And another one just for fun!

Discussion in 'Computer Security' started by Lohkee, Aug 24, 2003.

  1. Lohkee

    donut Guest

    Uh........ yes.
     
    donut, Aug 26, 2003
    #21
    1. Advertisements

  2. Lohkee

    Peter Jones Guest

    I just sent a letter too -- the one to "[email protected]" bounced
    (seems it only recognises www.taylorbros) but the one to
    "[email protected]" seems to have gotten through. Hopefully the message
    will get through too.

    *shrug*

    Pete.
     
    Peter Jones, Aug 26, 2003
    #22
    1. Advertisements

  3. Lohkee

    donut Guest

    (Chris Croughton) wrote in

    There's little use in arguing with people like this, Chris. I've heard the
    "virus can penetrate firewall" argument dozens of times, but I have yet to
    actually see it happen. From this person's comments to this point, it's
    obvious that he considers himself to be "right by default."
     
    donut, Aug 26, 2003
    #23
  4. Lohkee

    Lohkee Guest

    Exactly my point.
    Who said anything about the browser? We are talking about methods to
    circumvent a firewall.
    Better do some research on hostile code before you make such statements
    (although I do agree with your comment about babies).
    Such a shame, and to think that you were actually starting to show some
    semblence of rational thought.

    Lohkee!
     
    Lohkee, Aug 26, 2003
    #24
  5. Lohkee

    donut Guest

    Yours works just fine.

    Going back to the Taylor Co., I don't know how in the world they could
    screw up links so they don't work. Links are one of the simplest HTML
    concepts.
     
    donut, Aug 27, 2003
    #25
  6. Lohkee

    Jim Watt Guest

    I assume that the website is a project of someone without much of a
    clue about websites. probably whoever does their graphic art work,
    although it is produced on MS frontpage and such types are usually
    of the MAC persuasion.

    It really does stand out as an example of a 'non html' website. All
    the documents are .pdf which is not that bad in itself as its a handy
    way to get the datasheets if you have a serious internest/need of
    those products.

    Its been like that for a couple of years, so they must be pretty thick
    skinned about it.

    HOWEVER in all other aspects of business they are good.

    Having spent some time on the W3 website, may have to
    rethink some of my designs, at least the 'for profit' stuff :)
    however its all tested with different browsers and resolutions.
     
    Jim Watt, Aug 27, 2003
    #26
  7. Lohkee

    Peter Jones Guest

    Or maybe nobody bothered to point out the error of their ways until now!

    I just got a reply to that letter I sent off yesterday. It had been
    forwarded to the Managing Director, and it was him who replied. To
    summarise:

    He is less than happy ["pissed off", in fact] with the performance of a
    certain Microsoft product *cough*FrontPage*cough* -- especially since MS
    promise compatibility with all browsers (how hard can it be?); he is
    currently looking for "alternative publishing software" to overcome the
    problem; and he thanked me for my input.

    Heck, I'm almost tempted to rewrite his index page for him... :) (Oh
    no, wait, those strange feelings of charitable goodness appear to be
    fading. That's a relief!)

    Sometimes people really do accept constructive criticism if worded
    properly...

    Pete.
     
    Peter Jones, Aug 28, 2003
    #27
  8. Lohkee

    Jim Watt Guest

    Hmmm well it has been like that for some time, and I complained
    about it a year ago to no avail, it may be that more did this time as
    it got some mention in this group.

    Of all the terrible (generated by Frontpage) websites I've seen that
    was the prime example of horror.

    If views with IE5 it told you to download IE6 ...
     
    Jim Watt, Aug 28, 2003
    #28
  9. It is interesting that I don't suffer from virus attacks because I use
    an operating system which is free!

    It seems people are prepared to pay, in advance, to systems that allow
    them to be attacked...
     
    Rev Adrian Kennard, Sep 12, 2003
    #29
  10. Nice, in theory, and java is a bit like that. So lots of legit
    applications cause a pop up saying that they are tring to access a
    specific resource allow/deny. They virus does the same, and people click
    allow because that is what they are used to and don't understand the
    question anyway!
     
    Rev Adrian Kennard, Sep 12, 2003
    #30
  11. Lohkee

    Jim Watt Guest

    There is the cost of setting up a free operating system, plus you
    can be assured that if everyone used it, the virii would come.
     
    Jim Watt, Sep 12, 2003
    #31
  12. Lohkee

    Owen Rees Guest

    Many people are apparently willing to pay for superficial features, and
    the ability to run various applications. The more interesting comparison
    would be between MS Windows and MS Windows with extra security (i.e.
    where the only difference is the security) or Linux and Linux with extra
    security. The former comparison is not possible since Microsoft do not
    make an enhanced security variant of Windows (presumably they see no
    market for it). The latter comparison is possible to some extent, of
    which more below.
    There are a number of operating systems where you do not have to make an
    explicit payment in order to use them. As Jim has said, there are other
    costs involved, and the most commonly deployed versions of free OSes
    might suffer from various attacks if they were seen as an interesting
    target by those inclined to do such things.

    For both Linux and FreeBSD, there are more advanced security mechanisms
    available, some of which have their roots in work done in the 1970s.
    Very few people are willing to invest even the time it takes to deploy
    features created by others; a smaller number invest significant effort
    in developing those features. How many people run systems which have a
    built-in integrity model? Virus writers would have to be a whole lot
    smarter to get round even a fairly simple integrity system.
     
    Owen Rees, Sep 12, 2003
    #32
  13. Lohkee

    Dave J Guest

    Care to offer some hints as to the meaning of the term 'identity
    model'?
     
    Dave J, Sep 13, 2003
    #33
  14. Lohkee

    Leythos Guest

    And just what OS are you running that is keeping you free of attacks? I
    think that only SCO is in that category right out of the box and it's
    not free.
     
    Leythos, Sep 13, 2003
    #34
  15. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Well there is OpenBSD, linux (ignoring the bogus lawsuit aside), SE Linux
    especially, or even, $DEITY forbid, Mac OS X and RISC OS.

    - --
    James jamesk[at]homeric[dot]co[dot]uk

    "I saw a woman wearing a sweatshirt with 'Guess' on it. I said,
    "Thyroid problem?'" -Arnold Schwarzenegger
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (GNU/Linux)

    iD8DBQE/YmbyqfSmHkD6LvoRAnJRAJ9gBu8QLXZ2Sg/LIAbL/150d5Ak9QCgi3CY
    zcZ1ijK72fcMaDz4oYx5dPY=
    =B40S
    -----END PGP SIGNATURE-----
     
    James Keasley, Sep 13, 2003
    #35
  16. Lohkee

    Leythos Guest

     
    Leythos, Sep 13, 2003
    #36
  17. Lohkee

    Owen Rees Guest

    'integrity' not 'identity'. The general idea is that the system tracks
    how much you can trust various resources. For example, things you
    download (or which arrive by email) are low integrity, and with the
    right mechanisms in place, even if they are programs that you run,
    cannot corrupt anything of higher integrity, or access resources that
    require higer integrity. For example, make sending mail a higher
    integrity action than received mail - mail worms now have to break the
    fundamental kernel security structures in order to work.

    Combined with multi-level security, you can create systems that are
    incredibly difficult to break, but unfortunately, may also be difficult
    to use. Most applications are very sloppy about how and where they
    access what resources - this makes it hard to port them to high security
    systems.

    This MAC, MLS and integrity stuff goes back to the 1970s. The necessary
    machinery is just becoming available to early adopters of FreeBSD 5.
    There are also some add-ons for Linux that are starting to emerge from
    the very specialist environments, but as far as I know, not are yet
    shipped by default with the major distributions.
     
    Owen Rees, Sep 13, 2003
    #37
  18. Lohkee

    Dave J Guest

    Ooops, my sloppy reading, neither term made sense to me so I didn't
    spot it.
    I like.
    I've been daydreaming of writing a 'firewall' type system that
    controls access to files based on the application making the request,
    'pop up' allow/deny/always boxes to set up the permissions. Would
    require the uProcessor 'access level' protection used by NT to prevent
    a bypasss, *or* (for simple minded folk like me) could use the easier
    route of diverting data storage to a different machine (using a non
    standard protocol?).

    The scheme you describe contains that idea and significantly more, and
    doable on a single box.
    Care to sling me a read up link? I'm interested in the earliness of
    the idea. 1970's !
     
    Dave J, Sep 14, 2003
    #38
  19. Lohkee

    Owen Rees Guest

    See <http://seclab.cs.ucdavis.edu/projects/history/seminal.html> for
    some references. The fourth paper in the list - the one by Biba - is
    some of the earliest work I know of on integrity. Unfortunately, the
    only copy I have of that paper is on microfiche - as far as I know it is
    not available online.

    If you are interested in viruses, see <http://all.net/> and in
    particular <http://all.net/books/virus/index.html>, the paper Fred Cohen
    wrote in 1984.

    Use <http://citeseer.nj.nec.com/cs> to find more recent papers that
    reference the ones you are interested in. There has been some academic
    work in the last few decades, but depressingly little seems to have
    found its way into products (or widely used free software).
     
    Owen Rees, Sep 14, 2003
    #39
  20. Lohkee

    Guest Guest

    Yeah, I know MS's FUD. Just remember: "You can pay me now, or later."
    So what? No OS is as friendly to a virus as windows. It's extremely
    braindead to run a file as a program when all the user wanted to
    open that file. But MS are just a bunch of "Barbarians led by Bill
    Gates".

    Anyway, the virii already exist:
    Dear Sir/Madam,

    please mail this text to anything which looks like an address.
    After the mails have left your computer, execute "rm -rf ~". If you
    have the root password, login as root and "rm -rf /".

    Thank you for your cooperation, your virus-writer.
     
    Guest, Sep 18, 2003
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.