"In related news, the Sun-IBM deal proposed last week has been called "anti-competitive" by a tech industry group"
"CCIA is a D.C.-based lobby group whose member includes Microsoft, Google, and Advanced Micro Devices, as well as mainframe maker T3 Technologies", Mar 2009
"The Computer & Communications Industry Association (CCIA) is criticizing a decision by the U.S. Department of Homeland Security (DHS) to use Microsoft Corp. software..
"The CCIA represents three of Microsoft's biggest direct competitors, Sun Microsystems, AOL Time Warner Inc. and Oracle Corp", Aug 2003
Curiously enough the original article had an extra word that's missing in the update..
"The Computer & Communications Industry Association (CCIA) is criticizing
last month's decision by the U.S. Department of Homeland Security (DHS) to exclusively use Microsoft Corp. software"
'An operator corrects the telemetry problem but forgets to restart the monitoring tool'
This from conclusions in the report by the investigating task force. This is BS, the reason the 'operator' disabled 'real-time status of the power system' was to 'conduct a manual check of the network' because they were fully aware an incident was in progress, in the middle of which he then.. incrediously... went to lunch and forgot about it.
"We have no clue. Our computer is giving us fits, too," replied a FirstEnergy technician identified as Jerry Snickey. "We don't even know the status of some of the stuff (power fluctuations) around us."
"I called you guys like 10 minutes ago, and I thought you were figuring out what was gong on there," the MISO technician, identified as Don Hunter, complained, according to the transcripts.
'FirstEnergy's operators were unaware for over an hour that they were looking at outdated information on the status of their portion of the power grid, according to the November report'
'At 14:02 EDT.. One of MISO's primary system condition evaluation tools, its state estimator,
was unable to assess system conditions for most of the period between 12:37 EDT and
15:34 EDT, due to a combination of human error.. and could not issue appropriate warnings'
"The robustness of US power networks has been a hot-button issue after a technical glitch in 2003 caused a cascading power failure in the eastern United States and Canada that affected 55 million people"
The nature of the 'technical glitch' was using Windows NT SCADA units to relay info over the Internet in the middle of the Blaster worm infestation. As was demonstrated in the earlier MS SQL Server 2000 worm infestation of a nuclear power plant.
Computer scientist working at the NSdarpA determined that the worm was created in the distant future by artificial agent type nano robots. They did this under instruction sent from the present by the GRU, so as to disguise the source of the attack. They IMed the AIs a MSG marked 'not to be opened until you discover tachyonic message transmission'...
"The cold war never ended for either China or Russia. Both are still engaged in it. We (as in all citizens; not just the wests) just keep hoping for something different"
It really did, some Neocons in the US administration, being nostalgic for the old days, are attempting to bring it back by provoking the Russians by putting missiles in Poland and US airbases in Kyrgyzstan.
The US promised the Russians that if they went capitalist, NATO would not expand east and the former Eastern block countries wouldn't join the EU. In both matters they lied. Now you've got a pissed off Russia with Putin in charge.
Pwn2Own 2009 Day 1 - Safari, Internet Explorer, and Firefox Taken Down by Four Zero-Day Exploits
Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative.
Next up, Nils. Just Nils- you know, like "Prince" or "Madonna". With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft's latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI.
Pwn2Own 2009 Day 1 - Safari, Internet Explorer, and Firefox Taken Down by Four Zero-Day Exploits
Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative.
Next up, Nils. Just Nils- you know, like "Prince" or "Madonna". With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft's latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI.
Pwn2Own 2009 Day 1 - Safari, Internet Explorer, and Firefox Taken Down by Four Zero-Day Exploits
Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative.
Next up, Nils. Just Nils- you know, like "Prince" or "Madonna". With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft's latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI.
'The advanced Windows-based ATMs coming into use now mean the ATM is technologically close to the Internet banking channel, since both use client/server applications, TCP/IP, and other modern computing methods'
'unlike Linux, the Windows OS features systems management, security, and software distribution tools within the OS kernel, easing integration with a bank's existing infrastructure while obviating the need to purchase additional components, or build them from scratch'
'it'll sit unsupported for 10 years before IBM admits that it's a dead product (OS/2 case in point)'
OS/2 was technologically superior to Windows and would have succeeded if MS hadn't have gone round trashing it in public, while still contracted to develop and support it.
'over 99.9% of the vulnerabilities you are counting require physical access. You can't insert a flash drive, jack in a keyboard, put in a floppy, or even get TCP/IP access to an ATM normally, so those security problems do't count'
That may have been true until they 'upgraded' ATMs from OS/2 and moved communications from dedicated lines to the Internet.
'Last week's revelation by Diebold that its automated teller machines (ATMs) operated by two financial services customers were struck by the W32/Nachi worm raises the specter'
'Last August, the Nachi (Welchia) worm contaminated the cash machines at two financial institutions. When the Slammer virus hit the back end systems of the Bank of America in January 2003, 13,000 US ATMs became unavailable'.
'That line really wasn't needed. The crime requires physical access to the box. A linux,mac,whatever box is just a vulnerable in that situation'
You wouldn't use a desktop OS in such a situation. A small embedded obfuscated encrypted OS performing a small set of dedicated functions. Not a modified Windows OS that could be compromised using a few DLL redirects..
'The main Trojan executable contains the code to handle the magnetic card reader using undocumented Diebold Agilis 91x functions, inject code to ATM's processes'
'ATM message protocols such as NCR's NDC and Diebold's 911/912 are based on ISO 85/83, a 20-year-old standard that industry observers agree looks pretty creaky in the age of Internet standards like XML'
'IFX is far more flexible than NDC and 911/912, which are "single monolithic pieces of code," NCR's Risto said. "With IFX, you're taking states-and-screens away and replacing each piece with an inherent application. Each function is broken out and handled separately."'
'The move to IFX requires a smaller leap of technology than the switch from an OS/2 to Windows operating system, Risto said. "Once you've made the move to Windows, IFX is going to be a far smoother and more intuitive move."'
'Diebold,.. releases its new Advanced Skimming Detection technology for automated teller machines (ATMs). This fraud-deterrence technology.. is the most effective method to guard against card skimming, the act of retrieving consumers' account information from their ATM card magnetic strips via a fraudulent device illegally attached to an ATM'
It would have been more technologically secure to not use magnetic strips in the first place and design a machine that only worked with authorized hardware. Something Diebold don't seem to be able to manage. It should have been foreseen that the crooks would attempt to hack the machines after all they are crooks...
'Variants of Conficker use a variety of methods to spread, including exploiting the MS08-067 vulnerability in the Microsoft Windows server service patched by Redmond in October'
"No. I was amazed to find it was on the same server as my stuff, and that my stuff is in such esteemed company. The guy who actually runs the server told me it was Linux, but it appears it's actually TFA 2006"
In that case, please don't be on my side in anything.. ever !!!!
Slashdot Mirror
Shame on you Firefox/Chrome user, XFCE less is more .. :)
Mac OS X Leopard .. screenshots
"In related news, the Sun-IBM deal proposed last week has been called "anti-competitive" by a tech industry group"
..
..
"CCIA is a D.C.-based lobby group whose member includes Microsoft, Google, and Advanced Micro Devices, as well as mainframe maker T3 Technologies", Mar 2009
"The Computer & Communications Industry Association (CCIA) is criticizing a decision by the U.S. Department of Homeland Security (DHS) to use Microsoft Corp. software
"The CCIA represents three of Microsoft's biggest direct competitors, Sun Microsystems, AOL Time Warner Inc. and Oracle Corp", Aug 2003
Curiously enough the original article had an extra word that's missing in the update
"The Computer & Communications Industry Association (CCIA) is criticizing last month's decision by the U.S. Department of Homeland Security (DHS) to exclusively use Microsoft Corp. software"
'An operator corrects the telemetry problem but forgets to restart the monitoring tool'
.. incrediously ... went to lunch and forgot about it.
.. One of MISO's primary system condition evaluation tools, its state estimator,
was unable to assess system conditions for most of the period between 12:37 EDT and
15:34 EDT, due to a combination of human error .. and could not issue appropriate warnings'
...
This from conclusions in the report by the investigating task force. This is BS, the reason the 'operator' disabled 'real-time status of the power system' was to 'conduct a manual check of the network' because they were fully aware an incident was in progress, in the middle of which he then
"We have no clue. Our computer is giving us fits, too," replied a FirstEnergy technician identified as Jerry Snickey. "We don't even know the status of some of the stuff (power fluctuations) around us."
"I called you guys like 10 minutes ago, and I thought you were figuring out what was gong on there," the MISO technician, identified as Don Hunter, complained, according to the transcripts.
'FirstEnergy's operators were unaware for over an hour that they were looking at outdated information on the status of their portion of the power grid, according to the November report'
'no such call was made or warning given. I have confirmed that by having my staff listen to control room operator tapes'
'At 14:02 EDT
I think he means the screen froze
"The robustness of US power networks has been a hot-button issue after a technical glitch in 2003 caused a cascading power failure in the eastern United States and Canada that affected 55 million people"
The nature of the 'technical glitch' was using Windows NT SCADA units to relay info over the Internet in the middle of the Blaster worm infestation. As was demonstrated in the earlier MS SQL Server 2000 worm infestation of a nuclear power plant.
Computer scientist working at the NSdarpA determined that the worm was created in the distant future by artificial agent type nano robots. They did this under instruction sent from the present by the GRU, so as to disguise the source of the attack. They IMed the AIs a MSG marked 'not to be opened until you discover tachyonic message transmission' ...
slashdot links to fake bullshit bogus 'report' ...
"The cold war never ended for either China or Russia. Both are still engaged in it. We (as in all citizens; not just the wests) just keep hoping for something different"
It really did, some Neocons in the US administration, being nostalgic for the old days, are attempting to bring it back by provoking the Russians by putting missiles in Poland and US airbases in Kyrgyzstan.
The US promised the Russians that if they went capitalist, NATO would not expand east and the former Eastern block countries wouldn't join the EU. In both matters they lied. Now you've got a pissed off Russia with Putin in charge.
Pwn2Own 2009 Day 1 - Safari, Internet Explorer, and Firefox Taken Down by Four Zero-Day Exploits
Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative.
Next up, Nils. Just Nils- you know, like "Prince" or "Madonna". With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft's latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI.
Pwn2Own 2009 Day 1 - Safari, Internet Explorer, and Firefox Taken Down by Four Zero-Day Exploits
Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative.
Next up, Nils. Just Nils- you know, like "Prince" or "Madonna". With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft's latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI.
Pwn2Own 2009 Day 1 - Safari, Internet Explorer, and Firefox Taken Down by Four Zero-Day Exploits
Charlie Miller got the luck of the draw, and had the first time slot for the browser competition. His target- Safari on Mac OS X. Before I could even pull my camera out, it was over within 2 minutes- and Charlie (coincidentally also last year's first winner of the day) is now the proud owner of yet another MacBook, and $5,000 from the Zero Day Initiative.
Next up, Nils. Just Nils- you know, like "Prince" or "Madonna". With a little tweaking, he ran a sleek exploit against IE8, defying Microsoft's latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI.
Enough with the 'I wanted to draw a circle' FUD .. go home MS astroturfers your shift is up ..
"To further quote your pointless reference..."
'The advanced Windows-based ATMs coming into use now mean the ATM is technologically close to the Internet banking channel, since both use client/server applications, TCP/IP, and other modern computing methods'
Top 10 Reasons for Using Microsoft Windows on ATMs
'unlike Linux, the Windows OS features systems management, security, and software distribution tools within the OS kernel, easing integration with a bank's existing infrastructure while obviating the need to purchase additional components, or build them from scratch'
'it'll sit unsupported for 10 years before IBM admits that it's a dead product (OS/2 case in point)'
OS/2 was technologically superior to Windows and would have succeeded if MS hadn't have gone round trashing it in public, while still contracted to develop and support it.
'I was super enthusiast that we shipped OS/2'
OS/2 "Crush" plan
The demos of OS/2 were excellent, crashing the system had the intended effect'
'over 99.9% of the vulnerabilities you are counting require physical access. You can't insert a flash drive, jack in a keyboard, put in a floppy, or even get TCP/IP access to an ATM normally, so those security problems do't count'
That may have been true until they 'upgraded' ATMs from OS/2 and moved communications from dedicated lines to the Internet.
'Last week's revelation by Diebold that its automated teller machines (ATMs) operated by two financial services customers were struck by the W32/Nachi worm raises the specter'
'Last August, the Nachi (Welchia) worm contaminated the cash machines at two financial institutions. When the Slammer virus hit the back end systems of the Bank of America in January 2003, 13,000 US ATMs became unavailable '.
I wonder would Chrome have prevented such a hack?
'Google Chrome is implementing support to run native x86 code from within the browser'
'That line really wasn't needed. The crime requires physical access to the box. A linux,mac,whatever box is just a vulnerable in that situation'
..
You wouldn't use a desktop OS in such a situation. A small embedded obfuscated encrypted OS performing a small set of dedicated functions. Not a modified Windows OS that could be compromised using a few DLL redirects
'The main Trojan executable contains the code to handle the magnetic card reader using undocumented Diebold Agilis 91x functions, inject code to ATM's processes '
'ATM message protocols such as NCR's NDC and Diebold's 911/912 are based on ISO 85/83, a 20-year-old standard that industry observers agree looks pretty creaky in the age of Internet standards like XML'
'IFX is far more flexible than NDC and 911/912, which are "single monolithic pieces of code," NCR's Risto said. "With IFX, you're taking states-and-screens away and replacing each piece with an inherent application. Each function is broken out and handled separately."'
'The move to IFX requires a smaller leap of technology than the switch from an OS/2 to Windows operating system, Risto said. "Once you've made the move to Windows, IFX is going to be a far smoother and more intuitive move."'
'Diebold, .. releases its new Advanced Skimming Detection technology for automated teller machines (ATMs). This fraud-deterrence technology .. is the most effective method to guard against card skimming, the act of retrieving consumers' account information from their ATM card magnetic strips via a fraudulent device illegally attached to an ATM'
...
It would have been more technologically secure to not use magnetic strips in the first place and design a machine that only worked with authorized hardware. Something Diebold don't seem to be able to manage. It should have been foreseen that the crooks would attempt to hack the machines after all they are crooks
You don't have permission to access /blogs/2009/03/13/who-are-cleared-advisors/ on this server.
Same here, FF loads adobe in about three seconds faster on hitting reload ...
'Variants of Conficker use a variety of methods to spread, including exploiting the MS08-067 vulnerability in the Microsoft Windows server service patched by Redmond in October'
"No. I was amazed to find it was on the same server as my stuff, and that my stuff is in such esteemed company. The guy who actually runs the server told me it was Linux, but it appears it's actually TFA 2006"
In that case, please don't be on my side in anything.. ever !!!!
Hi Dave, do you mind telling me if you are the maintainer of lemonparty.org and if so, do you think some people don't share your sense of humor.
Assuming that is the same 'David Gerard', did you have to post links to those sites. I'm feeling very disturbed here .. :o