But Sanford insisted Smart Tags are safe. "It's not like people are downloading executables here," he said. "This is fairly benign stuff."
Uhuh. And HTML has never been used to exploit weaknesses in design.
Sit back... relax... this will only hurt for a second. I promise I'll call you. Of course I'll respect you in the morning. The check is in the mail. This is fairly benign stuff.
Either way it just makes them looks daft and insecure. Personally I tend to believe that companies should be allowed to shoot themselves in the foot like this - if the public is aware of their actions. Unfortunately I bet most of this type of thing goes largely unnoticed.
Ahh well... OPENpolicy? All business policies have to be available to the public in electronic form if you run a million dollar+ business a year? Yikes... J/K
I, like many here, agree with the "leave it alone" approach. You lost the bid, game over, insert quarter for new game.
Here is a little anecdote to let you know why I feel this way;
Federal Agency Dept of ABC runs a mostly Unix shop.
Federal Agency Dept of TUV and XYZ runs a mostly NT shop.
RDS hits and Federal Agency NOP and Federal Agency DEF (both mostly NT shops) get hit the very next day.
A young security engineer in Federal Agency ABC knows Federal Agency TUV and XYZ are both big NT shops and thinks to himself - "Geeze, I bet they are vulnerable - I'll give them a heads up." - Then thinks "Hmmm, I don't want to look like an ass, and be told 'Duh - we patched that the same day it was made public'." So young security engineer runs test code to see if default databases are accessable. They are. Young security engineer writes a paper describing the situation and how to solve the problem both agencies public web servers suffer from and mails them off to his director and the security directors of Federal Agency TUV and XYZ.
Federal Agency TUV thanks young security engineer.
Federal Agency XYZ makes a "federal case" out of the whole thing. And attempts to get young security engineer fired.
Now. This guy didn't end up getting fired. I'm one of the many who went to bat for him when the two agencies met regarding the issue. However, he very easily could have been - were he not exceedingly bright - and had he not done everything correctly after the huge mistake he made in testing his theory.
Seems to me Apple is doing what it can with the resources it has available to it at this time. Apple must first answer to its stockholders - not, as much as some would like, to the opensource community. I mean jeeze, they just got X out the door. The framework is there for them to give back - and they seem to be headed in that direction. Just not as quickly as some might like apparently.
Those humorous, albiet sophamoric, entries have been in there for months (at least a few of them have been.) I doubt they have anything to do with the current DNS issues.
"Fortunately, he wasn't too bright because he left a lot of trails," said Bill Benefield, a system administrator with FishNet.
well. kudos bill - you just berated an individual that tore your isp a new asshole, and made you a laughing stock.
seriously people. script kiddies don't just fall out of the sky into massive massive pipes of unlimited bandwidth. they take advantage of lackadaisical system administrators who install "insecure by default" oses and don't keep up with patching them. they take advantage of companies that don't stick their machines behind firewalls. they take advantage of your laziness and the industries general malaise regarding network security.
you want retribution? well bill seems to think they will find the perp's point of origin pretty easily (he left such detailed logs) - so prosecuting the kiddie should be no problem. but if you want to be angry at someone. i suggest being angry at bill.
Gee so glad you actually read the post. I thought I made it quite clear, that no... this was not a part of my job I relished. In fact I clearly stated I wouldn't mind being fired for some of the big brother tactics my job sometimes requires me to take.
Guess what... its my job to make sure people don't take advantage of a $50k a month resource provided for by Virginia State taxpayers. If that makes me a little man in your eyes, it makes you an insignificant and childish one in mine.
I do contracted network security work for the state of Virginia. And yes... I have to look at sexually explicit material to verify "slackers" at work from time to time.
Most of the porn is blocked at the firewalls, but you'd be suprised (perhaps not) at how "hard" people will "work" to get at their porn while on the high bandwidth at work.
Am I breaking the law by trying to enforce it? Hell I'd almost like to get fired for the big brother tactics my job sometimes requires me to take.
While it might be nice if it were dead. It most certainly isn't. And belive it or not I know plenty of government agencies that still have windowless TN3270 terminals for database lookups.
Personally I'd like to have rows of blinking lights on my workstations : ( I see no reason that had to die. Why!?! Why!?!
For every succesfull DSL install I have heard about or read about, there are 5 others out there that are real horror shows.
Take my install with Fastpoint (ISP), COVAD (DSL) and Verizon (Telco). It is rapidly approaching 6 months since I originally ordered my ADSL and I have yet to get a synch up. Its not that I live in an area where DSL is impossible (at least 2 others in my neighborhood have it through COVAD). Its not the fact that Verizon is now on strike (you'd have to chop 5 months off the current install time for that to be the problem.) It definately seems to be the fact however, that a) my ISP doesn't push hard enough with installs, b) COVAD has no power over the lines they install DSL on, and c) Verizon has absolutely -zero- clue and -zero- interest in making a loop DSL ready.
So, I certainly doubt this will be the last of the law suites we see against DSL providers. They are all making claims they can't live up to and preaching their own special versions of the truths of DSL installation (average 21 day install time my ass.)
Anyone that is thinking about getting DSL certainly owes it to themselves to check out http://www.dslreports.com. I certainly wish I had before I signed up for the install hell I've been put through. I've already completed round 1 of my complaints to both the FCC and BBB. It felt good to do it, even though I doubt it will have any real impact.
The world, and more specifically the American populus, has the average attention span of fruit fly these days. Not to mention what they actually manage to retain.
No one cares about that report anymore. The Internet shown through for what it is - a superb communications tool. Big business has latched on, and all we've gone is up. About the only people that care about porn on the net anymore are those that use it - and the religious right. And quite frankly I care more about the former than the latter.
The bottom line is... truth is very hard to coverup.
Er yeah thats it. It couldn't be because distributions like MacOS aren't truley multi-user systems. Or that OSes like OpenBSD go through stringent security and code reviews.
Rejoice in the fact that Moody has once again shown himself in the truest light: Bill Gates' lapdog.
This is the first anti-Linux article I've read from him which can be so easily rebutted and turned around to debase Windows using his own argument.
The sadest part is that new stories like this don't last in peoples mind longer. For a brief period anyone that cares will know Moody for what he is: a crappy journalist with low integrity. But four or five articles from now, all will be forgoten and we'll just start it all over again.
The crux of the matter is that his argument was silly and that the numbers were misrepresented (making his argument even sillier).
Fred Moody is a Microsoft lapdog, period. There are plenty of Linux lapdogs too. Just don't go getting all whiney because Moody is an idiot that caters to corporate idiots. He got called on bad reporting - deal with it.
Linux security have a long way to go? Yes. Is it going to get to Nirvana faster than Windows? Time will tell.
Fairly shitty thing to do...
on
Geek Flavor
·
· Score: 1
Slashdot Mirror
But Sanford insisted Smart Tags are safe. "It's not like people are downloading executables here," he said. "This is fairly benign stuff."
Uhuh. And HTML has never been used to exploit weaknesses in design.
Sit back... relax... this will only hurt for a second. I promise I'll call you. Of course I'll respect you in the morning. The check is in the mail. This is fairly benign stuff.
Either way it just makes them looks daft and insecure. Personally I tend to believe that companies should be allowed to shoot themselves in the foot like this - if the public is aware of their actions. Unfortunately I bet most of this type of thing goes largely unnoticed.
Ahh well... OPENpolicy? All business policies have to be available to the public in electronic form if you run a million dollar+ business a year? Yikes... J/K
I would assume the only reason it would matter to CT what his name was, would be so that he could get his character twinked with ewber l00t.
"a fat pipe"
^
Hurm, no thanks.
Much more likely to see a case like this brought against Samba.
I, like many here, agree with the "leave it alone" approach. You lost the bid, game over, insert quarter for new game.
Here is a little anecdote to let you know why I feel this way;
Federal Agency Dept of ABC runs a mostly Unix shop.
Federal Agency Dept of TUV and XYZ runs a mostly NT shop.
RDS hits and Federal Agency NOP and Federal Agency DEF (both mostly NT shops) get hit the very next day.
A young security engineer in Federal Agency ABC knows Federal Agency TUV and XYZ are both big NT shops and thinks to himself - "Geeze, I bet they are vulnerable - I'll give them a heads up." - Then thinks "Hmmm, I don't want to look like an ass, and be told 'Duh - we patched that the same day it was made public'." So young security engineer runs test code to see if default databases are accessable. They are. Young security engineer writes a paper describing the situation and how to solve the problem both agencies public web servers suffer from and mails them off to his director and the security directors of Federal Agency TUV and XYZ.
Federal Agency TUV thanks young security engineer.
Federal Agency XYZ makes a "federal case" out of the whole thing. And attempts to get young security engineer fired.
Now. This guy didn't end up getting fired. I'm one of the many who went to bat for him when the two agencies met regarding the issue. However, he very easily could have been - were he not exceedingly bright - and had he not done everything correctly after the huge mistake he made in testing his theory.
http://www.opensource.apple.com/tools/cvs/
Seems to me Apple is doing what it can with the resources it has available to it at this time. Apple must first answer to its stockholders - not, as much as some would like, to the opensource community. I mean jeeze, they just got X out the door. The framework is there for them to give back - and they seem to be headed in that direction. Just not as quickly as some might like apparently.
There is a good thread on this topic at http://www.macintouch.com/websecurity.html
Scroll on down to the bottom of the specs sheet.
Other
Recommendation
IBM recommends Windows 2000 Professional for business.
Those humorous, albiet sophamoric, entries have been in there for months (at least a few of them have been.) I doubt they have anything to do with the current DNS issues.
my favorite quote of the year thus far...
"Fortunately, he wasn't too bright because he left a lot of trails," said Bill Benefield, a system administrator with FishNet.
well. kudos bill - you just berated an individual that tore your isp a new asshole, and made you a laughing stock.
seriously people. script kiddies don't just fall out of the sky into massive massive pipes of unlimited bandwidth. they take advantage of lackadaisical system administrators who install "insecure by default" oses and don't keep up with patching them. they take advantage of companies that don't stick their machines behind firewalls. they take advantage of your laziness and the industries general malaise regarding network security.
you want retribution? well bill seems to think they will find the perp's point of origin pretty easily (he left such detailed logs) - so prosecuting the kiddie should be no problem. but if you want to be angry at someone. i suggest being angry at bill.
Gee so glad you actually read the post. I thought I made it quite clear, that no... this was not a part of my job I relished. In fact I clearly stated I wouldn't mind being fired for some of the big brother tactics my job sometimes requires me to take.
Guess what... its my job to make sure people don't take advantage of a $50k a month resource provided for by Virginia State taxpayers. If that makes me a little man in your eyes, it makes you an insignificant and childish one in mine.
I do contracted network security work for the state of Virginia. And yes... I have to look at sexually explicit material to verify "slackers" at work from time to time.
Most of the porn is blocked at the firewalls, but you'd be suprised (perhaps not) at how "hard" people will "work" to get at their porn while on the high bandwidth at work.
Am I breaking the law by trying to enforce it? Hell I'd almost like to get fired for the big brother tactics my job sometimes requires me to take.
Oh yeah.. woops... I'm a troll because I told the truth about your weak news "story". Geee muh feelinz iz hurt.
You probably won't hear much about the fact that Brown Orifice also (for the most part) works on IE.
Such is life.
While it might be nice if it were dead. It most certainly isn't. And belive it or not I know plenty of government agencies that still have windowless TN3270 terminals for database lookups.
Personally I'd like to have rows of blinking lights on my workstations : ( I see no reason that had to die. Why!?! Why!?!
Eh? Am I missing something wrong with my post?
Nice caps though... they're really, uh... big!
For every succesfull DSL install I have heard about or read about, there are 5 others out there that are real horror shows.
Take my install with Fastpoint (ISP), COVAD (DSL) and Verizon (Telco). It is rapidly approaching 6 months since I originally ordered my ADSL and I have yet to get a synch up. Its not that I live in an area where DSL is impossible (at least 2 others in my neighborhood have it through COVAD). Its not the fact that Verizon is now on strike (you'd have to chop 5 months off the current install time for that to be the problem.) It definately seems to be the fact however, that a) my ISP doesn't push hard enough with installs, b) COVAD has no power over the lines they install DSL on, and c) Verizon has absolutely -zero- clue and -zero- interest in making a loop DSL ready.
So, I certainly doubt this will be the last of the law suites we see against DSL providers. They are all making claims they can't live up to and preaching their own special versions of the truths of DSL installation (average 21 day install time my ass.)
Anyone that is thinking about getting DSL certainly owes it to themselves to check out http://www.dslreports.com. I certainly wish I had before I signed up for the install hell I've been put through. I've already completed round 1 of my complaints to both the FCC and BBB. It felt good to do it, even though I doubt it will have any real impact.
Give me news that the priceplan for Palm.Net has changed to something that is half-reasonable.
THAT would be newsworthy.
Hahaha. Can I laugh at myself? Yes.
The world, and more specifically the American populus, has the average attention span of fruit fly these days. Not to mention what they actually manage to retain.
No one cares about that report anymore. The Internet shown through for what it is - a superb communications tool. Big business has latched on, and all we've gone is up. About the only people that care about porn on the net anymore are those that use it - and the religious right. And quite frankly I care more about the former than the latter.
The bottom line is... truth is very hard to coverup.
Er yeah thats it. It couldn't be because distributions like MacOS aren't truley multi-user systems. Or that OSes like OpenBSD go through stringent security and code reviews.
Nah, that can't be it.
Rejoice in the fact that Moody has once again shown himself in the truest light: Bill Gates' lapdog.
This is the first anti-Linux article I've read from him which can be so easily rebutted and turned around to debase Windows using his own argument.
The sadest part is that new stories like this don't last in peoples mind longer. For a brief period anyone that cares will know Moody for what he is: a crappy journalist with low integrity. But four or five articles from now, all will be forgoten and we'll just start it all over again.
But seriously.
The crux of the matter is that his argument was silly and that the numbers were misrepresented (making his argument even sillier).
Fred Moody is a Microsoft lapdog, period. There are plenty of Linux lapdogs too. Just don't go getting all whiney because Moody is an idiot that caters to corporate idiots. He got called on bad reporting - deal with it.
Linux security have a long way to go? Yes. Is it going to get to Nirvana faster than Windows? Time will tell.
unless this guy actually owns the box.