The secret he has forgotten for 25 years way back when he was a developer for BSD which is the forerunner of today’s open sourced programming languages. The length of time the said bug has remained in the system so to speak is so critical that he has warned people of the problem as it came to him. He investigates further and finds that all the derivatives of BSD still carried the same bug that he forgot to correct way back in the early days of the open source drive. Why is this so significant, the error though a quarter of a century old still exists in Operating systems like the Mac OSX which is a BSD derivative. From FreeBSD, NetBSD and Dragonfly BSD, they all carry the same old bug that Marc Balmer had to affect all of the changes immediately so no further problems arise.
Open sourced advocates claim that they are faster when it comes to fixing bugs which they do so when a member of the community reports one, the concession is reached and a subsequent patch is issued with mail sent to all those concerned. This incident highlights the need for better analysis of the tools used for our internet use. Imagine a vulnerability that has existed for 25 years and the solution was provided for by the original developer? If he had passed away then who would have realized such weaknesses? This may be the explanation for some of the biggest security threats we have been encountering all this time with malware. So the lesson would be not to totally rely on technology for it is still the man who makes the machine (computer) and tells it what and when to do it.
Microsoft’s To and Fro
The news that Microsoft was going to drop everything that has to do with Windows XP came as a shocker to all for not everybody was ready to jump onto the Vista Bandwagon which has nothing to show in the area of reliability and stability that XP has shown. As with their move when they pulled out the plug on Windows 98, many went up and many took up arms to show their disgust. Many saw it as a move to force people to upgrade to a newer operating system even when the old one was still working just fine. Windows XP has reached a level of stability which has exceeded that of Windows 98′ but the company initially saying they were pulling the plug irked quite a lot of people that they decided to have support for it till 2009. They also said that the selling of OEM and packaged XP’s were to be stopped and that they were only to be available to Ultra-portable sellers.
The Up’s and Down’s of their decisions may show that the company is feeling the pressure form the open-sourced community and that it is trying to keep hold of their piece of the pie in the IT market may be in danger of being lessened. Their failed bid to acquire Yahoo as a move to go against Google shows the failure of their company to realize the significance of advertising. They were hoping to acquire Yahoo to use as their internet marketing branch and to get a bite of the search engine market at the same time. They have extended support for XP till 2009, but the problems with XP SP-3 have been so much they had to hold release a week or so back. The update is now available for automatic or manual download from Microsoft’s TechNet and through AutoUpdate.
McAfee Detects Malware aimed at Tibetan Supporters
The movement to free Tibet from Chinese rule has had several web sites and organizations springing up to fight for Tibetan independence from the Chinese’s Communist Rule. The movement was threatened by the government to be met with force and it indeed was resulting in the much publicized crackdown on the remote Chinese territory. Their discovery of the Trojan, nicknamed FriBet by McAfee is quite unique in the sense that it is the only form of malware that has been specifically designed to attack a specific type of computer, one that supports the Pro-Tibetan movement. The said malware has been identified to have infected two web sites that have expressed support for the movement and the Trojan then seeks all databases that are linked to the said site. Visiting the said infected sites will trigger a seek operation that downloads the payload onto the machine which in turn spreads it to other sites that it visits.
This raises suspicion though the experts are not raising the idea that it may have been developed to wreak havoc on sites the Chinese government have identified as supporters. The Chinese link has yet to be officially declared but anyone knows these types of attacks are a common practice of hackers. The surprising fact is that it is similar to a patriot which locks in on a target which has been designated by mission control effectively getting its target in any weather. The aiming is quite precise which leads conspiracy theories to the conclusion that it may be an attack on these sites from the inside. Much is to be learned from the Trojan as it is tracked and detected throughout the globe. Major developers of anti-viruses have been able to remove and block it but unprotected machines may prove to be too easy a target for the Trojan.
Paypal Boosts security
In efforts to boost security, Paypal, one of the premier internet online payment providers is moving to block users who use older browsers to prevent weaknesses that these browsers possess. They have found that many users online still use old Microsoft IE 3.0 and 4.0 which have ended their support life a long time ago hence they do not have the needed updated security updates that are necessary to conduct safe and secure online transactions with regards to payments and other related business. Paypal has had a lot of bad publicity with regards to phishing and infiltration where people intercept and go on fake bidding sprees just to get at the vital financial information that people usually share over the network. In hopes of boosting security, they will be using script detection to begin blocking users and that they do apologize for all the inconvenience this may cause the millions of users who may be affected by their move. This comes as the amount of identity theft and other crimes have increasingly entered their ranks ending in much stolen information that leads to credit card fraud. Being the biggest, they are the most viable target for such hackers and they are trying to boost security on that front of the deal.
This would hopefully prevent more cases from developing and that any new ones will be ‘nipped in the bud’ so to speak.
Paypal and eBay have offered select users with a distinct security keys using VeriSign passwords that is to be transmitted during payment transactions which aims to prevent interception of the transaction information as it travels through the internet. Unlike specific credit card transactions that travel through dedicated lines which are now slowly being protected by PCI-DSS for improved security, regular PC do not have that much security hardware installed to protect them from interception by hackers who could tap into the network getting all credit card information for illegal purchases.
Social Networks – Keep the bad guys out!
In the UK, identified sex offenders are facing bans from social networking sites which is to boost the reliability and security of having these social networksUK where surveillance has become a part of everyday life, with CCTV systems and all types of other video surveillance abound that may be possible with current facial recognition techniques that can scan a person’s face from any angle allowing identification without that person in question even knowing about it.
The intent is quite good but just how will these social web sites go about identifying sexual offenders is a very tough task indeed. With millions of registered users that span the globe along with the hundreds of social networking sites that may be next to impossible. Don’t expect these people to enter their true identity for that is the first thing they would make them most identifiable. To invent some form of technology that would brand them as such would be better and can indeed make the internet a safer place for all of us including your kids who are often the victims of such criminals.
Sans Institute – Gotcha!
The Sans Institute has identified and determined the source of infections to some 20,000 web sites since January through research and extensive review of web sites and how they work. They have identified the point of entry for these attacks which capitalizes on a sneaky tool that uses Google’s search engine as it searches for specific types of vulnerable applications. They have also found that the process is automated, meaning they were not “live” attacks which has a user on the other end initiating it. The search tool works by finding vulnerable software and then executes a simple SQL statement that injects a script tag onto the discovered site. The exploit was designed to target Microsoft Window’s ISS which once infected, has the ability to infect all who visit the site. The sad side is that again, the malware is found and has been traced to report back to China which enforces more need for security on their side of the globe.
Their people were so thrilled at the discovery which they called a “GEM” due to the scarcity of such discoveries in the wild (internet). Discovery of such Trojans and other malware allows prompt response and sending out of updated signatures to anti-virus software and other intrusion prevention tools that prevents the spread to continue. They may have been lucky this time for the majority of malware out in the wild are not only very complex in terms of coding but have the ability to morph into totally different forms as they travel from computer to computer through the internet. The best way to avoid such problems would be to stay off the internet, which is next to impossible due to the current prevalence of the said technology in our everyday lives.