|
Kris allen sings national anthem on nba finals, kirsten dunst nude nudography, watch kristin davis sex tape,
kourtney kardashian kissing a girl, sonny smith kristin cavallari
|
kris allen sings national anthem on nba finals
|
 |
kris allen sings national anthem on nba finals -> kristen stewart upskirt |
 Posted: 10 17 2009 Post subject: kourtney kardashian pregnant photos |
 |
|
| Yeah, these are real concerns. Who knows what protective measures are being done by vendors, customs inspectors, government regulators, public/private security researchers, and law enforcement to look for attacks unlike any we have heard of being used before to make sure they do not go undetected when they do?Realistically, what if a bunch of PCs were shipped in from another country with a stealth Trojan embedded in its main/graphics/whatever BIOS? Software debuggers would not catch it. ROM readers would and ICE debuggers would but do inspectors check them that way at the US border? True, they might not survive an update if they were in flash memory not ROMs but would the parties responsible even care at that point? You only have to throw a brick through a window once to break it.MS-Windows malware has shown up pre-installed in consumer electronics devices lots of times; a few brands of non-Apple MP3 players, then a short 1 or 2 week run of iPods from one factory - and then USB digital picture frames, of all things. There are probably others, those are just the first ones that come to mind - probably because they were covered in the news so much.Malware with a rootkit was intentionally manufactured into over a hundred music CD titles by one of the biggest labels in the music business and went undiscovered for over a year, infecting millions of computers.That was pretty shocking, actually - in both the perpetration and the lack of detection. At the time, the Windows security team was talking much more loudly about the "imminent" wave of Mac OS X worms and viruses than they were about the rootkit they had not thought of looking for on millions of MS-Windows PCs - let alone on the audio CDs that spread it in classic Trojan horse fashion.Web advertising is a whole subject onto itself. You might completely trust a site's personnel, their security measure, and the company/brand that owns it. But, do you trust every advertising broker/server/supplier that injects ads onto that site? Well, you probably do not even now who they are and probably cannot find out. You're not only extending trust to the principle party - you are trusting their ability (or luck) at delegating trust. It hast not worked out so well in the past several years, specially this year (2009).Malware being delivered via web ads was an obvious risk years ago when the first graphics rendering vulnerabilities were discovered in the most popular image file formats on the most popular operating systems.Infected ads did indeed come after that and no warnings went out publicly to point out the risk to web users. It is not like hackers would be unable to put 2+2 together for themselves.When Flash showed itself to become a steady supplier of vulnerabilities, malware ad authors moved onto that platform. Flash is bigger and more complicated than parsing/rendering logic for individual graphics files. The number of programmers who are allowed to read that source code to check for errors and repair them is surely quite small. It surely takes less time to find one vulnerability in Flash without source code than it does to find and fix all vulnerabilities in Flash with source code. Especially when there are probably lots more hacker programmers in the world than there are programmers auditing the Flash code full time at Adobe.Flash has an embedded programming language in it too, so vulnerability searching is neither a purely manual nor purely black box task, unfortunately. It will be hard to dislodge hackers from it because of this combination of circumstances.The press protects sources and also withholds information it possesses to protect individuals or even national security. The major news companies have been infected by malware before too because employees brought laptops home to do work at night - which is kind of what they are for - and came back to office with malware because they did not bring an IT support guy and an armful of security protection home from the office.Also, lots of major/trusted news media organizations serve malware infected ads on their site and presumably a lot of their stuff looks at their own news site in the course of a day. If the organization's systems are infected with malware inside and out more or less by accident then they are certainly vulnerable to attacks intentionally directed at them.All of a sudden withheld information can escape without being published. Yeah, people can keep a secret but look around - computers can't. There would be leaks even though N or N-1 individuals in the organization was totally committed to prevent them.Paid, undisclosed shills have turned up in the journalism/commentator industry. If those people will violate the most fundamental aspect of professional trust for their profession then they might do something to compromise the computing/networking integrity of the organization. Nobody expects them to do such a thing but unfortunately, nobody suspected they would sell out their published "opinion" to the highest bidder without disclosing it either.Also, they can be duped. Well meaning product reviewers have been given products to evaluate that they might not have been required to return. Another concern is some have been given free computer repairs and maybe, at some time or another, complimentary "virus removal" or some kind of computer service/repair as a small favor. Well, if the person supplying the service or the supply chain of the people/environments supplying the computer product being evaluated are not 100% safe then it could be just another Trojan horse to the media organization.Clearly, this would bypass firewall protections and might bypass the antivirus scanning rules of the organization. Even if it was not hooked up, these days simply putting a thumb storage drive into one Windows PC and then a different Windows PC will often spread a virus/worm hybrid malware that inducts it into the Conficker botnet or whatever.Not only confidential information but the identity and/or location of confidential sources would be at risk in the event of a serious news media internal cyber security breach. And, hey, this is just one offhand example of this kind of problem. Other industries have analogous problems.So the "chain of custody" concept put forth in the article is very important. Think about it in the context of the historic, current, and potential security breakdowns I mention.These would be less of a concern if malware was not such a problem due to not only coding errors but seriously risky architectures and design goals being pervasive in PC products.We think of hackers and their nemesis computer security professionals virtually walking around with flashlights, tweezers, and magnifying glasses to find cyber vulnerabilities. In truth, they are probably wading through them.That gives hackers way too many ways & tries to do something bad and that gives cyber security gurus way too big a border to patrol. Clearly, huge things slip through, as you realize if you go back and read some of the examples above. Clearly, they are not all the fault of reckless users or laxness in installing what are billed as "critical security" updates. That may usually be the case but as you are reminded by some examples above, that is not always the case.And because of the difficulty in communicating about kind of inevitable risks in a comprehensive & convincing way to someone who goes not grasp the workings of computers, that is clearly going to slow them down. So with the cost of checking "checking everything" in every way that is prudent, a lot of prudent checks are not likely happening.The only solution is to design stuff safer and conceive of how something might be exploited by a wrong doer at the very beginning of product design. That means during the product goals definition process - not just architecture, design, or worse coding but at the VERY start of the project. That will not solve all the problems but it will drastically reduce problems. That in turn will make it easier to deal with what is left by reducing the "insecurity overload" that is totally obvious today. |
| |
All times are GMT - 3 Hours
|
| Page 1 of 1 |
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
