You don't need security flaws like the one mentioned in the article in order to compromise a machine. Simply write a small HTML file which uses javascript or vbscript to do the following:
1. Open the c:\autoexec.bat file for reading
2. Write "echo Updating configuration - please wait" to the file
3. Write "format c:" to the file
Voila!
You need to use the scripting engine to access the file, which will give the user a prompt "scripting may be unsafe, etc.". So, maybe the user elects not to enable scripting, in which case they're safe. Maybe, the user decides to click OK, in which case the next time they reboot (being Windows, that's not too far away:)) they format their hard drive.
The point is: as always, security issues come down to the user. If users can recieve email with inappropriate content, that inappropriate content can end up being executed. The only real way to stop this kind of thing is by identifying it before it gets to the mail client.
But how does one say Brand-X Furnace can't be hacked (short of removing any network connection)? Making a statement like this would seem akin to stating "this application has no bugs, 'cos we've tested it". One could ensure that a device was resistant to certain forms of attack, but how could future forms be predicted?
I wonder if the clock in my microwave has sufficient processing power to be vulnerable to viruses?:)
The possible vulnerabilities could be far more subtle than 'making the fridge catch fire'. When all the appliances in one's home are networked and controllable, there could arise opportunity for two or more devices to collaborate and cause disaster (by which I mean both devices are controlled by some malicious outsider).
A contrived scenario: You're in the bathroom. The fire control sprinklers suddenly start, as do all your electrical appliances, electrocuting you to death...
I don't intend the above as a particularly realistic scene, but I hope you see my point. If applicances are open to attack, an attacker can cause you trouble. But, for each extra device which might also be used, the number of options an attacker has increases tremendously.
Perhaps a more interesting home could be built from one of computers of antiquity, the kind that took up whole rooms. Nice ambient lighting from the vacuum tubes...
Large shifts in theory or belief like this are scary. It's no surprise that Gold's peers are reluctant to publish his work.
However, it hardly seems appropriate to lobby to ban the man's work. Surely it isn't in the interests of science to disallow the discussion of his ideas, reagardless of what one thinks of them personally?
Smaller is better. The distance signals have to travel will directly impact the rate at which useful computation can be achieved. It is for this reason that supercomputers are typically torus-shaped, with direct, straight connections through the hub, avoiding indirect bus connections which give signals further to propagate.
I do see their point... but what they're trying to do is restrict the use of '...for dummies' in conversation, i.e. in common speech. The use of '...for dummies' in the mailing list does not smack of deliberate infringement - simply of using the phrase to indicate the level at which the content is aimed.
In other words, '...for dummies' has become incorporated into our language to some extent. It's pointless to try to combat that by preventing people using it as a generic term in their everyday lives.
I could suggest that general use of the term amounts to free advertising, but I'm sure IDG regards trademark erosion as too great a threat to consider that an advantage.
SA.
Re: A little perspective - *nix culture
on
WinLinux 2000
·
· Score: 1
Quite!
I didn't have an easy way to set up linux - why should anyone else? These new punks just want plug and play, can't be bothered learning about what they're really doing, want visual basic for linux 'cos they can't really program, grumble, mumble, groan, gripe, what's the world coming to,...
Slashdot Mirror
Most teachers already do more work than most IT workers. Why, then, should they be expected to do more work?
After two years in IT, I earn more than all the teachers I know with twenty years experience!
Hardly motivating, is it?
Some suggestions to make your life worthwhile
William Gibson (read everything, if you haven't already, Especially Neuromancer, Burning Chrome)
John Brunner (esp. The Shockwave Rider, Stand on Zanzibar)
Bruce Sterling (esp. Islands in the Net, Heavy Weather
Elizabeth Hand (esp. Winterlong)
erm, that should have been 'open for writing', obviously...
You don't need security flaws like the one mentioned in the article in order to compromise a machine. Simply write a small HTML file which uses javascript or vbscript to do the following:
1. Open the c:\autoexec.bat file for reading
2. Write "echo Updating configuration - please wait" to the file
3. Write "format c:" to the file
Voila!
You need to use the scripting engine to access the file, which will give the user a prompt "scripting may be unsafe, etc.". So, maybe the user elects not to enable scripting, in which case they're safe. Maybe, the user decides to click OK, in which case the next time they reboot (being Windows, that's not too far away
The point is: as always, security issues come down to the user. If users can recieve email with inappropriate content, that inappropriate content can end up being executed. The only real way to stop this kind of thing is by identifying it before it gets to the mail client.
So, is this intended just as a nostalgia trip, or will this version be enhanced somehow?
Quite reasonable... in theory.
But how does one say Brand-X Furnace can't be hacked (short of removing any network connection)? Making a statement like this would seem akin to stating "this application has no bugs, 'cos we've tested it". One could ensure that a device was resistant to certain forms of attack, but how could future forms be predicted?
I wonder if the clock in my microwave has sufficient processing power to be vulnerable to viruses?
The possible vulnerabilities could be far more subtle than 'making the fridge catch fire'. When all the appliances in one's home are networked and controllable, there could arise opportunity for two or more devices to collaborate and cause disaster (by which I mean both devices are controlled by some malicious outsider).
A contrived scenario: You're in the bathroom. The fire control sprinklers suddenly start, as do all your electrical appliances, electrocuting you to death...
I don't intend the above as a particularly realistic scene, but I hope you see my point. If applicances are open to attack, an attacker can cause you trouble. But, for each extra device which might also be used, the number of options an attacker has increases tremendously.
The 727 idea isn't too bad, just a bit plane...
Perhaps a more interesting home could be built from one of computers of antiquity, the kind that took up whole rooms. Nice ambient lighting from the vacuum tubes...
Well, at least it's not offered in some bizarre size like 'letter'!
(I don't mean this as flamebait - just lamenting the lack of globally accepted standards for paper sizes
Large shifts in theory or belief like this are scary. It's no surprise that Gold's peers are reluctant to publish his work.
However, it hardly seems appropriate to lobby to ban the man's work. Surely it isn't in the interests of science to disallow the discussion of his ideas, reagardless of what one thinks of them personally?
Smaller is better. The distance signals have to travel will directly impact the rate at which useful computation can be achieved. It is for this reason that supercomputers are typically torus-shaped, with direct, straight connections through the hub, avoiding indirect bus connections which give signals further to propagate.
I do see their point... but what they're trying to do is restrict the use of '...for dummies' in conversation, i.e. in common speech. The use of '...for dummies' in the mailing list does not smack of deliberate infringement - simply of using the phrase to indicate the level at which the content is aimed.
In other words, '...for dummies' has become incorporated into our language to some extent. It's pointless to try to combat that by preventing people using it as a generic term in their everyday lives.
I could suggest that general use of the term amounts to free advertising, but I'm sure IDG regards trademark erosion as too great a threat to consider that an advantage.
SA.
Quite!
I didn't have an easy way to set up linux - why should anyone else? These new punks just want plug and play, can't be bothered learning about what they're really doing, want visual basic for linux 'cos they can't really program, grumble, mumble, groan, gripe, what's the world coming to,
Why go to the trouble of actually doing something when you can just cash in on threats?
Make $$$ in your spare time! Have the bank pay you for your cracking skills!