Users who Dugg This
Russ Smith
18393 Followers
AngelWardriver
11954 Followers
Mr. Baby Man
26689 Followers
BeShirtHappy
13460 Followers
michdeSep 29, 2010
Wasn't me.....
jwhaatSep 30, 2010
Jack Bauer could have this solved in 24 hours.
bobosmitorSep 30, 2010
Probably the UFO's. Aren't they buzzing nuclear sites?
Isn't the U.N. creating a greeter job to meet them?
LOL
MarcKSep 30, 2010
James Bond anyone?
preppywhiteguySep 30, 2010
Skynet?
johnnysoftwareSep 30, 2010
The article says that 2 digital certificates and 4 security flaws that were not disclosed or ever patched for the makers of the products involved.
So what? There are entire online markets selling unpatched/undisclosed flaws according to articles that have been out for years. Other articles have been coming out for something like a year saying that one of the functions of current malware for Windows was to steal private keys for X.509 digital certificates.
One has to assume, when there are markets - people are buying the products in them. One has to assume that when there is code written to filch code-signing and/or SSL encryption/privacy identity certificates, people are intending to use them in crimes too.
Here is a case where, according to the article, someone used 4 of the former and 2 of the latter. Hardly shocking and something people can expect to feed on itself.
Windows' insecurity is feeding itself. It's on a slippery slope, in the midst of a chain reaction. It's not even a question of "good enough" or "who is to blame". It is more like, "too late" and "it is over".
The Aurora industrial espionage attacks last year pointed out that the less Microsoft software you use, the better. The victims were attacked through MSN Chat (Microsoft IM program based on and thus including IE security bugs), IE (duh), and MS Windows XP.
Microsoft tried to claim the attacks would not have worked against IE later than version 6 and Windows later than XP, but security researchers quickly pointed out and demonstrated that was incorrect and that only a little more code needed to be added to do that. They "corrected" Microsoft with announcements including code in only a day to a week after Microsoft's incorrect pronouncements.
Using Firefox + Ad Block Plus + NoScript seems like a lot safer option than running IE and apps that embed the IE renderer.
Also, dialing down "trust" of "signed" code in IE and elsewhere seems like a good idea. Also, automatically trusting signed device drivers sounds like a poor idea.
When password-generating hardware and digital certificate private keys are used on Windows PCs that are getting widely infected/raped on corporate/institutional LANs .... they aren't worth much.
Might as well hang your key on your doorknob.
wf80diditSep 30, 2010
This is turning out to be a great story. Everything I've been conspiracy theory'ing about over the years is finally being admitted.
pcmichianaSep 30, 2010
We don't understand it, must be alien? Someone just sat down and spent their time on this one, doesn't seem like a conspiracy more than a bunch of programmers with too much time on their hands.
dfarqOct 1, 2010
This particular writeup is almost as painful to read as the typical JFK assassination/UFO conspiracy theory. Or UFO/anything else conspiracy theory. I wonder when someone will tie it all in with the Civil War, er, "The War of Northern Aggression" (for some reason conspiracy theorists all seem to call if that), WWI, The Great Depression, The New Deal, and the Kennedy assassination.
As many political enemies as Iran has, the nation-state theory makes more sense. And writing viruses is a lot easier to get away with than flying airplanes overhead and dropping bombs.