Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack
- Dr. Roy Schestowitz
- 2010-07-01 13:46:45 UTC
- Modified: 2010-07-01 13:46:45 UTC
Summary: Comparative security news from this week
●
Open Source is Inherently More Secure, Says Red Hat (Microsoft
admits silent patching it never discloses)
But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.
Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.
And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.
An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.
●
Microsoft: 10,000 PCs hit with new Windows XP zero-day attack
Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.
Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.
●
New Windows Live Messenger has same old privacy problems
Why do I get the impression that some folks at Microsoft just don’t get it?
●
Privacy problems persist in latest Windows Messenger 2011 beta [
via]
Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects
Recent Techrights' Posts
- IBM Culling Workers or Pushing Them Out (So That It's Not Framed as Layoffs), Red Hat Mentioned Repeatedly Only Hours Ago
- We all know what "reorg" means in the C-suite
- Free Software Foundation Subpoenaed by Serial GPL Infringers
- These attacks on software freedom are subsidised by serial GPL infringers
- Publicly Posting in Social Control Media About Oneself Makes It Public Information
- sheer hypocrisy on privacy is evident in the Debian mailing lists
-
- Embrace, Extend, Replace the Original (Or Just Hijack the Word 'Sudo')
- First comment? A Microsoft employee
- Gemini Links 02/05/2024: Firewall Rules Etiquette and Self Host All The Things
- Links for the day
- Red Hat/IBM Crybullies, GNOME Foundation Bankruptcy, and Microsoft Moles (Operatives) Inside Debian
- reminder of the dangers of Microsoft moles inside Debian
- PsyOps 007: Paul Tagliamonte wanted Debian Press Team to have license to kill
- Reprinted with permission from disguised.work
- IBM Raleigh Layoffs (Home of Red Hat)
- The former CEO left the company exactly a month ago
- Paul R. Tagliamonte, the Pentagon and backstabbing Jacob Appelbaum, part B
- Reprinted with permission from disguised.work
- Links 01/05/2024: Surveillance and Hadopi, Russia Clones Wikipedia
- Links for the day
- Links 01/05/2024: FCC Takes on Illegal Data Sharing, Google Layoffs Expand
- Links for the day
- Links 01/05/2024: Calendaring, Spring Idleness, and Ads
- Links for the day
- Paul Tagliamonte & Debian: White House, Pentagon, USDS and anti-RMS mob ringleader
- Reprinted with permission from disguised.work
- Jacob Appelbaum character assassination was pushed from the White House
- Reprinted with permission from disguised.work
- Why We Revisit the Jacob Appelbaum Story (Demonised and Punished Behind the Scenes by Pentagon Contractor Inside Debian)
- If people who got raped are reporting to Twitter instead of reporting to cops, then there's something deeply flawed
- Red Hat's Official Web Site is Promoting Microsoft
- we're seeing similar things at Canonical's Ubuntu.com
- Enrico Zini & Debian: falsified harassment claims
- Reprinted with permission from disguised.work
- European Parliament Elections 2024: Daniel Pocock Running as an Independent Candidate
- I became aware that Daniel Pocock had decided to enter politics
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Tuesday, April 30, 2024
- IRC logs for Tuesday, April 30, 2024
- [Meme] Sometimes Torvalds and RMS Agree on Things
- hype around chatbots
- [Video] Linus Torvalds on 'Hilarious' AI Hype: "I Hate the Hype" and "I Don't Want to be Part of the Hype", "You Need to Be a Bit Cynical About This Whole Hype Cycle"
- Linus Torvalds on LLMs
- Colin Watson, Steve McIntyre & Debian, Ubuntu cover-up mission after Frans Pop suicide
- Reprinted with permission from disguised.work
- Links 30/04/2024: Wireless Carriers Selling Customer Location Data, Facebook Posts Causing Trouble
- Links for the day
- Frans Pop suicide and Ubuntu grievances
- Reprinted with permission from disguised.work
- Links 30/04/2024: More Google Layoffs (Wide-Ranging)
- Links for the day
- Fresh Rumours of Impending Mass Layoffs at IBM Red Hat
- "IBM filed a W.A.R.N with the state of North Carolina. That only means one thing."
- Workers' Right to Disconnect Won't Matter If Such a Right Isn't Properly Enforced
- I was always "on-call" and my main role or function was being "on-call" in case of incidents
- Mark Shuttleworth's (MS's) Canonical is Promoting Microsoft This Week (Surveillance Slanted as 'Confidential')
- Who runs Canonical these days? Why does Canonical help sell Windows?
- A Discussion About Suicides in Science and Technology (Including Debian and the European Patent Office)
- In Debian, there is a long history of deaths, suicides, and mysterious disappearances
- Federal News Network is Corrupt, It Runs Propaganda Pieces for Microsoft
- Federal News Network used to be OK some years ago
- What Mark Shuttleworth and Canonical Can to Remedy the Damage Done to Frans Pop's Family
- Mr. Shuttleworth and Canonical as a company can at the very least apologise for putting undue pressure
- Amnesty International & Debian Day suicides comparison
- Reprinted with permission from disguised.work
- [Meme] A Way to Get No Real Work Done
- Walter White looking at phone: Your changes could not be saved to device
- Modern Measures of 'Productivity' Boil Down to Time Wasting and Misguided Measurements/Yardsticks
- People are forgetting the value of nature and other human beings
- Countries That Beat the United States at RSF's World Press Freedom Index (After US Plunged Some More)
- The United States (US) was 17 when these rankings started in 2002
- Record Productivity and Preserving People's Past on the Net
- We're very productive these days, partly owing to online news slowing down (less time spent on curating Daily Links)
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, April 29, 2024
- IRC logs for Monday, April 29, 2024
- Links 30/04/2024: Malaysian and Russian Governments Crack Down on Journalists
- Links for the day
- Frans Pop Debian Day suicide, Ubuntu, Google and the DEP-5 machine-readable copyright file
- Reprinted with permission from disguised.work
- Axel Beckert (ETH Zurich), the mentality of sexual violence on campus
- Reprinted with permission from Daniel Pocock
- [Meme] Russian Reversal
- Mark Shuttleworth: In Soviet Russia's spacecraft... Man exploits peasants
- Frans Pop & Debian suicide denial
- Reprinted with permission from disguised.work
- Hard Evidence Reinforces Suspicion That Mark Shuttleworth May Have Worked Volunteers to Death
- Today we start re-publishing articles that contain unaltered E-mails
Comments
saulgoode
2010-07-01 14:10:44
Not just trust the vendor, but also those with whom they've shared the source code (subcontractors, governments, large corporate clients, etc).
It is noteworthy that there were claims that the recent attack on Google stemmed from sources within the Chinese government (with whom MS shares its source code), it is not that surprising that Google would quickly put an end to a situation where the malware authors get to see the Windows source code and they do not.
Dr. Roy Schestowitz
2010-07-01 14:17:26