"One of our hardest jobs is attribution and intent. We've conducted analysis on the software itself. It's very difficult to say 'This is what it was targeted to do.' "We know that it's not doing anything specifically malicious right now. It would be premature to speculate at this time. "We're not looking for where it came from but trying to prevent the spread."
That's crazy... kinda scary too.
I see the potential for a nuclear meltdown if this were to get out of hand.
Core i7 920|EVGA X58|GTX 660 TI & 460se for PHYSX|2x30GB Vertex RAID0|5x1.5TB RAID5
-- Certifications --
CompTIA A+; CompTIA Network+ ; CompTIA Security+; Microsoft Certified Professional(MCP); Microsoft Certified Systems Administrator(MCSA); Microsoft Certified Sysems Engineer(MCSE); Certified Wireless Network Administrator (CWNA); Certified Wireless Security Professional (CWSP); Aruba Certified Mobility Associate (ACMA);
i can see lots of trouble brewing up from this. Maybe places that depend on a computer system should create their own OS, this way they aren't as easy to target. I can see one of these day a virus will get in to a system and launch a missile somewhere...
>> Maybe places that depend on a computer system should create their own OS, this way they aren't as easy to target.
I would not recommend security through obscurity... that's just another path for them to re-implement bugs and holes that have long been worked out of mature operating systems. If that actually worked, Windows would be "secure" because people don't have access to the source. Of course, Windows wide array of security holes has allowed hackers to get access to the source (and promptly torrent it) on occasion, so there you get all the downsides and none of the benefit from white-hats.
They need to be using some form of SELinux or BSD (like the U.S. Army and Navy do for critical systems) - something where the code has had a tens of thousands of eyes on it and been proven secure. It has the same benefit of your idea too - preventing the users from accidentally bringing in a home virus and tainting the system.
Juniper and Cisco have made the same move: JunOS has always been based on the FreeBSD kernel, and Cisco's OS-NX is now using the Linux Kernel. These are enterprise routers and firewalls where security is the highest priority.
What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?
"Microsoft confirmed earlier this week that it "overlooked" the vulnerability when it was revealed last year".
Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.
They have a history of ignoring reports until an actual exploit exists.
Remember a while back when MS told everyone how horrible Tavis Ormandy was? They were mad at him because he released an exploit so that they couldn't ignore his report. He included this in the text of the release:
"I would like to point out that if I had reported the MPC::HexToNum() issue without a working exploit, I would have been ignored.
Without access to extremely smart colleagues, I would likely have given up, leaving you vulnerable to attack from those who just want root on your network and do not care about disclosure policies."
So, Microsoft blasted him in words... and continue to prove him right in action.
New headline: Israeli Virus hits Iran hard.
NEWS TIPS |
This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or hisassociates. All products and trademarks are the property of their respective owners. All content and graphical elements areCopyright © 1999 - 2013 David Altavilla and HotHardware.com, LLC. All rights reserved. Privacy and Terms