al Qaeda Hacks XP? 736
acaird writes "According to this article at Newbytes, members of al Qaeda may have worked for Microsoft and planted "trojans, trapdoors, and bugs in Windows XP"."
This stuff screams of hoax to me, but it is showing up on the Washington
Post.
Where the hell is Microsoft's PR agency? (Score:5, Funny)
If this goes on..."Next week on Jerry Springer: Bill Gates is sleeping with my sister!"
Re:Where the hell is Microsoft's PR agency? (Score:2, Funny)
There you have it, indisputable proof that Gates and bin Laden are allies.
Re:Where the hell is Microsoft's PR agency? (Score:4, Funny)
And they will find that there is no way to tell if there are Al-Qeada moles, trap doors, bugs, etc. - the difference between that and normal operation may be minimal at best.
That may be the Al-qeada plan to destroy America. make sure all MS products stop working after a certain date
;-)
Re:Where the hell is Microsoft's PR agency? (Score:5, Insightful)
What, you mean Microsoft Product Activation and Passport subscriptions?
GTRacer
- How much for WinXP Corporate?
Re:Where the hell is Microsoft's PR agency? (Score:5, Funny)
Huh? Last time I checked, Al Queda wanted to destroy the technological world, not save it!
Re:Where the hell is Microsoft's PR agency? (Score:3, Interesting)
> Well the way I figure it, they are paranoid enough that someone at MS will try to find out if this is ture or not
> And they will find that there is no way to tell...
Yes, but at least they will qualify for 3 or 4 billion dollars of disaster relief funding, and a play for sympathy may get them a reduced wrist slap from the DoJ.
Re:Where the hell is Microsoft's PR agency? (Score:4, Funny)
Maybe Ballmer's dance is part of the process, that looked fairly rigorous. It also didn't look too terribly effective.
not as easy as you might think (Score:5, Interesting)
Code generally goes through peer reviews and quality assurance before it is accepted into the main stream. Say waht you want about MS, but I'm sure they do these things (they can afford it!)
To bypass these failsafes would require a lot of people along the line allowing it to slip through.
Re:not as easy as you might think (Score:5, Interesting)
QA generally does not read any code at all, they take the specs for how a routine works, and maybe write some regression tests to make sure it does what it's supposed to, and breaks properly. There's no digging around in the code itself.
As for peer review, when it happens (which it doesn't for every line of code by a long shot) they don't make sure that nobody ever updates that code again without more peer review.
While I don't believe the allegation for a second, it's definitely extremely possible.
Re:not as easy as you might think (Score:3, Insightful)
While I'd admit that QA in professional software is lacking, there are definately source code reviews in an OS product group. Every line of code is looked at, even if only briefly. The risk of the exploit being detected and erased before a release is too great for the Microsoft interview process (grueling, trust me) to be worthwhile. Especially if the coder is a new employee. It is highly unlikely that a new programmer even wrote a single line of compiled OS code. Most of the time, they are writing tools or test scripts for years before they get to write OS code. Insinuating that someone's entire career was a setup in order to get caught planting some bugs in Windows is a lot more ridiculous than claiming this is a hoax.
Two counterpoints (Score:5, Insightful)
Secondly, while I agree that it's unlikely that a terrorist would approach a 13-year old kid and say, "Hey, you should start excelling in Math and then attend college to get a CS degree so that 10 years from now you can go work at Microsoft for 4 years or so (enough to gain the confidence of your managers) and then start putting back doors and bugs in their OS," it's far more plausible that a terrorist would approach a already working programmer who's naive and idealistic -- and perhaps *already* working at and trusted by managers at Microsoft -- and say, "Hey, here's how you can really help your faith..."
Re:Two counterpoints (Score:3, Insightful)
And it's even more plausible that somebody just made this crap up, and the Washington Post bit on it like a hungry trout....
"I saw it on the Internet, it must be true. Right, dad?"
"Not necessarily, son, but I saw it printed on pieces of a dead tree, so that makes it true for sure!"
Re:Two counterpoints take two (Score:3, Informative)
There is no way that you could try to put a terrorist-sized hole in XP without a lot of people noticing.
-For the months before the OS ships every line of code that is modified is examined on several levels; every bug that is found could potentially be investigated by any of dozens of people in any part of the organization...
-There's nearly a 1/1 ratio of Test/Dev in the critical parts of the system; to do this you would have to get the developer(s) and the tester(s) responsible for that chunk of code/functionality.
-Automated tools run by seperate groups review changes and record owners; try to sabotage something once & you won't get a second chance.
-Automated tools run by testers review code that's not exercised by test-passes, reporting on changes so that the hole can be filled.
This simply did not happen and it's embarrassing that this pseudo-technical forum is giving the report even a little credit. I would expect better from even the bitter/angry/biased-microsoft-haters that make up the such a vocal percentage of the slashdot crowd.
Re:Two counterpoints take two (Score:3, Insightful)
I still don't really believe the story, but I think you are dismissing it too lightly.
Re:not as easy as you might think (Score:3, Insightful)
I used to work for Microsoft as a dev. (Visual Studio) Although coding practices vary from group to group, many (including our team) have mandatory code reviews before submitting, including ours.
Noone would personaly verify that the peer reviewed version is exactly what's under source control, but come on. Groups are tight knit. You're always going through each other's code on a daily basis. You plant a Trojan, you're going to get caught.
Let's face it. These Al Quaeda has enough problems smuggling weapons onto airplanes. Try smuggling a programmer through a Micrsoft interview process. M$ job interviews are notoriously tough. You would get more bang for the buck building a bomb and giving the federal reserve a good shaking. (No pun intended)
Re:not as easy as you might think (Score:5, Insightful)
That's assuming that the terrorists would actually have to plant backdoors. It would be far less dangerous, and far easier, to simply look for buffer overflows and then not report them to management. What good is a peer review if your "peer" is actually looking for exploitable code for their own ends. A remotely exploitable buffer overflow is every bit as good as a backdoor, and if they were in QA they wouldn't even have to write it themselves, they would simply have to let it slide through.
Now, I am not saying that the Al Qaeda has penetrated Microsoft, but I can't imagine that someone working at Microsoft hasn't been tempted to simply overlook a buffer overflow. Especially now that Windows is being used to run some very tempting targets.
Re:not as easy as you might think (Score:5, Funny)
Back under your bridge, troll.
Re:not as easy as you might think (Score:5, Funny)
Get a clue. If your a PHB code reviewer at MS, there's a big difference between finding out your programmers have actually been having a little fun on the job with a hidden easter egg, and trying to figure out the functionality of backdoorforallah.dll.
Re:not as easy as you might think (Score:2, Interesting)
This thing is clearly a hoax, but..
I don't think this would be all that difficult. It's not like the hack has to be obvious. You wouldn't put something like:
if( strcmp( username, "osama" ) ) { uid=0; }That would be too obvious.
But something more subtle in the logic could easily get through, given the number of such bugs that have made it through without deliberate sabotage.
Re:not as easy as you might think (Score:4, Funny)
Poor ``osama'' user... every other user instantly becomes root, except for him (sorry, couldn't resist - but this is another reason why strcmp() is pure evil sometimes) ;-)
Re:not as easy as you might think (Score:2)
I could also see how it could be done. a simple #progma and redefinition of a core Win32 API function placed in something as silly as stdafx.h might just slip by.
Not as easy as you might think (Score:4, Interesting)
In the first place, I notice that man is a "suspected" Al Qaeda member. From what I've been seeing lately, anyone who has the wrong kind of accent or a copy of the Koran is a suspected Al Qaeda Member.
Secondly, if this man really is a member of the organization, it should be noted that bravado and misinformation are prime terrorist tactics. It's a lot easier to spread rumours about having planted bombs, or for that matter created software bugs, than it is to actually do it. And you still get the result of people being afraid to fly or afraid to use Windows.
Thirdly, as you said, even if some programmers with less than noble intentions did manage to get employed at Microsoft, the chance that they would be able to intentionally slip in a trojan horse without it being caught in testing are pretty low.
On the other hand, i suppose they couls just sabotage the american way of life by writing bad code, but then Microsoft pays people to do that anyway.
Re:Not as easy as you might think (Score:3, Insightful)
Ok, but when you pick the suspected Al Qaeda member up, and he says "I'm an Al Qaeda member, and I'd like to enter a formal confession in court, so I can blather on about the evils of western 'civilization' before proudly marching off to die a martyr in your jails", you can excuse journalists for thinking he might really mean it.
Re:not as easy as you might think (Score:5, Insightful)
You see, I work for a not so big software company right now, but I used to.
It's not that hard to sneak some malicious code into the final product. Quality Arrusance is usualy made only by using the software, not by analising the code. And even if they do analise the code, it's quite trivial to introduce some obscure buffer overflow.
Also, we are forced to remember about that hacking of microsoft internal network some time ago, which they "claimed" give the hackers no access to the code base.
I hate bin Laden as much as the next guy, and think he should die. But, even being a fanactic, the guy is inteligent. And has recources, both personel and money. I think it's very likely he would attempt something like this. I know, in his shoes, I would.
Re:not as easy as you might think (Score:3, Interesting)
That lead me to some considerations:
1- The sabotage would have to be enough so it's usage (or saying I would use it) would cause terror
2- The sabotage would have to be small enough it would pass quality assurance without arousing a flag
3- The sabotage would have to be generic enough so nobody would spot it at a first glance
4- The exploit would have to be complicated enough so nobody else would be able to exploit it before I do
5- This sabotage would have to take a form, or permit some kind of use, that would let me claim responsability for the terrorist act
6- If I could do something misleading, so that when I first attacked, the the original sabotage
would not be found, even after the attack, the better
So, considering all this point, I want to reduce my rating from "Very Probable" to simply "Technicaly Factible".
Unless they are very stupid. Which maybe they are, just like me posting this kind of thing with the FBI sensors and such monitoring everything.
If they arest me for this post, please, let the slashdotters know about it.
Or could it be I'm simply violating the DMCA ?
Re:not as easy as you might think - VERY EASY (Score:3, Informative)
The standard practices at Microsoft do not include a lot of code review (even for a co-op). You could easily sneak stuff in there.
That being said, I'll wait until I see proof before I believe this one.
I have nothing to worry about, however. My standard practice is to never install a Microsoft OS until it has been "in the field" for -at least- a year
Re:not as easy as you might think - VERY EASY (Score:3, Funny)
My policy is half of that: the first half!
Re:not as easy as you might think (Score:4, Informative)
Where is this wonderful place you work?
I've worked for, lessee, eight companies over the years, ranging from the tiny to mammoth international corporations. Only two had code reviews.
At one, a well known company in the computer security field, code for a secure operating system base was reviewed by trust engineers - who were knowledgeable about the theory of security but who were not so knowledgeable about the programming language being use. We'd get questions like "what does char somecstring[16]; somecstring[0] = char(0); mean"?
At the other, a well-known aerospace contractor, reviews of code for a NASA project focused on making sure that your code met the formatting standards required - no one asked me anything at all about the semantics of my code.
Re:not as easy as you might think (Score:4, Informative)
Whatever. Excel used to have a flight simulator embedded in it, for crying out loud! IIS had a back door password of "Netscape Engineers are Weenies" spelled backwords.
Not to mention the fact that it seems like Windows has an exploit approximately every 3.5 seconds, and that's without access to the source. A terrorist at Microsoft wouldn't even have to try and embed backdoors into the software. They could just keep track of the exploitable buffer overflows and pass them on to their buddies instead of raising attention to them at Microsoft. Microsoft's entire defense stems around the fact that the "bad guys" don't have access to the code and must therefore guess where the problems are (and even still they have more than their share of problems). Someone on the inside (with access to the source) could easily subvert this process.
Re:not as easy as you might think (Score:3, Insightful)
Ok, whatever. It still goes to show how effective Microsoft's "code reviews" are. If it takes them years to find something that was meant to be a joke, then how long is it going to take them to find something that was meant to be a hard to spot backdoor written by a talented coder (there is no questioning the fact that Microsoft programmers are talented folks).
The fact of the matter is that bugs are hard to find in almost any setting. The fact that so few people have access to Microsoft source code simply makes it that much harder to find errors. Microsoft can pretend that they have processes in place to catch these sorts of errors, but when all it takes is the knowledge of one previously unknown buffer exploit it is hard to feel very safe.
Microsoft's entire security policy is based on the fact that the bad guys don't have access to their source code. This assumes, of course, that there isn't anyone inside of Microsoft that is willing to sell (or exploit themselves) security information.
Re:not as easy as you might think (Score:3, Interesting)
Re:not as easy as you might think (Score:3, Interesting)
>software company, it's unlikely that anything
> like that would be able to get through.
Speaking as a director of the Federal Aviation Authority, it's unlikely that four planes could be simultaneuously hijacked and . . .
hawk, not really an FAA official
hah! (Score:2, Funny)
I heard they also worked for Firestone and sabotaged their tires!!!
Hmmmm (Score:4, Funny)
Unless they commented there code:
security_hole();       /*b1n l@d1n r00lz!*/
you sure this isn't from the *NY* Post? (Score:2, Flamebait)
Microsoft spokesman Jim Desler said Afroze's claims about the company were "bizarre and unsubstantiated and should be treated skeptically."
for once, we can all agree with a Microsoft spokesman.
Those bastards hacked the linux kernel too! (Score:5, Funny)
Observe:
% grep -ir 'a.*l.*q.*a.*e.*d.*a'
704
Time to outlaw leenuks, I say.
Re:Those bastards hacked the linux kernel too! (Score:4, Offtopic)
Off-topic but important
Don't do that. You're right; it is much faster. But it's less safe: it breaks if filenames contain whitespace. Ideally, they wouldn't, but remember the iTunes 2 installer? It axed entire partitions for this very reason. Filenames on a lot of systems do have spaces. Code that breaks on them is bad.
Instead, do this:
It requires GNU find and xargs. But it really is much, much better. (It uses a null character instead of a space/newline as the seperator. Filenames can't contain nulls, since the system calls expect C-style null-terminated strings.)
(GNU bashers: There is a reason people prefer their tools. They really are better in a lot of cases.)
"rigorous processes" (Score:3, Funny)
According to Desler, Microsoft has rigorous processes in place during the development of Windows to ensure the security and integrity of source code
I can sleep easier now.
don't worry (Score:3, Funny)
yes, worry. (Score:3, Funny)
Also, don't forget the ones that are there by poor implimentation. You know, like sound files in email that get executed without warning.
Also, don't forget the ones that are there due to poor design. You know, like an email client that runs as root because there are no real user accounts and the underlying file system will not support that and ....
Don't forget to combine all of the above with poor judgement. Well, running M$ with anything but in single user non networked air gap protected mode is poor judgement. Worse judgement is attatching a camera and an always on high speed internet connection in your freaking bedroom, ha-ha [min.net](banned in Saudi Arabia).
Alah-Akbar. It's true you know.
As Microsoft would need terrorist help (Score:2, Redundant)
Re:As Microsoft would need terrorist help (Score:2, Funny)
Two wrongs makes a right, doesn't it?
Ah ha! (Score:2, Funny)
score -1, redundant (Score:2, Funny)
Can we mod down a statement in an article as being redundant? The washington post all but invented "ready-shoot-aim" journalism.
Re:score -1, redundant (Score:3, Informative)
It would be different if they were reporting that there were *in fact* security bugs in XP planted by terrorists, based on the claims of one guy.
If you don't buy Windows XP... (Score:5, Funny)
Right idea, wrong perps. (Score:2, Interesting)
I'm starting to believe the FBI are actually the good guys these days... YIKES!
--Mike--
Well you know what's next... (Score:5, Funny)
seineewerastsisrorretadeuqla
*sigh* (Score:4, Interesting)
*barf* (Score:3, Insightful)
Let's just whine about it instead of moving on. Way to fill the page up with trash.
Hypocracy, see above.
Re:*barf* (Score:3, Interesting)
Yeah, be sure and keep that advice in mind the next time you see FUD coming from Microsoft. The only way to stop problem behavior is by pointing it out. You think the antitrust case would have been filed if people just "moved on"? Are the Slashdot editors immune from scrutiny simply because they're anti-Microsoft?
Hypocracy, see above.
say what? (Score:5, Funny)
...no other explanation needed.
Like it'd matter (Score:2)
Perhaps, just perhaps, a few well placed bugs could have an effect on the end product, but I see no reason why such an orginization would want to target such a thing. I can see the reason to want to make such false statement to cause yet more public doubt as to their safety, though. The likelyhood this is a ploy to crete more doubt is much greater then the likelyhood that they actually did such a thing.
On the other hand, it could very well be true. It is so out there that it just might be truely something that happened. It most certainly is no more out there then the very same network obtaining Anthrax from a US source, and mailing it all over the country..
I, Mudd (Score:2)
I, Ashcroft
"...XP is the only OS that can protect us from terrorists.
But XP was *made* by terrorists"
Fzzt... Pop....
A quick search through the XP dll's (Score:2, Funny)
"!seineeW era tnemnrevoG SU"
Oh ya? (Score:2, Funny)
I heard that members of al Qaeda had infiltrated Slashdot and were sabotaging the quality of reporting.
Oh wait, Taco has always posted retarded stuff.
Goodbye to the BSOD? (Score:5, Funny)
Recycle Bin Laden! (Score:5, Funny)
Daisy Cutter (Score:4, Offtopic)
Breaking up Microsoft! (Score:5, Funny)
How to tell (Score:5, Funny)
Washington Post, good source (Score:2)
We should all know about the wonderful editorial integrity [slashdot.org] of the Washington Post.
We can all rest easy... (Score:2)
Oh well, in that case!
Confession? (Score:2)
Even if the story is true, and the guy "confessed"... I know I'd confess to writing windows XP if faced with a rubber hose.
Think about it...
What will be next (Score:2)
Funny how /bin/laden has passed from mere mortal to a incarnation of evil, and as such responsible for all bad things.
Yesterday he was responsible for crashing the US economy. Today he is responsible for bugs in XP. Tommorow he will be responsible for sour milks, bad weather, disrespectfull children...
Some marvellous quotes here... (Score:2)
Also, I liked "According to Desler [an M$ spokesman], Microsoft has rigorous processes in place during the development of Windows to ensure the security and integrity of source code." Well, it's worked so far, hasn't it? Maybe they're just talking about how difficult it is to add intentional bugs. That, I can believe.
The very suggestion that M$ needs help adding "trojans, trapdoors, and bugs in Windows XP," is the laughable bit here.
good lord (Score:5, Funny)
"OK, people. Line to the left is suicide bombers, center line is front line soldiers, right-hand, nefarious computer geeks."
or
(2 terrorists meet to discuss their accomplishments)
"I have struck a great blow against Satan! I have planted bombs and anthrax!"
"I, too, have stuck a great blow!"
"What did you do?"
"Improper bounds checking in msetl23.dll! I used my own hasty, roll-your-own strcpy()! And as a final coup de gras*, I stole 3 product activation keys and gave them to Best Buy employees"
Please.
* terrorists may not actually use phrases like this. Consult your manual.
Re:good lord (Score:2, Funny)
Pardoning me Shaek Mohammad Mohamed Banky, but did you not mean "Praise Allah?"
Loco (Score:2)
The guy sure sounds loco to me.
Microsoft interviews (Score:2)
As someone who has been through the Microsoft interview process, I find it highly doubtful that some random terrorist programmers could make it though.
Unless, of course, Al Qaeda makes learning how to get 5 gallons of liquid using 3 and 7 gallon containers part of their training.
Re:WARNING: THIS IS ADVICE TO TERRORISTS (Score:3, Informative)
ObSoln:
Fill 7
(Fill 3 from 7:Discard 3) twice
Decant remaining 1 from 7 to 3.
Fill 7. Top up 3 from 7, leaving 5 in 7.
One joke in the article (Score:2)
Hahaha... that's how you can be sure this article's a hoax.
For once, I'm sympathising with MS (Score:4, Insightful)
Look at the effect they've already had on the global airline and tourist industries, based on a net increase in danger that's insignificant compared to road deaths. Score one for the terrorists.
And here come the ill considered security measures and infringements of civil liberties. We defend Freedom by taking it away. Score two.
Then it was time to target the the government, postal service and law enforcement with a few packets of a not particularly lethal virus (sympathies to the victims though). Again, the big impact is from the FUD, as law enforcement chase hoaxes and benign packages all over the country. Score three.
Now it's software. "All your code base belong to us!" they rant. Expect the hoaxers to jump on this and a new rash of bin Laden themed virii and worms to appear. It's pure FUD, but the problem is reassuring easily frightened and confused non-techies that it isn't true. How do you disprove the existence of allegedly hidden code?
And so for once I'm actually going to get on the bandwagon with Microsoft and give this zero credibility. This pathetic piece of bluster should not be allowed to put anyone off using XP. There's plenty of real reasons for not using it, but this isn't one of them.
Al-Qaeda just wants "first-post" rights... (Score:2)
How to get rid of It! (Score:4, Funny)
# rm -f
Warning: Utitilty
# ln
# chflags schg
# chflags schg
Thank you for removing
Internation released.. (Score:2)
This could have, indeed, made it a great deal easier to insert some hidden #ifdef inside of, say, a comment that looks funny, and cause some issues such as providing uid checks, etc..
Perhaps I'm just thinking to much. It's amazing how easy something appears to be if you can think about it long enough..
In other news... (Score:5, Funny)
WTF! (Score:2, Funny)
muahahaha, now, *THAT* was funny.
It isn't our fault! (Score:2)
The largest case of FUD EVER!
now this is serious fud... (Score:2)
truly a case of reaping what you sow. ah, how amusing.
Can't find it in the Washington Post (Score:2)
Its nice to know... (Score:2)
It turns out... (Score:4, Funny)
Taking credit for other people's havok... (Score:5, Funny)
Sounds to me like al-Qaeda is just looking to take credit for the chaos caused by others.
"You will feel our wrath in the endless bugs and security holes in Windows XP!"
What's next? "We will cause random car accidents in busy intersections and will lace cigarettes with deadly carcinogens!" OOooo, their prophecies are coming true, everybody! Head for the hills!
Al Qaeda's Elite Supercomputing Matrix (Score:5, Funny)
7:30p. This just in - We have learned that the alleged Al Qaeda computing complex was destroyed. US Marines were seen removing five hourglasses, an abacus, and a piece of aluminum foil that were allegedly behind a massive recent distributed denial of service.
holy cow, I found it! (Score:4, Funny)
Doesn't work this way (Score:4, Insightful)
In the article they mention the following : "authorities find some of his claims inconsistent and "too theatrical to believe.""
This guy is probably not even a member of Al Qaeda, he's just a crazy guy who's probably too dumb to even be a terrorist.
Re:Doesn't work this way (Score:3, Interesting)
> Al Qaeda members aren't supposed to know what the other members
> are doing. Their own mission is revealed to them at the last moment.
That is exactly right. Bin Laden himself said that none of the 9/11 groups (except the leader) knew the others existed or what they were doing. They didn't know what they themselves were doing until they were getting on the plane.
> This guy is probably not even a member of Al Qaeda, he's just a crazy
> guy who's probably too dumb to even be a terrorist.
Oh, he's a terrorist alright, and if Walker is saying what he has been reported to say (attack yesterday), then he is one too. When one of these people have been captured and can do nothing else to support their cause, they use their mouths in one last terrorist attack: spreading wild (but at least remotely believable) rumors to terrify their enemies. After all, the real business of terrorists is not high body counts, but *TERROR*.
Afroze's claims are false, but Microsoft's all consuming greed was leading them to engage in terror marketing (those "buy more or be audited" postcards) prior to 9/11. Greed, terror, and cruelty are all three heads of one terrible monster.
Wisdom overcomes greed.
Courage sends terror running.
Compassion, the greatest power, conquers cruelty.
Mothra, you were right! Heart can reach!
Bill Gates holds press release on Al Qaeda hacks (Score:5, Funny)
"Bill Gates holds press release on Al Qaeda hacks in Windows XP."
Redmond- Bill Gates today held a press release to confirm the presence of "hacked" code in the Windows XP product, and admitted for the first time that all previous versions of Windows also had "hacked" code inserted maliciously by covert Al Qaeda operatives within the Microsoft Corporation. "We have confirmed the presence of this code in all versions of Microsoft Windows from 3.0 to XP. The code we have found was planted by covert Al Qaeda operatives who were employed by Microsoft for years. This was a long-term terrorist operation planned years in advance and executed with frightening efficiency. We have investigated the code and found it to be the cause of instability in Windows products. As a matter of fact, the infamous "Blue Screen of Death" was in fact an Al Qaeda trojan. We will be release a full list in the coming week of all the Windows problems that the Al Qaeda terrorists are responsible for after a full investigation of all the things that make Windows suck."
There's a dead giveaway in the article itself... (Score:3, Insightful)
Parliament perhaps, but not Tower Bridge. If they were interested in tourist attractions in the US, they would have put a plane into the statue of Liberty. It doesn't fit their pattern. Tower Bridge isn't even that big a deal as a symbol of the City. The Tower itself, or St Pauls, or Buck Huse, would be more likely.
Canary Wharf, I could believe.
Ah... (Score:5, Funny)
lets get it straight (Score:4, Funny)
Al Qaeda Tactic? (Score:3, Interesting)
Perhaps these guys have been instructed that if they feel the need to "spill the beans" they should spill 3 or 4 phony beans along with the real ones. That way, our security has to track multiple potential threats. I'm sure nothing would please them more than to see us spend the time and money required to audit all of the Windows code.
Perhaps there is a rational way to tell which threats are real; some kind of "threat profiling".
Remember the Y2K bug fixing frenzy? (Score:3, Informative)
Given the long-term planning that Al Queda is known for, and their penchant for using the tools of the West against the West, I would be unsurprised if they planted people into companies doing Y2K patchwork for major financial institutions or other mission-critical systems. Most of that code was NOT code reviewed due to time constraints, and the work was done overseas by the lowest bidders. This is a recipe for disaster and was predicted as such years ago. Now that we know exactly how crazy these motherfuckers are, the warnings seem a lot more important.
Just my paranoid guess.
-jon
Don't believe this!! (Score:3, Interesting)
Malice? (Score:3, Insightful)
Never attribute to malice that which can be adequately explained by stupidity.
Re:Doesn't seem likely (Score:2, Insightful)
So THEY've been putting all those bugs! (Score:5, Funny)
BWAHAHAHAHAA
Re:Spelling!!!!!!!!!! (Score:2, Insightful)
"There is no groaning in my store"
When I read comments like this, I think of the lovable Comic Book Guy, so anal about everything. Get over the mispellings, no one is perfect, not CNN, not the BBC and not Slashdot. Besides, what is the word, "You's?" Does the think belong to You, or maybe it should read, "You is think... Ohhh, look, I can be anal and picky as well!
Re:XP? Wouldn't Linux be just as easy? (Score:3, Insightful)
Now, third-party patches such as those at linuxhq.com are not scrutinized by the kernel team, and these patches might possibly contain nasty code (as well as simply poor code). But if you're downloading third-party patches and applying them without reading them, you're an idiot. Can't read C, or don't understand kernel internals? Then don't apply third-party patches.
It would be far easier, as you suggest, to insert backdoors and other nasties into userspace open source programs. When was the last time you downloaded a source tarball and actually read all the code before building and installing it? The most evil of all would be a trojan in gcc -- all programs compiled with the trojaned compiler would themselves be trojans. After a while all source remnants of the trojan would be wiped away, but the trojan code would still be lurking in all our binaries. Horrible thought.
Like you say, be careful. Just because you're running Linux, or you use open source, doesn't make you immune to viruses, backdoors, trojans, or anything else.