Who gives a shit, Most europeans (atleast the countries that started the EU) never wanted no EU! I hate it.. it's not democratic at all.. it further enables outside pressue in EU countries, so even when you vote for some party there's more chance they will do things you don't like because of outside pressure.
But isn't it that sun is doing exactly the opposite; They partner with microsoft. Microsoft may give Sun access to private technology and Sun can make their systems work perfectly with microsoft "servers" and desktops.. all to make Sun a better UNIX flavor than Linux can ever get...
Isn't this what this is all about? I mean, the article is mainly about Sun's partnership with microsoft, only at the bottom is this little thing about sun selling to wallmart..
Hmm.. ofcourse not everyone will check all source code.. but someone will see what someone else did.
And the very hard to find vulnerabilities might not be spotted by the next person to read the code, but is very likely to be found eventually.. As for a backdoor like this, it looks very unlikely that anyone having access to the code and reading that code would not have catched the backdoor.
And I don't think anyone sees this as "just another advisory" for _obvious_ reasons.
I don't believe cisco did this intentionally, but some employee must have.. even if his intentions were to remove it afterward, to me i think it's quite risky if you do something like that. It also makes you wonder how well that code gets checked before release. So, people concerned with security are naturally going to think about what this means.. basically there are legitimate reasons for FUD here:). Especially now that this is known, if it was opensource everyone would be interested in seeing other code of Cisco products..
Still I think everyone can make a mistake, and even a big mistake, so it's a personal issue if you still trust Cisco products or closed source in general. And on the other hand, if you believe that Cisco or some other closed-source vendor has good intentions and that this was not deliberate, does this also mean you should trust it's products? It was a mistake right, and it was a big mistake, we can only guess what a company like Cisco tries to prevent this from happening. As for Open Source this still holds true ofcourse, but with less inpact. An open-source software writer might not do any security checking at all.. but those reading the source code quickly report bugs.. if there are many too-stupid-to-be-true bugs found (Matt's scripts;-)), we know what kind of programmer we're dealing with.
In other words; this was a post of FUD, but I think it's based on legitimate concerns. Is there a way for us to know to which lengths closed source companies truly go to keep their code clean? There surely is no way _we_ can verify their code is clean...
Dude, this stuff has all to do with lawyers. Almost everyone that releases an advisory has such a disclaimer because they might get sued by other companies if there is anything untruthful about other companies' products or something.. You can't know for sure for what stupid little thingie people will sue you these days..
I've read some comments on the issues, some try to make a lame excuse to make this acceptable but this one is really terrible:
can be used for customer support
-> Bull, there are more secure ways to do that, and if so why don't we know about it and can't enable/disable this?
There is absolutely no excuse for this type of thing. Now there has been a discussion whether vendors should be fined for their bugs.. well in this case they should! This is equal to acts of computercrime!
Now.. it wouldn't be fair to fine companies for an undeliberate bug, but this case is so obvious that it's a crime. Even if this was some act of a malicious programmer, then I think Cisco is responsible for finding out who did it and bring him to trial!
Can you trust the american elections at all? I'm not an authority on this issue, but I believe/read that these campaigns get sponsored by rich people/businesses with best interest for themselves, the one with the most money for a campaign is most likely to win.. or should i say; the richest corporations are most likely to win.. Go figure who loses.
I wouldn't call this paranoia.. this is obviously a deliberate backdoor so it's too serious.. i hope for them that this is their ownly product that has such a backdoor as in no doubt the underground will be looking everywhere in cisco products for more of these..
And who controls somuch routers on the internet has immense power.
1) doing some fast checking of what's going.. small jobs 2) reading the source to see how to use libpcap.. case example (people who made tcpdump also made libpcap)
So which one is better.. the one with the more features (ethereal) or tcpdump? Depends on the situation..
What is this test based on? On all vulnerabilities of packages that these distributions maintain against the Windows operating system?
How do they go about evaluating which software should be part of this? How about Desktop vs. Server use?
Man, everyone runs such a wide range of different application sets!
Maybe a good comparison would be to have Linux system with:
- Kernel
- Most common GNU software
- Apache
- PHP
- KDE or GNOME
- Mozilla
- OpenOffice.org
Against all Microsoft security bulletins, their severity.
But then there must also be estimated the percentages of uses like howmany Windows users have IIS enabled and howmany Linux users use OpenOffice on howmany machines they have.
Also, not unimportant; howmany time did the bug trackers gave vendors to create the patch? For example the do_brk exploit for Linux was private for some time before it leaked so it was impossible for vendors to make the patch before the news was public knowledge.
There's just toomuch to think about to come to an accurate conclusion.. even impossible, cause how do you track the use of certain software in the Open source community, and ofcourse the Windows user base.
Never believe such reports..
Not all of them do this, but still it's a quite natural pursue... coz windows has the most users so how do you suppose GUI developers will attract a larger public?
I don't think it is because Windows GUI is better.. It's just like OpenOffice support Word format..
It's not google in particular, but some people are suggesting that privacy is not a concern here.. So if you bring that up you definitely get people to say that privacy is a concern, for all people. And I don't think they are particularly referring to google, but to make people realize that privacy is always a concern and that people should think about it before signing up to something like gmail.
And you are right that google has a good privacy statement, and that's all just fine, but privacy advocates just like to point out that people should read and think/consider the privacy statement before signing up.
But people (i'm not referring to you) in general just don't care about privacy at all and just give up their protections of privacy to feel "safe".. and it's ashame.
Slashdot Mirror
Who gives a shit,
Most europeans (atleast the countries that started the EU) never wanted no EU! I hate it.. it's not democratic at all.. it further enables outside pressue in EU countries, so even when you vote for some party there's more chance they will do things you don't like because of outside pressure.
How about http://www.insecure.org/tools.html :)
Okay, maybe I'm completely misleaded here.. it's getting quite late (3 am)..
But isn't it that sun is doing exactly the opposite; They partner with microsoft. Microsoft may give Sun access to private technology and Sun can make their systems work perfectly with microsoft "servers" and desktops.. all to make Sun a better UNIX flavor than Linux can ever get...
Isn't this what this is all about? I mean, the article is mainly about Sun's partnership with microsoft, only at the bottom is this little thing about sun selling to wallmart..
JPL? Coool, I saw that on NGC :)
Where the hell do you come from ?
Hmm.. ofcourse not everyone will check all source code.. but someone will see what someone else did.
:). Especially now that this is known, if it was opensource everyone would be interested in seeing other code of Cisco products..
;-)), we know what kind of programmer we're dealing with.
And the very hard to find vulnerabilities might not be spotted by the next person to read the code, but is very likely to be found eventually..
As for a backdoor like this, it looks very unlikely that anyone having access to the code and reading that code would not have catched the backdoor.
And I don't think anyone sees this as "just another advisory" for _obvious_ reasons.
I don't believe cisco did this intentionally, but some employee must have.. even if his intentions were to remove it afterward, to me i think it's quite risky if you do something like that. It also makes you wonder how well that code gets checked before release. So, people concerned with security are naturally going to think about what this means.. basically there are legitimate reasons for FUD here
Still I think everyone can make a mistake, and even a big mistake, so it's a personal issue if you still trust Cisco products or closed source in general. And on the other hand, if you believe that Cisco or some other closed-source vendor has good intentions and that this was not deliberate, does this also mean you should trust it's products? It was a mistake right, and it was a big mistake, we can only guess what a company like Cisco tries to prevent this from happening. As for Open Source this still holds true ofcourse, but with less inpact. An open-source software writer might not do any security checking at all.. but those reading the source code quickly report bugs.. if there are many too-stupid-to-be-true bugs found (Matt's scripts
In other words; this was a post of FUD, but I think it's based on legitimate concerns. Is there a way for us to know to which lengths closed source companies truly go to keep their code clean? There surely is no way _we_ can verify their code is clean...
Dude, this stuff has all to do with lawyers. Almost everyone that releases an advisory has such a disclaimer because they might get sued by other companies if there is anything untruthful about other companies' products or something..
You can't know for sure for what stupid little thingie people will sue you these days..
This is so terrribly bad.
I've read some comments on the issues, some try to make a lame excuse to make this acceptable but this one is really terrible:
can be used for customer support
-> Bull, there are more secure ways to do that, and if so why don't we know about it and can't enable/disable this?
There is absolutely no excuse for this type of thing. Now there has been a discussion whether vendors should be fined for their bugs.. well in this case they should! This is equal to acts of computercrime!
Now.. it wouldn't be fair to fine companies for an undeliberate bug, but this case is so obvious that it's a crime.
Even if this was some act of a malicious programmer, then I think Cisco is responsible for finding out who did it and bring him to trial!
Can you trust the american elections at all?
I'm not an authority on this issue, but I believe/read that these campaigns get sponsored by rich people/businesses with best interest for themselves, the one with the most money for a campaign is most likely to win.. or should i say; the richest corporations are most likely to win.. Go figure who loses.
I wouldn't call this paranoia.. this is obviously a deliberate backdoor so it's too serious.. i hope for them that this is their ownly product that has such a backdoor as in no doubt the underground will be looking everywhere in cisco products for more of these.. And who controls somuch routers on the internet has immense power.
Yep,
tcpdump is good for two things:
1) doing some fast checking of what's going.. small jobs
2) reading the source to see how to use libpcap.. case example (people who made tcpdump also made libpcap)
So which one is better.. the one with the more features (ethereal) or tcpdump? Depends on the situation..
What is this test based on? On all vulnerabilities of packages that these distributions maintain against the Windows operating system? How do they go about evaluating which software should be part of this? How about Desktop vs. Server use? Man, everyone runs such a wide range of different application sets! Maybe a good comparison would be to have Linux system with: - Kernel - Most common GNU software - Apache - PHP - KDE or GNOME - Mozilla - OpenOffice.org Against all Microsoft security bulletins, their severity. But then there must also be estimated the percentages of uses like howmany Windows users have IIS enabled and howmany Linux users use OpenOffice on howmany machines they have. Also, not unimportant; howmany time did the bug trackers gave vendors to create the patch? For example the do_brk exploit for Linux was private for some time before it leaked so it was impossible for vendors to make the patch before the news was public knowledge. There's just toomuch to think about to come to an accurate conclusion.. even impossible, cause how do you track the use of certain software in the Open source community, and ofcourse the Windows user base. Never believe such reports..
Not all of them do this, but still it's a quite natural pursue... coz windows has the most users so how do you suppose GUI developers will attract a larger public? I don't think it is because Windows GUI is better.. It's just like OpenOffice support Word format..
It's not google in particular, but some people are suggesting that privacy is not a concern here.. So if you bring that up you definitely get people to say that privacy is a concern, for all people.
And I don't think they are particularly referring to google, but to make people realize that privacy is always a concern and that people should think about it before signing up to something like gmail.
And you are right that google has a good privacy statement, and that's all just fine, but privacy advocates just like to point out that people should read and think/consider the privacy statement before signing up.
But people (i'm not referring to you) in general just don't care about privacy at all and just give up their protections of privacy to feel "safe".. and it's ashame.