the company that made .. - Linux

This is a discussion on the company that made .. - Linux ; Who is the company that made right-click, email, browsing and typing on your own computer dangerous .....

+ Reply to Thread
Results 1 to 7 of 7

Thread: the company that made ..

  1. the company that made ..

    Who is the company that made right-click, email, browsing and typing
    on your own computer dangerous ..

  2. Re: the company that made ..

    ____/ Doug Mentohl on Friday 04 April 2008 21:58 : \____

    > Who is the company that made right-click, email, browsing and typing
    > on your own computer dangerous ..


    The problem is the belief that execution of arbitrary code is seen as safe.
    Office macros, ActiveX, E-mail attachments/content executed upon viewing or
    clicking. With a networked environment, binaries can be very easily passed and
    the worst one can do is permit them to run easily, especially with full system
    privileges.

    Microsoft would tell you that Windows is easy to use, but with a broken model
    of /mistrust/ it also makes Windows easy for criminals to use (remotely). As
    USA indicated a couple of weeks ago, on an average day, about 40% of the
    world's PCs are zombies. All that needs to be done to make one a zombie is
    simply to plug in the PC to the network socket (the BBC reported on this some
    time ago). That's not just about the execution model, but the underlying
    system, such as a bad TCP/IP stack. Did you know that 2 months ago,
    Microsoft's 'new & shiny' TCP/IP stack allowed Vista to be hijacked merely by
    sending it a properly-crafted TCP/IP packet? Security by 'obscurity'... it
    figures.

    --
    ~~ Best of wishes

    Roy S. Schestowitz | Open minds, open source
    http://Schestowitz.com | RHAT GNU/Linux | PGP-Key: 0x74572E8E
    23:00:01 up 16 days, 10:09, 4 users, load average: 1.24, 1.25, 1.19
    http://iuron.com - help build a non-profit search engine

  3. Re: the company that made ..

    On Fri, 04 Apr 2008 23:08:21 +0100, Roy Schestowitz wrote:

    > ____/ Doug Mentohl on Friday 04 April 2008 21:58 : \____
    >
    >> Who is the company that made right-click, email, browsing and typing
    >> on your own computer dangerous ..

    >
    > The problem is the belief that execution of arbitrary code is seen as safe.
    > Office macros, ActiveX, E-mail attachments/content executed upon viewing or
    > clicking. With a networked environment, binaries can be very easily passed and
    > the worst one can do is permit them to run easily, especially with full system
    > privileges.
    >
    > Microsoft would tell you that Windows is easy to use, but with a broken model
    > of /mistrust/ it also makes Windows easy for criminals to use (remotely). As
    > USA indicated a couple of weeks ago, on an average day, about 40% of the
    > world's PCs are zombies. All that needs to be done to make one a zombie is
    > simply to plug in the PC to the network socket (the BBC reported on this some
    > time ago). That's not just about the execution model, but the underlying
    > system, such as a bad TCP/IP stack. Did you know that 2 months ago,
    > Microsoft's 'new & shiny' TCP/IP stack allowed Vista to be hijacked merely by
    > sending it a properly-crafted TCP/IP packet? Security by 'obscurity'... it
    > figures.


    So says Roy Schestowitz whose Linux server at www.schestowitz.com was
    hacked and owned a couple of weeks ago.


    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  4. Re: the company that made ..

    On Fri, 4 Apr 2008 13:58:14 -0700 (PDT), troll Doug Mentohl said after being slapped:
    > Who is the company that made right-click, email, browsing and typing
    > on your own computer dangerous ..


    Doug Mentohl's Wife Takes Dicks, Inc. Thank you.


  5. Re: the company that made ..

    Moshe Goldfarb writes:

    > On Fri, 04 Apr 2008 23:08:21 +0100, Roy Schestowitz wrote:
    >
    >> ____/ Doug Mentohl on Friday 04 April 2008 21:58 : \____
    >>
    >>> Who is the company that made right-click, email, browsing and typing
    >>> on your own computer dangerous ..

    >>
    >> The problem is the belief that execution of arbitrary code is seen as safe.
    >> Office macros, ActiveX, E-mail attachments/content executed upon viewing or
    >> clicking. With a networked environment, binaries can be very easily passed and
    >> the worst one can do is permit them to run easily, especially with full system
    >> privileges.


    LOL. One has to laugh. Roy makes Spike1 look modest with his
    degree. Schestowitz is actually explaining the principal of binary
    infection above as if no one else gets it! What a moron!

    >>
    >> Microsoft would tell you that Windows is easy to use, but with a broken model
    >> of /mistrust/ it also makes Windows easy for criminals to use
    >> (remotely). As


    One has to love the (brackets). What a bore.

    >> USA indicated a couple of weeks ago, on an average day, about 40% of the
    >> world's PCs are zombies. All that needs to be done to make one a
    >> zombie is


    Nonsense.

    >> simply to plug in the PC to the network socket (the BBC reported on this some
    >> time ago). That's not just about the execution model, but the underlying
    >> system, such as a bad TCP/IP stack. Did you know that 2 months ago,
    >> Microsoft's 'new & shiny' TCP/IP stack allowed Vista to be hijacked merely by
    >> sending it a properly-crafted TCP/IP packet? Security by 'obscurity'... it
    >> figures.


    You have no idea what you are talking about.

    >
    > So says Roy Schestowitz whose Linux server at www.schestowitz.com was
    > hacked and owned a couple of weeks ago.


    Twice.

    --
    udp - universal dropping of an pigeon

  6. Re: the company that made ..

    Moshe Goldfarb is flatfish (aka: Gary Stewart)

    http://colatrolls.blogspot.com/2008/...arb-troll.html
    http://colatrolls.blogspot.com/2007/...ish-troll.html

    Traits:

    Frequently cross posts replies to other non-Linux related newsgroups

  7. Re: the company that made ..

    On Fri, 04 Apr 2008 23:08:21 +0100, Roy Schestowitz wrote:

    > ____/ Doug Mentohl on Friday 04 April 2008 21:58 : \____
    >
    >> Who is the company that made right-click, email, browsing and typing on
    >> your own computer dangerous ..

    >
    > The problem is the belief that execution of arbitrary code is seen as
    > safe.


    No, the problem is the belief that execution of arbitrary code is seen as
    *expected*.

    > Office macros, ActiveX, E-mail attachments/content executed upon
    > viewing or clicking. With a networked environment, binaries can be very
    > easily passed and the worst one can do is permit them to run easily,
    > especially with full system privileges.


    No, the worst one can do is have a typical running as Administrator, by
    failing to promote proper usage of user accounts, confuse the distinction
    between "open" and "execute", allowing a file to be defined as
    "executable" simply by giving it the right name, *hiding* the relevant
    portion of the name, then obscuring all this from the user to the point
    that they're blissfully unaware that there even *is* a possibility of
    executing arbitrary code when they do something which should be safe such
    as, say, clicking on an "image" or "video clip" someone sent them.

    One would be *very* hard pressed to come up with a design *more* likely
    to end up with massive executions of untrusted code than that if one
    really, really wanted to, as there just aren't many areas left open to
    make the process less safe, less secure, less sane. About the only real
    remaining option would be to automate it: "Ooh, file system detected a
    new executable, auto-run enabled." Hmm, isn't that what they do with CD
    insertion?

    I'm quite certain it was not the _intent_ to design a system virtually
    guaranteed to permit untrusted code to run rampant, but as I said, it
    would be difficult indeed to design a system which did a better job of
    letting such code run.


+ Reply to Thread