Astronomy cast

Davoud wrote:
Dave Typinski:

FBI stats I'd believe....

Then you'll believe this, straight from the horse's mouth--one Dave
Thomas, former chief of computer intrusion investigations at FBI
headquarters. He said that that "many of the computer security folks
back at FBI HQ use Macs running OS X, since those machines can do just
about anything: run software for Mac, Unix, or Windows, using either a
GUI or the command line. And they're secure out of the box. In the
field, however, they don't have as much money to spend, so they have to
stretch their dollars by buying [computers that can run only that other
OS]."

There are generic Intel PCs that will run OS/X. I have a friend who is
an expert at installing OS/X on non-Mac hardware. Medions have a fairly
good reputation as generic Mac OS capable cheap PCs. Snow Leopard runs
fine. You need the right matching chipsets and the odd tweak but it is
possible. I have seen it done many times. Not for beginners though.

But I expect the FBI's IT dept ought to be able to hack it.

Regards,
Martin

Martin Brown:
There are generic Intel PCs that will run OS/X. I have a friend who is
an expert at installing OS/X on non-Mac hardware. Medions have a fairly
good reputation as generic Mac OS capable cheap PCs. Snow Leopard runs
fine. You need the right matching chipsets and the odd tweak but it is
possible. I have seen it done many times. Not for beginners though.

But I expect the FBI's IT dept ought to be able to hack it.

Apple's position is that it is illegal to install OS X on any computer
not made by Apple; the EULA spells that out and anyone who can't abide
by the EULA shouldn't buy the OS, or so says Apple. The courts will
decide if the EULA itself is legal and enforceable.

If the court rules against Apple, that could be the end of Apple as a
computer manufacturer; it makes its money from selling hardware, not
software, and if large numbers of Macheads were to defect to
second-rate cookie-cutter hardware to run the Mac OS, Apple could not
survive.

In any case installing the OS and being able to run useful software are
not one and the same thing. And I don't see the FBI violating the EULA.

Davoud

--
I agree with everything that you have said and everything that
you will say in your entire life.

usenet *at* davidillig dawt cawm

Davoud wrote:
"PCs infected by identity theft malware up 600 percent

"Friday, August 21, 2009

"The number of computers infected by malware designed to steal personal
or banking information for identity theft and fraud has shot up 600
percent in the past year, according to a report from web security firm
Panda Security...."

Dave Typinski
FBI stats I'd believe. Software vendors' stats, not so much; they've
a conflict of interest.

OK, then would you believe... Microsoft?

"Windows 7 allows remote blue-screen attacks [u]
updated 11:50 am EDT, Tue September 8, 2009
Windows 7 returns remote BSOD

"(Updated with Microsoft advisory) Windows 7 when it ships next month
will be vulnerable to an attack that hasn't been possible since 1999, a
new vulnerability found by a security researcher shows. Sending a
deliberately malformed network negotiation request can force a Windows
7 system into a page fault that triggers a "blue screen of death"
error, even without the user's help in launching the code. The attack
affects both 32-bit and 64-bit versions of the OS.

"The flaw stems from the rewritten network stack inherited from Vista,
which itself has also been discovered as vulnerable to the attack.
Although Microsoft had patched the exploits out of Windows 2000 and XP,
the complete overhaul is now thought to reintroduce a problem that
hasn't existed since earlier Windows releases.

"Microsoft has been told of the exploit but hasn't yet released a
patch; users of the newer operating systems are being asked to switch
off the Server Message Block (SMB) feature or block its access entirely
until a fix is available.

"The attack comes at a particularly inopportune time for Microsoft, as
it has been trying to market Windows 7 as its most secure release and
is in the rare circumstance of having to compete against another major
operating system release, Mac OS X Snow Leopard. Apple's software isn't
necessarily more secure but typically hasn't been vulnerable to remote
attacks that disable the system and has gotten more secure with the
latest release, whose 64-bit memory space prevents certain kinds of
memory attacks from working properly.

"Update: Microsoft has issued an advisory that claims the finished
versions of Windows 7 and Windows Server 2008 R2 aren't affected, but
Windows Vista remains compromised." --electronista.com, 7 & 8
September, 2009

Sounds to me like business as usual at Microsoft. Now we have MS saying
that Windows is vulnerable (and Vista, the Yugo of OS's, will
apparently remain vulnerable) and Mr. Peterson saying it is not. I just
don't know who to believe.

In Windows 7 competing against Snow Leopard, that assertion is
specious. Windows 7 has no chance of competing with Snow Leopard on the
basis of security, elegance, power, and quality of user experience. I
define "power" by what the average user will do using the OS, not by
Chris's development experience. Windows 7 will outsell Snow Leopard
many times over because so many people know the price of everything and
the value of nothing. In terms of quality, MS is the Walmart of OS
sellers. As for Snow Leopard being "not necessarily" more secure, it's
worth noting once more that Mac OS X, which was released nearly 10
years ago, has never been compromised, hacked, or penetrated outside
the laboratory. Not once. Much less compromised before it even hit the
market! How is that not more secure!?

Davoud

--
I agree with everything that you have said and everything that
you will say in your entire life.

usenet *at* davidillig dawt cawm

Davoud wrote:

Davoud wrote:
"PCs infected by identity theft malware up 600 percent

"Friday, August 21, 2009

"The number of computers infected by malware designed to steal personal
or banking information for identity theft and fraud has shot up 600
percent in the past year, according to a report from web security firm
Panda Security...."

Dave Typinski
FBI stats I'd believe. Software vendors' stats, not so much; they've
a conflict of interest.

OK, then would you believe... Microsoft?

"Windows 7 allows remote blue-screen attacks [u]
updated 11:50 am EDT, Tue September 8, 2009
Windows 7 returns remote BSOD

Heh--that's priceless. But not wholly unexpected.

The only thing I had issue with in your post was Panda's claim that
identity theft and internet fraud has gone up by 600% over the last
year. I'm certain that's marketing hype, not reality.

Out of the box, consumer-grade Windows PC's aren't very
secure--although for an XP system, it doesn't take long to make them
secure. One just has to know how, and many consumers do not. Vista,
I don't know; never bothered to consider running that on any daily-use
machine.

My experience is that Windows Server 2003 and Server 2008 are pretty
tight right out of the box, but require a knowledgeable sysadmin to
set them up properly.

I know nothing about Apple's products other than they've priced
themselves out of desirability for me. Well, that and the socially
distasteful air of smug surrounding the subset of Apple fanboys who
walk around with their noses in the up and locked position. Perhaps
they have every right to do so, but still, poor form. (No, I'm not
accusing you of doing this.)

Then there's Linux, in my opinion the ultimate in OS security and
reliability, if not in user-friednliness (although that's gotten
/much/ better in the last five years). No restrictive EULA (you never
really buy software, you lease the right to use it under narrowly
defined conditions)--aside from the GPL, which isn't that
restrictive--and it'll run on just about any hardware more complex
than a Cuisinart. Most recently, someone got Linux running on an
Amazon Kindle of all things.

As such, my view of the OS market sector has come to reflect those of
Neal Stephenson, who describes that perspective much more poetically
than I do.

To wit, a slightly dated but still applicable excerpt from "In the
Beginning was the Command Line".
http://www.cryptonomicon.com/beginning.html
*****
The analogy between cars and operating systems is not half bad, and so
let me run with it for a moment, as a way of giving an executive
summary of our situation today.

Imagine a crossroads where four competing auto dealerships are
situated. One of them (Microsoft) is much, much bigger than the
others. It started out years ago selling three-speed bicycles
(MS-DOS); these were not perfect, but they worked, and when they broke
you could easily fix them.

There was a competing bicycle dealership next door (Apple) that one
day began selling motorized vehicles--expensive but attractively
styled cars with their innards hermetically sealed, so that how they
worked was something of a mystery.

The big dealership responded by rushing a moped upgrade kit (the
original Windows) onto the market. This was a Rube Goldberg
contraption that, when bolted onto a three-speed bicycle, enabled it
to keep up, just barely, with Apple-cars. The users had to wear
goggles and were always picking bugs out of their teeth while Apple
owners sped along in hermetically sealed comfort, sneering out the
windows. But the Micro-mopeds were cheap, and easy to fix compared
with the Apple-cars, and their market share waxed.

Eventually the big dealership came out with a full-fledged car: a
colossal station wagon (Windows 95). It had all the aesthetic appeal
of a Soviet worker housing block, it leaked oil and blew gaskets, and
it was an enormous success. A little later, they also came out with a
hulking off-road vehicle intended for industrial users (Windows NT)
which was no more beautiful than the station wagon, and only a little
more reliable.

Since then there has been a lot of noise and shouting, but little has
changed. The smaller dealership continues to sell sleek Euro-styled
sedans and to spend a lot of money on advertising campaigns. They have
had GOING OUT OF BUSINESS! signs taped up in their windows for so long
that they have gotten all yellow and curly. The big one keeps making
bigger and bigger station wagons and ORVs.

On the other side of the road are two competitors that have come along
more recently.

One of them (Be, Inc.) is selling fully operational Batmobiles (the
BeOS). They are more beautiful and stylish even than the Euro-sedans,
better designed, more technologically advanced, and at least as
reliable as anything else on the market--and yet cheaper than the
others.

With one exception, that is: Linux, which is right next door, and
which is not a business at all. It's a bunch of RVs, yurts, tepees,
and geodesic domes set up in a field and organized by consensus. The
people who live there are making tanks. These are not old-fashioned,
cast-iron Soviet tanks; these are more like the M1 tanks of the U.S.
Army, made of space-age materials and jammed with sophisticated
technology from one end to the other. But they are better than Army
tanks. They've been modified in such a way that they never, ever break
down, are light and maneuverable enough to use on ordinary streets,
and use no more fuel than a subcompact car. These tanks are being
cranked out, on the spot, at a terrific pace, and a vast number of
them are lined up along the edge of the road with keys in the
ignition. Anyone who wants can simply climb into one and drive it away
for free.

Customers come to this crossroads in throngs, day and night. Ninety
percent of them go straight to the biggest dealership and buy station
wagons or off-road vehicles. They do not even look at the other
dealerships.

Of the remaining ten percent, most go and buy a sleek Euro-sedan,
pausing only to turn up their noses at the philistines going to buy
the station wagons and ORVs. If they even notice the people on the
opposite side of the road, selling the cheaper, technically superior
vehicles, these customers deride them cranks and half-wits.

The Batmobile outlet sells a few vehicles to the occasional car nut
who wants a second vehicle to go with his station wagon, but seems to
accept, at least for now, that it's a fringe player.

The group giving away the free tanks only stays alive because it is
staffed by volunteers, who are lined up at the edge of the street with
bullhorns, trying to draw customers' attention to this incredible
situation. A typical conversation goes something like this:

Hacker with bullhorn: "Save your money! Accept one of our free tanks!
It is invulnerable, and can drive across rocks and swamps at ninety
miles an hour while getting a hundred miles to the gallon!"

Prospective station wagon buyer: "I know what you say is
true...but...er...I don't know how to maintain a tank!"

Bullhorn: "You don't know how to maintain a station wagon either!"

Buyer: "But this dealership has mechanics on staff. If something goes
wrong with my station wagon, I can take a day off work, bring it here,
and pay them to work on it while I sit in the waiting room for hours,
listening to elevator music."

Bullhorn: "But if you accept one of our free tanks we will send
volunteers to your house to fix it for free while you sleep!"

Buyer: "Stay away from my house, you freak!"

Bullhorn: "But..."

Buyer: "Can't you see that everyone is buying station wagons?"

*****

--
Dave

On Sep 8, 9:53*pm, Dave Typinski wrote:
Davoud wrote:

Dave Typinski:

FBI stats I'd believe....

Then you'll believe this, straight from the horse's mouth--one Dave
Thomas, former chief of computer intrusion investigations at FBI
headquarters. He said that that "many of the computer security folks
back at FBI HQ use Macs running OS X, since those machines can do just
about anything: run software for Mac, Unix, or Windows, using either a
GUI or the command line. And they're secure out of the box. In the
field, however, they don't have as much money to spend, so they have to
stretch their dollars by buying [computers that can run only that other
OS]."

The person interviewing Mr. Thomas in the field noted that Mr. Thomas
was carrying a ThinkPad running that other OS, but that he didn't
connect it to the Internet because it was "too dangerous" and possibly
against regulations. Mr. Thomas explained that the FBI was using that
other OS in the field due to budgetary constraints. Another outfit with
no math skills.

You are probably aware that there are some areas in certain facilities
where machines running that other OS are forbidden to enter--entire
buildings, in some cases.

Nope, didn't know that.

I'm surprised that GovCo agencies concerned with security of any sort
don't simply compile their own Linux distro's and use the cheaper
hardware. *It's not like they lack the raw intellectual resources...
--
Dave


As I pointed out earlier, only very specific windows products are C3
level certified, hence they only can be used in secure facilities when
it is physically impossible for the system to be connected to the
Internet. All other versions of windows can not meet any Orange book
level of security. As far as other OS's as concerned the secure
systems typically run OpenBSD, OpenSolaris, or Linux. It is a matter
of creating special versions of the OS or needing some special level
of intelligence, it is just that windows is so poorly designed,
implemented and written that is nearly impossible to secure the
systems from a compromise. As I noted earlier a single malformed
packet on the network will result in a windows system crash (BSOD) if
port 445 (windows filesharing) is open, yet Mac-OSX, Solaris, AIX,
HPUX etc, which all support windows filesharing on port 445 will
simply ignore the malformed packet.

On Sep 8, 11:12*am, Chris L Peterson wrote:
On Tue, 8 Sep 2009 08:32:25 -0700 (PDT), yourmommycalled





wrote:
Let's see if I can get through to you. To start I do not count
instances where the hacker has had physical access to the machine as
given free access to the machine only hardware restrictions, like
filling everything but moving parts with epoxy, can prevent a hack. In
the last 12 years there have been only two times when an OpenBSD based
system has been compromised when connected to the internet. I really
don't whether you want to compare a brand-spanking new XP-sp2 system
to to a 12 year old release 1.0 or a current release 4.5. The only
importance attached to 12 years is that is how long OpenBSD has been
in the wild. How many known compromises of an OpenBSD system? Answer
two occurrences. Can you say the same about windows xp? Before you
answer you might consider a CERT advisory that says that an un-patched
vulnerability in Microsoft's implementation of SMB2 (Server Message
Block),that needs no authentication, only file sharing enabled with
one packet to create a BSOD [Blue Screen of Death] The recommendation
is to block port 445 on ALL MACHINES. Seems a recent patch open that
vulnerability

Well, use what you want, for whatever reasons you want. I didn't say
that Windows was more secure than OpenBSD. What I said is that it is
secure- a simple statement of fact. And I said that as the *nix
operating systems start catching up to Windows in terms of their
features and capabilities, the added complexity makes them more
vulnerable, while vast improvements in the Windows security structure
continue to make it less vulnerable. I expect that all operating systems
will converge on the same general level of high, but not perfect
security- and not very far in the future.

In the meantime, I don't think security is a valid reason anymore to
choose or not choose any particular OS.
_________________________________________________

Chris L Peterson
Cloudbait Observatoryhttp://www.cloudbait.com

I'd like some of the drugs that you are taking! Exactly what software/
features are you talking about? You cann't be talking about CCD
imaging or photometry (IRAF as an example) software as the
professional grade software was created on and always been available
Unix systems and only recently have been stripped down enough to be
put on windows, but only when a unix environment is overlayed on top
of windows. GIMP is superior to the current versions of photoshop,
OpenOffice provides exactly the same functionality with a much smaller
memory footprint. Stellarium provides a more realistic sky view than
any windows platform software and is used in commercial products
(StarLab). Xephem is easier to use than any of the windows software,
the only "improvement" is the eyecandy. The software that comes with
Mac-OS for digital cameras, and music players is orders of magnitude
better than anything that comes with or you can buy for windows and I
don't know of digital camera or printer that doesn't work with Solaris/
AIX/HPUX/Linux out of the box. So exactly what is it that windows
gives me over anything else? Oh I know a host of security problems.

Your statement "I don't think security is a valid reason anymore to
choose or not choose any particular OS." indicates that you aren't
aware of security hazards and probably shouldn't be managing systems.

Chris.B:
If botnets are the drivers of spam and the result of using
undefended computers then why not make firewalls, spam filters and
antivirus programmes compulsory before a computer is allowed on the
internet?

Davoud:
Or, get a Mac.

Sam Wormley:
Recent Analysis of Risk
http://isc.sans.org/diary.html?storyid=7129
http://www.sans.org/top-cyber-security-risks

Yes, they can analyze risks all day long, and find all kinds of
hypothetical flaws in the Mac OS that might or might not be exploitable
in the laboratory, but the numbers in the _real_ _world_ tell the
story. The FBI estimates that there are millions of compromised PC's
serving in botnets and virtually _every_ _one_ of them is running that
operating system that is a third-rate imitation of the Mac OS. Not one
is running the Mac OS. _Not_ _one_ .

This is no more a gloat than saying "the Sun rises and sets daily."
After the inexplicable crashes and the constant nagging and
virus/malware scans that frequently interrupt my work flow and my train
of thought, what I dislike more than anything else about that
third-rate OS is that it drags us all down. It's analogous to taking
your Ferrari out for some spirited driving and finding the road clogged
with Yugos.

I live and work in the real world, and that's why I limit my use of
that third-rate OS to the absolute minimum necessary to do what I need
to do. It comes to less than five percent‹possibly less than two
percent‹of my computer usage, and I have disabled e-mail and most other
Internet services. And, let me add that there are several features in
that other OS that Apple would do well to copy for the Mac. For
example, while network setup is more arcane in brand X, thanks to one
of its many stupid "wizards," once it's working it is my perception
that the data moves more quickly across the network when communicating
with brand X than it does in an all-Mac network a WAG would be as much
as 20 percent faster-‹though Snow Leopard has improved network speed
considerably for me, and I have not run brand X lately to establish a
new benchmark.

Davoud

"At Genentech Inc., a multibillion-dollar biotechnology firm in South
San Francisco, Mark Jeffries oversees nearly 2,500 Macs. The senior
systems specialist says the OS X machines are used "for various
purposes," from scientists doing pure research to executives toying
with spreadsheets.... He remembers a virus that shut down operations at
a couple of his company's competitors in 2003 because of their total
dependency on Windows while Genentech's business continued unaffected.
He says the company's top executives took note of that event, and it
reaffirmed their commitment to the Mac."

--
I agree with everything that you have said and everything that
you will say in your entire life.

usenet *at* davidillig dawt cawm