Can we really trust IT?


log in

Advanced search

Message boards : Politics : Can we really trust IT?

Previous · 1 · 2 · 3 · 4 · 5 · 6 . . . 13 · Next
Author Message
Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8502
Credit: 4,194,990
RAC: 1,726
United Kingdom
Message 1334141 - Posted: 3 Feb 2013, 1:17:39 UTC - in response to Message 1334060.
Last modified: 3 Feb 2013, 1:18:11 UTC

Isn't twitter running linux?

How childishly expected from you and so unhelpfully so... Do you EVER have anything positive or useful to offer?


Just to clear up your latest one-liner mud-slinging:

As I'm sure you just must know...

"Linux" is the kernel. The system is so 'secure' that any problems there make WORLD HEADLINE NEWS if anything were to be found. Do you hear many examples? Thought not.

The commonly used combination to put an Operating System together is GNU/Linux. The system is so 'secure' that any problems there make WORLD HEADLINE NEWS if anything were to be found. Do you hear many examples? Thought not.

And then you have a fantastic universe of applications that run on GNU/Linux. Websites and their support services are just one of many very widely use applications.

For the Twitter story, note:

Twitter breach leaks emails, passwords of 250,000 users

... "This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data," Bob Lord, Twitter's director of information security, writes in a blog post.

According to Lord, Twitter was able to shut down the attack within moments of discovering it, but not before the attackers were able to make off with what he calls "limited user information," including usernames, email addresses, session tokens, and the encrypted and salted versions of passwords.

The encryption on such passwords is generally difficult to crack – but it's not impossible, particularly if the attacker is familiar with the algorithm used to encrypt them.

As a precaution, Lord says Twitter has reset the passwords of all 250,000 affected accounts – which, he observes, is just "a small percentage" of the more than 140 million Twitter users worldwide. ...



So... Compared to the calamities of certain other systems, that one looks to be pretty damn good and a fast response to an application attack.

If anything, that is more a reminder of the inherent vulnerabilities of using passwords and security cookies. All the more so for hosts where the hosts are easily compromised. There's also a few hints that the ongoing suffering Java problems may be implicated. (Also note that Java is NOT Javascript.)

Next?


IT is what we make it...
Martin
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 12748
Credit: 7,295,082
RAC: 18,107
United States
Message 1334150 - Posted: 3 Feb 2013, 2:14:30 UTC - in response to Message 1334141.

So you won't be posting about Windoze being open again when it is the application Internet Explorer, or the application Active X or the application Flash, or any other application. Only when someone attacks the windoze kernel, not some support service.

BTW, if it was the web service application at twitter, was that a FOSS application? One of those you tout at unbreakable because lots of eyeballs look at it?


____________

Profile James Sotherden
Avatar
Send message
Joined: 16 May 99
Posts: 8922
Credit: 35,999,733
RAC: 44,509
United States
Message 1334152 - Posted: 3 Feb 2013, 2:15:35 UTC

As a precaution, Lord says Twitter has reset the passwords of all 250,000 affected accounts – which, he observes, is just "a small percentage" of the more than 140 million Twitter users worldwide. ...

Now granted this is just twitter. But still somebody got in and hacked 250,000 peoples passwords and whatever. Would Mr Lord have been so smug if it was 250,000 passwords to bank accounts. O we caught it in minutes he said. Still some one got in peroid.

And I think you will find more attemps at breaking in the future. Why you ask, beacause any teenager can crack windows. Now they will come after your OS because you say it cant be done.
____________

Old James

Profile dancer42
Volunteer tester
Send message
Joined: 2 Jun 02
Posts: 436
Credit: 1,159,660
RAC: 130
United States
Message 1334154 - Posted: 3 Feb 2013, 2:24:10 UTC - in response to Message 1330986.

Just wonder which Linux kernel the phone is running. And is the bug allowing the overwrite present in other flavors of that kernel running on other devices.


Well with all the 1000's of posts on this forum alone regarding O/S'es & their weaknesses, just wonder what happened to the peer review in this case!

Also, with the Red October issue - Isn't many of those systems run by governments/corporations running linux?

=======================================================
redmont does not do peer review and there not faults their feature's. lol
____________

Profile dancer42
Volunteer tester
Send message
Joined: 2 Jun 02
Posts: 436
Credit: 1,159,660
RAC: 130
United States
Message 1334158 - Posted: 3 Feb 2013, 2:38:17 UTC - in response to Message 1333612.

the real question is can we trust the people that are supposed to know things to actually know them.

My Boss doesn't know the difference between an OS and an LIS. This is no lie. I told her that the IT guys were updating Computers from dual core intels to quad core i5's. I was informed that the PC updates were intended so that we could migrate to Windows 7.
I notified my boss of this and she exclaimed, "they can't upgrade to Windows 7 we need Windows 9 for the LIS to work properly."

I let it go. the WTF look and head shaking didn't phase her a bit. the next LIS upgrade we can do is 9.0 I needed an LIS question answered and decided to confirm what I already knew. can our current LIS work on Windows 7. Certainly without a problem. I get tired of nitwits thinking they sound important by rattling of names and numbers of OSes or programs and have little idea what they are talking about. So far, in the last year, she has made massive inroads into why computer illiterate people shouldn't play with Programs others need to use for their work

=======================================================
the peter principle


The principle holds that in a hierarchy, members are promoted so long as they work competently. Eventually they are promoted to a position at which they are no longer competent (their "level of incompetence"), and there they remain, being unable to earn further promotions. Peter's Corollary states that "[i]n time, every post tends to be occupied by an employee who is incompetent to carry out its duties"[2] and adds that "work is accomplished by those employees who have not yet reached their level of incompetence." "Managing upward" is the concept of a subordinate finding ways to subtly manipulate his or her superiors in order to prevent them from interfering with the subordinate's productive activity or to generally limit the damage done by the superiors' incompetence.

this goes double for government.
____________

Profile Ex
Volunteer moderator
Volunteer tester
Avatar
Send message
Joined: 12 Mar 12
Posts: 2895
Credit: 1,797,699
RAC: 1,325
United States
Message 1334164 - Posted: 3 Feb 2013, 3:47:25 UTC - in response to Message 1334150.

So you won't be posting about Windoze being open again when it is the application Internet Explorer, or the application Active X or the application Flash, or any other application. Only when someone attacks the windoze kernel, not some support service.

BTW, if it was the web service application at twitter, was that a FOSS application? One of those you tout at unbreakable because lots of eyeballs look at it?


Not for nothing but it's no secret that Windows (the kernel) and it's applications have way more security holes than the other 2 main OS's out there (Mac and Linux).

And no one said Open source software is 100% safe either.

And as far as web services, Apache runs more than half the Internet. It's safe to say it's been pretty resistant to widespread hacking.

And no matter what Software or OS you use, there is always the issue of user error...
____________
-Dave #2

3.2.0-33

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8502
Credit: 4,194,990
RAC: 1,726
United Kingdom
Message 1334461 - Posted: 4 Feb 2013, 0:15:27 UTC - in response to Message 1334150.
Last modified: 4 Feb 2013, 0:19:33 UTC

... One of those you tout at unbreakable...

Yet more trolling we see... Hope you're not on your way around the bend in spitting such desperations...


I've never touted any OS or system as being 'unbreakable'.

However, we have systems that have been designed from the outset to be secure. The *nix model of system permission still works well and has survived the test of time. In the Linux world, we also have "security enhanced" additions that sacrifice flexibility for systems that need some 'higher' level of security. However, that enhanced security is only for the paranoid. We'd hear about it very quickly in the world news headlines for any significant failure for everyday use Linux! Along with the good design, we have the FLOSS peer review to keep that good.

Not seen any such headlines other than the usual development noise ;-)

Note also that no amount of FLOSS stops anyone taking old code to misuse in their own individual haste or ignorance...


We also have notably one system in the world that has proven to be vulnerable to real world exploits continuously for well over a decade that has spawned a new industry of 3rd party software to try to patch up and patch over the deficiencies of the OS and the vulnerable tightly integrated applications...

The continuing litany of exploits exploited speaks far more eloquently than I. So much so that for a certain one OS, even severe exploits are so commonplace as to be no longer news worthy unless there is a story for collateral damage.


I still believe that Microsoft Windows is unique in effectively requiring the everyday use of "anti-virus" software... And whatever 'antivirus' is never a reliable or complete solution.

IT is what we make it...
Martin
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 12748
Credit: 7,295,082
RAC: 18,107
United States
Message 1334503 - Posted: 4 Feb 2013, 4:30:37 UTC - in response to Message 1334461.

Along with the good design, we have the FLOSS peer review to keep that good.

We sure do.

____________

Profile Ex
Volunteer moderator
Volunteer tester
Avatar
Send message
Joined: 12 Mar 12
Posts: 2895
Credit: 1,797,699
RAC: 1,325
United States
Message 1334518 - Posted: 4 Feb 2013, 5:45:30 UTC - in response to Message 1334503.
Last modified: 4 Feb 2013, 5:46:25 UTC

Along with the good design, we have the FLOSS peer review to keep that good.

We sure do.

Yes Gary. A website was hacked once 2 years ago. Lots of websites get hacked.

Certainly seems like an Admin problem rather than a software problem? That's just my take on it.
____________
-Dave #2

3.2.0-33

Profile James Sotherden
Avatar
Send message
Joined: 16 May 99
Posts: 8922
Credit: 35,999,733
RAC: 44,509
United States
Message 1334578 - Posted: 4 Feb 2013, 13:58:20 UTC

I still believe that Microsoft Windows is unique in effectively requiring the everyday use of "anti-virus" software... And whatever 'antivirus' is never a reliable or complete solution.

I wondering if MS leaves holes in the OS just so the antivirus folks can pay them some underhanded secret cash?

Look I have nothing against Linux, Ive just never used it. My wife has an old laptop that she never uses anymore. Its a toshiba satelite XP celeron. Maybe I should try linux on that if I can.

I had an I Mac that i think the hard drive died. Cant afford to get it looked at yet. But I loved that I never had to use any antivirus.

My question for you is, If some Nation decided that they wanted to start hacking in Mac OS X or Linux. And gatherd the right people. Could they do it?
____________

Old James

Profile Jim_SProject donor
Avatar
Send message
Joined: 23 Feb 00
Posts: 4526
Credit: 18,835,752
RAC: 8,635
United States
Message 1334584 - Posted: 4 Feb 2013, 14:13:12 UTC - in response to Message 1334578.
Last modified: 4 Feb 2013, 14:29:04 UTC

I still believe that Microsoft Windows is unique in effectively requiring the everyday use of "anti-virus" software... And whatever 'antivirus' is never a reliable or complete solution.

I wondering if MS leaves holes in the OS just so the antivirus folks can pay them some underhanded secret cash?

Look I have nothing against Linux, Ive just never used it. My wife has an old laptop that she never uses anymore. Its a toshiba satelite XP celeron. Maybe I should try linux on that if I can.

I had an I Mac that i think the hard drive died. Cant afford to get it looked at yet. But I loved that I never had to use any antivirus.

My question for you is, If some Nation decided that they wanted to start hacking in Mac OS X or Linux. And gatherd the right people. Could they do it?


Short answer from a FRIEND in Military Intelligence, YES...They have Many Eyes on MANY things at ALL TIMES.
No OS is Un-breachable.
____________

I Desire Peace and Justice, Jim Scott (Mod-Ret.)

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8502
Credit: 4,194,990
RAC: 1,726
United Kingdom
Message 1334598 - Posted: 4 Feb 2013, 15:35:35 UTC - in response to Message 1334584.

Short answer from a FRIEND in Military Intelligence, YES...They have Many Eyes on MANY things at ALL TIMES.
No OS is Un-breachable.

Indeed so.

However, some targets are far more amenable to abuse than others.

For example, complicated websites can offer a large range of functions against which to attempt exploit attacks. There is still a lot of silly code out there on the web that passes web parameters directly to mysql rather than restricting what can be done with indirect access via a "case" statement to select ONLY what is wanted to be done... Just the usual ignorant or lazy programming snafu. The underlying OS can remain secure even if some sloppy web app becomes abused.

As for easier and harder targets:

Those systems kept secret can hide a lot of sloppiness and silliness by virtue of being 'secret'. Whereas, for those systems that are intended to be open to public scrutiny, you can bet there's much greater care taken to avoid open embarrassment! With open peer review, you also get the best comments back for improvement from the best of the eyes that look over the code or have an interest in the code. All a stark contrast to the sort of stuff 'swept under the carpet' when hiding behind the words "secret" and "proprietary"...


Interestingly, take a look at what secured OSes are included in the US military developments:

NSA: Security-Enhanced Linux

The list is: Linux, FreeBSD and Solaris. The Linux kernel enhancements are explained on: Wikipedia: Security-Enhanced Linux


That level of security is way-OTT for my servers. Indeed, the normal *nix permissions have proven adequate for my examples for many years. I've run selinux on a number of test systems on occasion but so far, there just hasn't been any kernel security problems in the mainstream Linux to persuade me to switch systems. Why change when what you have works well and there are no better offerings for the task?

I wonder what the NSA policy is towards Microsoft Windows?...


IT is what we make it...
Martin


____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8502
Credit: 4,194,990
RAC: 1,726
United Kingdom
Message 1334602 - Posted: 4 Feb 2013, 16:05:03 UTC - in response to Message 1334164.
Last modified: 4 Feb 2013, 16:06:05 UTC

...And no one said Open source software is 100% safe either.

And as far as web services, Apache runs more than half the Internet. It's safe to say it's been pretty resistant to widespread hacking.

And no matter what Software or OS you use, there is always the issue of user error...

Indeed so. Even so, you can do things to help the users:


Twitter to fight hacking by boosting login security

... Twitter plans to introduce "two-factor authentication" that would make it impossible for hackers or vandals to break into accounts – even if they acquired the passwords...

... When an attempt is made to log in to the account from a new device, app or unfamiliar location (as indicated by the IP address), a two-factor authentication system will prevent the login being authorised. A code will be sent to the registered user's mobile phone, and only when that has been entered in the same login page is access given to the account. ...



I wouldn't describe that solution as completely 'impossible' to hack unless you can also guarantee the security of both the host device and '2nd factor' device... However, using 2-factor security is a good step improvement.

IT is very much what we make it...
Martin
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile Ex
Volunteer moderator
Volunteer tester
Avatar
Send message
Joined: 12 Mar 12
Posts: 2895
Credit: 1,797,699
RAC: 1,325
United States
Message 1334607 - Posted: 4 Feb 2013, 16:19:53 UTC - in response to Message 1334578.
Last modified: 4 Feb 2013, 16:22:44 UTC

My question for you is, If some Nation decided that they wanted to start hacking in Mac OS X or Linux. And gatherd the right people. Could they do it?


As others have said, the answer is absolutely YES! Again as other have said, no OS is untouchable.

I'll leave it at that for now. ;-)

Machines are still designed by man. Someday when machines start designing their own hardware and writing their own software, they may be un-hackable. But by then there'll be the whole Skynet scenario to watch out for.
____________
-Dave #2

3.2.0-33

WinterKnight
Volunteer tester
Send message
Joined: 18 May 99
Posts: 8687
Credit: 25,051,250
RAC: 30,264
United Kingdom
Message 1334619 - Posted: 4 Feb 2013, 16:50:47 UTC - in response to Message 1334598.
Last modified: 4 Feb 2013, 16:57:45 UTC

Here's one document from NSA on win7 security.

http://www.nsa.gov/ia/_files/os/win7/win7_security_highlights.pdf

Plus a few more,

Whitelisting for system controllers
http://www.nsa.gov/ia/_files/os/win2k/Application_Whitelisting_Using_SRP.pdf

Hardening advise for Mac OS X 10.5 Leopard
http://www.nsa.gov/ia/_files/factsheets/macosx_hardening_tips.pdf

and for Snow Leopard

http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8502
Credit: 4,194,990
RAC: 1,726
United Kingdom
Message 1334629 - Posted: 4 Feb 2013, 17:22:31 UTC - in response to Message 1334619.
Last modified: 4 Feb 2013, 17:34:16 UTC

Here's one document from NSA on win7 security.

http://www.nsa.gov/ia/_files/os/win7/win7_security_highlights.pdf...

You what?!

That's just two pages of Marketing-speak from (over?) 10 years ago that mainly bangs on about the suggestion of good programming practice. IE: It's all the "developers fault" if anything goes wrong. From world experience, are Microsoft developers really that bad? Even after 10 years of that document?...

The other examples look to be user 'good practice' "hardening" tips.


Try again please for anything comparable to the SELinux system work?

(Sorry, MS anti-virus[*] is not a contender!)


IT is indeed very much what we make it...
Martin

[*] In my humble opinion, there's a fantastic PR-response in that article from Microsoft for that one... No need to list any other websites that are not so Microsoft friendly... (Nearly choked on my coffee for that one. The only parallel I can think of are the lame excuses from our railways about the "wrong kind" of snow/frost/leaves on the track disabling the trains...!)
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 12748
Credit: 7,295,082
RAC: 18,107
United States
Message 1334650 - Posted: 4 Feb 2013, 18:14:28 UTC - in response to Message 1334518.

Along with the good design, we have the FLOSS peer review to keep that good.

We sure do.

Yes Gary. A website was hacked once 2 years ago. Lots of websites get hacked.

Certainly seems like an Admin problem rather than a software problem? That's just my take on it.

An SQL injection on the FOSS SQL website. Can't even make their own website so it can't be hacked running their own software.

BTW what runs websites? Linux? So lots of websites get hacked. Martin won't like that. He will point out it is really running FOSS projects SQL - this example - and Apache, another major FOSS project, and PHP, a huge FOSS project, that are being hacked.

____________

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 12748
Credit: 7,295,082
RAC: 18,107
United States
Message 1334654 - Posted: 4 Feb 2013, 18:23:59 UTC - in response to Message 1334607.

My question for you is, If some Nation decided that they wanted to start hacking in Mac OS X or Linux. And gatherd the right people. Could they do it?


As others have said, the answer is absolutely YES! Again as other have said, no OS is untouchable.

No O/S hasn't been laid open wide open. Martin will scream it can't be so or it would be all over the news. State secrets rarely make the news.

____________

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8502
Credit: 4,194,990
RAC: 1,726
United Kingdom
Message 1334780 - Posted: 5 Feb 2013, 1:26:49 UTC - in response to Message 1334654.
Last modified: 5 Feb 2013, 1:28:01 UTC

No O/S hasn't been laid open wide open. Martin...

Gary:

1: Keep off the personal attacks.

2: Name something tangible with your wild random claims and mud slinging.


So... Would you care to elaborate on your wild claim? With real world referenced examples?

Back in the real world, real OSes are working well keeping the IT world rolling along nicely.

One small hint: Real OSes do not use any 3rd party slapstick anti-virus to chaperone the OS workings... So... Care to explain how your favoured OS works best and for the best interests of the users? Or is it all 'fiduciary' and trolling for you?


IT is indeed what we make it...
Martin
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 12748
Credit: 7,295,082
RAC: 18,107
United States
Message 1334801 - Posted: 5 Feb 2013, 4:16:56 UTC - in response to Message 1334780.

So... Would you care to elaborate on your wild claim? With real world referenced examples?

I don't wish to end up in a situation like Bradley Manning.

Back in the real world, real OSes are working well keeping the IT world rolling along nicely.

Ignorance is bliss.

One small hint: Real OSes do not use any 3rd party slapstick anti-virus to chaperone the OS workings... So... Care to explain how your favoured OS works best and for the best interests of the users?

It does so as well as any. It has a good heritage, being developed in part at Carnegie Mellon University and the University of California at Berkeley. It is 3rd party certified to be in compliance with a standard, which permits the vendor to use a trademark in describing it. It is open source, but is not linux. Of course like all O/S's which share its attributes, it has been laid open. This perhaps not as much a fault of the O/S, but more as a fault of the requirements in the standard to use certain methods and support certain things.

Or is it all 'fiduciary' and trolling for you?

Actually don't own the people who make my favored O/S, but I do own a competitor.

____________

Previous · 1 · 2 · 3 · 4 · 5 · 6 . . . 13 · Next

Message boards : Politics : Can we really trust IT?

Copyright © 2014 University of California