It is far from being a "critical flaw". In the article they say that when running kernel code you can bypass any antivirus. Surprise. Did we missed the point that you first need to gain kernel level privileges?
The real problem behind the AV industry is that almost all Windows users tend to use a user with Administrator level privileges and when they gets infected the malware runs with full administrator privileges. If they would use a normal account and not the Windows environment's "root" equivalent we would not talk about this "critical problem" as the malware would need to infect and scalate privileges in order to install a kernel level componente, a rootkit.
As previously said, it is far from being a "critical flaw".
When an high percent of they (US citizens) thinks that spain is in Mexico and almost all the american history previous to the european colonization doesn't exists.
Looks like strange because they have many known flaws that need to be fixed. I can't understand why the f* they don't releases patches but, well, is the problem with closed source software vendors.
How do you go about making sure your code is secure?
In my opinion the unique way is by trying to exploit/crash you program during development using logical and/or fuzzing techniques. Many programmers think that "security" is the last step they need to follow when writting a piece of software but they missed that security is one of the "intermediate" steps, not the last.
In my case, I always conduct an audit in my software when a module (in example) is finished, when I added a new functionality, etc...
Sorry if it is considered as a provocation but, in my opinion, it was deliberated. Good propaganda (the attack) to start writting anti-terrorism laws that will only serve for the government's purposes: special courts, control of personal data, cut of liberties to fight better against terrorism...
They take advantage of the people's fear to the terrorism. The 11-S was their great excuse to do whatever they want in the name of the fight against the terrorism.
For them it does not matter who died, only "for what purpose can be worth to us?".
Protection against 0 day exploit's with signatures or another similar way that rewrites the page making it safe looks great and, in my opinion, is what is needed in the browser's world.
There is no safe browser: one can be safest than other but, anyway, there is no safe browser so a method to protect from 0days prior to patch's release is IMHO a very, very, very good idea.
I'm an Oracle Administrator & Developer. I worked with both PostgreSQL (7.4 and 8.1) and Oracle (7.3, 8i, 9i and 10g) and, from the developer perspective I prefer Oracle. From the Administrator perspective..., Oracle is more easy to administrate but her police in fixing security vulnerabilities makes me very paranoid when I need to protect one Oracle Database.
This problem doesn't appear with PostgreSQL (or any other Open Source Database), simply, because I can modify the source code of the product if I found a problem.
There is no such option with an Oracle database so, you can try using a workaround (if possible and available) or you will need to wait for a year (or more).
When the Oracle guys change her policy about security problems I will say that is my prefered database in the world. At the moment I can only say that it's the most powerfull database (among IBM DB2) and, surely, one of the most insecure databases in the world.
The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.
This doesn't open the door to DOS (Denial Of Service) attacks?
Tens of similar sites, some offering detailed information on how to build and use biological weapons.
Please, any probe of they were this kind of information? I have one prove of this site doesn't exists and were not exists: go to www.mojihedun.com or search in google and/or yahoo the word "mojihedun". You will only found the same note as you publish in the (Surprise!) www.timesonline.co.uk publication.
However, Islamic sites believed to be "moderate", remain
And what sites thinks the UK Governments are "moderates"?
Slashdot Mirror
It is far from being a "critical flaw". In the article they say that when running kernel code you can bypass any antivirus. Surprise. Did we missed the point that you first need to gain kernel level privileges?
The real problem behind the AV industry is that almost all Windows users tend to use a user with Administrator level privileges and when they gets infected the malware runs with full administrator privileges. If they would use a normal account and not the Windows environment's "root" equivalent we would not talk about this "critical problem" as the malware would need to infect and scalate privileges in order to install a kernel level componente, a rootkit.
As previously said, it is far from being a "critical flaw".
When an high percent of they (US citizens) thinks that spain is in Mexico and almost all the american history previous to the european colonization doesn't exists.
Looks like strange because they have many known flaws that need to be fixed. I can't understand why the f* they don't releases patches but, well, is the problem with closed source software vendors.
How do you go about making sure your code is secure?
In my opinion the unique way is by trying to exploit/crash you program during development using logical and/or fuzzing techniques. Many programmers think that "security" is the last step they need to follow when writting a piece of software but they missed that security is one of the "intermediate" steps, not the last.
In my case, I always conduct an audit in my software when a module (in example) is finished, when I added a new functionality, etc...
Yes, it can be dangerous, in the sense that may help us to find flaws in Open Source software, as the the common Google Search does or even "grep".
But, anyway, the tool can be used in order to spend a good short while.
Sorry if it is considered as a provocation but, in my opinion, it was deliberated. Good propaganda (the attack) to start writting anti-terrorism laws that will only serve for the government's purposes: special courts, control of personal data, cut of liberties to fight better against terrorism...
They take advantage of the people's fear to the terrorism. The 11-S was their great excuse to do whatever they want in the name of the fight against the terrorism.
For them it does not matter who died, only "for what purpose can be worth to us?".
Protection against 0 day exploit's with signatures or another similar way that rewrites the page making it safe looks great and, in my opinion, is what is needed in the browser's world.
There is no safe browser: one can be safest than other but, anyway, there is no safe browser so a method to protect from 0days prior to patch's release is IMHO a very, very, very good idea.
I'm an Oracle Administrator & Developer. I worked with both PostgreSQL (7.4 and 8.1) and Oracle (7.3, 8i, 9i and 10g) and, from the developer perspective I prefer Oracle. From the Administrator perspective..., Oracle is more easy to administrate but her police in fixing security vulnerabilities makes me very paranoid when I need to protect one Oracle Database.
This problem doesn't appear with PostgreSQL (or any other Open Source Database), simply, because I can modify the source code of the product if I found a problem.
There is no such option with an Oracle database so, you can try using a workaround (if possible and available) or you will need to wait for a year (or more).
When the Oracle guys change her policy about security problems I will say that is my prefered database in the world. At the moment I can only say that it's the most powerfull database (among IBM DB2) and, surely, one of the most insecure databases in the world.
The system monitors the number of external connections being made and if a higher network activity is detected, the computer is disconnected to prevent the infection of further machines on the network.
This doesn't open the door to DOS (Denial Of Service) attacks?
Tens of similar sites, some offering detailed information on how to build and use biological weapons.
Please, any probe of they were this kind of information? I have one prove of this site doesn't exists and were not exists: go to www.mojihedun.com or search in google and/or yahoo the word "mojihedun". You will only found the same note as you publish in the (Surprise!) www.timesonline.co.uk publication.
However, Islamic sites believed to be "moderate", remain
And what sites thinks the UK Governments are "moderates"?
Easy to modify the "fork bomb" script for Windows.
start cmd
start cmd
start cmd
start cmd
start cmd
start cmd
start cmd
start cmd
start cmd
start kill.bat
start kill.bat
start kill.bat
start kill.bat
start kill.bat
start kill.bat
Try it! My machine has been freezed in about 15 seconds.
Can I use this database as a replacement for large databases, such as Oracle Databases?
This is a sacrilegy
Linux has no price. Is not for sale.
Ok, will be open source, but will be Free Software?
How about GNU Enterprise?
Simply post the URL of your enemy in Slashdot
Insecurity
My box says it's insecure! So therefor, I can't possibly have some spoofing ActiveX control thingie, can I?
Then your system is properly configured, everything is correct.
# umask 077
or
# chmod 700 XXX
Almost nothing in Perl serves a single purpose.
Almost nothing in XP is secure.
Windows XP SP2's 'Windows Security Center' is just about as insecure as it could possibly be.
Microsoft Software is just about as insecure as it could possibly be.
I've set control lists for DNS for a long long time.
The use of ACLs is not secure because an atacker may spoof easily the IP address.
Is a good way , yes, but not the ONLY and FINAL way to protect our networks.