Message boards :
Politics :
Can we really trust IT?
Message board moderation
Previous · 1 · 2 · 3 · 4 · 5 · 6 . . . 11 · Next
Author | Message |
---|---|
![]() Send message Joined: 25 Nov 01 Posts: 21703 Credit: 7,508,002 RAC: 20 ![]() ![]() |
Isn't twitter running linux? How childishly expected from you and so unhelpfully so... Do you EVER have anything positive or useful to offer? Just to clear up your latest one-liner mud-slinging: As I'm sure you just must know... "Linux" is the kernel. The system is so 'secure' that any problems there make WORLD HEADLINE NEWS if anything were to be found. Do you hear many examples? Thought not. The commonly used combination to put an Operating System together is GNU/Linux. The system is so 'secure' that any problems there make WORLD HEADLINE NEWS if anything were to be found. Do you hear many examples? Thought not. And then you have a fantastic universe of applications that run on GNU/Linux. Websites and their support services are just one of many very widely use applications. For the Twitter story, note: Twitter breach leaks emails, passwords of 250,000 users ... "This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data," Bob Lord, Twitter's director of information security, writes in a blog post. According to Lord, Twitter was able to shut down the attack within moments of discovering it, but not before the attackers were able to make off with what he calls "limited user information," including usernames, email addresses, session tokens, and the encrypted and salted versions of passwords. The encryption on such passwords is generally difficult to crack – but it's not impossible, particularly if the attacker is familiar with the algorithm used to encrypt them. As a precaution, Lord says Twitter has reset the passwords of all 250,000 affected accounts – which, he observes, is just "a small percentage" of the more than 140 million Twitter users worldwide. ... So... Compared to the calamities of certain other systems, that one looks to be pretty damn good and a fast response to an application attack. If anything, that is more a reminder of the inherent vulnerabilities of using passwords and security cookies. All the more so for hosts where the hosts are easily compromised. There's also a few hints that the ongoing suffering Java problems may be implicated. (Also note that Java is NOT Javascript.) Next? IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
![]() ![]() ![]() ![]() ![]() Send message Joined: 25 Dec 00 Posts: 31256 Credit: 53,134,872 RAC: 32 ![]() ![]() |
So you won't be posting about Windoze being open again when it is the application Internet Explorer, or the application Active X or the application Flash, or any other application. Only when someone attacks the windoze kernel, not some support service. BTW, if it was the web service application at twitter, was that a FOSS application? One of those you tout at unbreakable because lots of eyeballs look at it? ![]() |
![]() ![]() Send message Joined: 16 May 99 Posts: 10436 Credit: 110,373,059 RAC: 54 ![]() ![]() |
As a precaution, Lord says Twitter has reset the passwords of all 250,000 affected accounts – which, he observes, is just "a small percentage" of the more than 140 million Twitter users worldwide. ... Now granted this is just twitter. But still somebody got in and hacked 250,000 peoples passwords and whatever. Would Mr Lord have been so smug if it was 250,000 passwords to bank accounts. O we caught it in minutes he said. Still some one got in peroid. And I think you will find more attemps at breaking in the future. Why you ask, beacause any teenager can crack windows. Now they will come after your OS because you say it cant be done. ![]() Old James |
![]() Send message Joined: 2 Jun 02 Posts: 455 Credit: 2,422,890 RAC: 1 ![]() |
Just wonder which Linux kernel the phone is running. And is the bug allowing the overwrite present in other flavors of that kernel running on other devices. ======================================================= redmont does not do peer review and there not faults their feature's. lol |
![]() Send message Joined: 2 Jun 02 Posts: 455 Credit: 2,422,890 RAC: 1 ![]() |
the real question is can we trust the people that are supposed to know things to actually know them. ======================================================= the peter principle The principle holds that in a hierarchy, members are promoted so long as they work competently. Eventually they are promoted to a position at which they are no longer competent (their "level of incompetence"), and there they remain, being unable to earn further promotions. Peter's Corollary states that "[i]n time, every post tends to be occupied by an employee who is incompetent to carry out its duties"[2] and adds that "work is accomplished by those employees who have not yet reached their level of incompetence." "Managing upward" is the concept of a subordinate finding ways to subtly manipulate his or her superiors in order to prevent them from interfering with the subordinate's productive activity or to generally limit the damage done by the superiors' incompetence. this goes double for government. |
![]() ![]() Send message Joined: 12 Mar 12 Posts: 3433 Credit: 2,616,158 RAC: 2 ![]() |
So you won't be posting about Windoze being open again when it is the application Internet Explorer, or the application Active X or the application Flash, or any other application. Only when someone attacks the windoze kernel, not some support service. Not for nothing but it's no secret that Windows (the kernel) and it's applications have way more security holes than the other 2 main OS's out there (Mac and Linux). And no one said Open source software is 100% safe either. And as far as web services, Apache runs more than half the Internet. It's safe to say it's been pretty resistant to widespread hacking. And no matter what Software or OS you use, there is always the issue of user error... #resist |
![]() Send message Joined: 25 Nov 01 Posts: 21703 Credit: 7,508,002 RAC: 20 ![]() ![]() |
... One of those you tout at unbreakable... Yet more trolling we see... Hope you're not on your way around the bend in spitting such desperations... I've never touted any OS or system as being 'unbreakable'. However, we have systems that have been designed from the outset to be secure. The *nix model of system permission still works well and has survived the test of time. In the Linux world, we also have "security enhanced" additions that sacrifice flexibility for systems that need some 'higher' level of security. However, that enhanced security is only for the paranoid. We'd hear about it very quickly in the world news headlines for any significant failure for everyday use Linux! Along with the good design, we have the FLOSS peer review to keep that good. Not seen any such headlines other than the usual development noise ;-) Note also that no amount of FLOSS stops anyone taking old code to misuse in their own individual haste or ignorance... We also have notably one system in the world that has proven to be vulnerable to real world exploits continuously for well over a decade that has spawned a new industry of 3rd party software to try to patch up and patch over the deficiencies of the OS and the vulnerable tightly integrated applications... The continuing litany of exploits exploited speaks far more eloquently than I. So much so that for a certain one OS, even severe exploits are so commonplace as to be no longer news worthy unless there is a story for collateral damage. I still believe that Microsoft Windows is unique in effectively requiring the everyday use of "anti-virus" software... And whatever 'antivirus' is never a reliable or complete solution. IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
![]() ![]() ![]() ![]() ![]() Send message Joined: 25 Dec 00 Posts: 31256 Credit: 53,134,872 RAC: 32 ![]() ![]() |
|
![]() ![]() Send message Joined: 12 Mar 12 Posts: 3433 Credit: 2,616,158 RAC: 2 ![]() |
Along with the good design, we have the FLOSS peer review to keep that good. Yes Gary. A website was hacked once 2 years ago. Lots of websites get hacked. Certainly seems like an Admin problem rather than a software problem? That's just my take on it. #resist |
![]() ![]() Send message Joined: 16 May 99 Posts: 10436 Credit: 110,373,059 RAC: 54 ![]() ![]() |
I still believe that Microsoft Windows is unique in effectively requiring the everyday use of "anti-virus" software... And whatever 'antivirus' is never a reliable or complete solution. I wondering if MS leaves holes in the OS just so the antivirus folks can pay them some underhanded secret cash? Look I have nothing against Linux, Ive just never used it. My wife has an old laptop that she never uses anymore. Its a toshiba satelite XP celeron. Maybe I should try linux on that if I can. I had an I Mac that i think the hard drive died. Cant afford to get it looked at yet. But I loved that I never had to use any antivirus. My question for you is, If some Nation decided that they wanted to start hacking in Mac OS X or Linux. And gatherd the right people. Could they do it? ![]() Old James |
![]() ![]() Send message Joined: 23 Feb 00 Posts: 4705 Credit: 64,560,357 RAC: 31 ![]() ![]() |
I still believe that Microsoft Windows is unique in effectively requiring the everyday use of "anti-virus" software... And whatever 'antivirus' is never a reliable or complete solution. Short answer from a FRIEND in Military Intelligence, YES...They have Many Eyes on MANY things at ALL TIMES. No OS is Un-breachable. ![]() I Desire Peace and Justice, Jim Scott (Mod-Ret.) |
![]() Send message Joined: 25 Nov 01 Posts: 21703 Credit: 7,508,002 RAC: 20 ![]() ![]() |
Short answer from a FRIEND in Military Intelligence, YES...They have Many Eyes on MANY things at ALL TIMES. Indeed so. However, some targets are far more amenable to abuse than others. For example, complicated websites can offer a large range of functions against which to attempt exploit attacks. There is still a lot of silly code out there on the web that passes web parameters directly to mysql rather than restricting what can be done with indirect access via a "case" statement to select ONLY what is wanted to be done... Just the usual ignorant or lazy programming snafu. The underlying OS can remain secure even if some sloppy web app becomes abused. As for easier and harder targets: Those systems kept secret can hide a lot of sloppiness and silliness by virtue of being 'secret'. Whereas, for those systems that are intended to be open to public scrutiny, you can bet there's much greater care taken to avoid open embarrassment! With open peer review, you also get the best comments back for improvement from the best of the eyes that look over the code or have an interest in the code. All a stark contrast to the sort of stuff 'swept under the carpet' when hiding behind the words "secret" and "proprietary"... Interestingly, take a look at what secured OSes are included in the US military developments: NSA: Security-Enhanced Linux The list is: Linux, FreeBSD and Solaris. The Linux kernel enhancements are explained on: Wikipedia: Security-Enhanced Linux That level of security is way-OTT for my servers. Indeed, the normal *nix permissions have proven adequate for my examples for many years. I've run selinux on a number of test systems on occasion but so far, there just hasn't been any kernel security problems in the mainstream Linux to persuade me to switch systems. Why change when what you have works well and there are no better offerings for the task? I wonder what the NSA policy is towards Microsoft Windows?... IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
![]() Send message Joined: 25 Nov 01 Posts: 21703 Credit: 7,508,002 RAC: 20 ![]() ![]() |
...And no one said Open source software is 100% safe either. Indeed so. Even so, you can do things to help the users: Twitter to fight hacking by boosting login security ... Twitter plans to introduce "two-factor authentication" that would make it impossible for hackers or vandals to break into accounts – even if they acquired the passwords... ... When an attempt is made to log in to the account from a new device, app or unfamiliar location (as indicated by the IP address), a two-factor authentication system will prevent the login being authorised. A code will be sent to the registered user's mobile phone, and only when that has been entered in the same login page is access given to the account. ... I wouldn't describe that solution as completely 'impossible' to hack unless you can also guarantee the security of both the host device and '2nd factor' device... However, using 2-factor security is a good step improvement. IT is very much what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
![]() ![]() Send message Joined: 12 Mar 12 Posts: 3433 Credit: 2,616,158 RAC: 2 ![]() |
My question for you is, If some Nation decided that they wanted to start hacking in Mac OS X or Linux. And gatherd the right people. Could they do it? As others have said, the answer is absolutely YES! Again as other have said, no OS is untouchable. I'll leave it at that for now. ;-) Machines are still designed by man. Someday when machines start designing their own hardware and writing their own software, they may be un-hackable. But by then there'll be the whole Skynet scenario to watch out for. #resist |
W-K 666 ![]() Send message Joined: 18 May 99 Posts: 19651 Credit: 40,757,560 RAC: 67 ![]() ![]() |
Here's one document from NSA on win7 security. http://www.nsa.gov/ia/_files/os/win7/win7_security_highlights.pdf Plus a few more, Whitelisting for system controllers http://www.nsa.gov/ia/_files/os/win2k/Application_Whitelisting_Using_SRP.pdf Hardening advise for Mac OS X 10.5 Leopard http://www.nsa.gov/ia/_files/factsheets/macosx_hardening_tips.pdf and for Snow Leopard http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf |
![]() Send message Joined: 25 Nov 01 Posts: 21703 Credit: 7,508,002 RAC: 20 ![]() ![]() |
Here's one document from NSA on win7 security. You what?! That's just two pages of Marketing-speak from (over?) 10 years ago that mainly bangs on about the suggestion of good programming practice. IE: It's all the "developers fault" if anything goes wrong. From world experience, are Microsoft developers really that bad? Even after 10 years of that document?... The other examples look to be user 'good practice' "hardening" tips. Try again please for anything comparable to the SELinux system work? (Sorry, MS anti-virus[*] is not a contender!) IT is indeed very much what we make it... Martin [*] In my humble opinion, there's a fantastic PR-response in that article from Microsoft for that one... No need to list any other websites that are not so Microsoft friendly... (Nearly choked on my coffee for that one. The only parallel I can think of are the lame excuses from our railways about the "wrong kind" of snow/frost/leaves on the track disabling the trains...!) See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
![]() ![]() ![]() ![]() ![]() Send message Joined: 25 Dec 00 Posts: 31256 Credit: 53,134,872 RAC: 32 ![]() ![]() |
Along with the good design, we have the FLOSS peer review to keep that good. An SQL injection on the FOSS SQL website. Can't even make their own website so it can't be hacked running their own software. BTW what runs websites? Linux? So lots of websites get hacked. Martin won't like that. He will point out it is really running FOSS projects SQL - this example - and Apache, another major FOSS project, and PHP, a huge FOSS project, that are being hacked. ![]() |
![]() ![]() ![]() ![]() ![]() Send message Joined: 25 Dec 00 Posts: 31256 Credit: 53,134,872 RAC: 32 ![]() ![]() |
My question for you is, If some Nation decided that they wanted to start hacking in Mac OS X or Linux. And gatherd the right people. Could they do it? No O/S hasn't been laid open wide open. Martin will scream it can't be so or it would be all over the news. State secrets rarely make the news. ![]() |
![]() Send message Joined: 25 Nov 01 Posts: 21703 Credit: 7,508,002 RAC: 20 ![]() ![]() |
No O/S hasn't been laid open wide open. Martin... Gary: 1: Keep off the personal attacks. 2: Name something tangible with your wild random claims and mud slinging. So... Would you care to elaborate on your wild claim? With real world referenced examples? Back in the real world, real OSes are working well keeping the IT world rolling along nicely. One small hint: Real OSes do not use any 3rd party slapstick anti-virus to chaperone the OS workings... So... Care to explain how your favoured OS works best and for the best interests of the users? Or is it all 'fiduciary' and trolling for you? IT is indeed what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
![]() ![]() ![]() ![]() ![]() Send message Joined: 25 Dec 00 Posts: 31256 Credit: 53,134,872 RAC: 32 ![]() ![]() |
So... Would you care to elaborate on your wild claim? With real world referenced examples? I don't wish to end up in a situation like Bradley Manning. Back in the real world, real OSes are working well keeping the IT world rolling along nicely. Ignorance is bliss. One small hint: Real OSes do not use any 3rd party slapstick anti-virus to chaperone the OS workings... So... Care to explain how your favoured OS works best and for the best interests of the users? It does so as well as any. It has a good heritage, being developed in part at Carnegie Mellon University and the University of California at Berkeley. It is 3rd party certified to be in compliance with a standard, which permits the vendor to use a trademark in describing it. It is open source, but is not linux. Of course like all O/S's which share its attributes, it has been laid open. This perhaps not as much a fault of the O/S, but more as a fault of the requirements in the standard to use certain methods and support certain things. Or is it all 'fiduciary' and trolling for you? Actually don't own the people who make my favored O/S, but I do own a competitor. ![]() |
©2025 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.