Can we really trust the software we use?


log in

Advanced search

Message boards : Politics : Can we really trust the software we use?

1 · 2 · 3 · 4 . . . 17 · Next
Author Message
Sirius B
Volunteer tester
Avatar
Send message
Joined: 26 Dec 00
Posts: 11550
Credit: 1,728,110
RAC: 1,647
Israel
Message 1240973 - Posted: 4 Jun 2012, 1:43:19 UTC

"It claimed the relevant code to perform that data collection was the creation of a rogue engineer who had not told anyone else about the existence of that capability".

Google in trouble again
____________

Profile Ex
Volunteer moderator
Volunteer tester
Avatar
Send message
Joined: 12 Mar 12
Posts: 2895
Credit: 1,797,699
RAC: 1,325
United States
Message 1240984 - Posted: 4 Jun 2012, 2:09:44 UTC
Last modified: 4 Jun 2012, 2:14:16 UTC

OF COURSE, the US doesn't consider the IDENTICAL action illegal!!!! Grrrrr.

Of course.

But to be fair, these lists of wifi networks have already been on the net and available to the public for years. Hobbyists and hackers do something identical to what Google did, it's called wardriving.

I know about stuff like this, I don't talk about it much because it scares most people. But you wouldn't believe what people out there can do. If I can do it, they definitely can, and they can do malicious things for malicious reasons.
____________
-Dave #2

3.2.0-33

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 12743
Credit: 7,287,034
RAC: 17,977
United States
Message 1241002 - Posted: 4 Jun 2012, 3:57:46 UTC - in response to Message 1240984.

OF COURSE, the US doesn't consider the IDENTICAL action illegal!!!! Grrrrr.

Of course.

But to be fair, these lists of wifi networks have already been on the net and available to the public for years. Hobbyists and hackers do something identical to what Google did, it's called wardriving.

I know about stuff like this, I don't talk about it much because it scares most people. But you wouldn't believe what people out there can do. If I can do it, they definitely can, and they can do malicious things for malicious reasons.

In the US intercepting a radio communication is legal, except for a cellular phone call. Divulging its contents is legal too, as long as you don't break copyright.

As to scary, you mean like my idiot neighbor who has an open network and hasn't changed his default router password? If I were the type ...

____________

Profile betregerProject donor
Avatar
Send message
Joined: 29 Jun 99
Posts: 2500
Credit: 5,239,917
RAC: 8,182
United States
Message 1241013 - Posted: 4 Jun 2012, 4:58:04 UTC - in response to Message 1241002.

Gary, maybe your neighbor just wants to share.
____________

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 12743
Credit: 7,287,034
RAC: 17,977
United States
Message 1241015 - Posted: 4 Jun 2012, 5:10:48 UTC - in response to Message 1241013.

Gary, maybe your neighbor just wants to share.

Yes, I suppose he wants to share his passwords with the world at large.

____________

rob smithProject donor
Volunteer tester
Send message
Joined: 7 Mar 03
Posts: 8535
Credit: 59,466,015
RAC: 86,370
United Kingdom
Message 1241027 - Posted: 4 Jun 2012, 7:07:58 UTC

Too many folks just follow the guy in the shop's instructions, or the bits if it they can remember.

The shop guy says "Plug this in here, that in there, and turn it and and your computer will do the rest" that's exactly what they do. I stood next to one of those sales types some time back, last time I'd seen him he was trying to sell me a car (I didn't want it, I was sheltering from the rain and he was so stupid he didn't realise why the showroom was so full) Did he mention "password", or "security", no, never in the whole monologue.
____________
Bob Smith
Member of Seti PIPPS (Pluto is a Planet Protest Society)
Somewhere in the (un)known Universe?

Profile James Sotherden
Avatar
Send message
Joined: 16 May 99
Posts: 8922
Credit: 35,979,818
RAC: 44,152
United States
Message 1241060 - Posted: 4 Jun 2012, 12:49:13 UTC - in response to Message 1240984.

OF COURSE, the US doesn't consider the IDENTICAL action illegal!!!! Grrrrr.

Of course.

But to be fair, these lists of wifi networks have already been on the net and available to the public for years. Hobbyists and hackers do something identical to what Google did, it's called wardriving.

I know about stuff like this, I don't talk about it much because it scares most people. But you wouldn't believe what people out there can do. If I can do it, they definitely can, and they can do malicious things for malicious reasons.



And a lot of comapanies hire those kind of guys, As does Our own government. How many our rogues or will go rogue?
____________

Old James

Profile Ex
Volunteer moderator
Volunteer tester
Avatar
Send message
Joined: 12 Mar 12
Posts: 2895
Credit: 1,797,699
RAC: 1,325
United States
Message 1241102 - Posted: 4 Jun 2012, 15:37:00 UTC - in response to Message 1241027.
Last modified: 4 Jun 2012, 15:43:03 UTC

Too many folks just follow the guy in the shop's instructions, or the bits if it they can remember.

The shop guy says "Plug this in here, that in there, and turn it and and your computer will do the rest" that's exactly what they do. I stood next to one of those sales types some time back, last time I'd seen him he was trying to sell me a car (I didn't want it, I was sheltering from the rain and he was so stupid he didn't realise why the showroom was so full) Did he mention "password", or "security", no, never in the whole monologue.


Yea, it stinks things are like that, but it's up to the end user to consider their security, and fix it. Or hire someone that can set things up securely.

Default router settings are a security JOKE. I've seen a made-for-tv special about security experts, and just driving around Washington DC they found several routers in US GOVT buildings that were set at default settings, and accessible.

It would be nice if there was some sort of big red warning on routers' packaging that said "YOU MUST SETUP PASSWORD FOR SECURITY" or something of the like.
(honestly a password is just the start, I could go on and on and on).

Cisco/Linksys for one, includes a windows based software on disk, that is supposed to help in this area... Last I heard they were in trouble for their software not even doing the job properly...
____________
-Dave #2

3.2.0-33

Profile Ex
Volunteer moderator
Volunteer tester
Avatar
Send message
Joined: 12 Mar 12
Posts: 2895
Credit: 1,797,699
RAC: 1,325
United States
Message 1241111 - Posted: 4 Jun 2012, 15:59:10 UTC
Last modified: 4 Jun 2012, 16:43:11 UTC

Just to share. This is my writeup I use as rules for HOME USER wifi/router setup. Starting with the basics, and covering the extra steps you can take.

Disclaimer: Use this information at your own risk. I assume no responsibility for your network security, or anything else.

Security settings by order of importance.

1: wpa2 personal w/ AES encryption: This is the only wi-fi encryption to offer speed up to 300mbps (wireless-n) with safe encryption. set a name (SSID) and a passkey. Keep the passkey something original, and hard to guess.

2: DISABLE webgui access via wireless/wifi!!! this is a must for secure networks. (keep in mind all router administration will have to be handled on a HARD WIRED PC ON LOCAL LAN) The only time I would NOT disable wifi administration, is ONLY IF setting up a network consisting of NO WIRED LAN WHATSOEVER having solely wireless clients, and even in this situation, it is more advisable to still disable webgui over wifi and plug a laptop directly into router via LAN when administration is necessary.

(the above two are sufficient for very basic wifi security)

3: Wireless MAC filter. If you have access to all devices that will be connected to the network, compile a list of the MACs. Enable the router's wireless MAC filter set to ALLOW ONLY and add the list.

(at this point in the configuration it is advisable to save the routers configuration settings. and don't forget to save a copy of the config file (backup your settings)

4: disabling the SSID broadcast, helps keep nosy neighbors from knowing your APs name, or even knowing it exists in many cases. (Cisco firmware for whatever reason still shows your SSID to certain devices..... don't ask me why... DD-WRT firmware is a GREAT alternative)

-Enabling the wireless MAC filter and disabling the SSID broadcast (mainly, however, enabling the MAC filter) adds a level of security that we consider to be extremely safe, however, This is not always user friendly when adding new devices. For a home user that plans to easily add devices, these last two options should not be used. For a user who is capable of accessing the routers settings or willing to consult when adding devices, and when security is of importance these options are highly recommended. It provides a level of "security redundancy" that cannot be hacked into wirelessly.


(Note: These steps are for securing WIFI only. Internet security is another issue and off topic here.)
____________
-Dave #2

3.2.0-33

Profile Chris SProject donor
Volunteer tester
Avatar
Send message
Joined: 19 Nov 00
Posts: 32104
Credit: 13,795,817
RAC: 25,060
United Kingdom
Message 1241113 - Posted: 4 Jun 2012, 16:01:33 UTC

Do you want the bottom line?

Really?

OK.

90% of the general public are as thick as two short planks when it comes to computers.

Sort that out, and reasonably written software might begin to be used in a sensible manner.



Profile Ex
Volunteer moderator
Volunteer tester
Avatar
Send message
Joined: 12 Mar 12
Posts: 2895
Credit: 1,797,699
RAC: 1,325
United States
Message 1241115 - Posted: 4 Jun 2012, 16:04:29 UTC

Good luck sorting that out Chris. ;-)
____________
-Dave #2

3.2.0-33

Profile Chris SProject donor
Volunteer tester
Avatar
Send message
Joined: 19 Nov 00
Posts: 32104
Credit: 13,795,817
RAC: 25,060
United Kingdom
Message 1241120 - Posted: 4 Jun 2012, 16:11:17 UTC

Good luck sorting that out Chris. ;-)

Hi Dave,

I've got no chance mate, and I don't think many others have either. The 10% that are savvy will always exploit the rest who aren't.

musicplayer
Send message
Joined: 17 May 10
Posts: 1458
Credit: 715,033
RAC: 1,128
Message 1241126 - Posted: 4 Jun 2012, 16:24:38 UTC

It is always bad against the evil, it may seem, even when it comes to software and its uses.

Remember back in the old days, we had adware, malware, viruses, trojans, as well as bad / malicious files.

When we do our web-surfing, we are surrounded by cookies, web-addresses, shortcuts and links to addresses on the web which in some cases downloads even more malicious software on our computers in order for someone else to steal information.

Definitely an evil circle. We are not always guaranteed to be 100 % protected regardless of precautions which are taken.

Today we are supposed to be protected. Anti-virus software, anti-spyware software, etc.

We pay for such services. Some of them really are a must and should be close to mandatory to have.

Others are more individual, based on particular needs or point of view.

If you buy yourself a new hard disc drive, are you guaranteed this disc will be empty when coming from the manufacturer?

The high level formatting (as well as partitioning) process does not necessarily wipe out the data which the disc may have had.

If your own personal computer is supposed to be safe, this does not necessarily apply to web-servers, even those having safe pages (https://) with passwords included.

In order to be able to obtain money, hackers are trying to steal as much information both from individual users as well as public and private institutions, like banks.

You are never guaranteed to be 100 % protected as mentioned, because there are always some people out there who are having the ability or capability to circumvent current protection mechanisms being used.

This means that money transactions by means of the web will not always be 100 % secure, regardless of what you are doing.

Therefore it is better in the end having the police taking the culprits before they get to rich.

Sirius B
Volunteer tester
Avatar
Send message
Joined: 26 Dec 00
Posts: 11550
Credit: 1,728,110
RAC: 1,647
Israel
Message 1241156 - Posted: 4 Jun 2012, 16:53:46 UTC - in response to Message 1241111.

Just to share. This is my writeup I use as rules for HOME USER wifi/router setup. Starting with the basics, and covering the extra steps you can take.

Disclaimer: Use this information at your own risk. I assume no responsibility for your network security, or anything else.

[quote]Security settings by order of importance.

1: wpa2 personal w/ AES encryption: This is the only wi-fi encryption to offer speed up to 300mbps (wireless-n) with safe encryption. set a name (SSID) and a passkey. Keep the passkey something original, and hard to guess.

2: DISABLE webgui access via wireless/wifi!!! this is a must for secure networks. (keep in mind all router administration will have to be handled on a HARD WIRED PC ON LOCAL LAN) The only time I would NOT disable wifi administration, is ONLY IF setting up a network consisting of NO WIRED LAN WHATSOEVER having solely wireless clients, and even in this situation, it is more advisable to still disable webgui over wifi and plug a laptop directly into router via LAN when administration is necessary.

(the above two are sufficient for very basic wifi security)

3: Wireless MAC filter. If you have access to all devices that will be connected to the network, compile a list of the MACs. Enable the router's wireless MAC filter set to ALLOW ONLY and add the list.

(at this point in the configuration it is advisable to save the routers configuration settings. and don't forget to save a copy of the config file (backup your settings)

4: disabling the SSID broadcast, helps keep nosy neighbors from knowing your APs name, or even knowing it exists in many cases. (Cisco firmware for whatever reason still shows your SSID to certain devices..... don't ask me why... DD-WRT firmware is a GREAT alternative)

-Enabling the wireless MAC filter and disabling the SSID broadcast (mainly, however, enabling the MAC filter) adds a level of security that we consider to be extremely safe, however, This is not always user friendly when adding new devices. For a home user that plans to easily add devices, these last two options should not be used. For a user who is capable of accessing the routers settings or willing to consult when adding devices, and when security is of importance these options are highly recommended. It provides a level of "security redundancy" that cannot be hacked into wirelessly.


Yes, very sensible.

(Note: These steps are for securing WIFI only. Internet security is another issue and off topic here.)


Really, why? As the OP, software is used to "secure", so it comes under the same heading. therefore, if you wish to, feel free to discuss it.
____________

rob smithProject donor
Volunteer tester
Send message
Joined: 7 Mar 03
Posts: 8535
Credit: 59,466,015
RAC: 86,370
United Kingdom
Message 1241212 - Posted: 4 Jun 2012, 18:01:00 UTC

Surely there is another aspect to "trusting" software - trusting it to give the "right" answer.
I guess we've all been subject to phantom reformatting, spell checkers suggesting totally inappropriate words, spreadsheets giving strange results and so on. The truth is that much of the "domestic/commercial" software we rely on is of a fairly low standard.
____________
Bob Smith
Member of Seti PIPPS (Pluto is a Planet Protest Society)
Somewhere in the (un)known Universe?

Sirius B
Volunteer tester
Avatar
Send message
Joined: 26 Dec 00
Posts: 11550
Credit: 1,728,110
RAC: 1,647
Israel
Message 1241218 - Posted: 4 Jun 2012, 18:09:42 UTC - in response to Message 1241212.

True, but that raise a question.. Why are the standards low?
____________

Profile Julie
Avatar
Send message
Joined: 15 May 12
Posts: 279
Credit: 60,238
RAC: 140
United States
Message 1241304 - Posted: 4 Jun 2012, 20:41:41 UTC - in response to Message 1241218.

True, but that raise a question.. Why are the standards low?

To keep the hackers in bidness?
lol

Quite a few years ago I bought a computer with mostly try now/buy later kinds of deals. Problem was, it was XP os back when there was no freakin drivers to run anything on the stupid thing. I got ahold of Nero and used drivers from it somehow. That was a mess. Ended up reformatting it down to ME (98 SE was my fav partly because it was the only one that had Critter Rock visualization in the media player.)

*getting me off my tangent*
When people buy preassembled computers like that with all that buyware, it isn't hard to bundle in other crap as well. People like me who aren't too conversant with code wouldn't know one exe from another. I had an install disc from a store bought webcam that had a trojan in on the install disc.
:/

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13625
Credit: 31,059,518
RAC: 20,676
United States
Message 1241309 - Posted: 4 Jun 2012, 20:54:22 UTC - in response to Message 1241304.

True, but that raise a question.. Why are the standards low?

To keep the hackers in bidness?


The problem is if you try to build a software "too smart", you are relying on the computer to do something that may not be best or it may not be what the user wanted. Though software is getting smarter, compare today's software from that of 30 years ago.

Quite a few years ago I bought a computer with mostly try now/buy later kinds of deals. Problem was, it was XP os back when there was no freakin drivers to run anything on the stupid thing.


Not strictly true implicitly. An OS's built-in drivers are only as up to date as the OS itself. When Windows 98SE came out, its drivers were only valid for anything up until that OS was released. Any hardware that was released after had to include a driver install disc. The same with Windows XP; it has/had built-in drivers that were current up until that OS was released.

The same thing will be true of Windows 7. Its driver store is great for everything up until it was released two years ago. However, if you install it on any current motherboard (e.g. an Intel X58 or X79 based motherboard), you will need to load the drivers from the motherboard installation disc because Windows' own drivers aren't up-to-date enough to know about newer hardware.

However, if a driver manufacturer submits their drivers to Microsoft for validation, it can become available in Microsoft's online driver store, which Vista, 7, and even Windows 8 can then download and use.

I got ahold of Nero and used drivers from it somehow. That was a mess. Ended up reformatting it down to ME (98 SE was my fav partly because it was the only one that had Critter Rock visualization in the media player.)


Not sure how Nero could have been a part of the equation, unless Nero's software (because they don't manufacture hardware) was trying to load virtual hardware device for which Windows did not have a driver. Since I use Nero too, I'm going to go out on a limb and suggest that it was likely the virtual "image" device used so that you can copy CD/DVD's on a single drive system.

*getting me off my tangent*
I had an install disc from a store bought webcam that had a trojan in on the install disc.
:/


Likely a false-positive. Many AV scanners find my ANGRYIP.EXE IP port scanner and alert me that its a trojan, but I know for a fact that it is not.

Profile Julie
Avatar
Send message
Joined: 15 May 12
Posts: 279
Credit: 60,238
RAC: 140
United States
Message 1241315 - Posted: 4 Jun 2012, 21:06:20 UTC - in response to Message 1241309.
Last modified: 4 Jun 2012, 21:07:03 UTC

no drivers to run the cd rom lol
the only thing on the machine that worked was the modem.
no dvd at the time this machine was gotten. Roughly 2004 mebbe?
my sense of time really sucks.
Nero was used to run the cd rom. Found out from Microsplat that they were still working drivers because some companies hadn't finished their driver updates.
That is my personal reason for hating xp.

Sirius B
Volunteer tester
Avatar
Send message
Joined: 26 Dec 00
Posts: 11550
Credit: 1,728,110
RAC: 1,647
Israel
Message 1241318 - Posted: 4 Jun 2012, 21:08:18 UTC - in response to Message 1241315.
Last modified: 4 Jun 2012, 21:10:24 UTC

That sounds suspiciously like you had an original XP installation - they were problematic to install.

With the release of XP SP1, some of those issues were resolved.

Edit: I've even had issues with reinstalling XP SP2/3 so often used XP SP1a installation disk, then added the SP's later.
____________

1 · 2 · 3 · 4 . . . 17 · Next

Message boards : Politics : Can we really trust the software we use?

Copyright © 2014 University of California