supposed to be able to maintain its orientation with 2 gyros in operation using minimal thrusters.
Indeed. But they should have evac'd or done something ASAP about it.
That's like saying you should turn around and go home because you see traffic stopped 2 miles ahead.
They knew how much food they had. They still had some left when the supply ship docked. Ergo, it wasn't an emergency that required evacuating the station.
I mean, what would have happened if the Russian Supply Ship (god forbid) went down?
My guess is that they'd do whatever it is they need to do to make sure the thing doesn't fall apart with nobody on it and go back to earth on the escape module. I doubt it was a coincidence that they had 7 days of food remaining when the supply capsule docked.
The crew aboard ISS would have been royally SOL (Shit Outta Luck).
They wouldn't have. The ISS itself would be SOL, but that's another story entirely.
WTF is complex about signing a binary? The technology has existed for almost a decade.
You're making the assumption that you know malicious code is running in the first place. I, the user, think Mozilla is running. I trust Mozilla, and when it asks me for my admin password to complete the install, I give it to the software. The trojaned binary now takes over my system. I've just been owned, because as a user I didn't know any better, because I thought the software I was running was Mozilla and could be trusted.
Are you saying that it is impossible for a skilled hacker to get access to the signing key?
...); you get it from a random mirror, and you aren't even given an option of which mirror to fetch it from.
You should treat the signing key like the secret recipie for coke. In other words, you never expose it to a network and keep access to it highly restricted.
Send your browser over to ftp://ftp.mozilla.org/. No, it may not be the easiest method, but the logical definition of "necessary" is not "the easiest way to do something".
The point I'm trying to get at is that if the only way to obtain a verifiable binary is not described on the website, it might as well not exist. Someone wanting to download firefox isn't going to go to an unlisted ftp site. They're going to the website. There isn't a way, starting at the website like 99.9% of normal people will, to get a download of Mozilla from the ftp site (well, there might be, depending on how their download function works
Getting rid of Bergman would definately do it. The guy is a hack ... he ruined most of Voyager if I recall correctly.
The dialog box says nothing of the sort. With XP SP2 (I don't think previous version of IE prompted you for files downloads) you'll see:
Do you want to run this software?
Name: Microsoft DirectX 9.0c Runtime
Publisher: Microsoft Corporation
[ ] Always run software from "Microsoft Corporation"
[ ] Never run software from "Microsoft Corporation"
[X] Ask me every time
[^] Fewer options [Run] [Don't Run]
While files from the internet can be useful, this file type can potentially harm your computer. Only run software from publishers you trust. _What's the risk?_
The dialog is slightly different for unsigned components; Instead of a "What's the risk" link, there is a "How can I decide what software to run?" link. Clicking on it brings up a help window with the following content:
Should you run downloaded software that has no valid digital signature?
Probably not. A valid digital signature identifies the publisher of the software and verifies that the software has not been tampered with since it was signed. Without a valid digital signature, you have no way to verify that the software is what it claims to be.
If you have software on your computer that you downloaded from the Internet, don't open or run it without asking these questions:
Did you ask for the software?
Did you click a link on a Web site to start this download, or did the software show up without any action on your part? If you did not start the download, you should be very cautious. If you don't need the software, cancel the download. If you choose to run the software, make sure you know what it is for and what it will do to your computer before you proceed.
Do you know who published the software?
If the file has no valid digital signature, you cannot be certain that the software is actually from the source it claims to be from, or that it has not been tampered with. You should not run the software unless you trust the publisher and know what the software will do to your computer.
Do you know what the file will do to your computer?
The Web site providing the file should tell you what the file is for and any special details you need to know about the file to run it. If this information is not available, you should be cautious about downloading the file.
Older versions of IE (whatever is on my Win98 box) would display a dialog for ActiveX controls, but it still doesn't say anything like the text you quoted; another sample:
Do you want to install and run "Cortona VRML Client" signed on 12/16/03 6:49 AM and distributed by:
ParallelGraphics LTD
Publisher authenticity verified by VeriSign Class 3 Code Signing 2001 CA
Caution: ParallelGraphics LTD asserts that this software is safe. You should only install this software if you trust ParallelGraphics LTD to make that assertion.
[ ] Always trust software from ParallelGraphics LTD
[(Y)es] [[(N)o]] [(M)ore Info]
See, and so does Microsoft, and that's why their security will continue to suck.
And this is another wonderful example of what little you understand about security. You never ever depend on something to be impenetrable.
I think insuring the integrity of binaries is very important. I just think that Microsoft's particular implementation is done poorly.
I see a lot of huffing and puffing but little evidence.
Sorry, but you are wrong: you can verify the integrity of your Firefox download even on Windows, and on Linux it's done automatically for you.
Nobody is saying you can't. It is an involved manual process that my mother isn't capable of performing. It OUGHT to be something that is automatic.
The fact remains that millions of Windows machines will send your CC information to an email account in South America, while you'd be hard pressed to find one Linux or Macintosh machine that does that.
More talk, no proof. I especially like how you take statements I make and twist it around to mean something completely different.
It still is not capable of catching 100% of problems. Otherwise software would be bug free, which it obviously is not.
This season has actually been pretty decent. I suspect they fired all of the writers from the first couple of seasons ... either that, or they sobered up long enough to write something that sort of makes sense.
That's because they didn't get the Master Chief part of the equation down right. ;) (and yes, that character was hella annoying)
Farscape was still the #2 rated show on the SciFi network (even after shuffling the schedule around and randomly running new episodes).
... soon to be followed by Startgate Goes to the Moon and Stargate, the Jedi Returns. *sigh*
Apparently having a full night of good TV was too much for them to handle... So instead we now have to have Stargate and Stargate Atlantis back to back
It's the day before the 4 day Christmas break. Of the 3 brokers actually at work today, I'm going to guess they're calling their travel agents and confirming reservations or something ...
What they can't do is use their monopoly on operating systems to aid them getting one in media players. Those are the rules you have to play by once you are in a monopoly position
Windows has shipped with a media player since at least Windows 3.
If you actually type the text in quotes, you only get 1540 results. If you don't, you get about 420,000 unrelated pages...
I took the liberty of re-running the queries (was curious to see how the numbers would change over time):
0, 1, 2, 3 - no hits
4 - 2274 hits
5 - 14506 hits
6 - 7923 hits
7 - 7288 hits
8 - 9777 hits
9 - 12377 hits
10 - 11752 hits
11 - 14395 hits
12 - 13642 hits
13 - 8393 hits
14 - 13728 hits
15 - 3840 hits
16 - 5490 hits
17 - 2032 hits
18 - 2622 hits
19 - 7 hits
20 - 1 hit
21 - 3 hits
22 - 1 hit
23 - 1 hit
24 - 1 hit
25, 26, 27, 28, 29, 30 - no hits
Most real-world users are incapable of making educated decisions; therefore, code signing is a useless security measure for most users. (And the ones that could make educated decisions would prefer not to be bothered by this sort of noise.)
Most real-world users aren't capable of it because they've been trained by people like you to ignore it and just click yes.
At some point people have to realize that the software isn't asking the question to be annoying, it's asking the question because it doesn't have enough information to make a decision for you. In other words, until the software knows that you trust content signed by that provider, it isn't noise. It's a decision that has to be made.
Given the number of unsigned components people have to install on their Windows machines in order to get them to run, Microsoft is clearly unable to enforce that all software is consistently signed. As a result, Windows users are constantly bothered by pointless warnings about unsigned code, and important warnings are drowned out by all that noise.
This isn't Microsoft's problem. It's a problem due to people like you who don't think that signed binaries are important. It is probably that same line of thinking which results in the flagship OSS product not giving me the ability to verify that I'm using an official build and not a custom 1-off that will send all of my CC information to an email account in South America.
What is better is to use a sensible and effective way of preventing infections and security problems.
That is indeed a layer. It isn't the only layer you should rely on. I'd argue the more layers you have the better.
But even if that were "sufficient", you can only control those layers on processes you manage. Once your binary leaves your hands and is given to a 3rd party, YOUR security doesn't matter. THEIRS does. And guess what? You can't control their security.
Signatures do not guard you against that either.
If managed correctly, they do. Someone who hacks the site does not have access to the signing key. Any binary they modify will not pass any signature check.
Well, one thing can. Downloading and inspecting the source and compiling it yourself.
Logically this is true. In practice it is not. If inspecting the source code were sufficient to catch and prevent this sort of thing, it would also be sufficient to eliminate all bugs from software (which obviously is not true). Add onto that the amount of time that it would require an individual to do this (assuming of course every individual who uses the software is a skilled programmer) would render such an approach impracticle.
Your previous post stated that you only trust software downloaded from mozilla.org. I found a way you can get firefox straight from mozilla.org. Case closed.
Great. Now show me how the average person gets access to that information. The "download" button on the site takes you to a mirror, not to the mozilla ftp site.
RTFA. The origional quote did not use that qualifier.
True, true. But the whole discussion has centered around downloading content and verifying its authenticity... One would assume that requiring the content to be downloaded would have been somewhat implicit...
Well, since Microsoft now uses code signing, it is obvious that code signing is neither necessary nor sufficient for preventing that sort of thing.
Signing doesn't prevent anything. It gives the user the tools necessary to make an educated decision instead of rolling the dice.
In fact, Microsoft's inept use of code signing actually aggravates the problem.
Care to elaborate on that point?
Yes, and with code signing in place, the developer would have signed the virus-infested application and still shipped it.
AFAIK, the infection happened at the cd stamping factory. But yes, if your build machine is fucked code signing isn't going to do anything. So, which is better? One point which has to be monitored, or every point between the build machine and the location stamping the cds (this includes any intermediate locations that you do not have physical control over).
Thanks for stating again so clearly your fundamental lack of understanding of security.
As opposed to your statements, which I think are based in some sort of fantasy land where the bad guys only try to exploit problems after they've been fixed...