This is bullshit, Cisco. Lynn has been barred from disclosing further details about his methods. How about someone barred Cisco from selling devices that repeatedly put the entire Internet at risk?
In other news: Kaizers Orchestra write some very strange, yet very appealing music. Especially the track "Di Grind" is wonderfully absurd.
Today in #mongers we were talking about the combined Cisco/ISS's fuckup, rogue dhcpd's and more. Jerry had this cheerful comment:
<ecksor> I'm convinced that whoever invented the Internet took a half-day.
It's a cruel, cruel world. Not only are there random bombings and shootings in distant parts of the world. Oh no! Now, this cruelty has crept closer to me: My wife continues to make fun of me because I am slow to wake up/move/do anything in the morning. There I am, tired & defenseless, and she mocks me!
Cruel, I tell ya, and as if that wasn't bad enough, one of my so-called friends sends me an email saying: "You'll never guess where we are. Hint: It's somewhere guld og mørkt." (golden and dark for you non-danish speakers). The fucking fucker is spending his summer vacation at Svaneke Brewery, drinking Bornholm Mørk Guld.
I wasn't invited!
News.com reports: "Microsoft is concerned that this new report of possible vulnerabilities in Internet Explorer was not disclosed responsibly [..] by Michal Zalewski."
The Dominion reports: The majority of security specialists and IT professsionals in the world are concerned and mildly annoyed that these bugs were not found and fixed years ago by Microsoft - but left to be found by someone who is not paid to do QA for Microsoft and does not have source code access.
"What Michal Zalewski did was tell people they were vulnerable, and how vulnerable they were. They, including your clueless self, are now free to make real descisions about their level of security. For this free work, you, and the mindless drones like you, are giving him undeserved shit because you bought some corporation's public relations line, to the point of parroting their terminology. Those of us who actually are in the hacking community think it is your small mind that is the irresponsible disgrace." - Dave Aitel responding to someone parroting Microsoft.
IE is a such big, steaming pile of elephant turd. (Firefox and Opera users can wipe that stupid grin off their face. All these browsers suck donkey cock.) I'm willing to revise my general view on browsers the day it takes more than a flaw like this to gain access to my data. I want to be able to run a potentially flawed client for 30 minutes and not be completely fucked at the same time. Call it what you want: Privilege seperation, defense in depth. Jail all these decompressors and rendering engines. Just fucking get it done.
Oh, and Microsoft? I don't care if "Linux" has security problems, too. We are not customers of "Linux", we are customers of you.
Prof. Edward Felten finds that his Windows systems become infected with spyware, regardless of how careful he might be. Hence, he advocates reactive software as opposed to educating users.
I have never had a malware infection to my Windows system (and I know several others who have similar experiences) so I don't see a need for reactive software. Worse still, most of the security software available is just as flawed (or worse) as the underlying operating system. I would be very afraid if malware managed to get onto the same PC I use for private email, online banking, shopping, etc.
I still do believe Technology doesn't secure systems, people do - and they use their minds. We've proven it can be done.
I still vote for legislation that punishes software vendors and users for both knowingly or unknowningly and directly or indirectly causing damage to information systems. If company Foo, Inc. loses my personal details, they should be required by law to cover all my expenses in stopping credit card abuse and any other bad things that happen to me as a result of their mistake.
If user Bar by his actions or lack of actions (neglects to patch against known vulnerabilities, sets up an insecure wireless network or actively allows someone to take over his machine) causes me damage, that user should be held accountable.
Another gigatic muppet reveals himself (in relation to the bombings of London): Home Secretary Charles Clarke gives statement to the Commons. He said "This wouldn't have happned if we had ID cards."
Charles, you fuckwit. Are you retarded? Be less like Jerry Falwell, please. I promise you, no form of identity cards can stop evil people from doing bad things such as these. Even if you did manage to create ID cards that kept evil people away from critical infrastructure, those same evil people would simply need to force regular people to do their bidding. I already told you this years ago. Which part did you not understand?
Pink Floyd caused me to have several mental orgasms at Live 8.
"The two bands I was most impressed with were The Who and Pink Floyd. They had no glitz, no posse, no dancers, no 'show'. Just guys in jeans and a t-shirt playing music. And they kicked ass. I hope today's pop stars were paying attention." -- cornflake @ K5