If CERT is a joke, why does DoD use them as one of their many early-warning "front-line" defenses against viruses and worms? Is something happening here or am I just dreaming? Shouldn't something DoD-level be secure enough from the social engineering perspective to be admired not regretted?
I second that opinion. However, many sysadmins have a responsibility for public servers (lots of ports open even with a firewall). As such these same sysadmins are smart and have a redundant box to do things like patch a system.
In addition, some small businesses don't have the luxury of a secondary box or even an IT specialist that can put a machine through a high-load test for more than a few hours at a time -- let alone having to patch it at all!
Ideally we would all have a RAID 10 array connected to four boxes each running a different OS. While some companies (!) may have the time and money for this, the small folks like mom-and-pop stores can't afford the expense of time or money.
Security problems at Micro$oft...what else is new?
Security problems at AOL...what the...?
What's going on these days? Aren't the morons that work at these high-profile corporations better educated in social engineering avoidance techniques and the old-fashion trojan horse? Sheesh! (Apologies to the people who work for M$ and AOL who post on/.)
As a dyed-in-the-wool Apple fan, even I had some reservations about Aqua.
In their latest revision of Mac OS X (10.2 aka Jaguar) the pulsating buttons and outrageous shadows have mecome more realistic and visually-pleasing.
I've seen KDE 3.1 and my lord does it look like Window$ XP and Mac OS X mixed in a leaky vat. There is no question about the longevity of these interfaces -- the generalized form of Apple Aqua or Micro$oft's "Luna" interface are here to stay.
I'm with ya! How about first getting people to actually VOTE in our elections, huh? Then we can focus on getting the decent politicians back where they belong -- in power.
Does this remind anyone of Farenheit 451? You know, where they burn the books so people won't revolt against the government? This is a similar restriction placed upon our libraries and bookstores that silences any mention of a subpoena for a list of books a certain individual has purchased or borrowed.
I still don't understand how Mr. Ashcroft and his DoJ thugs got PATRIOT through Congress. Oh wait, I forgot! Our US Congress was so freaked out by September 11 and thought that somehow if they took away Americans' right to privacy and freedom from harassment that this world would somehow be a better place!
What about spammers who USE M$ Hotmail as their "base of operations"? Why doesn't M$ require Hotmail users to provide a credit card or bank account? They could use a cross-referenced database to make sure there is only ONE account per person (or at least one per credit card/bank account).
This solution will ultimately lead to spammers' shying away from Hotmail and looking for other less-recognized freeMail providers.
As anyone in the computer industry will tell you, once a product loses its integrity (unless it's an M$ app) there won't be any demand for said product and no one will touch it with a 10-foot pole.
Ah ha! Finally, a solution for the Google Time Bomb! Google would be able to filter out 85% of the blogs and show us the real (read: unblogged) results.
Here's an idea...since only a handful of people go there and it's expensive to set up a VSAT, why not have someone from Corporate America sponsor the base camp? I could just see it now: Enron Camp...
I agree wholeheartedly! As stated previously, the security risks from (virus-infused) software obtained on P2P services are enough of a reason to block P2P ports at the corporate level.
Oh yeah, I also forgot about those hard drives they have in those computers. What happens when Joe Worker fills up his HDD with 50 gigs of MP3's and nude pictures of Sarah Michelle Geller? Because of Joe's downloading habits, Company X must send an IT person to backup the old HDD, replace it, install a new one, and transfer all 50 gigs of P2P junk to the new HDD. All this while the same IT person could be patching his M$ IIS server (cough cough). Who costs Company X more money? Joe Worker, of course! Who does this cost get passed onto? The everyday consumer! (But I digress...)
Downloading pr0n while the IT department could be sniffing your connection should scare people enough to NOT use P2P at work.
Moral of this story: GET YOUR OWN CONNECTION!
Platformism = Computer Platform Bigotry?
on
The Faded Sun
·
· Score: 1
Wow...so people actually prefer a closed-source, less-secure OS over one that is open-source and significantly more secure? Hmm...something doesn't seem to be working out correctly here...
Red Hat and Oracle plan to announce on Thursday that the companies have teamed to get Linux evaluated under the Common Criteria, a certification that could open doors for the broader use of open-source software by government agencies.
The effort is expected to take nine to 10 months and cost up to $1 million. But if successful, it could pay off handsomely for Red Hat and Oracle, as well as for Linux.
"The government has been deploying Linux in smaller settings quite broadly, but it's still done by exception, by and large," said Mark De Visser, vice president of marketing for Red Hat. "What happens with these certifications is that they will push Linux into the mainstream."
The United States government is among 14 nations that recognize the Common Criteria evaluation. A certification from one country is recognized in the others. With countries from Germany to Peru considering using open-source software, having a certified version of Linux will help break down barriers.
The companies plan to first push Red Hat Linux Advanced Server for a modest level of certification: Evaluation Assurance Level (EAL) 2. In total, there are seven levels of certification attesting to varying grades of security, reliability and developmental process control. The highest level that a commercial software laboratory can certify is EAL 4, which Microsoft received for Windows 2000 last fall.
The EAL level needed by a government customer depends largely on the agency and the application in which the software will be used. On Tuesday, the Department of Defense (DOD) gave Red Hat a Common Operating Environment certification, which attests to a certain level of interoperability with other operating systems.
Oracle 9i has already been certified at EAL 4 on both Windows NT and Solaris, but has to be recertified for each operating system on which it runs. And Oracle thinks that there is a large market among government customers for the company's database running on Linux. In fact, some government clients have been clamoring for Linux, said Mary-Ann Davidson, chief security officer for Oracle.
"One of our large DOD customers asked us if we could foster a Linux evaluation," she said. "The customers truly care about getting Linux evaluated and want Oracle running on it."
There hasn't been much interest in running Oracle on Microsoft's Windows platform because of past security problems with Microsoft products, despite the company's major security push, Davidson said.
"We are going to use Unix and Linux as the evaluation platforms for our products in the future, and not Windows, because the customer demand for Windows is not there," she said. "Frankly, there is a fair amount of disenchantment with Microsoft products because of security problems."
After Red Hat earns the EAL 2 certification, Oracle plans to work toward getting its Oracle 9i Release 2 database running on the evaluated Red Hat Linux Advanced Server certified at the highest commercial rating, EAL 4. Oracle currently ships Oracle 9i Release 2 on Red Hat Linux Advanced Server as part of its Unbreakable campaign.
The final goal for both companies is to have both Red Hat's software and Oracle's software certified under the Common Criteria at EAL 4.
Oracle has tackled the process 15 times on a variety of operating systems.
The Common Criteria, an international standard administered by the National Institute of Standards and Technology in the United States, grades products based not only on their security and reliability, but also on the development and support processes that ensure quick responses to problems.
Other nations that have signed the Arrangement on the Mutual Recognition of Common Criteria Certificates in the Field of IT Security are Canada, France, Germany, the United Kingdom, Australia, New Zealand, Italy, Spain, the Netherlands, Norway, Finland, Greece and Israel.
The benefits of Common Criteria certification for Red Hat's Linux products should trickled down to the rest of the Linux community as well, said Dave Dargo, vice president of Oracle's Linux program office.
"The benefits of this evaluation extend beyond Red Hat in the long term," Dargo said, adding that the enterprise-level changes Red Hat and Oracle have made to the Linux kernel have made their way into Linux 2.5, the newest version of the kernel under development.
Moreover, the evaluation process, while expensive, should result in a more secure version of Linux being generally available, added Davidson.
"Fixing a major security hole costs a lot," she said. "And while certification won't prevent those holes, it helps to have a stricter development process. Finding one security hole that you otherwise would have missed, easily pays for evaluation."
Not only are Macs proven to be faster at LOWER clock speeds, they are also significantly much easier to use (and require less maintenance) than any other OS.
Just look at how much work it took Micro$oft to get "Windows" to look as good as the Mac! Nearly every release since 3.1 has been a DIRECT infringement of Apple's IP rights. Even UNIX/Linux X-Window managers have stolen some of Apple's unique ideas -- including Drag-and-Drop, WindowShade, and even the idea of double-click!
FYI, Mr./Ms. citanon, if you want to insult my platform, at least get the facts straight!
...they're trying to be more like Apple! What a GENIUS
plan!
No, seriously...where is this going to get them? They've been flaunting the MHz myth like mad for at least 5 years now. Is the fact that the processor is "more efficient" going to get those who make purchasing decisions based solely upon processor "speed" (in MHz) to buy this new chip?
Somehow, I think this will ultimately lead to the downfall of the MHz myth. With CISC and RISC being so neck-and-neck (at different MHz though) in terms of relative speed, there will be a "revolution" of sorts. Bare with me here...
This revolution I speak of is simply that of measuring the actual real-world processor speed -- not just clock speed. People will soon realize that the MHz measurement isn't all it's talked-up to be. Apple, IBM, and Motorola have known this since 1994 with the introduction of the RISC-based PowerPC processor architecture. No wonder Intel (in all of it's wisdom) is finally catching up.
The future brings savvier PC purchasers who see MHz as just that -- clock speed. It will be interesting to see what happens if this trend continues...
Slashdot Mirror
...and it is Sony!
If CERT is a joke, why does DoD use them as one of their many early-warning "front-line" defenses against viruses and worms? Is something happening here or am I just dreaming? Shouldn't something DoD-level be secure enough from the social engineering perspective to be admired not regretted?
I second that opinion. However, many sysadmins have a responsibility for public servers (lots of ports open even with a firewall). As such these same sysadmins are smart and have a redundant box to do things like patch a system.
In addition, some small businesses don't have the luxury of a secondary box or even an IT specialist that can put a machine through a high-load test for more than a few hours at a time -- let alone having to patch it at all!
Ideally we would all have a RAID 10 array connected to four boxes each running a different OS. While some companies (!) may have the time and money for this, the small folks like mom-and-pop stores can't afford the expense of time or money.
"Don't steal music."
With all of the vulnerabilities in BIND thank goodness the folks at VeriSign finally switched to something else!
My computer...? It's ALIVE !!!
- Security problems at Micro$oft...what else is new?
- Security problems at AOL...what the...?
What's going on these days? Aren't the morons that work at these high-profile corporations better educated in social engineering avoidance techniques and the old-fashion trojan horse? Sheesh! (Apologies to the people who work for M$ and AOL who post onSo now they're gonna call the older PCMCIA standard OLDCARD?
As a dyed-in-the-wool Apple fan, even I had some reservations about Aqua.
In their latest revision of Mac OS X (10.2 aka Jaguar) the pulsating buttons and outrageous shadows have mecome more realistic and visually-pleasing.
I've seen KDE 3.1 and my lord does it look like Window$ XP and Mac OS X mixed in a leaky vat. There is no question about the longevity of these interfaces -- the generalized form of Apple Aqua or Micro$oft's "Luna" interface are here to stay.
I'm with ya! How about first getting people to actually VOTE in our elections, huh? Then we can focus on getting the decent politicians back where they belong -- in power.
Does this remind anyone of Farenheit 451? You know, where they burn the books so people won't revolt against the government? This is a similar restriction placed upon our libraries and bookstores that silences any mention of a subpoena for a list of books a certain individual has purchased or borrowed.
I still don't understand how Mr. Ashcroft and his DoJ thugs got PATRIOT through Congress. Oh wait, I forgot! Our US Congress was so freaked out by September 11 and thought that somehow if they took away Americans' right to privacy and freedom from harassment that this world would somehow be a better place!
I guess its more of the fact that submitting my info to NYT online is just another login/passwd I have to remember...
Guess what my fellow slashdotters? You can read the article online WITHOUT REGISTERING with the NYT! Click below...
Bypass those thugs!
What about spammers who USE M$ Hotmail as their "base of operations"? Why doesn't M$ require Hotmail users to provide a credit card or bank account? They could use a cross-referenced database to make sure there is only ONE account per person (or at least one per credit card/bank account).
This solution will ultimately lead to spammers' shying away from Hotmail and looking for other less-recognized freeMail providers.
So WHAT?
As anyone in the computer industry will tell you, once a product loses its integrity (unless it's an M$ app) there won't be any demand for said product and no one will touch it with a 10-foot pole.
Ah ha! Finally, a solution for the Google Time Bomb! Google would be able to filter out 85% of the blogs and show us the real (read: unblogged) results.
Here's an idea...since only a handful of people go there and it's expensive to set up a VSAT, why not have someone from Corporate America sponsor the base camp? I could just see it now: Enron Camp...
- Gulfstream V jet: $30m
- Tricked-out XServe: $8248
- 12" Al-Book $1299
Getting the company that bought you the jet to rent it from you: priceless.There are some things money can't buy. For everything else, there's Steve Jobs.
I agree wholeheartedly! As stated previously, the security risks from (virus-infused) software obtained on P2P services are enough of a reason to block P2P ports at the corporate level.
Oh yeah, I also forgot about those hard drives they have in those computers. What happens when Joe Worker fills up his HDD with 50 gigs of MP3's and nude pictures of Sarah Michelle Geller? Because of Joe's downloading habits, Company X must send an IT person to backup the old HDD, replace it, install a new one, and transfer all 50 gigs of P2P junk to the new HDD. All this while the same IT person could be patching his M$ IIS server (cough cough). Who costs Company X more money? Joe Worker, of course! Who does this cost get passed onto? The everyday consumer! (But I digress...)
Downloading pr0n while the IT department could be sniffing your connection should scare people enough to NOT use P2P at work.
Moral of this story:
GET YOUR OWN CONNECTION!
Maybe I'll switch to Mac development, after all
That's platformist! (If there is such a thing)
Wow...so people actually prefer a closed-source, less-secure OS over one that is open-source and significantly more secure? Hmm...something doesn't seem to be working out correctly here...
Red Hat and Oracle plan to announce on Thursday that the companies have teamed to get Linux evaluated under the Common Criteria, a certification that could open doors for the broader use of open-source software by government agencies.
The effort is expected to take nine to 10 months and cost up to $1 million. But if successful, it could pay off handsomely for Red Hat and Oracle, as well as for Linux.
"The government has been deploying Linux in smaller settings quite broadly, but it's still done by exception, by and large," said Mark De Visser, vice president of marketing for Red Hat. "What happens with these certifications is that they will push Linux into the mainstream."
The United States government is among 14 nations that recognize the Common Criteria evaluation. A certification from one country is recognized in the others. With countries from Germany to Peru considering using open-source software, having a certified version of Linux will help break down barriers.
The companies plan to first push Red Hat Linux Advanced Server for a modest level of certification: Evaluation Assurance Level (EAL) 2. In total, there are seven levels of certification attesting to varying grades of security, reliability and developmental process control. The highest level that a commercial software laboratory can certify is EAL 4, which Microsoft received for Windows 2000 last fall.
The EAL level needed by a government customer depends largely on the agency and the application in which the software will be used. On Tuesday, the Department of Defense (DOD) gave Red Hat a Common Operating Environment certification, which attests to a certain level of interoperability with other operating systems.
Oracle 9i has already been certified at EAL 4 on both Windows NT and Solaris, but has to be recertified for each operating system on which it runs. And Oracle thinks that there is a large market among government customers for the company's database running on Linux. In fact, some government clients have been clamoring for Linux, said Mary-Ann Davidson, chief security officer for Oracle.
"One of our large DOD customers asked us if we could foster a Linux evaluation," she said. "The customers truly care about getting Linux evaluated and want Oracle running on it."
There hasn't been much interest in running Oracle on Microsoft's Windows platform because of past security problems with Microsoft products, despite the company's major security push, Davidson said.
"We are going to use Unix and Linux as the evaluation platforms for our products in the future, and not Windows, because the customer demand for Windows is not there," she said. "Frankly, there is a fair amount of disenchantment with Microsoft products because of security problems."
After Red Hat earns the EAL 2 certification, Oracle plans to work toward getting its Oracle 9i Release 2 database running on the evaluated Red Hat Linux Advanced Server certified at the highest commercial rating, EAL 4. Oracle currently ships Oracle 9i Release 2 on Red Hat Linux Advanced Server as part of its Unbreakable campaign.
The final goal for both companies is to have both Red Hat's software and Oracle's software certified under the Common Criteria at EAL 4.
Oracle has tackled the process 15 times on a variety of operating systems.
The Common Criteria, an international standard administered by the National Institute of Standards and Technology in the United States, grades products based not only on their security and reliability, but also on the development and support processes that ensure quick responses to problems.
Other nations that have signed the Arrangement on the Mutual Recognition of Common Criteria Certificates in the Field of IT Security are Canada, France, Germany, the United Kingdom, Australia, New Zealand, Italy, Spain, the Netherlands, Norway, Finland, Greece and Israel.
The benefits of Common Criteria certification for Red Hat's Linux products should trickled down to the rest of the Linux community as well, said Dave Dargo, vice president of Oracle's Linux program office.
"The benefits of this evaluation extend beyond Red Hat in the long term," Dargo said, adding that the enterprise-level changes Red Hat and Oracle have made to the Linux kernel have made their way into Linux 2.5, the newest version of the kernel under development.
Moreover, the evaluation process, while expensive, should result in a more secure version of Linux being generally available, added Davidson.
"Fixing a major security hole costs a lot," she said. "And while certification won't prevent those holes, it helps to have a stricter development process. Finding one security hole that you otherwise would have missed, easily pays for evaluation."
Is there any reason why RH needs to be government-certified? If M$ is gov-cert, what does this say about RH and Oracle?
WHAT A LIE!!
Not only are Macs proven to be faster at LOWER clock speeds, they are also significantly much easier to use (and require less maintenance) than any other OS.
Just look at how much work it took Micro$oft to get "Windows" to look as good as the Mac! Nearly every release since 3.1 has been a DIRECT infringement of Apple's IP rights. Even UNIX/Linux X-Window managers have stolen some of Apple's unique ideas -- including Drag-and-Drop, WindowShade, and even the idea of double-click!
FYI, Mr./Ms. citanon, if you want to insult my platform, at least get the facts straight!
...they're trying to be more like Apple! What a GENIUS plan!
No, seriously...where is this going to get them? They've been flaunting the MHz myth like mad for at least 5 years now. Is the fact that the processor is "more efficient" going to get those who make purchasing decisions based solely upon processor "speed" (in MHz) to buy this new chip?
Somehow, I think this will ultimately lead to the downfall of the MHz myth. With CISC and RISC being so neck-and-neck (at different MHz though) in terms of relative speed, there will be a "revolution" of sorts. Bare with me here...
This revolution I speak of is simply that of measuring the actual real-world processor speed -- not just clock speed. People will soon realize that the MHz measurement isn't all it's talked-up to be. Apple, IBM, and Motorola have known this since 1994 with the introduction of the RISC-based PowerPC processor architecture. No wonder Intel (in all of it's wisdom) is finally catching up.
The future brings savvier PC purchasers who see MHz as just that -- clock speed. It will be interesting to see what happens if this trend continues...