Hmmm...
I think the gist of this story is that their methods are not like
previous low level methods which require a fairly sophisticated degree
of competency, and that they used a completely new vector. I also took
note that their methodology was not SPECIFICALLY vista based as it did
not take advantage of any specific Vista vulnerability, so the
possibility of using these methods on other platforms is at least
theoretically viable.
While my gut instinct is to ban Vista OS on my network until Microsoft
addresses this (if indeed they can) my ears are perked up for any
information on vulnerabilities that are developed for the Apple OS and
Linux as well.
The real bear here that I can see is the possibility of going to a
perfectly valid web site to do my banking let's say, and then having
content injected into my web browser unbeknownst to me that could
compromise my credentials. THAT would be pretty bad. If that is what
we are talking about, then this is far more profound than just another
newly discovered vulnerability.
Bob Sneidar
IT Manager
Logos Management
Calvary Chapel CM
On Aug 11, 2008, at 3:55 AM, Richmond Mathewson wrote:
I just love phrases like 'rendered useless'. Now I am not a great
fan of MicroSoft products, but:
I ran a Pentium 3 with Windows 2000 for a year; running about 16
hours a day, with not a single virus, trojan or relative of
pinocchio causing problems. How did I do it?
1. By realising that the makers of the OS probably didn't give a
d**n about the security of my computer, and in fact might favour my
rig being a leaky sieve.
2. By realising that the only person who was likely to care about my
rig was me.
3. By reading an awful lot of boring stuff about firewalls and then
implementing most of it.
4. Steering clear of 'funny' websites, and not downloading software
(ran FireFox and Open Office and nothing else).
So, I successfully rendered Windows 2000 useful.
Every time I install an operating system on a computer (doesn't
really matter who made the OS) I have to render it useful; this is
because I start with the idea that the system is probably fairly
leaky. This takes considerable time and effort. I spend quite some
time every year helping people who bought PCs with Windows pre-
installed, because, of course, the person who installs these OEM
versions doesn't care about the customers, he/she has to install the
max. number of OSs in the minimum of time - by the quickest method
(i.e. keep clicking the default button).
I am quite sure that Windows Vista, for all its millions of jazzy
windoids that go on and on and on and on about security, is no
better than half the experienced people who find joy in breaking
into operating systems. It would, for the sake of argument, be
perfectly possible to write a "nasty little widget" in Runtime
Revolution that would delete an awful lot of the 'C' drive before
anybody noticed; why anybody would want to do that beats me.
People who use phrases such as the header of this message to urge
people to change their OSs and/or computers also so look a bit silly
as they beg the question: how long will it be before there is a full-
scale attack on the Mac OS? or a Linux distro?
I'm digging out some Rhapsody DR2 disks that a friend gave me in
about 1999 (neither he nor I ever used them) and going to have some
"holiday fun" installing them on a partition on my G3 iMac - why?
well, lots of reasons really; but one of them is that by using a
fairly old and obscure OS I might be less vulnerable online. I
wonder if I can use the PC CD to breath some life into a P2 I have
lurking under the bed.
One should also pause and reflect on the fact that both Microsoft
and Apple produce their operating systems to make money, and if they
waited until they had a rock-solid OS that nobody could ever touch
they would never make any money at all and the computer industry
would collapse, and people like you and me would die of inanition.
sincerely, Richmond Mathewson.
____________________________________________________________
A Thorn in the flesh is better than a failed Systems Development
Life Cycle.
____________________________________________________________
__________________________________________________________
Not happy with your email address?.
Get the one you really want - millions of new email addresses
available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
