Any bug is a potential security hole. And Windows has a lot of bugs. Fix the bugs, not the security holes, and your code will be more secure.
Patching is great. Patch Management is great. But it doesn't keep the bad guys out, it just stops some worms. But then variants of worms come out.
Clearly worms are a security threat. But there are many other security threats.
Windows is not secure. NT NULL session, NetBIOS attacks (SAM and AD come to mind quickly), and even simple buffer overflows, format string attacks, etc... these are POPULAR attacks against Windows that attackers are utilizing right now. Even when patched, some of these attacks still work. Why? Inherent network protocol design is part of it. But bugs are a huge part also.
Reverse engineering patches... who needs to even go that far? Any engineer at Microsoft can just query their internal bug tracking system. An attacker could have a friend inside Microsoft who sends her/him a bug report. That friend could also be the target of social engineering. You saw the movie "Sneakers", right?
Others can simply "grep" or "slint" the code. By reading the code, anyone can find a bug and make an exploit out of it. This has been widely done for a long time. It's not an uncommon practice, and it's not difficult.
If coders want to fix security holes in their code, the only real place to start is by fixing the bugs. When Windows runs so smoothly and never app fails or hangs on me, When I no longer hear or see a BSOD, When hell freezes over -- Then Windows will be truly secure.
build a computer out of parts. hell - build the power supply. then you'll learn what is broken or not. you might need a multi-meter.
if you can install freebsd, openbsd, netbsd, fedora, gentoo, and debian on the machine, all within 24 hours - then you can count on the hardware working for awhile.
the only device(s) i've replaced on my primary machine in 10 years is the drive(s) (none of the older drives died, but i felt i had to replace them due to their smaller size). this one time i had an obvious hardware problem, so i put in a bunch of output into a google browser and found out that I probably had to clean all the dust out of my machine and cpu-fan. good thing i didn't have to replace anything.
that machine was made of high quality parts that i spent a few short weeks researching on what to buy and where to buy it. i used all scsi and a non-intel processor/motherboard (scsi and non-intel were more important 10 years ago than today probably).
No software can replace the need for hardware knowledge. You are going to need to know hardware cold to run continous IT/Operations, whether Apple, Intel, or AMD/Sun.
The FCC already opened this up in 1997 through allowing Global 800 numbers. That means that in China, people can dial toll-free to China and the conference will be linked to a toll-freee US/Canada 800/888/877/866 number. This is old news. SS7 has made this "legal" for over 6 years now.
The only difference with VoIP is that it's cheaper+easier to encrypt (and subvert).
I almost always carry a Zebra F-301 ballpoint pen. They are almost always available at Wallgreens, so if I lose one, I know I can pick it up later. It's really geeky... black on chrome.
For the truly geeky, check out the MaiDo japanese stationary store at Santana Row in the heart of Silicon Valley.. they have awesome pens and pencils of all types.
let's just say there are plenty of people moving away from CatOS, but it requires LOTS of babysitting;> and, yes, Cisco is pushing it. if you want the best features and any new features, you'll likely be using "native" SupIOS.
Well the AP1100 and 1200 already support IOS. The AP 350 is going to support IOS soon, but the 340 never will. So you will very likely get your wish. The best part is that there is going to a subset of IOS for the 2600/3600/3700 routers as well as most IOS-based switches (Catalyst 6500, 4500, 3550, 2950, 3570) where on the Ethernet interfaces that connects to the Cisco/Linksys AP, you can configure all the AP parameters right in the interface configuration.
We're testing the AP 1200 802.11 a/b dual-mode with the WLSE (wireless solutions engine linux box which does mini site-surveys, code pushes, management, mass upgrades, etc) with all the latest features... Secure Fast Roaming, Wifi Protected Access, et al.
Cisco/Linksys do make good devices, although the competition is stepping up... SMC with the Media Player competitive unit (Cisco/Linksys only does pictures, while the SMC unit does MPEG and other video streaming)... and Netgear with the 108Mbps WGT624 AP and WG511T card.
Whoah cool, airsnort just works with no problems? I just installed the hack on mine, now I got to get some binaries/scripts going for airsnort/wepcrack/etc. Too bad it doesn't run *BSD, then I could use bsd-airtools!@#!
Not to nitpick on your point #3, but the AP already does all 3 of those things without this hack: a) via iptables front-end, b) WPA (the WRT54G is also one of the only AP's that support it), and c) i believe this is also iptables behind-the-scenes, but it has many methods of rate-limiting (not necessarily shaping) available from the front-end.
Slashdot Mirror
Patching is great. Patch Management is great. But it doesn't keep the bad guys out, it just stops some worms. But then variants of worms come out.
Clearly worms are a security threat. But there are many other security threats.
Windows is not secure. NT NULL session, NetBIOS attacks (SAM and AD come to mind quickly), and even simple buffer overflows, format string attacks, etc ... these are POPULAR attacks against Windows that attackers are utilizing right now. Even when patched, some of these attacks still work. Why? Inherent network protocol design is part of it. But bugs are a huge part also.
Reverse engineering patches... who needs to even go that far? Any engineer at Microsoft can just query their internal bug tracking system. An attacker could have a friend inside Microsoft who sends her/him a bug report. That friend could also be the target of social engineering. You saw the movie "Sneakers", right?
Others can simply "grep" or "slint" the code. By reading the code, anyone can find a bug and make an exploit out of it. This has been widely done for a long time. It's not an uncommon practice, and it's not difficult.
If coders want to fix security holes in their code, the only real place to start is by fixing the bugs. When Windows runs so smoothly and never app fails or hangs on me, When I no longer hear or see a BSOD, When hell freezes over -- Then Windows will be truly secure.
if you can install freebsd, openbsd, netbsd, fedora, gentoo, and debian on the machine, all within 24 hours - then you can count on the hardware working for awhile.
the only device(s) i've replaced on my primary machine in 10 years is the drive(s) (none of the older drives died, but i felt i had to replace them due to their smaller size). this one time i had an obvious hardware problem, so i put in a bunch of output into a google browser and found out that I probably had to clean all the dust out of my machine and cpu-fan. good thing i didn't have to replace anything.
that machine was made of high quality parts that i spent a few short weeks researching on what to buy and where to buy it. i used all scsi and a non-intel processor/motherboard (scsi and non-intel were more important 10 years ago than today probably).
No software can replace the need for hardware knowledge. You are going to need to know hardware cold to run continous IT/Operations, whether Apple, Intel, or AMD/Sun.
The only difference with VoIP is that it's cheaper+easier to encrypt (and subvert).
wow, you're right, thanks!
http://www.zebrapens.com/
For the truly geeky, check out the MaiDo japanese stationary store at Santana Row in the heart of Silicon Valley.. they have awesome pens and pencils of all types.
let's just say there are plenty of people moving away from CatOS, but it requires LOTS of babysitting ;> and, yes, Cisco is pushing it. if you want the best features and any new features, you'll likely be using "native" SupIOS.
Well the AP1100 and 1200 already support IOS. The AP 350 is going to support IOS soon, but the 340 never will. So you will very likely get your wish. The best part is that there is going to a subset of IOS for the 2600/3600/3700 routers as well as most IOS-based switches (Catalyst 6500, 4500, 3550, 2950, 3570) where on the Ethernet interfaces that connects to the Cisco/Linksys AP, you can configure all the AP parameters right in the interface configuration.
... and Netgear with the 108Mbps WGT624 AP and WG511T card.
We're testing the AP 1200 802.11 a/b dual-mode with the WLSE (wireless solutions engine linux box which does mini site-surveys, code pushes, management, mass upgrades, etc) with all the latest features... Secure Fast Roaming, Wifi Protected Access, et al.
Cisco/Linksys do make good devices, although the competition is stepping up... SMC with the Media Player competitive unit (Cisco/Linksys only does pictures, while the SMC unit does MPEG and other video streaming)
Whoah cool, airsnort just works with no problems? I just installed the hack on mine, now I got to get some binaries/scripts going for airsnort/wepcrack/etc. Too bad it doesn't run *BSD, then I could use bsd-airtools!@#!
Not to nitpick on your point #3, but the AP already does all 3 of those things without this hack: a) via iptables front-end, b) WPA (the WRT54G is also one of the only AP's that support it), and c) i believe this is also iptables behind-the-scenes, but it has many methods of rate-limiting (not necessarily shaping) available from the front-end.