65 posts • joined Friday 2nd February 2007 17:25 GMT
Re: Not hard to explain..
"Perhaps you could just Bing it? I then named the source - as you are clearly a bit of an idiot, here is a URL: http://news.netcraft.com/"
Searching news.netcraft.com for 'market share' in any context results in 235 hits. None of them appear to refer to market share in the context of vulnerabilities in the Linux kernel. So again, cite your source. Also thanks for the insult, always a good indicator when a certain variety of person knows their argument has had the legs knocked out from under it.
"Those are client PCs infected by user interaction - not servers infected by remote exploits which we are discussing here - completely different scenario..."
There are 42000-odd cases for 2010 in the report you cite which used unpatched vulnerabilities as their vector - there is no indication how that breaks down by OS. By comparison the five places above that and amounting to almost 1m defacements are all directly related to human error, just as clicking on an infected attachment or visiting compromised sites, resulting in Botnet client infection is an example of human error. Enough with the nonsense - either cite the actual source you're using or admit it doesn't exist.
"We are discussing worms / remote exploits here - not user interaction based exploits.
Then stop using user-based issues in your claims, because the majority in the article you did cite are the result of actions by a human.
"However if you want to consider how Linux would cope in that scenario if it ever made it over 1% market share on the desktop, just look at the Malware infected mess that is Android..."
Android is not a Linux distribution, stop changing the subject again.
Re: Not hard to explain..
"I guess you missed the part that said: (Even after adjusting for market share, you are several times more likely to be hacked on Linux - mostly due to kernel vulnerabilities...)"
I guess you missed it too because there's no reference to market share to be found in the article you cite. The only mention of it is by you in your post, which makes it an opinion, not a source. The other problem is that you cited an article where Zone H break down the defacement stats THEY have by OS.
Three million-odd Linux defacements recorded on Zero-H since 2000? - no doubt there are many millions more compromises of other types every year as not every attacker is am immature script kiddy out to boast. Still, even if you were to (incorrectly) assume a similar rate for EVERY year Linux has ever existed, the Bredolab Windows botnet alone makes that figure pale into insignificance. 30 million compromised machines, in one botnet, in one year.
Whether part of a Botnet or not 58 million PCs were infected in the US alone last year, and you can be certain the number of PCs involved that were not running Windows was a very small number indeed. That's why market share matters:
I don't like being rude, but you're cherry-picking figures out of context and ignoring the huge volume of other types of compromise. You are to put things bluntly, talking rubbish.
Computers are usually compromised because of decisions made (or not made) by humans, whether that's the decision to set a good password or to not bother patching OSes and updating AV signatures, or not following good coding practice in the kernel or on the web server. When that is the default situation, how secure an OS is becomes almost irrelevant in the face of failure to apply common sense to security.
Not hard to explain..
"As per website defacement statistics - you are several times more likely to be hacked running say Linux...."
A quick glance at any actual statistics tells you exactly why that is - there are 4 times more Internet-facing websites running HTTP servers on open source platforms than there are running IIS on Windows. Malware writers target popular platforms; on the desktop that is Windows, in the web server market that means LAMP, and increasingly, LEMP (and lest we forget the goal of those server compromises, the aim is to target Windows boxes with appropriate malware payloads). Sorry to disappoint, but it's not a reflection on the security of Windows or Linux, only a reflection of their popularity in a market.
Re: Could it be...
This is a solar system that contains Local Councils and Private Parking companies. if it were an alien spaceship, it'd have been ticketed and towed by now.
I think you'll find it's 'Yarp'...
Zenith for TCFKAR?
Nadir, surely. The handset matters not a bit now, consumer confidence does, and that is simply gone. Their best chance at survival would be to turn BES into a best of breed Enterprise management suite for Droids, Windows phones, and iPhones, focusing on an aspect of the business that still shows higher brain function. Disconnect the life support on the handset business and resurrect as a software and services company, IBM style.
I for one care not one IoTa...
For IoT. The rest of my gadgets are already blabbermouths and turncoats concerning my lifestyle and preferences, why would I want my smart grill grassing me up to health thought police, or my smoke alarm giving some twat at a data warehouse a insight into my brand and habit? All that's left is for my smart toilet to tell them whether I'm getting enough fibre. Over FTTC, natch.
Re: I was thinking more
Thank goodness someone got around to Terrahawks with my having to show my age instead. Not that I remember Terrahawks of course. I'm too young.
"I'm sorry, it's just not working out."
"A female spy also admitted "it was her practice to enter foreign national phone numbers she obtained in social settings" to make sure she wasn't about to hop into bed with "shady characters""
Can you imagine breaking up in anything less than an amicable matter with someone with access to these systems? Hell would hath no fury like a spook scorned.
Paris, because her options for revenge (justified or not) are relatively limited by comparison
"but the main process is paid for by national governments, who also select the scientists who write the first drafts."
The governments select and pay the scientists eh? How very convenient - it's more like 'we're confident because we're paid grants to be confident'. Ah well, so much for the IPCC.
Re: Quote: "There has got to be something wrong..."
"Think that this rifle is any good to you to defend against your evil government. Hint - government, has tanks, missiles and drones. Going against that armed with a rifle - give me a break."
Er... not withstanding that the guy is clearly nuts, the rifle in question (being an anti-materiel sniper rifle) is one of the few weapons likely to be effective against armour. Not tanks of course, but Humvees, low-flying drones, weak points on helicopters up to and including Apache gunships, absolutely.
Re: more staff lay offs
"Maybe I'm missing something, but they're a Canadian company not US, hardly see them of all people (who places security as the first and main feature) co-operating with a US agency."
I like the sentiment, but sadly, yes, you are missing something:
In this country, yes, bollocks. In other 'civilised' countries, not so much:
Re: Andrew Fernie Bluenose Yes Me history of the Guardian
"......I'm sure that's the tip of the Congressman/Senator-blackmailing, foreign intellectual property-stealing iceberg." From your own link: ".....The practice isn’t frequent — one official estimated a handful of cases in the last decade ....." But don't let that stop your paranoid delusions making a mountain out of a molehill. And the infrequency compares really badly with the frequency with which "The Protectirs Of Our Liberties" as you would call them (or journalists to the rest of us) were exposed as using illegal phone eavesdropping here in the UK alone (http://en.wikipedia.org/wiki/News_International_phone_hacking_scandal). Yeah, journos chasing ratings are so much more trustworthy - not!
"Protectors Of Our Liberties" as I would call them? You know absolutely nothing about what I would or would not call the press, Matt. In any case there are some major differences there and that's the fact that people are going to jail for their actions in the NI hacking scandal (not necessarily the right people, but that's another story). Nobody in the NSA or GCHQ is accountable, and they never will be as things stand.
It's clear the NSA is responsible for enormous abuse of illegal acquired and stored data and given the amount of evasion and lying going on over PRISM I'd automatically assume that anything they say is a lie, a lie of omission, or a diversionary half-truth. Even if I believed our nameless official and his "it was just that handful of times" spiel, they ones they've admitted to will just be the ones that got caught doing it. The fact that it's even possible demonstrates the warrantless nature of the surveillance and the lack of oversight.
Re: Bluenose Yes Me history of the Guardian
"The data being gathered is only being searched for those that pose a terrorist threat, not left-overs from when the Berlin Wall fell."
Yes, just terrorists. Because of course every NSA worker is a stand-up apple pie and baseball loving member of Roger Ramjet's American Eagles, nobly guarding the secrets of the nation against abuse and certainly not using PRISM data to stalk or harass any.... oh, wait:
I'm sure that's the tip of the Congressman/Senator-blackmailing, foreign intellectual property-stealing iceberg.
Re: Yeah, just because you disagree with someone..
"No one has the right to prevent people from using the internet in a legal and lawful way, not me, not government and especially not a bunch of anonymous script kiddies, after all, that's the kind of thing that a country like the United Kingdom will soon do."
Re: thuggery isnt it?
"Fortunately, the US has a veto on the use and targeting of the UK's nuclear missiles. Now you feel so much better."
This garbage again. To quote the MoD: "Can the government of the USA prevent, veto or forbid the UK to use its own nuclear weapons?"
Re: I think Google just managed to exclude their products and services ...
I think you're dreaming if you believe that.
Re: Twitterphobes are twits
Stuart, I appreciate you found Twitter useful in the context of up-to-date information on the Cook Strait earthquakes, and I hope that you and yours are OK, and not having to face up to any major damage. That said, Twitter as rumour mill is by far a more usual scenario, in ways that are sometimes deeply problematic. I'm thinking of the Boston bombings here, where Twitter (along with other social networks) was responsible for propagating wildly incorrect claims, some of which had very real consequences (just ask the family of Sunil Tripathi). While individual verified accounts representing bodies with useful information can perhaps be relied upon for accurate information Twitter as a whole is simply a gigantic game of Chinese Whispers, with a particularly incompetent or unscrupulous section of the Press Corps regurgitating its unverified utterances verbatim without fact checking or research.
Twitter is not pointless, and is not in itself the problem, Twitter is the expression of the problem. I can understand both the viewpoint that it can be a valuable news source IF you know how to apply a critical filter and refuse to take things at face value, but I can understand the Twitterphobes perspective as well. Many of the most unattractive traits in human nature seem to find expression there with monotonous regularity - unfounded or tenuous gossip, in this case.
Minister for InfoSec eh?
I certainly can think of many politicians with the thorough understanding of IT required to understand the issues involved in that role. Not.
Re: Two wheels on my wagon
Can't believe they didn't pack a space-saver wheel.
Re: That probably involves tuning whatever 'bot it uses
"What, a piece of MS SW not working perfectly first time?"
Except that as pointed out in these very pages recently, we've learned that it's not Microsoft that generates these takedown requests, and the logic used is.. strange to say the least:
Re: I think Rush needs to get out more
"You mean, go down to the pusher himself, rather than sending his housekeeper?"
Surely not that nice Mr Limbaugh, whose views on drug abuse are summarised thus:
"Drug use, some might say, is destroying this country. And we have laws against selling drugs, pushing drugs, using drugs, importing drugs. And the laws are good because we know what happens to people in societies and neighborhoods which become consumed by them. And so if people are violating the law by doing drugs, they ought to be accused and they ought to be convicted and they ought to be sent up."
So expect him to say you're a pinko commie traitor for not using Windows 8.1 this time next week. Consistency is not his forte.
(Portugal the police won't comment at all on an ongoing investigation which is exactly how it should be).
So when a senior Portuguese police officer writes a entire book for his own profit on an ongoing abduction investigation, that doesn't constitute 'comment'?:
Re: Feet of shining screw projected, when suddenly...
"Feet of shining screw projected, when suddenly... The lid fell off."
The chances of it being anything like that are... pretty low.
Re: I have a better idea!
"The Internet should have an IQ requirement."
But wouldn't that put access forever beyond the reach of politic- ... oh. I see.
Re: School systems were invented for...
"So just go and run naked through the forest. You'll probably be happier anyway. ;)"
In that brief period prior to the arrest and court case, perhaps.
Daniel, you've come out with the same spiel previously and I suspect you probably do so every time the topic of Active Directory comes up. I'll point out what I pointed out last time. LDAP is a protocol. Active Directory provides an infrastructure that makes use of LDAP. You are comparing two completely different things, and as I mentioned last time (and others have mentioned here) if you need 11 domain controllers to support 700 users in terms of performance you are doing something seriously wrong in terms of planning and implementation. That's before pointing out that when customers have several Domain Controllers there are usually other reasons, typically redundancy and/or bandwidth preservation across AD sites. Two 'real' LDAP servers, as you put it, implies a maximum of two sites, so your comparison is incredibly simplistic. Oh and by the way if that's two LDAP servers on one site you need a better DR planner.
Finally in a previous post you pushed the same claim, but that time it was 11 Domain Controllers struggling to support 2000 users. Different customer? Some very heavy layoffs? Or just making stuff up from whole cloth?
Re: John R. Macdonald
"After all these leaks will The Grauniad be named as a criminal "co-conspirator" by the US?"
Well the NSA will already know whether or not they've done anything actionable, given that the Guardian Newspapers Group is a Google Enterprise Apps customer....
Re: Another great micro$oft design decision
" I don't recall any anti consumer actions by Sony."
You mean other than introducing a rootkit to 5.7 million customers PCs without their consent or knowledge?
You mean other than ripping off the copyright and licence of someone else's software in order to create the rootkit that they tried to justify as copyright protection when they installed it on those customers PCs without their consent or knowledge?
You mean other than lying to their customers through their teeth at every possible turn, and inventing new sets of lies when they were caught?
You mean other than letting hackers run riot over the PSN and then taking a week to bother telling 77 million customers that their personal data had been compromised, possibly including their credit card details?
You mean other than criminal negligence with regard to the hack and their complete and utter failure to maintain something vaguely resembling what is expected of PCI-DSS compliant merchants with regard to network security (unpatched servers, questionable firewalling decisions)?
You mean other than the music division bribing DJs to give their label artists more airplay?
You mean other than INVENTING a film critic to give their films good reviews?
No I don't recall any anti-consumer actions by Sony either.
Re: Yet nobody will be fired..
Actually the original two laptops were stolen on council premises during a refurbishment.
Re: "In actuality, the lack of the Start BUTTON is the single biggest confusion to users."
No, it really isn't. Switching jarringly from one familiar GUI to another touch-based, complete different and rather crippled one on a non-touch device where it's neither needed or wanted is the source of the confusion. If Microsoft wanted to experiment with a new paradigm for touch devices, that's one thing. Suturing two completely different GUIs together like a Human (Input Device) Centipede? That's another, and they can keep it.
Given the lack of meaning implied by the term 'Network Admin'...
I fail to find myself trembling in my shoes. I've seen first-hand what happens when a certain variety of management monkey imagines they know enough to fire the help and save some cash. Actually my sides still hurt a little sometimes.
With the lad not even buried...
the political opportunism kicks in.
Re: Re; AC Unbelievable
"A pathetic fail to grasp the realities of their criminal activities due to socipolitical blinkers."
Very true, they were definitely not too clear on where the moral event horizon was, and jail should be the expected outcome. A bit like 'victim' Sony's casual mass-root kitting of 5.7 million CD-buying customers' PCs a few years back. But then, those Sony managers who ordered one of the largest criminal hacks in history are of course quietly serving out their prison sentences aren't they? Oh... wait.
Re: @ Neoc
No, the 'old Windows desktop' is not still there, not for the average corporate worker (where the money is). No Start Menu may as well mean no desktop for most of them. You and I may use shortcut keys without thinking about it, but I guarantee you if I walked around a corporate office and asked the staff if they know how to use Windows shortcut keys (Office perhaps less so) they'd give me blank looks. I could put that down to training, or down to simplification, but it's how most people in business use computers, because of and/or thanks to Microsoft.
They made the Start Menu a paradigm for 17 years; with a straight face they've then turned around and completely redesigned the GUI and application ownership/privacy models. They did it because they saw Apple and Google take a slice of developer app profits and now it's monkey see, monkey do. They did it because they wanted to have their cake and eat it, 'saving' money by developing one OS for two completely different use cases, bolting TIFKAM on top of the old OS. Separately they're both decent UIs - combined they turn the equally decent OS underneath into a miserable abortion of a product.
Now we've seen Windows Blue, we know that there's another year or so (at least) of the same ahead, and adoption in the Enterprise will remain negligible (and no Microsoft, claiming Software Assurance upgrades constitute actual usage of Windows 8 licences that will never be installed does not cut it).
Time to eat humble pie MS, and strip that crap out for a 'Corporate Desktop' edition, or something, anything. If you won't listen to business, we sure as hell won't listen to you.
What's fascinating about that is...
That they already knew Windows 8 would be a non-starter in the Enterprise - they MUST have done. So whatever Microsoft's strategy for the future is, don't count on a backdown over TIFKAM in Windows 9. The Office team effectively ignored TIFKAM, and I suspect that means they assume most Enterprise PCs will still be running Windows 7 until 2020, have made sure Office will still be palatable to the Enterprise, then hedged their bets on tablets, phablets and phones in the consumer market.
Re: I hope it doesn't miss
The Shoemaker-Levy impacts on Jupiter should have demonstrated that amply, but we went right on with the whole ostrich imitation deal. I'm afraid it will take an impact here where people die before it's agreed that 'something must be done.'
Tax breaks for plants? So THAT's their plan - given the sheer number of vegetables in the Republican party, it's all starting to make sense...
Re: Proof that capitalism has to be abandoned for the sake of the world.
Please enlighten us with your equitable, practical, and effective alternative.
Re: just another Eadon sockpuppet?
So... Eadon sockpuppet = yes.
Re: Options (like MJF)
@Philip Lewis - Perhaps they're an irrelevance to you, but to people who use Hyper-V, the 2012 incarnation has features they'd metaphorically kill for and I've no doubt we'll be piloting some of them in fairly short order.
Re: @Eadon BYOD is a way of avoiding lockin
That's some tasty FUD you're serving up there, Microsoft themselves would be proud.
If you're struggling to support 2000 users with 11 Active Directory Domain Controllers, you're clearly doing something very badly wrong, in terms of planning, scaling, or implementation. Just saying. This is before pointing out that an Active Directory server makes use of LDAP - it is not 'just' an LDAP server. You neglect to mention what use the Solaris infrastructure was put to; an AD infrastructure may well have its schema extended to support other applications, such as Exchange and Lync.
We have several domain controllers, but they're there for redundancy and bandwidth preservation, across several sites, not because they struggle to cope with user volume. Two LDAP servers implies a maximum of two sites, so your comparison is simplistic at best, disingenuous at worst. Finally, 200k users sounds really good, until you ask how many requests each user makes, how often? 1 request a day? 1 a second? There's a light year of difference without the details.
Re: Any Clues
Search for the (HTC) Hero inside yourself
Re: "Bob"? Bit of an odd name...
If it was he'd never have been caught - the security staff trying to investigate would have been smelling brimstone faster than you can say 'compulsion geas'
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Storagebod Oh no, RBS has gone titsup again... but is it JUST BAD LUCK?