Enllaços
Contingut actualitzat
Categories
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
Arxiu
|
|
 |
dissabte, 10 / abril / 2004 |
[Via Slashdot] Article de Robert Cringely: The Once and Future King. Now the Only Way Microsoft Can Die is by Suicide
'When I wrote last week about my conclusion that the legal system -- any legal system -- is unequipped to change Microsoft's monopolistic behavior, I had no idea that within 24 hours, Sun Microsystem would be throwing in the towel, trading its so-called principles for $1.95 billion in cash. So I guess I was right. Only now, a few thousand readers out there expect me to blithely produce an answer to the problem of what to do to bring Microsoft into the civilized world. Well, I say it can't be done.
|
19:23 (# Enllaç permanent) ()
|
|
[Via Scripting News] Righting copywrongs
Lawrence Lessig convinced his publisher, Penguin Books, to allow his new book, Free Culture, to come into the world this spring under a Creative Commons licence, a relatively new kind of copyright which, among other things, allows anyone to make and distribute a non-commercial audio performance of his book without even asking his permission
|
19:16 (# Enllaç permanent) ()
|
|
Possiblement el primer cavall de Troia dissenyat especialment per al sistema operatiu Mac OS X. Els primers informes segurament han exagerat el seu abast real que no deixarà de ser testimonial. No obstant, és possible que la seva existència signifiqui un punt d'inflexió i tingui importants efectes futurs.
Continuació... - També a Hispasec.com.
|
19:03 (# Enllaç permanent) ()
|
|
[News.com] Security tool more harmful than helpful? parla sobre el projecte Metasploit i la publicació del Metasploit Framework (que vaig comentar ahir)
"This is a good research tool," Moore said, noting that some 30 percent of Metasploit beta testers are security consultants who seek to plug holes in their clients' networks. Other companies are using the tool proactively to detect flaws in their applications. "There is a large software company that has...rolled the Metasploit stuff into their (quality assurance) testing," he said.
|
11:40 (# Enllaç permanent) ()
|
|
[Syllabus Magazine] A Balancing Act? Openess and Security on Campus és una entrevista al responsable de la xarxa del MIT, parlant sobre la seguretat en un entorn de campus universitari:
P: How do you balance the demand for today’s higher levels of security with the traditional openness of the higher education computing environment?
R: You’re making an assumption that openness and security are on opposite ends of the spectrum and that you have to choose between them. If you look at the security problems we have today, they’re in fact not due to the openness of the network. They’re due to the software that people run.
(...)
P: Do you really think it’s possible to design a personal computer operating system to handle the security issues that now require firewalls and other complex network security measures?
R: Yes. You own a Macintosh. How often does your computer crash?
P: Very rarely.
R: The reason it doesn’t crash all that often is because system software developers took some time and effort to make that the case. If they would take the time and effort to make it be secure, it would be secure.
(...)
P: But realistically, is that happening? Do all the people who are running Linux boxes have better security, or add in better security?
R: I think Linux is much more secure than a lot of the other stuff that’s out there, because so many people look at the source code—not everyone looks at it, but enough people do, so that problems get fixed earlier, rather than later.
(...)
R: Speaking as a network manager at an institution with Nobel laureates, it’s harder for me to set policy and make it stick. The more famous your faculty, the more they’re in charge. And the more the faculty can do whatever they want, the more chaotic your network’s going to be.
S:So how do you manage that—do you have a firewall?
JS: People have often asked me, “Could you firewall MIT?” And, you know, I don’t want to and I think it’s the wrong thing. Even if I wanted to, my faculty would not permit me. Or more to the point, the faculty would say, “Yes, sure,” but as soon as they couldn’t do something on the network, they’d say, “Take out the firewall” or “Put in an exception so I can do what I want to.” Firewalls that are filled with holes because somebody wants to do something quickly become useless.
P: If not a firewall, then what is your strategy?
R: There is one good technique, and it’s the only one that’s effective. No firewall, no port blocking—none of that will work. The solution is that you must install patches.
P:Patches for each and every PC, then...
R: If you own a PC, you must install patches. You must pay attention. And, and if you’re running a more modern version of Windows, things like automatic update can help. I’m going to give Microsoft some credit there. They’ve tried to make the installation of patches as painless as possible. But it’s still something that you have to sign up for.
I might add, by the way, firewalls don’t protect you against these worms. Because once a worm gets on the other side of the firewall, then the firewall’s useless. For example, at one point the State Department’s visa processing system got one of the worms. And you can guess there’s a big firewall between that and the Internet. In fact, I’d be willing to bet that thing is not even connected to the Internet. And yet one of the worms got through to it. Probably by somebody taking a laptop, connecting it to the public Internet, catching the worm, unplugging the laptop, coming to their office, plugging it into the secure network and boom, now the secure network has the worm.
That’s why I say firewalls are not useful.
|
11:27 (# Enllaç permanent) ()
|
|
© Copyright 2003-2004 Xavier Caballe. 
|
|
|
