Microsoft Hack a National Security Threat 218
Scott Treadwell writes "The Center for Strategic and International Studies (CSIS) stated in a 73 page report, that the government and the private sector should be concerned about the "
trustworthiness" of future Microsoft products. This, in the aftermath of the October hack into the Microsoft's network in which an attacker allegedly gained access to Windows source code.
"With most military and government systems powered by Microsoft software and more generally reliant on [commercial, off-the-shelf systems], this recent development can pose grave national-security-related concerns""
Corrected link (Score:1)
does anyone find it funny that.... (Score:1)
Personally, when MS and the NSA started colluding, that's when I started considering MS products to be a security threat. I could never figure out why the justice dept. would want to shoot itself in the foot by hobbling their (indirect) relationship with Microsoft.
Anyway, I suppose the hacker(s) could disclose whatever source they have and claim to do it in interst of National Security(tm). Kinda' like Zimmerman publishing a book containing the source for PGP inorder to get a grandfathered, post facto export restriction waiver.
Perhaps this is all some sort of grade facde by Microsoft to get their Win2K source under the many eyeballs that will (hopefully) make MS's thousands of bugs shallow.
But hey, as the saying goes, "[...] when the going get weird, the weird turn pro [...]" and MS's shares have taken a huge hit lately.
I was already suspicious (Score:1)
Re:Trust? Not our gov't... (Score:1)
Re:And this comes as a shock? (Score:1)
That is what I like about Linux most of all - its security and stability. Its good when I'm working on my portfolio to not have to fearfullt press the 'save as' button all the time. I wish there were more art programs for it though.
The beauty of the 'I Love You' virus, AFAIK, was not in the program code itself but in the insightful understanding of Human Nature it showed. I know when I recieved one, I opened it (tee hee!) in a fit of curiosity. I really was disappointed though :-(
Re:How do we resolve this paradox? (Score:1)
Also this code was stolen, it was never open so the bad guys may know something no one else can find out because no on else can see it.
In the long run i dont think either method is inherently more secure. Security by obscurity is know to fail, it has been proven many times. Now this is not the same as publishing a full exploit which imho is reckless and dangerous since it just leads to increased script kiddie attacks.
Source Revelation a Security Compromise? (Score:2)
What surprises me is that they deem a revelation of source code a security risk. That, if anything, shows a lack of faith in OSS.
As much as it may chagrin me to admit it, Microsoft has some thirty-five thousand people working for it, and while they may not be able to or want to audit their code in an OpenBSD [openbsd.org]-like manner, I am sure they have an entire security department. And I am also pretty sure that they know that security through obscurity doesn't work.
My point, and I do have one, is that Microsoft does have its stuff together, to a certain extent. W2K and NT4, while not suitable for an Internet server, do well in a Microsoft only Intranet environment. If the government gets scared because of 9x or NTKRNL code being let out, what must they think about things who's code has always been available? Yes, it allows for public contributions and improvements, but it also allows for public analysis, scrutiny, and discovery of bugs.
Definitely not a Karma whore,
Mike "My Bucket's Got a Hole in It" Greenberg
NEWS for Nerds, Stuff that Matters (Score:1)
Umm... Now I'm scared. Hasn't Microsoft always been a security threat? I started this post off as a joke, but then I realized something -- the US government is filing an "Anti-Trust" lawsuit against Microsoft. Now, last time I checked, "Anti-Trust" means that you don't trust them...
So why are they just now saying that they should be wary of Microsoft products? Strangely, I'm reminded of that ad Microsoft ran in Germany, with pictures of penguins with an elephant's trunk, etc..., saying something to the effect of "What if your penguin becomes something else?" It just seems so fitting when reversed. What if your "super-high-security" Windows server suddenly becomes the carrier of a virus the crackers did, when they "cracked" into Microsoft? Nothing! It's closed source; you're left to fear Microsoft. But what about Linux? If it suddenly warps into the same thing, you remove a few lines of code, and go over it to make sure it's secure.
How could they modify Windows source? (Score:1)
The article on the CNN site (and the junk "study" they chose to publicize) is nonsense. Since Time-Warner owns CNN and AOL owns TW (or it is about to), and AOL is battling Microsoft, it is obvious why CNN would select to publicize that particular instance of junk science. Some little weasel at CNN is trying to get on the good side of the new bosses.
Which Microsoft hack? (Score:5)
Which Microsoft hack would this be?
Is this the Windows9x-on-top-of-DOS Microsoft hack?
Is this the "invent your own language" MS Word Grammar Checker Microsoft hack?
Or is this the mutex display bit "one program freezes your OS" Microsoft 3.1 and 95 hack?
Or is this the web-browser-turned-drive-explorer hack?
Or is this the always-locking-up ftp hack?
Maybe this is the "some versions of Direct 3D render bitmaps upside down, others don't, depending on which version of the interface you probe" Microsoft hack?
No, I'll bet it's the unstable "oversized int destroys your registry and requires reinstall" Microsoft hack.
Nyet. It's got to be the brain dead Outlook stationery format Microsoft hack.
No wait, I'll bet it's...
Slowly they come around (Score:1)
It's about time the government
- got some software that does what they want, not what M$ wants (or what some hacker in Russia wants)
- advocated the use of standards (non-MS TCP, non-.doc)
- reaped some payoff from (arguably) the most successful government program yet (ARPAnet)
Yes, The People's memory is short. Nixon died a hero, Ollie North has a radio talk show and we still use punch card ballots. Maybe it'll take a M$ brekaup AND an hack AND another destroyer blue-screening before they get a clue. It seems that only scorched-earth crises like these work.Re:How does the hack change things? (Score:1)
The point is simple, if the code was lifted, than the code is out there, and the bad guys have it, and the good guys don't. That puts the government, and business that rely on MS code for security are at greater danger than would have been otherwise (not that relying on MS for secutiry was ever a good idea.)
Re:Worse than you might think (Score:1)
I don't get this part: how can this be a Cracking (as opposed to hacking as CNN inaccurately refers to it) problem? No secure system is permitted to be on the Internet without proper encryption, which is supposed to secure the information independent of what OS is being used. So no one can get sensitive information if it is handled properly, i.e., according to the rules.
Re:And this comes as a shock? (Score:1)
i think the reasons that there aren't any viruses for linix is because 1) linux is still not as widespread as Microsoft. no reason to make a virus that will attack a minority of users when you can make one that will attack the majority; 2) most linux users (i'm assuming, could be wrong) will be the type who keep up to date on viruses and the like and therefore would know not to open attachments if they aren't sure what it is.
"Leave the gun, take the canoli."
Just a small text file (Score:1)
I can run a "small text file" on Linux that could wreck my machine, but I'd have to be running as root. Otherwise, it can only mess up my personal files, and never touch the system. Unfortunately it'll be quite a pain to re-engineer Windows to actually properly implement security, but that's not MY problem
And yes, I am a Linux user and I love it!
Re:Trusting Non-USA MS Employees? (Score:2)
But... [cisar.org]
Re:Worse than you might think (Score:1)
That's true, of course! But the government doesn't rely on pure technology to solve the security problem. They also screen and train people so that they can trust them with security.
There are no ideal protections, but there are 'cleared' and 'uncleared' people.
Very interesting thoughts about open source (Score:1)
What I find interesting is the comment about how national security is inheritly as risk because of a potential leak of source code. Why is that dangerous? After all, people @ m$ have had access to the code all along. I think they see the danger because the code was potentially gained by malicious activities.
With that said, what about open source? Wouldn't an OS like Linux be more dangerous because 'hackers' can get the source without effort? NOPE. In fact, I'd like to draw the conclusion that open source OSs like linux are more secure because the everybody can get the code. Security flaws are fewer because of the pure number of eyes looking at the code.
Perhaps the Fed should stop dumping tax dollars into M$ (especially since they are sueing the f* out of 'em). Think about that... FREE and true security, and some extra $$ to give back to the people who pay the bills.
--cr@ckwhore
Re:People need to realize (Score:5)
Obscurity (Score:1)
Well, I guess so... (Score:1)
Imagine the intruders, in the weeks they had access to win02 dropped a couple of trojans.
Imagine that any computer running that system in future can be rendered useless / or can be highjacked [chipnapped?] by anyone who has a certain key [like Alt+Tab+F12; Shift+F12; Shift+F12].
Now imagine that a second trojan is activated by the first one and the second's job is to collect all passwords/access codes, etc., compile a list and rename the list as a system or dll file, to be stored in an unsuspicous location.
The rest would then be easy... What if the computer in question belongs to someone working on calssified materials, or worse, on bank loan approvals, etc?
For once I agree that there is a fair chance of some danger to anybody's security - ie. every country's national security. More importantly, a danger to the security of our employers...
Re:People need to realize (Score:2)
No, you haven't. Current security systems are bastardized, ignored, and just plain not implemented well. What you are talking about are cheap, easy ways of increasing our crappy security.
Pretend for a moment that we take the computer you are currently using, and remove all processor cache from it. Now, someone could say "There are always tradeoffs involved with processor design; if you increase the performance of one thing, you will degrade the performance of another." Your response would be to say "That's nuts... all I need to do is add cache to it and look, it works great." You are correct, but only because the processor is so piss-poor designed that there were still easy design additions that could be made for big wins.
However, once you've made all the easy decisions, suddenly the tradeoffs rule comes back in full force. To improve, say, an Athlon, with current technology, would be a difficult undertaking. Because the chip functions as a gestalt, a unified whole, the easy answers don't work. Speed up the FPUs, and do nothing else, and your performance will hardly change at all, because the data can't come in fast enough. The easy gains are gone.
Security is much the same way. Yeah, we can graft some easy stuff onto our crappy systems nearly for free, but as you approach 100% secure, the ease-of-use goes down the toilet. OK, so the drive's encrypted... maybe only the people who know the password should be allowed to use it. Now the user has to enter a password. What if they leave the partition mounted and leave the machine? Should they be forced to re-enter the password every so often? That cuts into ease-of-use. Are they allowed to conduct big transactions without checking again that they are still the authorized person?
After the easy gains, easy-to-use and secure are mutually exclusive, because easy-to-use implies that there are fewer steps and checks being made, and that implies there are fewer steps and checks to bypass/fake if you are trying to breach security.
Of course, the true picture is more complex, this is a simplification. There are other axises in question, like complexity of the security implementation, complexity of the security use, expense, etc. Perhaps we point a camera at the user and try to make sure the face never leaves or changes. But then, perhaps a mask on the face can bypass this, so if we want to prevent that eventuality, perhaps we need to make some other check.
If you've had physics, it's like pressure, volume, and temperature in a gas. All three are related, and all else being equal, less pressure means more volume. All else being equal, more security means less ease-of-use. The full picture is more complicated, but the rule-of-thumb is still quite true.
(And to get back on topic, another one of those axises involves the security of the rest of the system. The entire point of the article is that Windows has now been proven to be weak on that axis as well, along with the ones we are so familiar with.)
Re:Governments Using Proprietary OS'es (Score:3)
1. Microsoft does not make a HARD REAL-TIME OS. For critical systems this is essential, because timing of critical tasks cannot be interrupted by non critical tasks such as switching operator screens or animating cursors and icons. You are more likely to see QNX or something similar in a power plant.
2. Microsoft waives all responsibility for death, injury or serious financial loss due to bugs in their software--REGARDLESS of it's use--in it's standard EULA. "No warranty, expressed or implied" and all that crap. Specifically they state that Windows and it's apps are not suitable for critical medical, aerospace and utility applications. So much for paying for "accountability and liability". If your CANDU goes China Syndrome because of a Microsoft BSOD you can't sue Bill OR his company because they warned you. Similarly if a bank loses your money or the government your tax return they cannot sue Microsoft either. Nobody should depend on Microsoft for accountability--they offer NONE. What they offer is for-a-fee technical support and the fact they are a relatively old, stable company that can offer those services and periodic upgrades for the forseeable future.
3. Microsoft is simply not willing to provide the support that mission critical systems demand. In the typical high-priced, ultra-stable critical systems the source is usually closed, but what you pay for is one-on-one support. If a bug is discovered, the company will send an engineer to look at it and the company will even write a patch to fix your particular problem ASAP. No waiting weeks to months for Service Pack 2 or Hotfix Q286745 or whatever.
4. The most critical of systems don't even rely on PC technology or commodity hardware at all. Even if all the "Critial" PCs crashed, the power plant would not shut down or blow up. It would idle along, all safety systems intact. The operators couldn't adjust any setpoints until the PCs came online, but the current setpoints would be in place. Safety and other ultra-critical systems rely on old but dependable technology used in your typical embedded systems. The continents power systems do not rely on PCs at all. They rely on little $2000 Z80-based PLCs and RTUs, or even electromechanical relays pneumatic or hydraulic systems that have worked well and are subsantially the same as they were in the 1940's and 50's.
Keeping these points in mind, rest assured that planes won't fall out of the sky, there will be no blackouts or hospital patients killed due to a Microsoft Malfunction.
OTOH, you could have your web banking account tapped dry or your Prozac prescription exposed because of un-patched security holes in a Microsoft product (or even poorly secured and administered systems of any sort). THOSE systems rely on closed source, often MS-based commercial software. It's not that closed source is the devils work--it's that Microsoft cannot and will not support their products in a manner REQUIRED for mission critical systems. THAT is what worries me...
Re:People need to realize (Score:2)
Re:Trust? Not our gov't... (Score:2)
The people in the US Government who need to know if Windows is secure and backdoor-free most surely have access to all the source code they need.
Then, assuming they do the sane thing and audit it, how does the hack change anything? One of the points I was making was that there is only a security hole if the U.S. government is already being stupid.
real link (Score:5)
Re:well, duh! (Score:2)
Aldritch Ames (Score:2)
So some sinister nameless hax0r who maybe, maybe not, managed to download a few source code files despite Microsoft's "world-class" internal network security is a threat to our national welfare - but each and every one of the tens of thousands of Microsoft employees with unfettered day-to-day access to that same source code, well, all of them can be trusted implicitly?
Gee, thinking like that goes a long way toward explaining how Aldritch Ames got away with all he did to subvert the CIA [loyola.edu] (Completely Incompetent A**holes) so successfully for as long as he did.
Yours WD "untrustworthy" K - WKiernan@concentric.net
yes bill, i wll warm up the vaseline.... (Score:2)
______
well, duh! (Score:5)
It doesn't matter whether or not some crackers futzed with the 'doze source. I think all of us agree that it's so darned insecure and widespread that even as a checksummed audited binary, it's a national security threat.
All a foreign nation needs to do to really screw us over is combine the growth mechanism of melissa or ILOVEYOU and the bittersweet tang of back orifice (modified enough to fool the 2 year old virus patterns most people are using), and they've got us by the balls.
Windows by itself is a threat to national security. Thankfully, we have alternatives who's component schemes have ACL's built in , whose source has been audited for buffer overflows, and for the most part are free. The applications are there, and free, to replace office, explorer and most other things.
And I know this works in practice, too. Because I've never owned a windows box in my 20+ years of computing, I've been able (combined with some common sense) to avoid getting a single virus, without the aid of virus scanning utilities.
A problem with one of the MS FUDs against OSS (Score:2)
With Open Source, at least those who are seriously concerned about the security of the systems they run can do a thorough and targetted audit of the code to satisfy (to some reasonable degree of satisfaction) themselves that their systems are secure.
With Closed Source, you have to trust the vendor, the disgruntled former employees of the vendor and any cracker who might gain access to the source that there are no exploitable security flaws.
---
I don't know what to make of this (Score:3)
On another note, if we are ever to convince big-name organizations (ie. the US government) that Linux is a viable option, we can't exactly agree with the content of this report. If unwittingly revealed source code is bad, what is intentially released source code? They don't like code that may have been modified by one person, but we want to offer them an alternative in code that has been modified by hundreds of people. Somewhat humorously, the Linux community may have to defend Microsoft on this one.
By the way, you might want to fix that link.
Putting all eggs in one basket (Score:3)
Now they need a security breach at MS to recognize this is a bad idea after hundreds of previous security holes didn't open their eyes? And what will all this lead up to? A few papers how this security breach isn't all that important for national security (and in fact it isn't, reagarding all the other gaping security holes in MS products) and that's it.
The alternatives i see are:
- look out for alternatives to work with and put them into use at least in some places, so if the security breaches in one OS forbid it's further use the alternative is ready for use in an overseeable time (anything less than a year is unrealistic here)
- engage in the development of the software they use (open source is a good starting point here if you don't want to do it from scratch) so at least they have a little control over the security and when holes will be patched.
All this is of no use if the people handling critical data aren't minimally trained (it is a bad idea to download software from the net and run it, regardless of the OS you use. If the OS faciliates this (like running applications from mailprograms at a mouseclick) it only makes things worse).
Re:People need to realize (Score:2)
Re:People need to realize (Score:2)
Becuase such a system would be utterly useless for any government (with the possible exception of Sealand).
Re:People need to realize (Score:2)
frightening incompetence (Score:2)
Of course, that's completely bogus and runs counter to decades of experience with computer security. If Windows were so full of holes that people with access to the source code could break in, Windows would be compromised a lot more than it is. Besides, lots of people have access to Windows source code already, and such security holes would be hard to keep under wraps. If Windows wants to become more secure, it needs more public exposure of its source code, not less.
It is scary to think that people like Hamre and his think tank are considered authorities when it comes to "cybersecurity", as they call it.
Re:Worse than you might think (Score:2)
This sounds like a mistake (probably somewhere down the line of the story). The original probably came from a known security problem with MS word where you can see revision history in some documents (I don't know enough about it to say if it is always on). There is a feature in word that will allow you to have it save revisions. You can later look at revisions and see the strikethoughs of past editing. There are U.L.s about companies putting humourous stuff in documents like "This client is a boob", which are later edited out but saved in the revision history.
The easiest way to make sure a document is revision free is to cut and paste it into a new document. The new document will not contain the revisions.
Re:now they are afraid? (Score:2)
That small US government probably can't afford it though!
Re:How does the hack change things? (Score:2)
IMHO using Commercial Off The Shelf Software (or for that matter hardware) in a warship is utter stupidity. This stuff was designed for a nice safe office environment. It makes about as much sense as the USN buying a passenger liner and painting USS W H Gates on the side.
A secret agent running around as a senior Microsoft programmer could cause reams of damage, for anyody interested in real power over Windows boxes
The most likely concern is that there are "security by obscurity" issues in Windows.
The sensible solution would be to either write from scratch or use open source (N.B. not an off the shelf linux CD, since you can't buy "Red Hat Warship" or "Suse Submarine") both ways people familiar with the specific requirments can put together a suitable system. Which is likely to include such things as high availability, highly redundant and damage tolerant networking shock and seawater resistant hardware (with intergral UPS), etc. (Also should the whole thing fail manual overrides.)
Re:Worse than you might think (Score:3)
Maybe they were referring to fast saves (which I always disable)? Fast save only writes document changes. A full save re-writes the entire document to disk. That's been known and documented behavior for years.
Not knowing or forgetting is incompetence.
Just tried with fast save enabled. Still doesn't happen.
There was a thing where people distributed a PDF with sections blacked out. On slow machines the text could (momentarily) still be seen as the black boxes were drawn on a different layer to the text. Even that was incompetence, rather than a real flaw in the app.
Governments Using Proprietary OS'es (Score:5)
1) No coporate entity should have absolute control over the operations, however minimal, of a government. I think most of you would agree that a coporation, whether it is Sun or Microsoft, should not infiltrate a government agency in that manner. As a point, I am aware that the US Military and various agencies use the services of Sun Microsystems. However, my understanding is that Sun is contracted for customized development work, of both OS'es and apps (rather than just running out and buying 50 workstations preinstalled).
2) Its also my understanding that the original BSD distribution, developed at Berkley was contracted by the American government for use in critical systems. If that was the case, then why is a consumer OS like Microsoft Windows seeing such proflific use in government operations. Economic deals with major corporations should not dictate what what OS is holding our sensitive information. Again, American or Canadian, that basic point of fact should make you think.
3) If it was government policy to use a specific *nix, one or many (ie OpenBSD, FreeBSD, Linux, whichever was most appropriate for the particular task), then numerous engineers and scientists could be utilized to strengthen weak areas and improve already effective areas. In effect what would be happening is a re-conribution of code back into the main source trees of each distribution, or flavour. This would be the same as an influx of intellect and dollars into this area of Computing.(I also think most of you would agree that many of the best, and brightest minds in CS and OS development around today are working in government agencies - whether or not you know their names, this is the truth).
Finally, throughout the computing industry, it is being recognized that computing technology no longer exists only in the realms of research and science. This technology has become critical to the functioning of society, in a very practical, day to day sense. I did read an article recently on Ars-Technica about the recognition that fault tolerant computing is now getting. To this end, the government should seriously evaluate the use of a consumer OS. For instance:
Does NASA buy 50 Aibo robot dogs to launch into space? No
Do they hire TRW or Boeing to custom build equipment on a contract basis? yes
So, if these agencies already have a method for contractng the services of companies to design fault-tolerant and secure systems for various military and aerospace operations, why should the database which stores my medical, personal, or credit information be any different? In both cases, the lives of individual citizens is at stake.
I am certainly not trying to simplify the situation or even offer a blanket solution. I am saying one thing though no government should be purchasing and using off the shelf, shrink wrapped software to hold any of our information. Period.
Flame away if u think I am way off base =)
Re:now they are afraid? (Score:2)
I believe governments are able to purchase source licenses for Microsoft Operating Systems.
By the time they finished wading through those millions of lines of bloat, the version would be obsolete. With Free operating systems, it is possable to follow the changes as they happen and not have to re-analyse everything from square one.
Re:And this comes as a shock? (Score:2)
Re:Win2000 is C2 (Score:2)
Re:NEWS for Nerds, Stuff that Matters (Score:2)
Re:How do you remove the undo history? (Score:2)
Re:People need to realize (Score:2)
How useable do you think the Windows UI is for driving a tank or an aircraft carrier. You need to add quite a bit on for flight sim remember...
Now, add a small filesystem layer that encrypts and decrypts everything to and from the hard drive. Replace the usual login password with something that checks an individual's physical traits(such as DNA or maybe fingerprints). Make sure that it's checked as soon as possible. I'd replace the BIOS with whatever checks for the DNA/fingerprint. We'll also assume this workstation isn't physically connected to any other.
If it's not connected to anything else how are you going in install the biodata on it in the first place, if it's not networked? Anyway unless something of the biometrics is used as the encryption key then anyone with physical access to the hardware can get at the data, which is probably useless sat on the workstation anyway. What do you do when someone else uses that workstation?
Re:People need to realize (Score:2)
Especially if the system cannot tell the difference between a living person and one very recently dead. It's not as if this is a difficult "trick", it crops up in many films and TV shows where biometrics are used.
Re:Worse than you might think (Score:2)
The problem here is people treating
Re:Governments Using Proprietary OS'es (Score:2)
Would these be the same shrink wrap apps which say in effect "if this breaks then we have no liability, even if we knew it was broken".
If you sell CanduOS to Candu reactor users and an OS exploit causes a meltdown then you as the vender are held responsible.
No you say "sorry about the mess, but didn't you read the licence?" then maybe put "unsuitable for fission cooling systems" in CanduOS V2.
Free software is good but lacks the liability and accountability that governments and enterprise depends on.
In fact it's the only way of getting liability and accountability. Because your own experts can examine it and alter it to your organisations needs.
Re:Worse than you might think (Score:2)
--
Re:Worse than you might think (Score:2)
But I ramble.
-Todd
---
Re:now they are afraid? (Score:2)
What has kept Microsoft employees from doing the same thing?
The potential to be hanged for treason? The fact that even the amazing MS marketing department couldn't overcome the negative publicity MS spying for an enemy power? Since MS is the employer, they know that they bear responsability for the work related things their employees do, so they police it. They do not bear (legal) responsability for what A third party did without their permission.
As soon as the break-in became known, MS gained plausable deniability. Anything found becomes "Obviously the work of that evil foreign hacker".
I doubt that the fear level before was zero, it's just a lot higher now.
Re:How does the hack change things? (Score:2)
A secret agent running around as a senior Microsoft programmer could cause reams of damage, for anyody interested in real power over Windows boxes-- e.g. any nefarious government, corporation, or super villan.
It should also be easier to subvert existing programmers, now that they can't retire in a year like they planned due to the stock nosedive.
Government uses a different OS (Score:5)
Re:NEWS for Nerds, Stuff that Matters (Score:2)
Re:NEWS for Nerds, Stuff that Matters (Score:2)
Re:NEWS for Nerds, Stuff that Matters (Score:2)
Re:Um... (Score:2)
Or that even if they did, it would work?
Can they test every possible binary resulting from compiling an open source system?
Re:Very interesting thoughts about open source (Score:2)
Re:People need to realize (Score:2)
Using that very simple and easy-to-implement security scheme I mentioned, you increased security several times over what it was before - with almost no loss in useability. By what that poster said, the 400-500% gain in security would have meant a serious loss in useability - obviously not so.
Now, since I'm in the mood for a little fight:
Points 4 and 5 have nothing to do with security. They had to do with good computing in general - always have a backup. I will ignore them.
1. You're right, you could do all those things. But it's all of a sudden a HELLUVA lot harder than a regular Windows ME install. And there's no guarantee you'll be able to decrypt the drive before you die. It could take that long. But only a minor speed loss is incurred(with the proper algorithms).
2. The ACLs and such you mention are for multi-user systems. Windows ME is not a multi-user system. Sure, you can have different backgrounds and preferences for different users, but that does not a multi-user system make. Since Windows ME is a single-user system, no ACLs are required.
3. See point 1 above.
4. Ignored.
5. Ignored.
6. Good idea about the "duress" password. Point taken.
7. We're talking about security vs. useability here. I am saying that with a certain value of security, you don't lose that same value in useability. The TEMPEST protection measures, though, shouldn't hamper useability of the operating system - although the size of such a computer might be a hindrance.
8. You can write a 2 line VB program that will grind my computer to a halt; I can write a 4-5 hundred line Intel assembly program which will completely preclude those particular VB instructions from ever being run.
9. It's still very usable. Games, word processing, office apps.
10. You're wrong there. Money buys a lot of things - including respect. Some of my employers pay Microsoft to have a team of engineers on standby, 24 hours a day, with access to Windows source. And Microsoft *HAS* given source to other companies.
Now, I'm not going to lambast you for purposefully taking my argument as something it wasn't. Before you say anything else, consider for a moment the point I was trying to make, and then refute the point itself - not my example.
Dave
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
Re:Governments Using Proprietary OS'es (Score:2)
When did the military start being an office? Or when did office workers start becoming soldiers?
It's effectivly saying "those apples make good apple pie, so they should make good orange juice too"...
Re:They got the title wrong again . . . (Score:2)
Actually, I thought the title was correct, but I'm not sure if it refers to the hacking of the website or the hacks who write Microsoft software. :)
--
How do you remove the undo history? (Score:2)
Hole?? Threat?? (Score:3)
Or is it that Microsoft so little knowledge of security that their own system is compromised?
Open source with many eyes can enhance security...Closed source that hackers have the source to is a security breach.
Re:Worse than you might think (Score:2)
I gave it a very boring test on Word97... Using simple text, there are no problems.
I created a doc with the body of "This is confidential information" then the alphabet in lower case, then the same thing, except that it was not confidential information and the alphabet in upper case. I saved it, ran strings on it, and I saw all of my text (and the full name as registered in the product!)
I then selected the text with the mouse, hit delete, and checked strings.
All the information was gone... except that Word appeared to have taken the words "This is confidential information" as a title, and kept it in the document. The lower case alphabet was gone though. Of course my name was still there.
When I closed Word and reopened the second document using the run history, the undo buffer was empty.
Trusting Non-USA MS Employees? (Score:2)
Does the USA also trust the non-USA MS employees and network [microsoft.com]?
Re:Governments Using Proprietary OS'es (Score:2)
Actually the MS license disclaims just as much responsibility as the GNU license. They just demand a lot of duties from the "purchaser". (That's humor -- they specifically deny that they are selling you anything. Even the license is still theirs, and that's why they can change it even after you've agreed to it.)
Caution: Now approaching the (technological) singularity.
Re:Worse than you might think (Score:2)
For instance, if a SECRET powerpoint file exists on a network rated for TOP SECRET processing, it cannot be moved down to a network that is only authorized to process SECRET - even if the data matches classification. Why? It's not just to be a pain in the ass of those who need to get information to different people - what if there is a graphic/textbox behind a "rectangle" shape that matches the background (white, in most cases - not hard)? You've passed that text/graphic without even knowing it.
I've seen this happen, and it's a nightmare.
BTW - even if you copy an ASCII file 'down', you need to do it with a special program to ensure that no extra bits are copied off the system...
Re:NEWS for Nerds, Stuff that Matters (Score:2)
Lo-tech solutions (Score:2)
The most effective, most used, and most trusted security measures are locks, guards, vigilance, and effort. I don't care if you run triple-encrpyted, Extra-Tasty Secure BSD/Linux/WinNT..etc, if they have got to the computer, you are, for the most part, screwed.
That's why computers with secret/confidential/top secret data are physically locked up, and physically isolated from the internet. Places like the NSA run on a system where if an unauthorized person is in the room, flashing lights go off so you don't talk about secret things. You get layed out on the ground and searched if you have a badge that says "I need an escort" and you don't have an escort. These sorts of measures are what keeps us safe on a national security standpoint.
Insiders (i.e spies) in the Gov't are always going to be able to get to the data, no how many retinal/finger/rectal scans you require. Computers are not really a big issue. Sure, stuff like data left over on hard drives after you've "emptied the trash" used to be a problem. But that sort of thing has been covered now. People, as always, are STILL the only big security hole.
I am speaking from personal experience here. I work for a federal contractor that deals in information that requires a clearance.
I think that computer security issues apply much more to the real world then the military. But the rest of the government, well, that worries me too. And its still the people that worry me rather then the computers. A smart person with windows 95 is more secure then a stupid one with the most secure OS.
We better watch out then! (Score:5)
Re:Hole?? Threat?? (Score:2)
Fucking shit where do you people get this attitude from? Security comes from lots of places, none of which are source code being open for everyone to see. Linux doesn't have an A1 security rating dispite being open sourced, come to think of it no operating systems have an A1, the highest rated OS is Wang GS XTS-x systems. These aren't open sourced yet have the highest security ratings out of anyone. Systems get secure when they resist penetration better than nuns as well as not allowing trusted users too much freedom inside the system. If your security stops at the door you're fucked.
Re:People need to realize (Score:2)
So what? (Score:3)
Regarless, the biggest security threat is the lack of dilligence displayed by users and admins. Far too many people use their name as the password or use no password.
Re:People need to realize (Score:2)
Re:So what? (Score:2)
i agree that the lack of command line make it more difficult to intuitively hack a mac than other os's, but remember:
a) AppleScript and other OSA implementations can be used as a fine substitute for a command line.
b) Very soon OS X will make even that illusion of security go away...
now they are afraid? (Score:4)
But since that software may have been compromised by somebody from the outside they are afraid.
What has kept Microsoft employees from doing the same thing? Or, as some would want us to believe, keep Microsoft from doing anything.
Any time a company (or a government) uses closed source software, there has to be a level of trust.
Re: (Score:2)
The real CSIS article is here (Score:2)
The Microsoft angle is only one part of the report, which also discusses open-source, mobile computing, distributed computing, and nanotechnology. The specific areas of concern are predictably:
1. threat of disruption of communication
2. threat of exploitation of information
3. threat of manipulation of information
4. threat of destruction of information or infrastructure
Title has an extra word (Score:3)
It should read "Microsoft a National Security Threat".
-Rob
Correct Link Is: (Score:2)
Gang, in the 80s it used to be that software had to go through a IVV cycle (independent verification and validation), before you could use it for anything critical. Admittedly, this slowed stuff down, but it had its merits. Even if M$ has the best of intentions and tries the best it can, I don't think I really, really want to bet my ass on their efforts. Do you?
Re:Um... (Score:3)
There's a simple solution that Linux advocates use to give themselves perfect security: They just chant "security through obscurity is bad" over and over, and then they are magically secure!
--
Re:now they are afraid? (Score:2)
Caution: Now approaching the (technological) singularity.
Re:So what? (Score:2)
While Windows always has TCP port 139 open even when file & printer sharing is not enabled, nmap can't even identify a Mac, because there are no open ports to get a TCP fingerprint from (assuming you haven't taken the first two of those four steps).
--
Re:Worse than you might think (Score:2)
I must admit that I haven't tried this, but PDF's were never intended as a method for secrecy.
Caution: Now approaching the (technological) singularity.
The "Track Changes" feature (Score:2)
I haven't heard this story related to any classified material, but it's certainly quite feasible. Or, the commercial sector stories may just have been adapted.
Re:Worse than you might think (Score:2)
The "ASCII text" restriction isn't exactly an ideal protection.
Caution: Now approaching the (technological) singularity.
Oh great.... (Score:2)
(I know, it's not quite that bad)
But in all seriousness, this could be pretty bad. Who knows what kind of information is "protected" on windows machines. Who knows who might get their hands on plans for various weapons, etc, or just cause havoc with various databases throughout governments worldwide.
Maybe they should get some of those copy protected hard drives
Dark Nexus
How does the hack change things? (Score:5)
So the U.S. government trusts every single Microsoft employee with the authority to make changes to the source code?
Whether or not an intruder gained access to the source, the U.S. government would be fools to trust something for sensitive operations without performing a full security audit on the source themselves.
Re:How do we resolve this paradox? (Score:2)
Nope (Score:2)
ALMOST..
Perl and Shell scripts that are "small text files" can't be arbitrarily executed.. you have to chmod +x them first.
This is a subtle, but very important distinction. It provides a mechanism that stops arbitrary code from being executed. (The user needs to save it, then chmod +x it, then execute it)..
Granted it's not inconceivable that someone could write a MUA that would perform these steps automatically, but (in general) Unix programmers have more brains than this... which leads us to another issue: MS programmers (in general) wouldn't know a security hole if it came up and bit them on the ass (which, if you read NTBugtraq, happens pretty frequently
The problem
Nope. The problem is that the system will run arbitrary programs based on the file name. The issue of "everybody is root" is an issue, but a minor one, as Windows is not a multi-user OS.
Re:So what? (corrected link) (Score:2)
If this doesn't work, the problem with the original link was a space after csis. and before microsoft
Caution: Now approaching the (technological) singularity.
Re:Um... (Score:2)
How are you going to get that assembly code to execute on my box, with sufficient privaleges to trap for that kind of behavior? My server is set up in such a way that gaining the level of access required to run your code is (hopefully) very difficult.
Whereas with closed source, you really don't have a full understanding of how to attack it.
Don't be so sure. Someone goes looking, and finds a security hole in a closed-source OS. Nobody else has seen it, because nobody else was looking. They write a program to exploit that bug, and distribute it. You now have a security problem.
The open-source difference is, lots of people are looking at the code, and bugs are more likely to be found. Since the people finding these bugs also depend on the software themselves, they're quite likely to report the bug to someone who can write a patch, or patch it themselves and submit their patch to be reviewed and distributed.
--
Re:People need to realize (Score:2)
I disagree. In many cases, yes, security can limit useability. For instance, the most secure system is one that has been broken down to its individual molecules and scattered out into space on a hundred million different probes. Of course, at that point, it's not very useful.
But let's look at it this way. We'll consider a default Window ME install to be very useable, but rather insecure. Now, add a small filesystem layer that encrypts and decrypts everything to and from the hard drive. Replace the usual login password with something that checks an individual's physical traits(such as DNA or maybe fingerprints). Make sure that it's checked as soon as possible. I'd replace the BIOS with whatever checks for the DNA/fingerprint. We'll also assume this workstation isn't physically connected to any other.
All of a sudden, you have an incredibly secure system, with the same useability(maybe a little slowdown for encryption/decryption, but there are fast, secure algorithms availble). So no I've already refuted the "inversely proportional" part.
Now, I've yet to see a security implementation that doesn't hamper useability in some form, but to say that it's impossible is downright moronic. Just because you can't think of a way to do it doesn't mean it's not possible.
Dave
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
People need to realize (Score:5)
Worse than you might think (Score:4)
The lab could educate the secretaries and researchers about the "gotchas" of every commercial product they use (and they do try), but people are bound to forget or make mistakes. If they deployed open source software they could inspect and modify the code to make these holes unavailable.
We already knew this,but apparently they didn't... (Score:3)
You can never be sure of anything unless you check it yourself. Mere "trust" is seldom an option when it comes to mission-critical applications. And while trust if acceptable in commercial systems (if it breaks, let's sue them) it just isn't an option when break-of-trust involves lives or national security.
That's why I understand that banks use Microsoft products, but i get very scared when aerospace or medical systems even go near Windows...
-----
Re: Your sig (Score:2)
--
Obfuscated e-mail addresses won't stop sadistic 12-year-old ACs.