Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Duh (Score 1) 103

by recoiledsnake (#45849573) Attached to: Unencrypted Windows Crash Reports a Blueprint For Attackers

The drivers that come with the device or Windows might be outdated, buggy and/or omit new features.

So your thumb drive grows new features over its life? Amazing.

Sure it can, like encrypted thumb drives can have security fixes.

Everybody has the issue. Those that don't think its an issue are like vaccinated children, running around on the playground serving as a conduit for exposing others.

Most people do not need military grade security in everything, especially things like USB device info. Those that do have a mechanism to do it. That said, MS should at the least, start encrypting them over SSL, there's no excuse for that. Why are you unconcerned over search terms, email and documents being sent, stored and tracked forever in the cloud, but are worried about USB Device IDs?

Ask a bunch of people which would they prefer if they had to pick one. 1) Publish all their web search terms and email for the past 5 years in the local newspaper 2) Do the same for USB device IDs or even software installed on their system.

Comment Re:Not everything is about software security. (Score 1) 103

by recoiledsnake (#45849509) Attached to: Unencrypted Windows Crash Reports a Blueprint For Attackers

Not sure what the solution to that is, except to prompt the user every hour with a hundred status messages(the antivirus/firewall turned off ones are bad enough).

. Besides, YOU just clicked through the message without reading it anyway, because we all know you can trust Microsoft, right?

Add a 5 minute timer to prompts? Is that the solution?

Comment Re:Duh (Score 2) 103

by recoiledsnake (#45849217) Attached to: Unencrypted Windows Crash Reports a Blueprint For Attackers

. Searching for drivers on windows update is completely unnecessary for about 95% of the things you will ever plug in, and usually fruitless for the other 5%.

Reference?
The drivers that come with the device or Windows might be outdated, buggy and/or omit new features.
I see updates to drivers in Windows Update many times so they're quite useful to me. Even as a power user, I don't keep visiting my hardware driver websites and keep comparing driver versions. Do you do that? The other option is to clutter up the system with 15 auto updaters from 10 companies. Is hiding the hardware you use from MS(assuming they start encrypting the data, which was a bad omission) that important to all users? Those who have that issue can turn it off.

Comment Re:Not everything is about software security. (Score 5, Informative) 103

by recoiledsnake (#45848451) Attached to: Unencrypted Windows Crash Reports a Blueprint For Attackers

If you're really concerned about security on your individual systems, DONT USE WINDOWS. There, fixed it for ya.

Ubuntu does the same, if not worse.
https://launchpad.net/apport

pport intercepts Program crashes, collects debugging information about the crash and the operating system environment, and sends it to bug trackers in a standardized form. It also offers the user to report a bug about a package, with again collecting as much information about it as possible.

It currently supports

  - Crashes from standard signals (SIGSEGV, SIGILL, etc.) through the kernel coredump handler (in piping mode)
    - Unhandled Python exceptions
    - GTK, KDE, and command line user interfaces
    - Packages can ship hooks for collecting speficic data (such as /var/log/Xorg.0.log for X.org, or modified gconf settings for GNOME programs)
    - apt/dpkg and rpm backend (in production use in Ubuntu and OpenSUSE)
    - Reprocessing a core dump and debug symbols for post-mortem (and preferably server-side) generation of fully symbolic stack traces (apport-retrace)
    - Reporting bugs to Launchpad (more backends can be easily added)

If you're really concerned about WER on Windows, just say no when it asks you to send crash reports.

Comment Re:Duh (Score 5, Funny) 103

by recoiledsnake (#45848409) Attached to: Unencrypted Windows Crash Reports a Blueprint For Attackers

Reading the article, it says that each time you plug in a new USB device, it automatically sends that information to Microsoft. Even if you don't send the Windows crash reports to Microsoft, your computer is still phoning home each time you install a new USB device.

Duh, how does it search for drivers on Windows Update then? Turn off that functionality and then check, if it still does, then it's news.

Next you will tell me that my browser is broadcasting an IP Address.

Comment Re:Security - and a false sense of security (Score 1) 341

by recoiledsnake (#45829571) Attached to: Linux Distributions Storing Wi-Fi Passwords In Plain Text

From your link:

One catch here is that you can't just decrypt the password even though you are administrator. To successfully decrypt the password, you have to perform the decryption operation under system context.

There are many ways to execute the code under SYSTEM context, one of the popular way is to inject the code via remote thread [Reference 2] in system process - LSASS.EXE. But this one is more risky, as any flaw in code can bring down the entire system. Much safer way is to create Windows service as System account and then execute the above decryption code from that service.

How would encrypting it with a user key help?

Comment Re:Any movement away from Microsoft is good. (Score 1) 564

by recoiledsnake (#45812819) Attached to: PC Makers Plan Rebellion Against Microsoft At CES

My point is that some folks tend to remember every small thing done by MS over a decade ago, and then they're colored by extremely biased narratives from articles and comments, and then suddenly urban legends becomes "fact", like the AARD code which never affected one real person, much less part of holding CS back. Google's missteps don't get the same traction and everyone seems to forget them pretty quickly. It's just confirmation bias that I notice. Coming to moderation, you have it way easier because you post anti-MS stuff. Try even posting corrections to obvious wrong things on here about MS and you'd be getting downmods for days.

Comment Re:Any movement away from Microsoft is good. (Score 1) 564

by recoiledsnake (#45808373) Attached to: PC Makers Plan Rebellion Against Microsoft At CES

So you make the claim about this issue hurting "the future of computer science", and here we are, with you unable to back up such a epochal event with one reference. Maybe MS went and deleted all internet pages related to this?

Extraordinary claims need extraordinary evidence, Carl Sagan said, but you're unable to even provide ordinary evidence except your personal experience which even you admit you don't remember exactly, and everyone knows how it could be because DOS config varied from machine to machine with a lot of powerful settings in config.sys and himem.sys, just two examples.

What is certain, and what has been documented, is that MS did put that AARD code into it's products. If you've actually read up on it, you'll realize that Win3.1 is not the ONLY place it showed up. Win3.1 is the only place where I personally encountered it.

All I can read on it says the code didn't prevent the Windows install from going forward and that it ran silently even if it was present, except in a pre-beta release. Can you provide any web page that contradicts the above? If you're unable to, are you willing to retract your claim? I don't want spend more time trying to dig more facts to contradict an obviously anti-MS person on Slashdot who won't change their mind regardless.

Anyway, don't worry, no one here is going to read this subthread, none of my posts have been modded up like yours have been, and people reading your earlier posts will continue to believe in and propagate the same half truths and misinformation that will mislead more people who don't check the facts for themselves, and the cycle continues. I guess I must just be happy that I am not hit with downmods for going against the grain yet(bracing for them anyway), it's a struggle to keep my karma above the threshold on here.

Comment Re:Any movement away from Microsoft is good. (Score 1) 564

by recoiledsnake (#45805159) Attached to: PC Makers Plan Rebellion Against Microsoft At CES

The below are extremely misleading if not a lie, as it pertained only to a late beta and not the final version.

Personally, I still resent the AARD code that contributed to the collapse of DRDOS.

That AARD code I mentioned above - have you ever looked at it? A few lines that instruct Microsoft software to check for the underlying operating system on which it is to be installed. If any system fails to report that it is a Microsoft system, the software simply refuses to install. There was no good reason for that - it was just anti-competitive bullshit.

I do believe you're mistaken though and probably not lying, because such urban legends are regulaly posted as gospel truth around these parts(imagine someone who didn't know anything about these reading up your modded up posts) and then start to spread these things in their posts as the truth. The cycle of ignorance continues, but in case of Google and Apple, this effect is not that bad, so they get away because people are simply not even aware of their shortcomings most of the time.

FUD against MS? Don't forget that MS is the MASTER of FUD.

Those are not mutually exclusive, and the second doesn't justify the first, it only make people doing it look like ignorant folks with an agenda to push.

Unless you're admitting that you're spreading FUD because MS spread FUD :)

Slashdot Top Deals

"The four building blocks of the universe are fire, water, gravel and vinyl." -- Dave Barry

Close