Proof nothing is "secure"

Post all your general non-film related PC and Mac stuff here.

Moderators: Admin, Moderator Team

Post Reply
Raptor
Forum Veteran
Forum Veteran
Posts: 1027
Joined: Sat Sep 06, 2003 5:47 am
Location: Altoona, PA, USA

Proof nothing is "secure"

Post by Raptor »

From Win2K news, what I consider to be one of the authoritative windows newsletters...
* As Expected Firefox Has Holes Too

I just heard that Firefox was found to be vulnerable to having
security dialogs spoofed. Well, not much news there. IE had the same problem. When Firefox will get enough market share, the
bad guys will go after it just like IE. It's just not as noisy yet when holes get found in Firefox. I use it right beside IE and I like it. It's fast! They garnered more than 20 Million downloads in just 76 days, and that means they now have about 5% of the browser market. So, expect Firefox vulnerabilities to be exposed on a regular basis from now on. Another bit of news is that Google just hired the Lead Firefox Developer!

We knew it was just a matter of time, and as Stu says, more to come as market share increases and the bad guys start looking at it more closely...


Ans in the pirate software arena.. Micro$oft closes some loopholes....
* Redmond: Legit Windows Or No Updates!

ZDNet reported some pretty interesting news! Practically all IT
press ran it, but I liked the ZDNet story the best. A link to
the whole article is at the bottom, but they started out with:

"Aiming to crack down on counterfeit software, Microsoft plans
later this year to require customers to verify that their copy
of Windows is genuine before downloading security patches and
other add-ons to the operating system.

"Since last fall the company has been testing a tool that can
check whether a particular version of Windows is legitimate, but
until now the checks have been voluntary. Starting Feb. 7, the
verification will be mandatory for many downloads for people
in three countries: China, Norway and the Czech Republic.

"In those countries, people whose copies are found not to be
legitimate can get a discount on a genuine copy of Windows,
though the price varies from $10 to $150 depending on the
country.

"By the middle of this year, Microsoft will make the verification
mandatory in all countries for both add-on features to Windows
as well as for all OS updates, including security patches.
Microsoft will continue to allow all people to get Windows
updates by turning on the Automatic Update feature within
Windows. By doing so, Microsoft hopes it has struck a balance
between promoting security and ensuring that people buy genuine
versions of Windows. Read more at: http://www.w2knews.com/rd/rd.cf
The UNDERGROUND
[url]http://theundergroundtv.com[/url]
Music television for unsigned bands
Truggy
Forum Addict
Forum Addict
Posts: 886
Joined: Tue Sep 02, 2003 12:49 pm
Location: GR Michigan
Contact:

RE: Proof nothing is "secure"

Post by Truggy »

microsoft blows.
[url=http://profile.xfire.com/xerojohny88][img]http://miniprofile.xfire.com/bg/bg/type/0/xerojohny88.png[/img][/url]
--
Dance Dance Revolution: Proving white people dont have rhythm since 1998
montezumas_revenge
Member
Member
Posts: 36
Joined: Mon Jan 03, 2005 4:20 am

RE: Proof nothing is "secure"

Post by montezumas_revenge »

indeed, my workstation is linux entirely but for the other 3 computers in the house, my gaming,my moms, my bros iv used the same wxp disc on all em, i mean its only illegal if microsoft catches you.
Matt
Webmaster
Webmaster
Posts: 627
Joined: Tue May 14, 2002 10:28 am
Location: Bristol, England
Contact:

RE: Proof nothing is "secure"

Post by Matt »

Although you can say Microsoft stuff is the target of hackers because it is more popular ... it is mainly because Microsoft don't care less about security. Their new firewall in SP2 has got holes in it already. This is a bit poor for a firewall !! None of the other firewalls which are more popular are as rubbish. They have been around around for ages and not suffered any major problems.

When there are security holes in IE Microsoft take months/years to respond. In other browsers they release a patch the same week :)

Unless Microsoft pull their finger out Linux is going to destroyWindows. Slowly but surely.

SuSE 9.2 + Office = Free (or 60 quid in a box)
Windows + Office = hundreds of pounds/dollars

Once Linux has involved a bit more it *is* a Windows killer. If Gates doesn't reduce the price of his stuff he is going to get shafted. And it will serve him right.
Raptor
Forum Veteran
Forum Veteran
Posts: 1027
Joined: Sat Sep 06, 2003 5:47 am
Location: Altoona, PA, USA

RE: Proof nothing is "secure"

Post by Raptor »

WHile Linux has great potential, it's not likely to become a Windoze killa in the near future, or for that matter the foreseeable future. A couple of observations from personal experirence.
1) Hardware - we've encountered some platforms in the classrooms that wil only handle certain versions of Red Hat. For example we have some AMD 2400+ machines that will only run with version 8, other versions all miss certain hardware elements.. and of course driver support is spotty at best.
2) Still WAYYYY to much for ma and pa kettle to get a handle on, while most people can do an install of Windows, the information you need for Linux, even in the GUI setup, is still too 'techie' for most users.
3) Fragmented market - too many vendors who have a 'better' way to do Linux, the vendors don't have a common focus, and vendor specific extensions create some issues...
4) Security - Linux is anything but secure, and just as with Windows, unless you apply the patches, the system itself i9s not inherently secure. As far as patching holes.. look at the track record for Send Mail - hole upon hole... and patches that created more holes.
5) This is a general rant ---- Buffer overruns - slap a C-Coder today, like it is SO HARD to check the buffer boundaries!! Sloppy coding from both MS and the Linux community - a sure sign of trying to get the code out before it is secured.
6) Useability - again, like the install, the OS is still too 'geeek oriented' Even though each version gets smoother for 'average' users... the whole operation needs to lose the geek appeal
7) As far as security, having had both Linux and Windoze servers attacked and compromised.. give me a good old Windoze attack. At least in Windows the compilers aren't loaded to allow a hacker to make code on the remote machine LOL... It's just been my observatiopn that I have been able to easily recover from all the windows attacks we've seen, not that we have a MASSIVE amount - maybe a dozen in the last 7 years, but they were all 'script kiddie' attacks - easily cleaned up and patched. The Linux attacks we've had were all more serious, true talent on the compromises. Rather than identifying the script, finding a copy and simply undoing what was done, the Linux attacks involved some pretty serious root kits. Two of the machines we were unable to stabilize even after pretty much cleaning up the system. Reload and start over on those.
All in all, the security of one above the other is no better4... and even the Raptor commercial firewall has had security patches. As the Linux market share grows, we will definitely see more holes evolve, and we will see mor script kiddies go after the platform. Right now most of that group have no idea how to even identify the target system OS LOL....
The UNDERGROUND
[url]http://theundergroundtv.com[/url]
Music television for unsigned bands
Post Reply