Uhm, you are truly a master of the obvious. Why else would they give it away for free?
And how is it unncessary? I suppose you'd prefer the next least expensive alternative, paying $1200 for a Nessus direct feed license to get the plugin right now?
Any time someone/something switches to a MS product away from an non-MS product, they must have been doing it because they're either clueless. There can be no other possible option. Even a product was completely inferior as Star Office.
Now carry on with your business elsewhere, and remember, Linus is lord.
I was a Linux/FreeBSD zealot for SO many years. I wrote all my code with 23423 platform portability in mind, things were good. Then I realized that I didn't have any real experience writing apps for Windows and I thought I should give it a try.
I picked up some books on VS (Visual Studio) and started with C# (I had quite a bit of Java experience all ready so it was pretty easy to pick up the language). Then something very strange happened. I began to really like it. I found I was able to write applications which would have taken weeks in C using VIM or even a week in Java using Visual Age.
I became a much more efficient programmer. Mostly due to.NET and the absolutely amazing IDE that is Visual Studio.
Don't get me wrong, I'm not a pure Windows guy now, but I do have an XP SP2 workstation and I spend quite a bit of time in VS.
Why mod it Troll? It's completely true. Having so many Linux distrobutions doesn't do anything positive for open source and/or Linux.
It just reduces focus and bloated code by having to make applications portable across 500 freaking operating systems.
Whatever.. the same principle applies to nearly every mid-large enterprise in the world.
They don't prioritize security it high enough until something goes wrong. Sure, they may be working on a solution, but it's funny how much more quickly things get done when there's a virus/worm running rampant in your company or a web server was defaced. How many InfoSec departements didn't get the funding they needed until Sarbanes Oxley came around and threatened their CFO and CEO?
The same applies to vulnerability research and disclosure. Light a fire under their ass if you want it done fast.. and when it comes to the security of IP, you do.
What did you expect? This is Slashdot: 90% clueless sheep thinking they're rebels.
Re:What does Microsoft use?
on
Visual Studio Hacks
·
· Score: 2, Interesting
Who the hell told you that?
I've done my time at MS and that statement is completely false. While different people have different preferences (even at MS), VS is still the IDE of choice for most of us. At least when we're writing code for MS-based operating environments.
Cisco's 'solid armour' as you put it has been based on two concepts:
1) There was no known way to execute shellcode due to the idle process responsible for doing heap pointer 'validation'. Thnsis prevented the possibility of executing shell code and essentially limited the attack vectors for overflows to DoS. 2) Some level of obscurity regarding the IOS inner workings.
Is that what you consider solid armour?
While Lynns presentation was mostly old news, it did something very important. It eliminated point #1 above. This makings it significantly more attractive to a would-be attacker. Creating a DoS condition is fine, but has no real value to a hacker other than the few obvious ones used by packet warriors. Being able to fully compromise a router and install your software is much more interesting and valuable.
Does anyone really expect software controls to prevent anyone from pirating this? Unless each DRM chip has a secure checksum of the kernel to validate tampering and be unique to each installation (and break updates), how can anyone expect this to stick?
Granted, I don't know anything about the Intel DRM technology, but I don't see how it can work long term.
Protected Mode. Available in the Windows Vista beta 2 release and beyond, Internet Explorer Protected Mode will provide new levels of security and data protection for Windows users. Designed to defend against "elevation of privilege" attacks, Internet Explorer Protected Mode provides the safety of a robust Internet browsing experience while helping prevent hackers from taking over the browser and executing code through the use of administrator rights. In this mode, Internet Explorer 7 is completely unable modify user or system files and settings. All communications occur via a broker process that mediates between the Internet Explorer browser and the operating system. The broker process is only initiated when the user clicks on the Internet Explorer menus and screens. The highly restrictive broker process prohibits workarounds from bypassing the Protected Mode. Any scripted actions or automatic processes will be prevented from downloading data or affecting the system. Specifically, Component Object Model objects will only be self-aware and have no reference information by which to identify and attack other applications or the operating system. Internet Explorer Protected Mode helps protect users from malicious downloads by restricting the ability to write to any local machine zone resources other than temporary Internet files. Attempting to write to the Windows Registry or other locations will require the broker process to provide the necessary elevated permissions.
Slashdot Mirror
See subject.
I better add 20 new threads to my Firefox download script!
Uhm, you are truly a master of the obvious. Why else would they give it away for free?
And how is it unncessary? I suppose you'd prefer the next least expensive alternative, paying $1200 for a Nessus direct feed license to get the plugin right now?
Yes, and you have to be a direct feed user to get them. At least for the next several days.
Any time someone/something switches to a MS product away from an non-MS product, they must have been doing it because they're either clueless. There can be no other possible option. Even a product was completely inferior as Star Office.
Now carry on with your business elsewhere, and remember, Linus is lord.
I was a Linux/FreeBSD zealot for SO many years. I wrote all my code with 23423 platform portability in mind, things were good. Then I realized that I didn't have any real experience writing apps for Windows and I thought I should give it a try. I picked up some books on VS (Visual Studio) and started with C# (I had quite a bit of Java experience all ready so it was pretty easy to pick up the language). Then something very strange happened. I began to really like it. I found I was able to write applications which would have taken weeks in C using VIM or even a week in Java using Visual Age. I became a much more efficient programmer. Mostly due to .NET and the absolutely amazing IDE that is Visual Studio.
Don't get me wrong, I'm not a pure Windows guy now, but I do have an XP SP2 workstation and I spend quite a bit of time in VS.
Why mod it Troll? It's completely true. Having so many Linux distrobutions doesn't do anything positive for open source and/or Linux. It just reduces focus and bloated code by having to make applications portable across 500 freaking operating systems.
Just what we need, another freaking Linux distro.
But more importantly, how accessible it is.
Is die a very slow and painful death...at least in the software market.
Answer: A tree hugging, Linux hippy.
Whatever.. the same principle applies to nearly every mid-large enterprise in the world.
They don't prioritize security it high enough until something goes wrong. Sure, they may be working on a solution, but it's funny how much more quickly things get done when there's a virus/worm running rampant in your company or a web server was defaced. How many InfoSec departements didn't get the funding they needed until Sarbanes Oxley came around and threatened their CFO and CEO?
The same applies to vulnerability research and disclosure. Light a fire under their ass if you want it done fast.. and when it comes to the security of IP, you do.
What did you expect? This is Slashdot: 90% clueless sheep thinking they're rebels.
Who the hell told you that?
I've done my time at MS and that statement is completely false. While different people have different preferences (even at MS), VS is still the IDE of choice for most of us. At least when we're writing code for MS-based operating environments.
Cisco's 'solid armour' as you put it has been based on two concepts:
1) There was no known way to execute shellcode due to the idle process responsible for doing heap pointer 'validation'. Thnsis prevented the possibility of executing shell code and essentially limited the attack vectors for overflows to DoS.
2) Some level of obscurity regarding the IOS inner workings.
Is that what you consider solid armour?
While Lynns presentation was mostly old news, it did something very important. It eliminated point #1 above. This makings it significantly more attractive to a would-be attacker. Creating a DoS condition is fine, but has no real value to a hacker other than the few obvious ones used by packet warriors. Being able to fully compromise a router and install your software is much more interesting and valuable.
Does anyone really expect software controls to prevent anyone from pirating this? Unless each DRM chip has a secure checksum of the kernel to validate tampering and be unique to each installation (and break updates), how can anyone expect this to stick?
Granted, I don't know anything about the Intel DRM technology, but I don't see how it can work long term.
I better increase the thread count stat!
Everyone is aware that the presentation has been published on numerous mailing lists and websites, right?
I have run my Python curl script running with 5 threads! I download Firefox 25 times per hour and so do 20 of my friends!
Were we talking about OS security in general or IE7?
There's a difference between what will "work" and what will "work properly".
I could drive my car with no air conditioning (I'm in Florida) or seats but I wouldn't want to.
That is exactly why the world isn't ready to migrate to Linux/*BSD.
Interestingly enough, the IE7 search field defaults to Google (but supports MSN, Yahoo, AOL and Ask Jeeves.
Ok, how?
Protected Mode. Available in the Windows Vista beta 2 release and beyond, Internet Explorer Protected Mode will provide new levels of security and data protection for Windows users. Designed to defend against "elevation of privilege" attacks, Internet Explorer Protected Mode provides the safety of a robust Internet browsing experience while helping prevent hackers from taking over the browser and executing code through the use of administrator rights. In this mode, Internet Explorer 7 is completely unable modify user or system files and settings. All communications occur via a broker process that mediates between the Internet Explorer browser and the operating system. The broker process is only initiated when the user clicks on the Internet Explorer menus and screens. The highly restrictive broker process prohibits workarounds from bypassing the Protected Mode. Any scripted actions or automatic processes will be prevented from downloading data or affecting the system. Specifically, Component Object Model objects will only be self-aware and have no reference information by which to identify and attack other applications or the operating system. Internet Explorer Protected Mode helps protect users from malicious downloads by restricting the ability to write to any local machine zone resources other than temporary Internet files. Attempting to write to the Windows Registry or other locations will require the broker process to provide the necessary elevated permissions.