Hmm.. ok. I never think in terms of the Kernel, as opposed to the Operation System. Perhaps the WinXP kernel has more security features (different priviledges for Local Logon, SYSTEM w/o Network access, complex file and registry ACLs, to name a couple). But they are not used consistently or properly.
The complexity is itself a problem. Network access to the registry is controlled by the permissions ACL on a particular registry subkey, for instance. The OS directory structure requires that ACLs be maintained on a per-file and per-subfolder basis, since so many subfolders and files in the Windows\system32 directory need exceptions in their ACLs.
So the kernel could be capable of so much more, but the way Microsoft creates the rest of the OS is.. horrendous.. from an admin perspective. From a single-user (home user) perspective, the complexity isn't as problematic except for the variety of ways that malware can invade and reside in the system undetected.
Perhaps you'd volunteer to migrate our Windows business software to Linux? We depend on Foxpro's command UI and speed. We have thousands of VB scripts. And some GUI-heavy custom analysis software. Do they run on Linux? Can you make them run quickly on Linux? Can you retrain all of our programmers. No, you can't.
What is the Mac version of Sony's rootkit? Is that the one when you open the CD, you find a readme begging you to install the DRM, so you do, but then you have to type in the administrator password?
Nah. I'm doing what I can, which is protecting our business needs. And highlighting the security costs of Windows as often as possible, to help people make the switch. Sure I'm smug, but you're ugly.:)
Nope. You said, "by default" Windows is more secure than Linux. The challenge was issued for "unpatched" systems, that is, configuration "by default". Windows, by default, sucks for unpatched remote hacks, just humming along by itself attached to the internet, even before you take into account default email, web browsing, and media playing (rootkit, anyone?), with require "some" user actions.
It's a fair challenge. Although, I'd admit that the challenger should have to use a mainstream user-oriented Linux distro, and not a "hardened" server distro.
I'll challenge both of your boxes against a freshly installed Apple box.:)/actually not, I don't have a spare Apple box;)
We Apple users have had ammunition all along. Sony rootkit, LSASS, UPNP buffer overflow. IE "do me" exploits weekly or monthly. And I'd be LMAO without reservation if I didn't have to administer 35 of these fifth columns at work.
Seriously, this is helping a couple of my coworkers make the switch to Mac, even though my boss claims he's happy with his $600 laptop. He's happy because ignorance is bliss, and he has a short memory. He has no idea what his laptop is doing without his knowledge, and every six months he brings it in to me to get it cleaned or wiped.
Full Outlook can't reply or forward either without downloading or including linked images. The only nice thing is that it warns you, and lets you cancel.. usually./really f'ing tired of Exchange and Outlook crap...
No, Slashdot isn't "to blame". Stop talking like Zonk.
Anti-virus and virus writers follow different websites that were already posting the details of the WMF vulnerability and the exploits. Slashdot did not have anything to do with that.
Thanks to Slashdot, I found out about this vulnerability in time to shut off our company's internet access before people came in to work, and find out what do (unregister shimgvw.dll, add rules to IDS, send alarmist email to everyone explaining what to look out for).. I'm sure that thousands of other admins found out about this within 24 hours, thanks to Slashdot, and were able to warn co-workers, friends, and family.
It's very different to ask "Is the publicity from Slashdot to blame?" vs. "I'm curious to know the effects that the media has on catalyzing the growth of exploits like this." I'm curious too, but *very* glad that Slashdot reported this exploit.
I'd believe that a few "prank" infections (IM) have occurred because of the publicity. I'm honestly surprised that no one seems to have posted these.wmf files to popular forums that I read. I'd guess that it's because the company exploiting this vulnerability the most -- Spyaxe -- is making a buck off of it, and mere pranksters won't.
I want to confirm on all systems at work that the WMF viewer has been unregistered with "regsvr32/u shimgvw.dll". This command modifies the registry in some way to disable the.dll.
Would anyone know what specific registry key is changed? I can easily check registry settings on all the work machines, and I'd like to to make sure that the fix above worked for each system.
Thanks in advance.
There are several theories listed to explain light. The 80%-20% rule probably applies; there are millions of pages, and probably only the ones which get some traffic are reliable. Those would probably be anything you would use an encyclopedia for, as opposed to imdb.com or the Smallville fan site. I learned a lot about Starbucks in the Wikipedia.. I hadn't realized that Starbucks was started by the owners of a competing chain in the Bay Area called Peet's Coffee.
Nature just had an article on the reliability of scientific articles in the Wikipedia (I think the original research was in a different publication). The research says that the Wikipedia is about as good as the Brittanica Encyclopedia. But that the Wikipedia articles are less "professionally" written, and would readers of Nature please assist Wikipedia with the review and editing of the more theoretical articles.
I find that competing theories are well represented in most articles. Since an article tends to be "unstable" until all reviewing parties are satisfied, competing represented viewpoints tend to be including in a factual non-biased manner. (Not that they are represented as fact, but known facts, and the fact of dissenting beliefs are well represented, along with links to additional resources.).
I lost weight because of portion control. But less oil/butter/rice/pasta/bread was the biggest help. You can eat a ton of mushrooms, veggies, steamed carrots, and a fair amount of meat without inhaling calories, and I found a salad I don't get bored with. (Lots of salt and pepper, and a drizzle of expensive olive oil)
Since I started putting bread in the fridge, I've had no problems with it going bad quickly. After a couple weeks the bread will go stale.
To another reply, apples last forever in the fridge. Bananas are a problem, but I found a recipe for a great Banana Ice Cream that uses browning bananas.
Banana "Ice Cream" (from the Moosewood Cooking at Home) 4 brown bananas
Slice into 1/2" slices, arrange on plate, freeze for 1 hour. When frozen, blend until creamy. Serves 2. (Slices keep frozen in freezer-safe bag for a couple weeks.) -- Tastes surprisingly great! (Add honey, cinnamon, other fruit, etc for variety)
The Shift key theoretically works, but doesn't always. I've held down the key, then inserted the CD, waited ten seconds, and then let go, and sometimes the CD still starts the autorun program. How long are you supposed to hold down the shift key? There's no popup or message saying that you can let go now (although there is a message asking if I am physically disabled..)
To fix this security and UI flaw, I've disabled autorun on our company systems, which breaks certain other features..
OS X does not autorun. It can, based on the content, start iTunes or iPhoto or something, but it will not automatically run programs from the CD. Which is wonderful. (On OS X, Sony has to beg the user to install the DRM manually-- what a difference!)
Whole Foods (organic grocery chain) makes it a -lot- easier for me. I was shocked when I discovered about a year ago that I could not find any bread -without- corn syrup at the local grocery. When I looked at Whole Foods, I couldn't find any bread -with- corn syrup. It's rather nice being able to ignore the labels when shopping and know that whatever I grab will probably be healthy, corn-syrup free and taste great. (and be expensive, sigh) I've lost 30 pounds this year.
Although ID is not supported by real evidence, the court ruling does not prevent you from considering it. It does not prevent you from teaching your kids the fallacies of ID as alternate points of view, or even as the True God's Test of Faith.
The ruling prevents public schools from teaching ID as science, because the judge has correctly seen that ID is religion-in-disguise, and our Constitution is understood to prevent the "establishment of religion".
Children do need to learn critical thinking, however, it is undeniable that they are very impressionable, and not very skilled at thinking critically. Spending a half-hour listing the talking points of ID as a viable alternative to evolution and common descent, is a really horrible way to teach "critical thinking". Next up, spend a half-hour in biology class talking about the soul, and where it resides, and how much it weighs. Promote critical thinking!
Why does Server 2003 cost me per server, instead of per media? The theory is that after spending years of programmers salaries without compensation, they have to make back the money they already spent just with licensing fees. It's an art, deciding how to price things so that both the little businesses can afford it and still recoup your costs.
Server CALs are just another tool in balancing software costs proportional to the usage (customer perceived value) and ability to pay.
It may be partly greed, but remember that most companies have to use their successes to recoup the costs of software that DIDN'T sell. Remember Infocom? Looking Glass Studios? Pricing is an art. CALs are a tool.
hmmm.. the price for a single song has to include the transaction fee, which goes down when an entire cd is purchased. From my (customer) perspective, getting "War" or "Hotel California" is worth 99 cents since I don't want the whole CD. I'm not saying it's great, but I don't think it's a ripoff.
Want amazing ripoffs? How about $2.99 for a 30-second low quality ringtone?
I get my CDs from CDBaby.com; usually more than half of my payment goes to the artist within a week. I used to buy mainstream from our local Hear Music store at the Stanford Mall.. discovered The Decemberists, Bowery Electric, Les Nubians, Pink Martini there. I nearly cried when they got bought by Starbucks and closed the store. Haven't bought a mainstream CD since.
"Oh, that's just our web server looking up the SecureID code for the database. Man, you don't want to hear what it sounds like when it reads the password wrong. The database server makes such a fuss!"...in Bizarro world
That totally works in some cases. There are several accounts at work that I use random* passwords for, and if I ever need to enter them again, I just change them instead. Simple as pie.
In another situation, the application account has sole-access to a password file, which is audited. Users just refer to the file, and don't have access to the password themselves. The application account password is random and so is the password in the file.
*random means a long password that I can remember only long enough to enter it twice.
Debatable. When a mathematician works for years to determine the theoretical limit of compression, is it discovery? or development? This is not the same, but seems similar enough that I wouldn't get my panties in a twist over it. (Huh? Do I even have panties?)
In any case, props and honors to those who researched the problem to an improved solution.
Nearly all security-related Windows and Mac updates are just fine.
If the trust in Apple is just "ignorant", it's still has a great result. Most non-geek Mac users I know do regular updates. Most non-geek Windows users I know, don't.
The difference between crashing and surrendering your computer to remote control is in the data. I mean, this six-month unpatched IE vulnerability was low-priority because it "only crashed" IE. It wasn't until recently that someone figured out the right multi-thousand character string that changed it from "crashing" to "zombie".
That being said, not all crashing is exploitable, but I distrust those who say they can tell which is and which isn't.
Slashdot Mirror
Ditto ..and I'd love to play it (buy it) on my Mac. :)
Hmm.. ok. I never think in terms of the Kernel, as opposed to the Operation System. Perhaps the WinXP kernel has more security features (different priviledges for Local Logon, SYSTEM w/o Network access, complex file and registry ACLs, to name a couple). But they are not used consistently or properly.
The complexity is itself a problem. Network access to the registry is controlled by the permissions ACL on a particular registry subkey, for instance. The OS directory structure requires that ACLs be maintained on a per-file and per-subfolder basis, since so many subfolders and files in the Windows\system32 directory need exceptions in their ACLs.
So the kernel could be capable of so much more, but the way Microsoft creates the rest of the OS is.. horrendous.. from an admin perspective. From a single-user (home user) perspective, the complexity isn't as problematic except for the variety of ways that malware can invade and reside in the system undetected.
/ falling asleep..
// and have a Happy New Year!
Perhaps you'd volunteer to migrate our Windows business software to Linux? We depend on Foxpro's command UI and speed. We have thousands of VB scripts. And some GUI-heavy custom analysis software. Do they run on Linux? Can you make them run quickly on Linux? Can you retrain all of our programmers. No, you can't.
:)
What is the Mac version of Sony's rootkit? Is that the one when you open the CD, you find a readme begging you to install the DRM, so you do, but then you have to type in the administrator password?
Nah. I'm doing what I can, which is protecting our business needs. And highlighting the security costs of Windows as often as possible, to help people make the switch. Sure I'm smug, but you're ugly.
Nope. You said, "by default" Windows is more secure than Linux. The challenge was issued for "unpatched" systems, that is, configuration "by default". Windows, by default, sucks for unpatched remote hacks, just humming along by itself attached to the internet, even before you take into account default email, web browsing, and media playing (rootkit, anyone?), with require "some" user actions.
:) /actually not, I don't have a spare Apple box ;)
It's a fair challenge. Although, I'd admit that the challenger should have to use a mainstream user-oriented Linux distro, and not a "hardened" server distro.
I'll challenge both of your boxes against a freshly installed Apple box.
I call shenanigans.
I've checked three times today, and I'm not seeing any patches for Windows. Maybe you were confused or hacked?
We Apple users have had ammunition all along. Sony rootkit, LSASS, UPNP buffer overflow. IE "do me" exploits weekly or monthly. And I'd be LMAO without reservation if I didn't have to administer 35 of these fifth columns at work.
Seriously, this is helping a couple of my coworkers make the switch to Mac, even though my boss claims he's happy with his $600 laptop. He's happy because ignorance is bliss, and he has a short memory. He has no idea what his laptop is doing without his knowledge, and every six months he brings it in to me to get it cleaned or wiped.
Full Outlook can't reply or forward either without downloading or including linked images. The only nice thing is that it warns you, and lets you cancel.. usually. /really f'ing tired of Exchange and Outlook crap...
No, Slashdot isn't "to blame". Stop talking like Zonk.
.wmf files to popular forums that I read. I'd guess that it's because the company exploiting this vulnerability the most -- Spyaxe -- is making a buck off of it, and mere pranksters won't.
Anti-virus and virus writers follow different websites that were already posting the details of the WMF vulnerability and the exploits. Slashdot did not have anything to do with that.
Thanks to Slashdot, I found out about this vulnerability in time to shut off our company's internet access before people came in to work, and find out what do (unregister shimgvw.dll, add rules to IDS, send alarmist email to everyone explaining what to look out for).. I'm sure that thousands of other admins found out about this within 24 hours, thanks to Slashdot, and were able to warn co-workers, friends, and family.
It's very different to ask "Is the publicity from Slashdot to blame?" vs. "I'm curious to know the effects that the media has on catalyzing the growth of exploits like this." I'm curious too, but *very* glad that Slashdot reported this exploit.
I'd believe that a few "prank" infections (IM) have occurred because of the publicity. I'm honestly surprised that no one seems to have posted these
Google Desktop runs as SYSTEM.
;)
If you get infected because IE tried to view the file, then the exploit runs as you.
If you get infected because you saved/cached the file, and Google Desktop decides to index it, then the exploit runs as SYSTEM.
That's how I understand it after reading these threads, but I could be wrong..
(VIVA LA MAC! -- Virus-free since 2003!)
I want to confirm on all systems at work that the WMF viewer has been unregistered with "regsvr32 /u shimgvw.dll". This command modifies the registry in some way to disable the .dll.
Would anyone know what specific registry key is changed? I can easily check registry settings on all the work machines, and I'd like to to make sure that the fix above worked for each system.
Thanks in advance.
ahref=http://en.wikipedia.org/wiki/Light%23Theorie s_about_lightrel=url2html-31385http://en.wikipedia .org/wiki/Light#Theories_about_light>
_ Warrel=url2html-31385http://en.wikipedia.org/wiki/ American_Civil_War>
There are several theories listed to explain light. The 80%-20% rule probably applies; there are millions of pages, and probably only the ones which get some traffic are reliable. Those would probably be anything you would use an encyclopedia for, as opposed to imdb.com or the Smallville fan site. I learned a lot about Starbucks in the Wikipedia.. I hadn't realized that Starbucks was started by the owners of a competing chain in the Bay Area called Peet's Coffee.
Nature just had an article on the reliability of scientific articles in the Wikipedia (I think the original research was in a different publication). The research says that the Wikipedia is about as good as the Brittanica Encyclopedia. But that the Wikipedia articles are less "professionally" written, and would readers of Nature please assist Wikipedia with the review and editing of the more theoretical articles.
I find that competing theories are well represented in most articles. Since an article tends to be "unstable" until all reviewing parties are satisfied, competing represented viewpoints tend to be including in a factual non-biased manner. (Not that they are represented as fact, but known facts, and the fact of dissenting beliefs are well represented, along with links to additional resources.).
ahref=http://en.wikipedia.org/wiki/American_Civil
"The causes of the war, and even the name of the war itself, are still debated"
Just keep in mind that there is no "perfect" encyclopedia. If you go by "what works", then you may find that the Wikipedia works for you.
I lost weight because of portion control. But less oil/butter/rice/pasta/bread was the biggest help. You can eat a ton of mushrooms, veggies, steamed carrots, and a fair amount of meat without inhaling calories, and I found a salad I don't get bored with. (Lots of salt and pepper, and a drizzle of expensive olive oil)
Since I started putting bread in the fridge, I've had no problems with it going bad quickly. After a couple weeks the bread will go stale.
To another reply, apples last forever in the fridge. Bananas are a problem, but I found a recipe for a great Banana Ice Cream that uses browning bananas.
Banana "Ice Cream" (from the Moosewood Cooking at Home)
4 brown bananas
Slice into 1/2" slices, arrange on plate, freeze for 1 hour. When frozen, blend until creamy. Serves 2. (Slices keep frozen in freezer-safe bag for a couple weeks.) -- Tastes surprisingly great! (Add honey, cinnamon, other fruit, etc for variety)
The Shift key theoretically works, but doesn't always. I've held down the key, then inserted the CD, waited ten seconds, and then let go, and sometimes the CD still starts the autorun program. How long are you supposed to hold down the shift key? There's no popup or message saying that you can let go now (although there is a message asking if I am physically disabled..)
To fix this security and UI flaw, I've disabled autorun on our company systems, which breaks certain other features..
OS X does not autorun. It can, based on the content, start iTunes or iPhoto or something, but it will not automatically run programs from the CD. Which is wonderful. (On OS X, Sony has to beg the user to install the DRM manually-- what a difference!)
Whole Foods (organic grocery chain) makes it a -lot- easier for me. I was shocked when I discovered about a year ago that I could not find any bread -without- corn syrup at the local grocery. When I looked at Whole Foods, I couldn't find any bread -with- corn syrup. It's rather nice being able to ignore the labels when shopping and know that whatever I grab will probably be healthy, corn-syrup free and taste great. (and be expensive, sigh) I've lost 30 pounds this year.
Although ID is not supported by real evidence, the court ruling does not prevent you from considering it. It does not prevent you from teaching your kids the fallacies of ID as alternate points of view, or even as the True God's Test of Faith.
The ruling prevents public schools from teaching ID as science, because the judge has correctly seen that ID is religion-in-disguise, and our Constitution is understood to prevent the "establishment of religion".
Children do need to learn critical thinking, however, it is undeniable that they are very impressionable, and not very skilled at thinking critically. Spending a half-hour listing the talking points of ID as a viable alternative to evolution and common descent, is a really horrible way to teach "critical thinking". Next up, spend a half-hour in biology class talking about the soul, and where it resides, and how much it weighs. Promote critical thinking!
Names only need to be right to sell papers. Her name is the least important detail of the article.
Why does Server 2003 cost me per server, instead of per media? The theory is that after spending years of programmers salaries without compensation, they have to make back the money they already spent just with licensing fees. It's an art, deciding how to price things so that both the little businesses can afford it and still recoup your costs.
Server CALs are just another tool in balancing software costs proportional to the usage (customer perceived value) and ability to pay.
It may be partly greed, but remember that most companies have to use their successes to recoup the costs of software that DIDN'T sell. Remember Infocom? Looking Glass Studios? Pricing is an art. CALs are a tool.
I've got the "aura", and I'm going to try this today! :D
hmmm.. the price for a single song has to include the transaction fee, which goes down when an entire cd is purchased. From my (customer) perspective, getting "War" or "Hotel California" is worth 99 cents since I don't want the whole CD. I'm not saying it's great, but I don't think it's a ripoff.
Want amazing ripoffs? How about $2.99 for a 30-second low quality ringtone?
I get my CDs from CDBaby.com; usually more than half of my payment goes to the artist within a week. I used to buy mainstream from our local Hear Music store at the Stanford Mall.. discovered The Decemberists, Bowery Electric, Les Nubians, Pink Martini there. I nearly cried when they got bought by Starbucks and closed the store. Haven't bought a mainstream CD since.
"What's that noise in the server room?!"
...in Bizarro world
"Oh, that's just our web server looking up the SecureID code for the database. Man, you don't want to hear what it sounds like when it reads the password wrong. The database server makes such a fuss!"
(RTFA)
That totally works in some cases. There are several accounts at work that I use random* passwords for, and if I ever need to enter them again, I just change them instead. Simple as pie.
In another situation, the application account has sole-access to a password file, which is audited. Users just refer to the file, and don't have access to the password themselves. The application account password is random and so is the password in the file.
*random means a long password that I can remember only long enough to enter it twice.
Debatable. When a mathematician works for years to determine the theoretical limit of compression, is it discovery? or development? This is not the same, but seems similar enough that I wouldn't get my panties in a twist over it. (Huh? Do I even have panties?)
In any case, props and honors to those who researched the problem to an improved solution.
Nearly all security-related Windows and Mac updates are just fine.
If the trust in Apple is just "ignorant", it's still has a great result. Most non-geek Mac users I know do regular updates. Most non-geek Windows users I know, don't.
The difference between crashing and surrendering your computer to remote control is in the data. I mean, this six-month unpatched IE vulnerability was low-priority because it "only crashed" IE. It wasn't until recently that someone figured out the right multi-thousand character string that changed it from "crashing" to "zombie".
That being said, not all crashing is exploitable, but I distrust those who say they can tell which is and which isn't.
My brother recently switched to Apple.. We were IM'ing about this update and he said..
"one thing i looove about this thing is that i'm never afraid to update like in windows. i'm not scared that it will be worse off"
Trust is important. How many people haven't updated Windows to SP2 still??