Returning with the same stuff they have now, but with little or no security issues
Sorry, that won't work.
Some of the stuff is insecure by design!. Not "designed to be insecure", just "impossible to secure given the design".
Take ActiveX: running binary code downloaded from a anywhere without a JVM-like sandbox is insecure. Not matter how many digital signatures, OK
dialog boxes and warnig messages you add, some (most?) users WILL simply click through all the warnings and have their boxes 0wn3d.
Design has tradeoffs between security, performance, usability etc. etc. Some of this stuff you can't fix without changing the basic design (i.e. starting from scratch)
"Hi, it looks like you're desperatley trying to dodge around me so you can walk into this building..."
That's not half as bad as everyone having to close all the windows and leave the building so they can cycle the power ever time someone installs something...
Premium customers are at the same risk as we are.
Not so.
Knowing that a vulnerability is out there, even without a patch, allows you to at least take other mitigating steps (like filtering JPEG's at the proxy).
Terminals did not have their own CPU to do things.
Some of the latter terminals were smart enough to handle simple screen updates etc.
There was an editor, SPF, that was designed to run on a late-model IBM terminal that allowed you to edit a screenful of text
using local proessing, the send the pdates to the server in one hit.
I think that a PC with enough brains to run X and a few local apps could be considered to be the modern day equivalent of that:
It does all the GUI stuff, off loading the processing from the server, but when you actually want to do
something 'real' (like send an email, open a web-page, save a file) you forward the request to the server.
Functionally it's the same as the not-so-dumb terminal, allowing for a decde or so of Moores Law.
Re:'Flaws' Not that big of a deal
on
Latest SP2 News
·
· Score: 2, Insightful
maybe I should have read this first:
http://www.freedom-to-tinker.com/archives/000661.h tml
"And now the rumor is that somebody has extended Joux's method to find a collision in SHA-1."
"The finding of a single collision in SHA-1 would not, by itself, cause much trouble, since one arbitrary collision won't do an attacker much good in practice. But history tells us that such discoveries are usually followed by a series of bigger discoveries that widen the breach, to the point that the broken primitive becomes unusable. "
Carefully crrafted binary data can be made to have the same checksum.
This is not a generalised attack where I can create binary data to have a CHOSEN checksum.
Therefore, if you verify your downloads by checksum, I can't generate a fake download with the same checksum.
First step is MATCHING some checksums (this has been done) The next step is CHOOSING the chekcsum (aka DEADBEEF attack) The next step is MANIPULATING, i.e. adding junk to a given binary file to allow you to choose the cheksum. that's the scary one!
- substitute trojaned binary - append some binary junk so the checksum matches - profit!!!
Nothing to worry about yet, sort of like the first proof-of-concept brute force crack of DES. Yes, it can be done under some circumstances. Yes, eventually processing power and methods may improve to make this a valid attack Yes, you can sleep soundly tonight.
In Windows XP SP2 we have done much to reduce the opportunity for inadvertently installing software.
Who said anything about inadvertnetly installing?
Who knew, last week, what a BHO is? I didn't, it wasn't until the last exploit that I learnt about browser-help-objects.
Who knew tha Adobe Acrobat installs one? I didn't, until I ran the BHO scanner.
Up until last week, I would have happily attributes every IE crash to MS. Why not? didn't they srite the whole thing?
Well, yes, they did, but the IE you'r running may also be running code from any number of other sources. Any crash in any of THAT code MAKES MS LOOK BAD!
Video driver where moved from user (NT4) to kernel (W2K) code to make it run faster. Now, any flakey video driver can kill Windows.
I've had X die any number of times, but I've never blamed the kernel because I know they're seperate entities (I usually don't even blame X 'cos I know it's probably the video driver Im playing with).
Every time Windows crashes, from a flaky video driver or whatever reason, I blame MS (and when they started signing drivers I reached from my AFDB).
Looks like the market driven decisions of yesterday (more speed form the video drivers, more flexibility from IE etc.) are coming back to haunt MS now that the market is changing (i.e. now that they want security instead fo bells and whistles).
I think the most interesting thing about SP2 will be that it will show if the marketing people are finally being make to STFU and let the technical people make some decisions. Are they _REALLY_ willing to annoy millions of users by breaking all sorts of things for the sake fo security?
Are they willing to risk loosing market share in the short term in order to protect it in the long term? Let's fase it, if MS's security record doesn't improve then things look bleak for them (even DOHS is beating up on them!). But equally, they dare not allow even a short-term loss of market share for fear of a snowball effect.
required to send a patch CD to every registered customer
They'd probably get criticised by someone by not patching the un-registerd users (and pirates) as well:-)
Anyway, sending a patch CD (which 99% of people won't install (unless it comes with a fancy screensaver)) is way different to
asking a car be brought in to be inspected/fixed by qualified mechanics.
The per-item profit just doesn't support that kind of service (even if the whole retail price of Windows were pure profit). When you buy a car, they factor in the likley recall cost. Do you really want that added to every copy of Windows?
Windows is more compatible than Linux. Windows (the version cited) is cheaper. In his view, Linux is therefore overpriced,
(sound of hand slapping forehead)
I get it now! It's the old "pick the metric" game.
Pick a metric the opponent sucks at, claim it's the bee-all-and-end-all metric, claim victory.
My metric is this: I don't have the latest hardware, so HW support in LINUX is just as good as that in Windows.
_AND_ LINUX has more pictures of Penguins in the base install!! Obviously this is a vital metric, so LINUX is clearly superior.
GUIs have multiple solutions to the same task while CLIs usually don't (aliases break this slightly, but require being a little less noob)
Not so sure about this one.
I find that the CLI gives you lots of options and ways to do stuff, whereas the GUI gives you only one.
OK. I can right click, or drop down a file menu, or press the DEL key, but the only way to delete files is to 'select' them and then 'delete' them
If I'm really advanced I can do a search and then delete all the files found.
Nothing like the flexibility on the command-line, with rm, find, xargs, grep --files-with-match, tar --remove-files....
I agree that initially the GUI is friendlier and faster, but eventually I always end up back at the CLI for power, flexibility and repeatability.
GUI's are very good at letting you do stuff that others anticipated you might like to do, which is both it's power and it's limitation.
For my work, processing power _FAR_ outstrips bandwidth, so if I could trade some idle CPU for security I'd go for it!
However, I realise that most people wouldn't. You can't convert everyone, and it makes no sense to have 2 source trees in 2 different languages.
Maybe the answer is an automatic C to Java copnversion (possible?) that would allow you to run a java-based OpenSSL: a bit slower, but a mit more immune to the next bug too.
Come to think of it, I don't like the idea of depending on the JVM for security. I suspect there are more bugs in the JVM then there will ever be in OpenSSL, mostly because they have a completley diffenet focus, features vs security.
If you know enough to download, configure, make,test and install a daemon, then you should know enough to CHECK THE SOURCE.
Either check the tarball (md5sum, gpg, whatever turns you on) or diff the code with a trusted version to make sure nothing nasty has crept in.
OSS's worst(?) security breaches so far (archives serving trojaned source) were both detected by someon eactually checking the source before blindly compiling it.
All the security in the world is no match for one lazy act. If people get lazy, their PC's et insecure, no matter what OS they run.
If ever attacked, I intend to defend myself by running as fast as I can and hoping the weight of my wallet, thrown at my attacker over my shoulder, will slow him down enought to let me get away.
I can't think of a single posession that I'd risk my life for. I KNOW that I can't fight, I don't want to find out if the other guy can!
Slashdot Mirror
... would be running vital parsers - HTML, ActiveX, images etc - within the operating system itself ...
Remember, this was a LEGAL decision, not a TECHNICAL one.
Killing NS without all those messy anti-trust problems required IE to become part of the OS.
From a technical standpoint it was a moronic idea, as a lot of people said at the time.
Returning with the same stuff they have now, but with little or no security issues
Sorry, that won't work.
Some of the stuff is insecure by design!. Not "designed to be insecure", just "impossible to secure given the design".
Take ActiveX: running binary code downloaded from a anywhere without a JVM-like sandbox is insecure. Not matter how many digital signatures, OK dialog boxes and warnig messages you add, some (most?) users WILL simply click through all the warnings and have their boxes 0wn3d.
Design has tradeoffs between security, performance, usability etc. etc. Some of this stuff you can't fix without changing the basic design (i.e. starting from scratch)
"Hi, it looks like you're desperatley trying to dodge around me so you can walk into this building ..."
...
That's not half as bad as everyone having to close all the windows and leave the building so they can cycle the power ever time someone installs something
Premium customers are at the same risk as we are.
Not so.
Knowing that a vulnerability is out there, even without a patch, allows you to at least take other mitigating steps (like filtering JPEG's at the proxy).
Terminals did not have their own CPU to do things.
Some of the latter terminals were smart enough to handle simple screen updates etc.
There was an editor, SPF, that was designed to run on a late-model IBM terminal that allowed you to edit a screenful of text using local proessing, the send the pdates to the server in one hit.
I think that a PC with enough brains to run X and a few local apps could be considered to be the modern day equivalent of that:
It does all the GUI stuff, off loading the processing from the server, but when you actually want to do something 'real' (like send an email, open a web-page, save a file) you forward the request to the server.
Functionally it's the same as the not-so-dumb terminal, allowing for a decde or so of Moores Law.
yet another 'internet zone' bug.
Does anyone use/trust these things anymore?
How otfen does this have to be said:
- odd is development
- even is release
use ROT13, tripple-ROT13, quintupple-ROT13 for DEVELOPMENT WORK ONLY!
For release work, use double, quadruple, hextuple-ROT13
maybe I should have read this first: http://www.freedom-to-tinker.com/archives/000661.h tml
"And now the rumor is that somebody has extended Joux's method to find a collision in SHA-1."
"The finding of a single collision in SHA-1 would not, by itself, cause much trouble, since one arbitrary collision won't do an attacker much good in practice. But history tells us that such discoveries are usually followed by a series of bigger discoveries that widen the breach, to the point that the broken primitive becomes unusable. "
doesn't mean that much.
Carefully crrafted binary data can be made to have the same checksum.
This is not a generalised attack where I can create binary data to have a CHOSEN checksum.
Therefore, if you verify your downloads by checksum, I can't generate a fake download with the same checksum.
First step is MATCHING some checksums (this has been done)
The next step is CHOOSING the chekcsum (aka DEADBEEF attack)
The next step is MANIPULATING, i.e. adding junk to a given binary file to allow you to choose the cheksum. that's the scary one!
- substitute trojaned binary
- append some binary junk so the checksum matches
- profit!!!
Nothing to worry about yet, sort of like the first proof-of-concept brute force crack of DES.
Yes, it can be done under some circumstances.
Yes, eventually processing power and methods may improve to make this a valid attack
Yes, you can sleep soundly tonight.
In Windows XP SP2 we have done much to reduce the opportunity for inadvertently installing software.
Who said anything about inadvertnetly installing?
Who knew, last week, what a BHO is? I didn't, it wasn't until the last exploit that I learnt about browser-help-objects.
Who knew tha Adobe Acrobat installs one? I didn't, until I ran the BHO scanner.
Up until last week, I would have happily attributes every IE crash to MS. Why not? didn't they srite the whole thing?
Well, yes, they did, but the IE you'r running may also be running code from any number of other sources. Any crash in any of THAT code MAKES MS LOOK BAD!
Video driver where moved from user (NT4) to kernel (W2K) code to make it run faster. Now, any flakey video driver can kill Windows.
I've had X die any number of times, but I've never blamed the kernel because I know they're seperate entities (I usually don't even blame X 'cos I know it's probably the video driver Im playing with).
Every time Windows crashes, from a flaky video driver or whatever reason, I blame MS (and when they started signing drivers I reached from my AFDB).
Looks like the market driven decisions of yesterday (more speed form the video drivers, more flexibility from IE etc.) are coming back to haunt MS now that the market is changing (i.e. now that they want security instead fo bells and whistles).
I think the most interesting thing about SP2 will be that it will show if the marketing people are finally being make to STFU and let the technical people make some decisions. Are they _REALLY_ willing to annoy millions of users by breaking all sorts of things for the sake fo security?
Are they willing to risk loosing market share in the short term in order to protect it in the long term? Let's fase it, if MS's security record doesn't improve then things look bleak for them (even DOHS is beating up on them!). But equally, they dare not allow even a short-term loss of market share for fear of a snowball effect.
required to send a patch CD to every registered customer
:-)
They'd probably get criticised by someone by not patching the un-registerd users (and pirates) as well
Anyway, sending a patch CD (which 99% of people won't install (unless it comes with a fancy screensaver)) is way different to asking a car be brought in to be inspected/fixed by qualified mechanics.
The per-item profit just doesn't support that kind of service (even if the whole retail price of Windows were pure profit). When you buy a car, they factor in the likley recall cost. Do you really want that added to every copy of Windows?
your suggestion leaves a bad taste in my mouth....
It only applies to "limited" computing devices.
Your LINUX boxes don't qualify, your windows boxes have already paid the license fee.
Windows is more compatible than Linux. Windows (the version cited) is cheaper. In his view, Linux is therefore overpriced,
(sound of hand slapping forehead)
I get it now! It's the old "pick the metric" game.
Pick a metric the opponent sucks at, claim it's the bee-all-and-end-all metric, claim victory.
My metric is this: I don't have the latest hardware, so HW support in LINUX is just as good as that in Windows.
_AND_ LINUX has more pictures of Penguins in the base install!! Obviously this is a vital metric, so LINUX is clearly superior.
otherwise, $20K for a once-off spamming of the hotmail userbase might make this worthwhile.
"I issue a call for Google to encrypt your mail to avoid these issues"
I though GMail was supposed to index your mail to make it searchable.
How will this work with encryption?
You would reduce GMAIL from "1G of emailsindexed by the internet's most popular search engine" to "1G of offline storage"
GUIs have multiple solutions to the same task while CLIs usually don't (aliases break this slightly, but require being a little less noob)
....
Not so sure about this one.
I find that the CLI gives you lots of options and ways to do stuff, whereas the GUI gives you only one.
OK. I can right click, or drop down a file menu, or press the DEL key, but the only way to delete files is to 'select' them and then 'delete' them
If I'm really advanced I can do a search and then delete all the files found.
Nothing like the flexibility on the command-line, with rm, find, xargs, grep --files-with-match, tar --remove-files
I agree that initially the GUI is friendlier and faster, but eventually I always end up back at the CLI for power, flexibility and repeatability.
GUI's are very good at letting you do stuff that others anticipated you might like to do, which is both it's power and it's limitation.
I'd use it.
For my work, processing power _FAR_ outstrips bandwidth, so if I could trade some idle CPU for security I'd go for it!
However, I realise that most people wouldn't. You can't convert everyone, and it makes no sense to have 2 source trees in 2 different languages.
Maybe the answer is an automatic C to Java copnversion (possible?) that would allow you to run a java-based OpenSSL: a bit slower, but a mit more immune to the next bug too.
Come to think of it, I don't like the idea of depending on the JVM for security. I suspect there are more bugs in the JVM then there will ever be in OpenSSL,
mostly because they have a completley diffenet focus, features vs security.
instead of "extend foot, take gun, aim, fire!", now it's
extend foot, look for guy holding the biggest gun(*), yell "I date you to shoot!"
(*) OK... maybe the second biggest, after all the US govt did loose against Microsoft.
Hang on.... who's backing up SCO again?
It's all making sense now!
AARRGGHH!!
If you know enough to download, configure, make,test and install a daemon, then you should know enough to CHECK THE SOURCE.
Either check the tarball (md5sum, gpg, whatever turns you on) or diff the code with a trusted version to make sure nothing nasty has crept in.
OSS's worst(?) security breaches so far (archives serving trojaned source) were both detected by someon eactually checking the source before blindly compiling it.
All the security in the world is no match for one lazy act. If people get lazy, their PC's et insecure, no matter what OS they run.
IIRC, in the US McDonalds are sponsoring "nutrition classes".
Mbr> Who do you think will run these classes?
now.... isn't there a link somewhere that's relevant to this?
/.
I just KNOW I've seen it somewhere on
If ever attacked, I intend to defend myself by running as fast as I can and hoping the weight of my wallet, thrown at my attacker over my shoulder, will slow him down enought to let me get away.
I can't think of a single posession that I'd risk my life for. I KNOW that I can't fight, I don't want to find out if the other guy can!
I need one for my son so that he can learn what "clockwise" is :-)
I don't.
Ease of use (aka windows simplicity) == ease of abuse: a computer can't always tell the differance between user and abuser.
Auto-launching aunt maggie's power-point slide of her holiday: ease of use
Auto-launching evildoer's trojan: ease of abuse
Giving LINUX more "windows simplicity" will also give it more of the security nightmares.
Do you really believe that something from the same uni that made LSD was designed with security in mind? ducks