Comment Re:Hmm... Hemos should read the articles first (Score 1) 127
> Following the exact link Hemos posted, Microsoft did not say that NT got a C2 (TCSEC) rating at all. Rather they posted that it passed the ITSEC
E3 level testing which is UK based.
> Read the article - event the first sentence gives it away: "On April 28th, 1999, the UK Government announced...". Hemos is so busy Microsoft
bashing he forgot that the truth actually has some bearing in the matter.
You, on the other hand, are so busy bashing Hemos that you forget to even read what he has written! Or perhaps more accurately, what he hasn't. The entire post was quoted from a slashdot reader who mailed it in. The slashdot reader DID, in fact, say that it recieved the ITSEC rating, as did the title of the article. He only mentioned the TCSEC rating as a comparison for readers unfamiliar with the ITSEC ratings.
> To further prove his blatant incompetence in news reporting, he went on to say that it wasn't certified on a network. Again, this is blatantly false. A
single click from the Microsoft page gives this (at http://www.itsec.gov.uk/cgi-bin/cplview.pl?docno=9 5):
> "The evaluation of Microsoft Windows NT 4.0 excludes Exchange Server, System Management Server (SMS), MS Mail, remote access services
and Clipbook viewer. Domain based security functionality is included up to the transport driver interface; underlying network protocols and
architectures are excluded."
> Gee... Sounds like networking to me!!
> In fact, NT 3.51 is also rated at E3 level *with* network functionality (again Hemos can't get his facts right).
This is correct; however, it was the person who mailed in the story, not Hemos, who made the error. The quote from the reader is represented to be opinion, not fact.
> To put the icing on the cake for the worst reported article in slashdot history he goes on to mention a misconfiguration bug that has been around for
at least a few months now (fixes/workarounds etc. have been around for just as long).
Workarounds, yes - fixes to the underlying problem, no. This is not to say that I would've made the same argument - C2 security is about security concepts, not the actual security of a system. Major implementation problems like this aren't really within its scope.
> Look: If you want to be taken seriously then you have to dump on these losers who would make up the news to bag Microsoft than report the truth.
> If Hemos has any integrity left, he'll post a correction/retraction with what actually happened rather than leave his work of fiction up on the site.
Hemos did not write that posting or represent it to be his writing; Slashdot's stories frequently are quoted from users. Furthermore, the links are the substance of the story, not the personal opinions of the person who wrote it in. Your attitude towards Hemos is grossly inappropiate. Perhaps you should make some effort to understand what is represented to opinion and what is represented as fact, and react accordingly.
E3 level testing which is UK based.
> Read the article - event the first sentence gives it away: "On April 28th, 1999, the UK Government announced...". Hemos is so busy Microsoft
bashing he forgot that the truth actually has some bearing in the matter.
You, on the other hand, are so busy bashing Hemos that you forget to even read what he has written! Or perhaps more accurately, what he hasn't. The entire post was quoted from a slashdot reader who mailed it in. The slashdot reader DID, in fact, say that it recieved the ITSEC rating, as did the title of the article. He only mentioned the TCSEC rating as a comparison for readers unfamiliar with the ITSEC ratings.
> To further prove his blatant incompetence in news reporting, he went on to say that it wasn't certified on a network. Again, this is blatantly false. A
single click from the Microsoft page gives this (at http://www.itsec.gov.uk/cgi-bin/cplview.pl?docno=
> "The evaluation of Microsoft Windows NT 4.0 excludes Exchange Server, System Management Server (SMS), MS Mail, remote access services
and Clipbook viewer. Domain based security functionality is included up to the transport driver interface; underlying network protocols and
architectures are excluded."
> Gee... Sounds like networking to me!!
> In fact, NT 3.51 is also rated at E3 level *with* network functionality (again Hemos can't get his facts right).
This is correct; however, it was the person who mailed in the story, not Hemos, who made the error. The quote from the reader is represented to be opinion, not fact.
> To put the icing on the cake for the worst reported article in slashdot history he goes on to mention a misconfiguration bug that has been around for
at least a few months now (fixes/workarounds etc. have been around for just as long).
Workarounds, yes - fixes to the underlying problem, no. This is not to say that I would've made the same argument - C2 security is about security concepts, not the actual security of a system. Major implementation problems like this aren't really within its scope.
> Look: If you want to be taken seriously then you have to dump on these losers who would make up the news to bag Microsoft than report the truth.
> If Hemos has any integrity left, he'll post a correction/retraction with what actually happened rather than leave his work of fiction up on the site.
Hemos did not write that posting or represent it to be his writing; Slashdot's stories frequently are quoted from users. Furthermore, the links are the substance of the story, not the personal opinions of the person who wrote it in. Your attitude towards Hemos is grossly inappropiate. Perhaps you should make some effort to understand what is represented to opinion and what is represented as fact, and react accordingly.
