Posts by adnim

Windoze is the problem...

As is Linux, OSX and any other OS. Windows is more of a problem than other operating systems because it runs on over 80% of the worlds desktop PC's. Coders are human, they make mistakes. Any software with more than a few thousand lines of code is likely to be flawed.

Most Computer users see PC's as a consumer device and expect their PC's to run and be as safe to use as a TV set, they trust their computer as they trust other consumer devices. Microsoft, Apple and developers of Linux distro's make no effort to discourage this trust as they all simplify the use of their products and extol their virtues.

Anti-virus software is not a solution, a recent email I received purporting to come from HM Revenue and Customs invited me to download and run my tax statement. This tax statement, an executable, was infact a zbot variant detected by only one of the virus scanning engines used by Jotti's malware scan that's 1 out of 22. I use Avast! that did not detect it.

Linux is safer than Windows but only until it has dominant market share, then someone will work out a way of infecting a Linux system without root access. I use Linux, I prefer Linux, but I am under no illusion. I subscribe to Full Disclosure and the number of exploitable vulnerabilities in OS software is at least comparable to the number of exploitable vulnerabilities in commercial products. The difference is that on the whole, they do get fixed quicker.

Security begins and ends with the user and the sooner developers admit that they cannot guarantee security of their code, and that ALL their products are a liability, the average user will continue to trust their computer as they trust their TV. This needs to change. Just like a packet of cigarettes carries a health warning, software packaging should also carry a warning stating that use of this software could result in severe financial loss. Maybe then users might just be a little less trusting.

I would say do not use Windows for anything other than playing games and as a media center because that is all it is fit for. And, when Linux has a much larger user base it won't be much better than windows from a security perspective either.

Investigation into if?

"IIF is investigating to see if its internal procedures need to be improved"

Investigation into if not required, use the resources to work out how not if.

/end smug

@Matt 58

I agree, DX10 has been nothing but hype to sell windoze vista and the latest GPU's. With the vast majority of PC games being poor console ports, I wouldn't expect any full featured DX10/11 titles until 12-18 months after next gen consoles hit the shelves. By that time PC graphics quality/features will again be well beyond that which will be offered by those next gen consoles... And it will be another case of deja-vu. PC gaming may not be dead, but PC gaming innovation appears to be.

Lost tapes

"...but the likelihood of actually recovering any data now looks very slim."

Have they mislaid the back up tapes?

/sarcasm

@Jeff F.

I use a software firewall on My PC. I let nothing out unless I know exactly what it is and why it is connecting. I disable the running of any and all auto-update agents(Except Avast my AV program). I update everything manually from the developers website. More work yes. Secure? I don't know, there are a lot of people out there far smarter than I. At least I give myself the illusion of control and security. As an added measure I will, if I suspect something nefarious, connect my box to the internet via Honeywall and sniff every single packet during start up and the first 5 or so minutes of runtime, I check every IP address windoze connects to and inside each packet that passes that I haven't initiated. I can see the LED's on my switch, any random activity on the port connected to my router also raises my suspicions.

Paranoid maybe... My last infection was the Saddam virus on my Amiga.

Of course I only do this for my XP install. My OpenBSD and Ubuntu machines, up until now, allow me to sleep like a baby. I would expect that to change WHEN Linux becomes the dominant OS.

@Neal 5

As it is you that has reverted to the childish name calling in support of your misguided view on this issue I suggest it is you that are getting "wound up".

Those browsers that rely on the Microsoft crypto API are vulnerable to this attack.

Those browser that do not rely on the Microsoft crypto API are not vulnerable to this attack.

Logic dictates that Microsoft's crypto API is at fault. Perhaps when MS get around to fixing this and releasing a patch it will sink in.... Microsoft's crypto API is bugged, flawed, broken.

"'E's a stiff! Bereft of life, 'e rests in peace! If you hadn't nailed 'im to the perch 'e'd be pushing up the daisies!

'Is metabolic processes are now 'istory! 'E's off the twig!

'E's kicked the bucket, 'e's shuffled off 'is mortal coil, run down the curtain and joined the bleedin' choir invisibile!!"

Some people just can't see a dead parrot when presented with one.

btw, I use Linux (OpenBSD and Ubuntu) for the serious stuff. XP is my toy operating system, my gaming OS for which it is almost fit for purpose.

CIA

"The lesson here is: 'Don’t bet the farm on a single cloud provider,'" says Craig Balding.

Well that may address availability as ones data then becomes available to those that run which ever cloud one places it on as well as oneself.

Now how do we address confidentiality and integrity? Oh that's right we trust a corporation, it's IT dept and it's HR dept to be perfect.

The real lesson to be learned is don't bet the farm on ANY provider.

Two incidents...

immediately come to mind;

Asked user to ship computer for upgrade... I received the monitor.

User called helpdesk, PC would not power up. User informed me that PC showed a light when powered up but would not boot. I went to visit user and found monitor switched on and the PC switched off. I switched on PC... User was very embarrassed.

I think there were quite a few others but I have purged my mind of much of the pain I suffered as a 1st line support person.

A common issue If I remember correctly were users not knowing right from left... right click/left click.

Nowadays I would rather be unemployed than sit at a helpdesk, The frustration of dealing with ill educated and/or untrained users is too much to bear. I hope things have changed, not everyone had a PC at home when I started in IT.

An idiot?

Maybe. I personally think he is full of shit. But inciting people to smash the guy in the face for $50 is out of order, I am pleased the right thing has been done by removing this group. Wrapping an Atari 2600 around his head, just a joke, right?

Yes a very, very small minority may enact scenes they have played in a game to exorcise their ghosts. I just wonder when this number will catch up with those who use TV and film as a guide to acceptable behaviour... or magazines, newspapers, politicians etc. I think you can see where I am going with this.

I see desensitisation as the real devil in the detail of violent games and TV/movies. (The shite printed in popular publications, politicians etc.).

Why? Because it makes it all the more acceptable

@UBFusion

I have only used the RC version of Windows 7 so the retail package maybe different. The user can opt out and disable most if not all of the data collection services that will run if the user accepts all of MS recommended settings. Microsoft also inform the user of the nature of the data collected, so this data collection is not underhand as such. However most users and nearly all new users to Windows 7 will accept and opt in to the data collection services because the wording in the opt in/out dialogues hint that it would be a bad thing to turn them off.

Here are some links discussing what Windows Vista/7 does regarding user data collection.

I will let you decide if you feel you are being spied upon.

http://blogs.computerworld.com/will_windows_7_track_your_every_move

http://www.sevenforums.com/news/44-windows-feedback-program.html

http://news.softpedia.com/news/Forget-about-the-WGA-20-Windows-Vista-Features-and-Services-Harvest-User-Data-for-Microsoft-58752.shtml

http://www.microsoft.com/products/ceip/en-us/default.mspx

A default install accepting all of MS recommended settings enables the following

WMP: sends usage data to MS

Media Center: joins the Customer Experience Program and sends usage data to MS.

IE8: Suggested Sites sends browsing history to MS

IE8: Smart Screen Filter sends website addresses you visit to MS.

The Customer Experience Program sends Windows usage data including installed apps and app usage, the file and folder structure of your PC and system specific hardware data to MS amongst other things.

This data collection can be either opted out from or disabled, but your average user is just going to accept the defaults and MS recommendations for fear of something not working properly.

Microsoft state that spyware is something that collects user data/info without informing the user. I would call that covert spyware, MS spyware is overt spyware. Whatever hairs one wants to split it is still spyware.

A dog called...

password.

I am sure that there are many Facebook users that supply enough information within their profiles for a reasonably smart person to infer their logon credentials.

This is a guess on my part, I have never visited Facebook, though I can see advantages of examining the profiles of any persons one may have to interact with in meatspace.

There is a site out there called hack-mail.net, can you guess what services they offer?

It will reappear

most likely under a different domain name.

I would feel

a little happier if the rich were just a little less psychopathic and a little more empathetic. In fact I believe the world would be a much better place.

And yes, generally speaking, the bigger the car the more of a selfish c*nt the driver is likely to be,

@Mike Gravgaard

I use Document Viewer 2.26.1. Although on Windoze I am happy with Foxit Reader, it is not perfect, it does have a smaller share of vulnerabilities though and they are fixed pretty quickly... So far, it also has a far smaller footprint.

Passive resistance

to hostiles... Fortunately.

What would have been the scenario had this piece of hardware been programmed to defend itself and to independently attack any source of threat?

Remote control murder machines, computer games with the real deaths of combatants and civilians alike.

"We hit the target without a care from almost 3000 miles away, 3000 miles away, we play the game with the bravery of being out of range".

Roger Waters

No doubt

that religion has something to do with this law. We all know that masturbation and sex for any purpose other than to breed more religious bigots is immoral and and a mortal sin.

I am going to hell, but at least I'm experiencing a life and having some fun during my time here.

“We feel a person should have the ability to come in and purchase a sexual device with out having to have a reason.” Only the insane would buy a dildo for no reason.

I say free cucumbers for all Alabamans

BSOD = potential code execution

Well who would have guessed. Duh!

I was reading about this earlier today:

http://www.reversemode.com/index.php?option=com_mamblog&Itemid=15&task=show&action=view&id=64&Itemid=15

roflmao. Built from the ground up... more FUD, MS are full of shit, check the exe's in Vista/Windows 7's Windows and system32 folders. There are differences, but not enough to claim "built from the ground up" both vista and windows 7 are built on legacy code. OK SMB 2.0 (srv2.sys) maybe unique to Vista and Windows 7 but the same QA has been applied to this module as was applied to Windows XP and Windows 98.

Microsoft take the piss and the IT industry, consumer protection organisations let them.

It takes skill, a relatively high IQ and knowledge to understand, manage, control and secure modern operating systems. Unfortunately I lack in all four areas, but I am smart enough to use windows for nothing more than Cubase and gaming.

If security analysts can discover these vulnerabilities, why, with all their financial resource can't Microsoft? They wrote the shit, It's just pathetic.

@AC:9th September 2009 13:11 GMT

"I dont care if we live in a big brother society. I've got nothing to hide, only the pervs and criminals have."

Until that is, a law is passed which makes illegal some freedom of choice you now value.

I used to like sitting in the park with a few friends, a bottle of wine and my minidisc player on sunny days, I am a commiting a crime if I do that now.

No access

to any LAN resource via public facing interfaces without first authenticating the user at the firewall, fair enough. But from inside the LAN?

Microsoft software testing sucks so bad that the public become the beta testers.

When SMB 2.0 receives a "&" character in the "Process ID High" SMB header field it responds with a BSOD. To miss such a trivial exploit Microsoft QA is worse than I thought.

As far as I am aware this flaw was discovered by Laurent Gaffie.

Cheaper calls

"The companies reckon that by merging the networks they can save €4bn"

That's wonderful news, what's that? The savings will go into the pockets of shareholders and executives, not the customer? Well who would have guessed.

How generous is that?

"Microsoft Russia told Reuters that they would start an exchange programme to switch copies of Windows Vista for XP until the end of 2009."

Exchanging a useful, stable and reliable EOL product for a not so useful superseded one.

@anon:erm2

If they waited 50 years before deploying this technology, the "rafts of dead marine creatures floating in the sea" that were killed by this technology would not, without a post mortem, be distinguishable from the rafts of dead marine creatures killed by pollution. And eventually when the sea is devoid of all life, the subs would not be detectable at all.

Is this tech

going to save lives too?

I occasionally wonder if the difference between those who design, build and deploy weapons and those who design and build systems that are actually beneficial to humanity is genetic or nurtured. If it is nurtured then perhaps change is possible. It would be much more difficult to weed this kind of aptitude out of the gene pool

@AC:Need Help

My oversight sorry.

Save the configuration file user.ini by navigating to

Configuration>Backup & Restore

click the "Backup Configuration Now" button and save user.ini

Open user.ini in Notepad or similar text editor search for the [ mlpuser.ini ] section add "role=root" without quotes to the end of the account you use to administrate the router

for example

[ mlpuser.ini ]

add name=Administrator password=_CYP_<xxx-hash_removed-xxx> role=root

Save the file and upload it to the router by clicking on the "Restore Configuration Now" button on the same page you saved it from, Browse... to your edited user.ini file first using the browse button.

Telnet into the router using the changed account. You now have full root access to the device and can do ANYTHING to the system. I will not be held responsible if you brick your router, although a factory reset or firmware reflash should sort it out if you do accidentally make bad changes.

scratch...

my last comment I was thinking of that Dyson bloke when I posted. I need to wake up. The little guy does need protection, at least until he becomes a big fish, then he can afford to protect himself.

addons.mozilla.org

I am not saying every addon for Firefox from the official source is safe and always will be. But I will say... Install an addon from anywhere else and you get what you deserve.

Safe computing starts with the user

A matter of time..

"Hackers have yet to siphon data out of a cloud (that we know of…)" ThePhantom.

It is not the developing intelligence of IT systems nor the incessant march toward an envisioned computing utopia that frightens me, it is human stupidity and greed.

Human stupidity will at some point expose confidential data residing in the cloud to those who have no right to access it.

Human greed will sell confidential data gleaned from the cloud by human operators to the highest bidder.

All I can say is if you feel the need to place your trust in a cloud computing solution for confidential business information, encrypt everything, I mean encrypt everything. Oh and don't leave your keys in the cloud either. Did I say encrypt everything?

@Grease Monkey

Service Pack 1? That maybe a bit premature, it is normally service pack 3 that endows Microsoft software with acceptable stability, so so reliability and a modicum of security.

A dictionary attack

against WPA2-CCMP works providing one can capture the handshake and the password is a dictionary word. So WPA2 is not secure either. Don't use a dictionary word PSK to secure a WLAN ever. It took me less than 5 seconds to retrieve the PSK for my WLAN (avalon), I did however have to put my nonsensical PSK into my dictionary/wordlist.

:~$ aircrack-ng -a 2 -e avalon -w ./dict/wordlist ./dump01-01.cap

So simple even I could do it.

Corrected for truth?

"We’re constantly looking for new ways to help people find what they are looking for on the Internet. As part of that effort, we are currently working on a small ad unit test that will run against a limited number of mortgage-related search queries in the US,"

We're constantly looking for new ways to make more money out of the Internet and those that use it. As part of that effort, we are currently working on delivering yet more advertising to run against 99.9% of mortgage related search queries in th US.

@ty:Desperados

Never had a Mac, never owned any Apple product ever nor will I ever own an Apple product. There is not one thing that Apple provide that cannot be sourced elsewhere, cheaper. Unless a lame ass ego polish is essential, alternatives exist.

If Apple did not exist I would not even notice.

Another reason

for a user to have control over their operating system/browser, rather than allowing the developer, in this case Microsoft determine where you don't want to go today.

Having a good look at the services that run in Windows 7 and using all the settings recommended by MS. I reckon Windows 7 is spyware in the first instance and an operating system in the second.

Although I will probably end up using Windows 7 at some point (work will dictate this not choice), I will know how to lock it down and keep MS out.

errr.. ok

"Microsoft once again pointed in the direction of its software's oldest enemies - viruses and malfunctioning code - both of which it claimed dog dodgy copies of its Office suite".

So the only difference between a legit copy and a dodgy one would be a lack of viruses in the legit copy. Until one starts using Office and it connects to the Internet. I would then imagine all will be equal.

Maybe

it is time to make website owners liable for any inadequate security and configuration issues of their sites which result in damage to connecting systems. Making laws for criminals to abide by just doesn't work.