You have to start with the position that no OS, network, or configuration is ever going to be 100% secure. If the system is accessible by someone via some means, it has at least one vulnerability.
This is why blanket questions as asked in the original posts are worse than useless. Asking is certain OSes have vulnerabilities (they do) is a waste of time. Looking for bogey-men like government backdoors or vendor/service providers is equally useless: either they exist and you can't do anything about them, or they don't and you're worrying about nothing.
But the biggest problem with blanket questions is that they lead to one-size-fits-all thinking. And with designing a secure environment, there is no one size that fits all. What works perfectly is one environment is a huge overcompensation in another, and woefully inadequate in a third. You have to look at your specific environment, including business processes (involving humans, not just electrons), resources, physical environment, everything. If you're considering setting up security, don't think in terms of "secure computing environment", think "secure environment." Limiting your scope to the computing environment only introduces blind spots (vulnerabilities).
I call this reasoned paranoia for two reasons: it serves a distinct purpose, and it stops short of tin-hat thinking. Your approach needs to keep what you can do as the focus. You can't close government backdoors, if they even exist. You can't stop hackers in Pyongyang from probing your firewall. You can't close (or even know about) every vulnerability that currently exists in your environment. But you can understand that they are there, take reasonable steps to close or manage the ones you know about, and have plans in place to respond when new ones are discovered or exploited.
Aw, that's not so hard. I used to bulls-eye womprats in my T-38 back home, and they're not much bigger than 1.5 meters.
As someone currently enrolled at Udacity, I can confirm that I'm only taking a couple courses at the moment. That's the advantage - I can learn at my own pace, in a manner that suits both my schedule and style of learning, and get the most possible benefit out of the classes. I'm not saying that I would outperform a Stanford student; hell, I wouldn't even pass the admissions test. And yet, I'm currently participating in Stanford-level classes in computer science, physics and statistics. For free.
IMHO, that's a pretty compelling argument for the value of this effort.
Let's see, I've got $0.73 in my pocket. Think they can make change?
... is the AUTOMOBILE!
Duh duh duuunnnnnnnn!
Just what we need: a one-stop shop for 0-day exploit code. Way to improve security, guys! Right on! Stick it to The Man! And by that, I mean the man (or woman) in the next cubical, or next door, or down the street, or....
I am all for responsible disclosure of vulnerabilities - secrecy does not equal security, and "let's not talk about it and hope nobody notices" is never an appropriate response to vulnerabilities. But responsible disclosure includes working with the vendor, giving them the full data and an opportunity to correct prior to full public disclosure.
If MS is giving researchers the cold shoulder or worse in response to vulnerabilities that are responsibly disclosed to them, that's shame on Microsoft. But to my view, jumping to public disclosure is not the appropriate response.
From the Colorado River -- Nevada has been trying to get a greater allocation for a long time and this would get the Feds in on their side. Or, of course, there's all the sewage from Las Vegas. Whenever the wind is headed out of state they can just use that for coolant.
Read the article - they're talking Northern Nevada. That's about 450 miles from Las Vegas. The only time Reno is near Vegas is on CSI. And that's no credible source; half of the cast can't even say "Nevada" correctly.
If you accidentally tick off The Big One and Southern California falls into the ocean, all you'll have left are those crazy Northern California people, and we'll -so- become a Red State.
Ever been to Berkeley? San Francisco? California only becomes a Red state if Orange County and San Diego are all that's left.
Or did you mean Red as in Commie? That would be a real possibility.
From the article:
Both seem to be installed in "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\." Inside, there is a file called "SEPsearchhelperie.dll" that is responsible for the IE add-on and a "firefoxextension" folder responsible for Firefox.
See? It's surrounded by a SEP field. Nobody will notice it.
Still, it is nice to see Slartibartfast is gainfully employed...
NOOOOOOOOOOOO! "GOTO" is EEEEEEVILLLLLLLLLL!
while (1) {
print "FUCK";
}
Currently 66% voting for books. Samuel T. Cogley would be so proud....
No security is perfect, never has been, never will be.
And security isn't static. The attacks keep changing; defenses need to change to meet the attack. That means the defenses are reactive - they lag behind the attacks. That means the attacks will always work, at least for a little while, longer against companies and technologies that don't keep up.
Gee, I should become an industry analyst. I can state the obvious with the best of 'em.
3. Broken (shorted/open)
4. Dog/cat chewed
"Most people would like to be delivered from temptation but would like it to keep in touch." -- Robert Orben