Windows 2000 Security Flaw

Ugg

Ugg

Registered
Much has been debated about M$ lack of security but little has been done about it as evidenced by today's little news item about some military servers having been hacked. Wouldn't you think that M$ lack of commitment to security would qualify it as a terrorist org? In that it is aiding and abetting terrorism by not ensuring its products are safe and secure.

I am sure that they and Apple and every other US company that sells computers, software and has lots of foreign nationals working for them must be under intense pressure right now.

I would love to see M$ come under the gun for their sloppy code and lack of commitment to their customers.
 
Yes, you could certainly lay it out like that... Windows _is_ kind of a virtual 'country' that hosts and aids terrorism. But that would certainly go a bit too far, and I guess the US won't like the thought of having to go to war with an American company...
 
I would love to seee the Microsoft Building in Seattle get raided by co op military services
 
Any complex system has security flaws, it just depends on how much effort you want to take in finding them. In these days of belt tightening, software security often takes a back seat to price, what can you get off the shelf (including OS's, development environments, other software tools such as Office) and purchased cheaply. Note that many are probably screaming "Linux" right now, and the US military is putting more weight behind that movement. But then again, there was a root exploit announced yesterday in ptrace. So the answer seems to be that instead of attacking companies like Microsoft, who produce products to the specifications of their users (hey, if the US military doesn't care enough about security to do anything about it, they are only getting what they asked for), that the military should be taken to task for not having a better understanding of security (sounds strange huh) and being able to put the proper resources on it. It's actually understandable, relying so much on main stream tech. is something that's very new for them and it's going to take a while (and unfortunately maybe a few hacks) for them to get things figured out.

BTW, attacking M$ headquarters might end up being a bigger task then Iraq. M$'ees are far more devoted to Bill than Iraqies to Saddam. Plus I hear Bill has a secret Windows MSDN cd launcher, capable of firing those hundreds of cd's one gets in their msdn subscriptions (and unsold copies of "Bob") at velocities high enough to penetrate the armour of a Bradley Fighting Vehicle.
 
I really dont like that you hit down on Microsoft. Microsoft is one of the best things that i know about. I really not agree when you say that the have sloppy codes and that. It might be so that Apple is much better than Microsoft, but Microsoft aint some crappy shit anyway.

Thank you ;-)
 
What I say is half in jest but I think that software product liability is a big joke. Over the last 40 years vehicle safety has been improved in part because there are lists pointing out the most unsafe cars. Also, we are allowed to sue the automakers when they make an unsafe product. Why should the software companies to be exempt from these laws?

When I get in my car I always or almost always walk around look at the tires, make sure I have enough gas, the mirrors are adjusted properly, etc, but should I have to check out every single system before I start it up. I don't think I should, maybe 40 years ago when cars were relatively simple that would have been reasonable. Now, they are so complex you can barely see all the components under the hood.

The same goes with software. I'm no techno geek but I'm willing to take reasonable measures to ensure that my computer is safe. Shouldn't I have recourse against the company who made a faulty product when that product fails me?

It's sort of scary because M$ is beginning to embed its software in a lot of different devices and at this point it's not just M$ but any sofftware maker that I am concerned about. It's not just about whether someone can hack into my computer anymore it's about whether they can hack into my bank or my utilitiy company or the city's streetlight management program or ..... the list is endless. The user should be responsible for a certain amount of his own security but shouldn't the software maker also be held responsible?
 
Originally posted by Ugg
...
The same goes with software. I'm no techno geek but I'm willing to take reasonable measures to ensure that my computer is safe. Shouldn't I have recourse against the company who made a faulty product when that product fails me?

It's sort of scary because M$ is beginning to embed its software in a lot of different devices and at this point it's not just M$ but any sofftware maker that I am concerned about. It's not just about whether someone can hack into my computer anymore it's about whether they can hack into my bank or my utilitiy company or the city's streetlight management program or ..... the list is endless. The user should be responsible for a certain amount of his own security but shouldn't the software maker also be held responsible?
Click to expand...

That brings up an interesting point when it comes to open source software (e.g. Linux). Who's the responsible party then. It's more obvious if you bought your distro from Red Hat et al, but if you downloaded your copy and built it yourself, are you then responsible?

This is a really fine line. The problem is that software (esp. operating systems) are complex beasts, and to actually create something that is hack proof is virtually impossible. If everyone was allowed to sue software companies anytime someone broke into their software, that would suck and send the price of software into the stratasphere. The biggest problem is not culpability, it's abuse and lack of intelligence in the court system. Remember back in the good old days when sueing someone over a product meant that you had to show "gross" neligence vs todays standard which merely assigns percentage of blame? If there were an easier way, and if the courts would apply, to determine faults that are negligent vs those that one has less control over, then this would be more feasable.

Plus there is the added complexity of things like patches. If M$ puts out a service pack and you didn't install it, whose fault is it that you got hacked. What if the SP came out only an hour ago, is this enough time for blame to transfer from M$ to you? A day, a week? If someone hacks into your bank account, is the bank responsible? If someone robs your bank at gunpoint, is the bank responsible? As long as your money is insured, does it matter?

It's a complex issue that, unfortunately, will be bourne out in the courts. As more lawsuits arrise things like who's culpable in what situations will slowly start to flesh themselves out. It's coming, you can bet money on that. In todays litgeous environment you can bet it won't take long for these things to start popping up.
 
First off I am all for tort reform in this country. It has gotten way out of hand, however, software is controlling my life in ways that was unconceivable even 10 years ago, even Popular Science never came close to predicting the way software is involved in our everyday lives!

There needs to be a higher standard. It is one thing to discourage creativity and innovation in the early years of an industry's life, but at some point that industry has to grow up and become a part of the real world. I don't think the software industry has grown up yet. There seems to be this attitude of "Well, we've done everything we can!"

The automobile industry intentionally wrecks tens of thousands of cars every year. Why aren't the software companies hiring hackers to achieve the same thing?
 
Originally posted by Ugg
...
The automobile industry intentionally wrecks tens of thousands of cars every year. Why aren't the software companies hiring hackers to achieve the same thing?
Click to expand...

Actually they do. There are many software related security companies around (above and beyond whatever companies like M$ do internally). The problem is that it's not just about one software company. It's about the interaction between an operating system, web server, database server, web apps, custom internal code, etc. It's these interactions that makes these problems so complex (and lead to it's biggest failures).

Now don't get the impression that I'm saying, "oh it's too hard, don't even bother". I'm not. Like I said previously, it WILL happen. Once the lawsuits start flying, companies in general will have to take a much more rigid look at these issues.

I agree with your statement about the software industry "not being grown up yet". That is absolutely true. The problem is as software progresses, the point of being "grown up" moves along with it. A car is basically the same mechanism it was 75 years ago, it has a lot more doodads on it now, but the fundamentals are the same. Software (the end result, not the constituant parts) continues to evolve, making the problem much harder to nail down.

You mention that software has insinuated itself into our lives faster than anyone could ever imagine. Therein lies the problem. There is always a lag in the social integration of technology vs the physical integration.
 
Ok, I guess I don't know as much about the situation as I thought and was reacting more from a visceral standpoint in part because it happening so rapidly. One of the inherent dangers when you mix the human species and technology, we never really know what the result will be.

As pure speculation however, I wonder how the FBI, CIA and US Military is dealing with M$ serious security problems. The last two times now that M$ has been hit it took out some surprising things like ATMs, M$' own servers, and now some military servers. Hopefully these security issues will force the issue more than it has been up til now.
 
You must log in or register to reply here.
Back
Top