How much yen do you want to bet that it's one of those stupid "Are you sure?" dialog boxes that everyone clicks "Yes" to without actually thinking about what it's asking? Ah, how I love ignoring those warnings, too.
A Microsoft spokesperson was heard commenting on this news:
"When we release Windows Vista, we intend to make it so secure that we fully believe it will render
such technology totally unnecessary."
The current belief is malformed headers, an invalid 302 header with a bogus location and a redirect loop.
"The current belief" ? WTF ? Anyone sufficiently technically savvy, with a knowledge of the HTTP protocol, with 5 min of free time could tcpdump the traffic to immediately identify the origin of the problem. I find it strange that nobody has yet been able to do it...
In a separate announcement, he also reported he wanted to get
a flying car,
a magic wand,
a six-leave clover to complete his collection,
and an invisible pink unicorn.
[cyber terrorism] is almost inexistent but it *does* exist
I would like to make sure everyone understands my point: what I meant
is that as of today "cyber terrorists" (I hate this term) pose a threat
that is much less important than, say, the whole bunch of script kiddies
present on the Internet (I am not even sure if we can call this "terrorism").
But the fact is that given their number and their imagination, terrorists
have probably already started to play with some scenarios of Internet attacks
(e.g. development of some minor worms, nothing spectacular but still some kind of "attack").
As a security researcher, I can say without hesitation: of course the threat is credible. The vulnerabilities are here, each day a dozen of them are discovered in major applications [1]. And competent security researchers exist around the world (e.g. 75% of windows vulnerabilities are discovered by external independant researchers [2]).
Now the only reason why cyber terrorism is not more frequent and more harmful (it is almost inexistent but
it *does* exist) is the relatively few
number of black hats (bad guys) compared to the huge number of white hats out there, and probably
also the lack of motivation of the potential attackers.
Did you know that the core developers of Ubuntu Linux
are employed by the Ubuntu Foundation, which was founded by
Mark Shuttleworth
(he provided an initial funding commitment of $10 million).
He is also:
a South African entrepreneur,
the first African in space (he reportedly paid $20 million
for his trip aboard the Soyuz and ISS spacecrafts)
the guy who founded Thawte (digital certificates, etc)
and sold it later to VeriSign.
Let me tell you that the editorial's title
("France Hostile To Open Source Software?")
is very misleading
for a very simple reason:
the anti Free Software statements have been made by the SNEP and SCPP,
which are --guest what-- 2 lobbying groups created by various music companies.
Here is a small list of companies belonging to those groups:
Sony BMG, EMI, Universal, Warner Music France, Walt Disney Company, etc.
Complete lists can be found on their websites:
Those 2 lobbying groups are obviously anti-P2P (and they say it clearly on their respective websites) and that explains totally why they are so anti Free Software, knowing that BitTorrent as well as other popular P2P tools are Free Softwares.
But in no way whatsoever have the French in general, or the France
Government, made any anti Free Software statements. We
all remember
those
various stories
that prove quite the contrary !
As a supporter of Free Software, and french citizen, I am quite sad to see this
story posted on Slashdot. It just makes people have a bad opinion about us:(
I have always wondered why people who buy the WRT54G to run customized
firmwares don't show as much interest as in
similar embedded platforms, which are
in the same price range ($70 to $130),
have a similar or superior hardware config [1],
and allow a similar level of customization.
So why the WRT54G interest you, but not those embedded platforms ?
[1] Actually those platforms even seem more attractive (faster CPU, more RAM, bluetooth, MMC, etc), the only downside is that, of course, they don't provide 5 ethernet ports, but only 1 or 2.
Give me $1 billon dollar (3% of microsoft's annual revenue), promote me CEO, and I fix ALL unpatched security vulnerabilities in ALL microsoft products in by the end of 2006.
No, releasing beta security patches would be good, this is what Sun does for Solaris for example.
Because with beta patches the users have the choice of applying them or not, while the
current MS policy leave no choice to users.
...of why we say that MS doesn't care enough about the security of its users. MS should be even more committed into improving the speed of development & QA of security patches. This particular zero-day vuln is known since at least one week, and MS still hasn't distributed a fix. Delaying the release
of a fix to Patch Tuesday doesn't make any sense when the vuln details are already publicly
known. They should at least release beta patches (if the QA process is not yet complete) for users
who NEED security and can afford potential stability problems. Other users can wait for Patch
Tuesday if they want.
But one week is nothing compared to other vulns. Look at this list of other currently unpatched holes
in MS products:
http://www.eeye.com/html/research/upcoming/index.h tml.
Some of them has been reported months ago and are still unfixed.
This is inadmissible for a multi-billion dollars company.
The Wikipedia article incorrectly stated that "he was thought to have been directly involved in the Kennedy assassinations of both John, and his brother, Bobby." So what ?
Errors happen from time to time. This one has been fixed now. This doesn't justify an
article on usatoday.com.
Ignoring the content-type and using the file extension to infer the filetype
is stupid in an HTTP environment.
For example this is exactly what IE does with.html files: whatever the content-type is,
it will ALWAYS render them. In other words you cannot control what IE does with.html
files, you cannot make it display them as raw text files by setting the content-type
to text/plain, etc. This is really stupid, annoying, and a violation of the HTTP standard.
The most important reason that Windows based servers are doing so well could be that programmers find it extremely easy to work on.Net and other related technologies.
Not exactly. The main reason why Windows is still doing well is because of market inertia. I like to call this mind inertia, because even before considering a switch to Linux (which can be long and painful), people need to be convinced that Linux is superior to Windows. This is a step that takes quite some time, this is especially true in technological fields where so few people have the technical knowledge required to understand why product A is superior to product B. That's why, nowadays, you still have so few people realizing Linux's advantages (and inconvenients).
Look at the AMD Opteron. It is the exact same reason why so many people still believe in the superiority of Intel Xeons, despite the fact that everybody:
who understands why a Direct Connect Architecture provides better throughput and scaling than an FSB,
who knows why it is better to have a lower memory latency with an integrated memory controller than to increase the L2 cache size,
who is aware that AMD's implementation of a true 3-way superscalar architecture is more "scalar" than the 5-port design of Intel,
who understands why the 10-stage pipeline of AMD CPUs is more efficient for inceasing the IPC than Intel's 30-stage pipeline,
who knows why having 2 cores connected over an XBAR (AMD) allows for better throughput and latency than 2 cores linked via an internal FSB (Intel),
recognizes the superiority of Opterons over Xeons. Unfortunately, because of this market/mind inertia, because of this lack of technical knowledge, because of this diffuculty to change minds, it will take years for people to accept Opterons.
Slashdot Mirror
You will lose 3,100,000,000 USD. Continue ? [y] y
A Microsoft spokesperson was heard commenting on this news: "When we release Windows Vista, we intend to make it so secure that we fully believe it will render such technology totally unnecessary."
"The current belief" ? WTF ? Anyone sufficiently technically savvy, with a knowledge of the HTTP protocol, with 5 min of free time could tcpdump the traffic to immediately identify the origin of the problem. I find it strange that nobody has yet been able to do it...
You never know.
Australian Senator Wants to Censor the Net
In a separate announcement, he also reported he wanted to get a flying car, a magic wand, a six-leave clover to complete his collection, and an invisible pink unicorn.
No way I click on this link ! It happened once (ewww), I won't let it happen again...
No, 0x10 !!
I would like to make sure everyone understands my point: what I meant is that as of today "cyber terrorists" (I hate this term) pose a threat that is much less important than, say, the whole bunch of script kiddies present on the Internet (I am not even sure if we can call this "terrorism"). But the fact is that given their number and their imagination, terrorists have probably already started to play with some scenarios of Internet attacks (e.g. development of some minor worms, nothing spectacular but still some kind of "attack").
As a security researcher, I can say without hesitation: of course the threat is credible. The vulnerabilities are here, each day a dozen of them are discovered in major applications [1]. And competent security researchers exist around the world (e.g. 75% of windows vulnerabilities are discovered by external independant researchers [2]).
Now the only reason why cyber terrorism is not more frequent and more harmful (it is almost inexistent but it *does* exist) is the relatively few number of black hats (bad guys) compared to the huge number of white hats out there, and probably also the lack of motivation of the potential attackers.
[1] Look at this graph.
[2] Look at the credits in MS security bulletins.
Conveniently nicknamed XBox 911.
Or reallyreallysmalltechnology.
You choose.
Did you know that the core developers of Ubuntu Linux are employed by the Ubuntu Foundation, which was founded by Mark Shuttleworth (he provided an initial funding commitment of $10 million). He is also:
Let me tell you that the editorial's title ("France Hostile To Open Source Software?") is very misleading for a very simple reason: the anti Free Software statements have been made by the SNEP and SCPP, which are --guest what-- 2 lobbying groups created by various music companies. Here is a small list of companies belonging to those groups: Sony BMG, EMI, Universal, Warner Music France, Walt Disney Company, etc. Complete lists can be found on their websites:
Those 2 lobbying groups are obviously anti-P2P (and they say it clearly on their respective websites) and that explains totally why they are so anti Free Software, knowing that BitTorrent as well as other popular P2P tools are Free Softwares. But in no way whatsoever have the French in general, or the France Government, made any anti Free Software statements. We all remember those various stories that prove quite the contrary !
As a supporter of Free Software, and french citizen, I am quite sad to see this story posted on Slashdot. It just makes people have a bad opinion about us :(
I have always wondered why people who buy the WRT54G to run customized firmwares don't show as much interest as in similar embedded platforms, which are in the same price range ($70 to $130), have a similar or superior hardware config [1], and allow a similar level of customization. So why the WRT54G interest you, but not those embedded platforms ?
[1] Actually those platforms even seem more attractive (faster CPU, more RAM, bluetooth, MMC, etc), the only downside is that, of course, they don't provide 5 ethernet ports, but only 1 or 2.You don't sleep. You call 9-1-1.
Has already happened, happens often, and will happen again, in many anti virus products, including MS's.
Give me $1 billon dollar (3% of microsoft's annual revenue), promote me CEO, and I fix ALL unpatched security vulnerabilities in ALL microsoft products in by the end of 2006.
You obviously don't get my point. Please reread my post while ignoring the Solaris part. I wasn't trying to compare it with Windows.
No, releasing beta security patches would be good, this is what Sun does for Solaris for example. Because with beta patches the users have the choice of applying them or not, while the current MS policy leave no choice to users.
Is it so hard to understand ?
But one week is nothing compared to other vulns. Look at this list of other currently unpatched holes in MS products: http://www.eeye.com/html/research/upcoming/index.h tml.
Some of them has been reported months ago and are still unfixed.
This is inadmissible for a multi-billion dollars company.
The Wikipedia article incorrectly stated that "he was thought to have been directly involved in the Kennedy assassinations of both John, and his brother, Bobby." So what ? Errors happen from time to time. This one has been fixed now. This doesn't justify an article on usatoday.com.
Ignoring the content-type and using the file extension to infer the filetype is stupid in an HTTP environment.
For example this is exactly what IE does with .html files: whatever the content-type is,
it will ALWAYS render them. In other words you cannot control what IE does with .html
files, you cannot make it display them as raw text files by setting the content-type
to text/plain, etc. This is really stupid, annoying, and a violation of the HTTP standard.
Yeaaah baby !
(to be read with Austin Powers' voice)
--
anonymous engineer
Not exactly. The main reason why Windows is still doing well is because of market inertia. I like to call this mind inertia, because even before considering a switch to Linux (which can be long and painful), people need to be convinced that Linux is superior to Windows. This is a step that takes quite some time, this is especially true in technological fields where so few people have the technical knowledge required to understand why product A is superior to product B. That's why, nowadays, you still have so few people realizing Linux's advantages (and inconvenients).
Look at the AMD Opteron. It is the exact same reason why so many people still believe in the superiority of Intel Xeons, despite the fact that everybody:
recognizes the superiority of Opterons over Xeons. Unfortunately, because of this market/mind inertia, because of this lack of technical knowledge, because of this diffuculty to change minds, it will take years for people to accept Opterons.