severoon ([info]severoon) wrote,
@ 2008-04-29 10:51:00
Previous Entry  Add to memories!  Tell a Friend!  Next Entry
Current mood: conspiratorial
Entry tags:technology

Microsoft COFEE
Talk about a strong wake-up call—how about some COFEE?

The real question is, if MS can write a tool that bypasses all of that pesky Windows security, how long will it take before someone else does, too?


(Post a new comment)


[info]ajanhelendam
2008-05-03 09:18 am UTC (link)
The wake up call comes when you realize it doesn't matter what platform you're on and that security is limited with today's technology. Really it's no different from the fact that most locks can be jimmied by watching a YouTube video. And those garage door openers? Those things are line of sight so you just need to record the RF signal, which doesn't required an advanced degree, especially with all the components you can simply order. Heck I even opened one of the garages in the neighborhood by flipping one of the dip switches and trying house by house on my bike.

As far as security on computers are concerned, I'm more concerned about e-commerce sites and they're lack of warning to customers when they're databases with my credit information has been compromised. When it comes to that type of theft it really doesn't matter what platform since the exploits we're talking about are SQL injection or the good old Mitnick way with social engineering over the phone.

Personally, I'm more concerned about the lack of coverage of certain platforms from a technical standpoint. All I ever see are statistics. Which are fine, unless you get a message for the sysadmin about the password shadowfiles being erroneously copied and that it would be wise to change any password you may have typed in case they also managed to run a keylogger. If this hadn't happened more than once on different Linux servers nor had my account with strong passwords which are basically random alphanumeric which I memorize by hand memory, they I wouldn't be so skeptical to the claims that Linux is more secure.

Heck. Don't you remember all the exploits we took advantage of on the UNIX variants back in the ISP days? Surely, I played the prank on you by sending stuff directly to your tty port while you were logged in when I read that everything is a file in UNIX including devices. Granted all the exploits that were accessible were benign, since most everything else was diligently being patched once an exploit had been made known. Just look at the patch history of send mail. Ever wonder why they were fixing so many buffer overflow "issues". Seriously, how many mail daemons do you know that are so complicated that they were prone to crashing.

Maybe, I saw a little bit more, since I did also work in the IT call center and knew roughly what IT was monitoring. Corporate espionage is a big deal and major concern for top research universities, so literally every point of entry is monitored. Every port had been entered into a map, so they could literally tell in moments where a DDoS attack was originating from on campus. Heck, I suspect they had it linked to the dispatch system as well. Someone, tried to upload Doom or Quake onto usenet from one of the dorms. It got flagged and shutdown 15min into the upload after it tripped a flag on filesize and was deemed inappropriate afte analyzing the data stream.

Now things at KU were vastly different. They claimed similar levels of secruity, but they obviously did not have the same budgets. I often found unsecured systems.

(Reply to this)

Create an Account
Forgot your login?
Login w/ OpenID
English • Español • Deutsch • Русский…