Can we really trust the software we use?

Message boards : Politics : Can we really trust the software we use?
Message board moderation

To post messages, you must log in.

1 · 2 · 3 · 4 . . . 14 · Next

AuthorMessage
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 24870
Credit: 3,081,182
RAC: 7
Ireland
Message 1240973 - Posted: 4 Jun 2012, 1:43:19 UTC

"It claimed the relevant code to perform that data collection was the creation of a rogue engineer who had not told anyone else about the existence of that capability".

Google in trouble again
ID: 1240973 · Report as offensive
Profile Ex: "Socialist"
Volunteer tester
Avatar

Send message
Joined: 12 Mar 12
Posts: 3433
Credit: 2,616,158
RAC: 2
United States
Message 1240984 - Posted: 4 Jun 2012, 2:09:44 UTC
Last modified: 4 Jun 2012, 2:14:16 UTC

OF COURSE, the US doesn't consider the IDENTICAL action illegal!!!! Grrrrr.

Of course.

But to be fair, these lists of wifi networks have already been on the net and available to the public for years. Hobbyists and hackers do something identical to what Google did, it's called wardriving.

I know about stuff like this, I don't talk about it much because it scares most people. But you wouldn't believe what people out there can do. If I can do it, they definitely can, and they can do malicious things for malicious reasons.
#resist
ID: 1240984 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30593
Credit: 53,134,872
RAC: 32
United States
Message 1241002 - Posted: 4 Jun 2012, 3:57:46 UTC - in response to Message 1240984.  

OF COURSE, the US doesn't consider the IDENTICAL action illegal!!!! Grrrrr.

Of course.

But to be fair, these lists of wifi networks have already been on the net and available to the public for years. Hobbyists and hackers do something identical to what Google did, it's called wardriving.

I know about stuff like this, I don't talk about it much because it scares most people. But you wouldn't believe what people out there can do. If I can do it, they definitely can, and they can do malicious things for malicious reasons.

In the US intercepting a radio communication is legal, except for a cellular phone call. Divulging its contents is legal too, as long as you don't break copyright.

As to scary, you mean like my idiot neighbor who has an open network and hasn't changed his default router password? If I were the type ...

ID: 1241002 · Report as offensive
Profile betreger Project Donor
Avatar

Send message
Joined: 29 Jun 99
Posts: 11354
Credit: 29,581,041
RAC: 66
United States
Message 1241013 - Posted: 4 Jun 2012, 4:58:04 UTC - in response to Message 1241002.  

Gary, maybe your neighbor just wants to share.
ID: 1241013 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30593
Credit: 53,134,872
RAC: 32
United States
Message 1241015 - Posted: 4 Jun 2012, 5:10:48 UTC - in response to Message 1241013.  

Gary, maybe your neighbor just wants to share.

Yes, I suppose he wants to share his passwords with the world at large.

ID: 1241015 · Report as offensive
rob smith Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer moderator
Volunteer tester

Send message
Joined: 7 Mar 03
Posts: 22149
Credit: 416,307,556
RAC: 380
United Kingdom
Message 1241027 - Posted: 4 Jun 2012, 7:07:58 UTC

Too many folks just follow the guy in the shop's instructions, or the bits if it they can remember.

The shop guy says "Plug this in here, that in there, and turn it and and your computer will do the rest" that's exactly what they do. I stood next to one of those sales types some time back, last time I'd seen him he was trying to sell me a car (I didn't want it, I was sheltering from the rain and he was so stupid he didn't realise why the showroom was so full) Did he mention "password", or "security", no, never in the whole monologue.
Bob Smith
Member of Seti PIPPS (Pluto is a Planet Protest Society)
Somewhere in the (un)known Universe?
ID: 1241027 · Report as offensive
Profile James Sotherden
Avatar

Send message
Joined: 16 May 99
Posts: 10436
Credit: 110,373,059
RAC: 54
United States
Message 1241060 - Posted: 4 Jun 2012, 12:49:13 UTC - in response to Message 1240984.  

OF COURSE, the US doesn't consider the IDENTICAL action illegal!!!! Grrrrr.

Of course.

But to be fair, these lists of wifi networks have already been on the net and available to the public for years. Hobbyists and hackers do something identical to what Google did, it's called wardriving.

I know about stuff like this, I don't talk about it much because it scares most people. But you wouldn't believe what people out there can do. If I can do it, they definitely can, and they can do malicious things for malicious reasons.



And a lot of comapanies hire those kind of guys, As does Our own government. How many our rogues or will go rogue?
[/quote]

Old James
ID: 1241060 · Report as offensive
Profile Ex: "Socialist"
Volunteer tester
Avatar

Send message
Joined: 12 Mar 12
Posts: 3433
Credit: 2,616,158
RAC: 2
United States
Message 1241102 - Posted: 4 Jun 2012, 15:37:00 UTC - in response to Message 1241027.  
Last modified: 4 Jun 2012, 15:43:03 UTC

Too many folks just follow the guy in the shop's instructions, or the bits if it they can remember.

The shop guy says "Plug this in here, that in there, and turn it and and your computer will do the rest" that's exactly what they do. I stood next to one of those sales types some time back, last time I'd seen him he was trying to sell me a car (I didn't want it, I was sheltering from the rain and he was so stupid he didn't realise why the showroom was so full) Did he mention "password", or "security", no, never in the whole monologue.


Yea, it stinks things are like that, but it's up to the end user to consider their security, and fix it. Or hire someone that can set things up securely.

Default router settings are a security JOKE. I've seen a made-for-tv special about security experts, and just driving around Washington DC they found several routers in US GOVT buildings that were set at default settings, and accessible.

It would be nice if there was some sort of big red warning on routers' packaging that said "YOU MUST SETUP PASSWORD FOR SECURITY" or something of the like.
(honestly a password is just the start, I could go on and on and on).

Cisco/Linksys for one, includes a windows based software on disk, that is supposed to help in this area... Last I heard they were in trouble for their software not even doing the job properly...
#resist
ID: 1241102 · Report as offensive
Profile Ex: "Socialist"
Volunteer tester
Avatar

Send message
Joined: 12 Mar 12
Posts: 3433
Credit: 2,616,158
RAC: 2
United States
Message 1241111 - Posted: 4 Jun 2012, 15:59:10 UTC
Last modified: 4 Jun 2012, 16:43:11 UTC

Just to share. This is my writeup I use as rules for HOME USER wifi/router setup. Starting with the basics, and covering the extra steps you can take.

Disclaimer: Use this information at your own risk. I assume no responsibility for your network security, or anything else.

Security settings by order of importance.

1: wpa2 personal w/ AES encryption: This is the only wi-fi encryption to offer speed up to 300mbps (wireless-n) with safe encryption. set a name (SSID) and a passkey. Keep the passkey something original, and hard to guess.

2: DISABLE webgui access via wireless/wifi!!! this is a must for secure networks. (keep in mind all router administration will have to be handled on a HARD WIRED PC ON LOCAL LAN) The only time I would NOT disable wifi administration, is ONLY IF setting up a network consisting of NO WIRED LAN WHATSOEVER having solely wireless clients, and even in this situation, it is more advisable to still disable webgui over wifi and plug a laptop directly into router via LAN when administration is necessary.

(the above two are sufficient for very basic wifi security)

3: Wireless MAC filter. If you have access to all devices that will be connected to the network, compile a list of the MACs. Enable the router's wireless MAC filter set to ALLOW ONLY and add the list.

(at this point in the configuration it is advisable to save the routers configuration settings. and don't forget to save a copy of the config file (backup your settings)

4: disabling the SSID broadcast, helps keep nosy neighbors from knowing your APs name, or even knowing it exists in many cases. (Cisco firmware for whatever reason still shows your SSID to certain devices..... don't ask me why... DD-WRT firmware is a GREAT alternative)

-Enabling the wireless MAC filter and disabling the SSID broadcast (mainly, however, enabling the MAC filter) adds a level of security that we consider to be extremely safe, however, This is not always user friendly when adding new devices. For a home user that plans to easily add devices, these last two options should not be used. For a user who is capable of accessing the routers settings or willing to consult when adding devices, and when security is of importance these options are highly recommended. It provides a level of "security redundancy" that cannot be hacked into wirelessly.


(Note: These steps are for securing WIFI only. Internet security is another issue and off topic here.)
#resist
ID: 1241111 · Report as offensive
Profile Ex: "Socialist"
Volunteer tester
Avatar

Send message
Joined: 12 Mar 12
Posts: 3433
Credit: 2,616,158
RAC: 2
United States
Message 1241115 - Posted: 4 Jun 2012, 16:04:29 UTC

Good luck sorting that out Chris. ;-)
#resist
ID: 1241115 · Report as offensive
musicplayer

Send message
Joined: 17 May 10
Posts: 2430
Credit: 926,046
RAC: 0
Message 1241126 - Posted: 4 Jun 2012, 16:24:38 UTC

It is always bad against the evil, it may seem, even when it comes to software and its uses.

Remember back in the old days, we had adware, malware, viruses, trojans, as well as bad / malicious files.

When we do our web-surfing, we are surrounded by cookies, web-addresses, shortcuts and links to addresses on the web which in some cases downloads even more malicious software on our computers in order for someone else to steal information.

Definitely an evil circle. We are not always guaranteed to be 100 % protected regardless of precautions which are taken.

Today we are supposed to be protected. Anti-virus software, anti-spyware software, etc.

We pay for such services. Some of them really are a must and should be close to mandatory to have.

Others are more individual, based on particular needs or point of view.

If you buy yourself a new hard disc drive, are you guaranteed this disc will be empty when coming from the manufacturer?

The high level formatting (as well as partitioning) process does not necessarily wipe out the data which the disc may have had.

If your own personal computer is supposed to be safe, this does not necessarily apply to web-servers, even those having safe pages (https://) with passwords included.

In order to be able to obtain money, hackers are trying to steal as much information both from individual users as well as public and private institutions, like banks.

You are never guaranteed to be 100 % protected as mentioned, because there are always some people out there who are having the ability or capability to circumvent current protection mechanisms being used.

This means that money transactions by means of the web will not always be 100 % secure, regardless of what you are doing.

Therefore it is better in the end having the police taking the culprits before they get to rich.
ID: 1241126 · Report as offensive
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 24870
Credit: 3,081,182
RAC: 7
Ireland
Message 1241156 - Posted: 4 Jun 2012, 16:53:46 UTC - in response to Message 1241111.  

Just to share. This is my writeup I use as rules for HOME USER wifi/router setup. Starting with the basics, and covering the extra steps you can take.

Disclaimer: Use this information at your own risk. I assume no responsibility for your network security, or anything else.

[quote]Security settings by order of importance.

1: wpa2 personal w/ AES encryption: This is the only wi-fi encryption to offer speed up to 300mbps (wireless-n) with safe encryption. set a name (SSID) and a passkey. Keep the passkey something original, and hard to guess.

2: DISABLE webgui access via wireless/wifi!!! this is a must for secure networks. (keep in mind all router administration will have to be handled on a HARD WIRED PC ON LOCAL LAN) The only time I would NOT disable wifi administration, is ONLY IF setting up a network consisting of NO WIRED LAN WHATSOEVER having solely wireless clients, and even in this situation, it is more advisable to still disable webgui over wifi and plug a laptop directly into router via LAN when administration is necessary.

(the above two are sufficient for very basic wifi security)

3: Wireless MAC filter. If you have access to all devices that will be connected to the network, compile a list of the MACs. Enable the router's wireless MAC filter set to ALLOW ONLY and add the list.

(at this point in the configuration it is advisable to save the routers configuration settings. and don't forget to save a copy of the config file (backup your settings)

4: disabling the SSID broadcast, helps keep nosy neighbors from knowing your APs name, or even knowing it exists in many cases. (Cisco firmware for whatever reason still shows your SSID to certain devices..... don't ask me why... DD-WRT firmware is a GREAT alternative)

-Enabling the wireless MAC filter and disabling the SSID broadcast (mainly, however, enabling the MAC filter) adds a level of security that we consider to be extremely safe, however, This is not always user friendly when adding new devices. For a home user that plans to easily add devices, these last two options should not be used. For a user who is capable of accessing the routers settings or willing to consult when adding devices, and when security is of importance these options are highly recommended. It provides a level of "security redundancy" that cannot be hacked into wirelessly.


Yes, very sensible.

(Note: These steps are for securing WIFI only. Internet security is another issue and off topic here.)


Really, why? As the OP, software is used to "secure", so it comes under the same heading. therefore, if you wish to, feel free to discuss it.
ID: 1241156 · Report as offensive
rob smith Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer moderator
Volunteer tester

Send message
Joined: 7 Mar 03
Posts: 22149
Credit: 416,307,556
RAC: 380
United Kingdom
Message 1241212 - Posted: 4 Jun 2012, 18:01:00 UTC

Surely there is another aspect to "trusting" software - trusting it to give the "right" answer.
I guess we've all been subject to phantom reformatting, spell checkers suggesting totally inappropriate words, spreadsheets giving strange results and so on. The truth is that much of the "domestic/commercial" software we rely on is of a fairly low standard.
Bob Smith
Member of Seti PIPPS (Pluto is a Planet Protest Society)
Somewhere in the (un)known Universe?
ID: 1241212 · Report as offensive
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 24870
Credit: 3,081,182
RAC: 7
Ireland
Message 1241218 - Posted: 4 Jun 2012, 18:09:42 UTC - in response to Message 1241212.  

True, but that raise a question.. Why are the standards low?
ID: 1241218 · Report as offensive
Profile Julie
Avatar

Send message
Joined: 15 May 12
Posts: 279
Credit: 126,042
RAC: 0
United States
Message 1241304 - Posted: 4 Jun 2012, 20:41:41 UTC - in response to Message 1241218.  

True, but that raise a question.. Why are the standards low?

To keep the hackers in bidness?
lol

Quite a few years ago I bought a computer with mostly try now/buy later kinds of deals. Problem was, it was XP os back when there was no freakin drivers to run anything on the stupid thing. I got ahold of Nero and used drivers from it somehow. That was a mess. Ended up reformatting it down to ME (98 SE was my fav partly because it was the only one that had Critter Rock visualization in the media player.)

*getting me off my tangent*
When people buy preassembled computers like that with all that buyware, it isn't hard to bundle in other crap as well. People like me who aren't too conversant with code wouldn't know one exe from another. I had an install disc from a store bought webcam that had a trojan in on the install disc.
:/
ID: 1241304 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1241309 - Posted: 4 Jun 2012, 20:54:22 UTC - in response to Message 1241304.  

True, but that raise a question.. Why are the standards low?

To keep the hackers in bidness?


The problem is if you try to build a software "too smart", you are relying on the computer to do something that may not be best or it may not be what the user wanted. Though software is getting smarter, compare today's software from that of 30 years ago.

Quite a few years ago I bought a computer with mostly try now/buy later kinds of deals. Problem was, it was XP os back when there was no freakin drivers to run anything on the stupid thing.


Not strictly true implicitly. An OS's built-in drivers are only as up to date as the OS itself. When Windows 98SE came out, its drivers were only valid for anything up until that OS was released. Any hardware that was released after had to include a driver install disc. The same with Windows XP; it has/had built-in drivers that were current up until that OS was released.

The same thing will be true of Windows 7. Its driver store is great for everything up until it was released two years ago. However, if you install it on any current motherboard (e.g. an Intel X58 or X79 based motherboard), you will need to load the drivers from the motherboard installation disc because Windows' own drivers aren't up-to-date enough to know about newer hardware.

However, if a driver manufacturer submits their drivers to Microsoft for validation, it can become available in Microsoft's online driver store, which Vista, 7, and even Windows 8 can then download and use.

I got ahold of Nero and used drivers from it somehow. That was a mess. Ended up reformatting it down to ME (98 SE was my fav partly because it was the only one that had Critter Rock visualization in the media player.)


Not sure how Nero could have been a part of the equation, unless Nero's software (because they don't manufacture hardware) was trying to load virtual hardware device for which Windows did not have a driver. Since I use Nero too, I'm going to go out on a limb and suggest that it was likely the virtual "image" device used so that you can copy CD/DVD's on a single drive system.

*getting me off my tangent*
I had an install disc from a store bought webcam that had a trojan in on the install disc.
:/


Likely a false-positive. Many AV scanners find my ANGRYIP.EXE IP port scanner and alert me that its a trojan, but I know for a fact that it is not.
ID: 1241309 · Report as offensive
Profile Julie
Avatar

Send message
Joined: 15 May 12
Posts: 279
Credit: 126,042
RAC: 0
United States
Message 1241315 - Posted: 4 Jun 2012, 21:06:20 UTC - in response to Message 1241309.  
Last modified: 4 Jun 2012, 21:07:03 UTC

no drivers to run the cd rom lol
the only thing on the machine that worked was the modem.
no dvd at the time this machine was gotten. Roughly 2004 mebbe?
my sense of time really sucks.
Nero was used to run the cd rom. Found out from Microsplat that they were still working drivers because some companies hadn't finished their driver updates.
That is my personal reason for hating xp.
ID: 1241315 · Report as offensive
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 24870
Credit: 3,081,182
RAC: 7
Ireland
Message 1241318 - Posted: 4 Jun 2012, 21:08:18 UTC - in response to Message 1241315.  
Last modified: 4 Jun 2012, 21:10:24 UTC

That sounds suspiciously like you had an original XP installation - they were problematic to install.

With the release of XP SP1, some of those issues were resolved.

Edit: I've even had issues with reinstalling XP SP2/3 so often used XP SP1a installation disk, then added the SP's later.
ID: 1241318 · Report as offensive
Profile Julie
Avatar

Send message
Joined: 15 May 12
Posts: 279
Credit: 126,042
RAC: 0
United States
Message 1241320 - Posted: 4 Jun 2012, 21:10:58 UTC - in response to Message 1241318.  

That sounds suspiciously like you had an original XP installation - they were problematic to install.

With the release of XP SP1, some of those issues were resolved.

yep, that it was, but I didn't wait for sp1, reformatting fixed my problems lol
until it popped it's gasket and kinda melted it's power supply.
ID: 1241320 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1241324 - Posted: 4 Jun 2012, 21:16:29 UTC - in response to Message 1241315.  

no drivers to run the cd rom lol


That would have to be a controller problem then. Every version of Windows back to Win95 had drivers built into the kernel for CD-ROM drives. DVD-ROM suuport was added in Windows 98SE. Likely whatever controller you were using for the CD-ROM wasn't recognized by Windows. If it was plugged directly into the motherboard, then that would be the motherboard's chipset drivers.

Nero was used to run the cd rom. Found out from Microsplat that they were still working drivers because some companies hadn't finished their driver updates.
That is my personal reason for hating xp.


Since Nero is software-only, and Nero interfaces directly with the kernel's driver, that suggests that the problem was elsewhere.

I suppose it doesn't matter now, but what lead you to believe that the CD-ROM drive wasn't working if Nero could use it? When you say it didn't work, could Windows still read the contents of a disc but you couldn't do something else?
ID: 1241324 · Report as offensive
1 · 2 · 3 · 4 . . . 14 · Next

Message boards : Politics : Can we really trust the software we use?


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.