What we -should- do is focus on things that we can actually benefit from. Instead of mass-murder, why not fix the internet by fixing javascript (ie. dis, fucking, allow, whitelist basis only), fixing flash (bye), fixing CSS (stop reading my history and stop scanning my ports!) and fixing HTML so we don't need to rely on stupid things (flash, silverlight, the thing Google made) to make browsing an enjoyable experience.
I can deliver you a browser that is virtually unexploitable. Firefox running with NoScript,
Okay, only a Professional Software Engineer can design webpages or write code. In BC, that's an actual discipline for Engineers. (I'm Electrical myself; one of my friends has her P.Eng in Software, and my alma mater was one of the first to offer it.)
See how that works?
The real problem is really your attitude, not the fact that "artsy-fartsies" are writing webpages in Dreamweaver. We can talk about the relative merits and security of Windows / OS ? / Lunix all day (which, really, is what/. is all about) but the problem has shifted. We still have some phishing attacks and the ever-present Trojan horse, but the game has shifted significantly here. Getting your PC hacked by viewing a framed image? That's not a 1995 trick anymore. That's showing a very high level of sophistication and talent.
This is a hip-hip-horrah moment, and you should have a chill down your spine.
No system is secure, unless it is powered off, with no OS, no power supply, and locked in a vault after being encased in concrete, and even that's no guarantee. Hell, even Kodak had problems with frames that were still in the motherfucking boxes at Wal-Mart. [slashdot.org] Big deal, you say, so what if some/b/tards put goatse on 10,000 frames? Do you think that's all that happened? We know that images can carry malicious code, and I guarantee that several of those benign-looking default Kodak logos were replaced by infected pictures that 0wz0r3d your box the moment you plugged in via USB or, apparently, looked at the pictures with your browser.
The malware writers are talented, dedicated, and tireless. All they have to find is one mistake anywhere and It Is Compromised. You have to make sure there are no holes. Surely you can see how you can't win that game.
I'm not really sure what you are running off about, but I'm fairly sure that at least a fair chunk of it is unrelated to my post which you are responding to...
I was simply indicating that getting rid of plugins like flash, locking down javascript, and in general getting the seperation of data and executable code right is never going to happen because the people who are currently calling the shots and driving the market either do not understand computer security, or do not make it a priority.
Because of that, I can see a future where active monitoring/detection of system changes is going to become more important. Maybe even services that either log into your machine and look at file size, diff, etc.. or actually make requests of your website, mimicking every possible thing a user could do, and look for unintended outcomes (file automatically downloading, for instance.)
Gosh that takes me back... or is it forward? That's the trouble with
time travel, you never can tell."
-- Doctor Who, "Androids of Tara"
Should Be Shot (Score:3, Insightful)
Malware and Virus authors should be lined up against a wall and shot. They are cancers and need to be irradiated.
Re: (Score:2)
I mean eradicated...although irradiated would probably work well too.
Re: (Score:3, Insightful)
What we -should- do is focus on things that we can actually benefit from. Instead of mass-murder, why not fix the internet by fixing javascript (ie. dis, fucking, allow, whitelist basis only), fixing flash (bye), fixing CSS (stop reading my history and stop scanning my ports!) and fixing HTML so we don't need to rely on stupid things (flash, silverlight, the thing Google made) to make browsing an enjoyable experience.
I can deliver you a browser that is virtually unexploitable. Firefox running with NoScript,
Re: (Score:3)
The reason this will never happen (and it should) is because we have art students, not engineers, designing our websites, and thus calling the shots.
Some parts of computing should just not be done by non-technical users, designing secure systems is one of them.
Re:Should Be Shot (Score:3, Interesting)
Okay, only a Professional Software Engineer can design webpages or write code. In BC, that's an actual discipline for Engineers. (I'm Electrical myself; one of my friends has her P.Eng in Software, and my alma mater was one of the first to offer it.)
See how that works?
The real problem is really your attitude, not the fact that "artsy-fartsies" are writing webpages in Dreamweaver. We can talk about the relative merits and security of Windows / OS ? / Lunix all day (which, really, is what /. is all about) but the problem has shifted. We still have some phishing attacks and the ever-present Trojan horse, but the game has shifted significantly here. Getting your PC hacked by viewing a framed image? That's not a 1995 trick anymore. That's showing a very high level of sophistication and talent.
This is a hip-hip-horrah moment, and you should have a chill down your spine.
No system is secure, unless it is powered off, with no OS, no power supply, and locked in a vault after being encased in concrete, and even that's no guarantee. Hell, even Kodak had problems with frames that were still in the motherfucking boxes at Wal-Mart. [slashdot.org] Big deal, you say, so what if some /b/tards put goatse on 10,000 frames? Do you think that's all that happened? We know that images can carry malicious code, and I guarantee that several of those benign-looking default Kodak logos were replaced by infected pictures that 0wz0r3d your box the moment you plugged in via USB or, apparently, looked at the pictures with your browser.
The malware writers are talented, dedicated, and tireless. All they have to find is one mistake anywhere and It Is Compromised. You have to make sure there are no holes. Surely you can see how you can't win that game.
It's not B.A.s. We're outgunned and outnumbered.
Re: (Score:2)
I'm not really sure what you are running off about, but I'm fairly sure that at least a fair chunk of it is unrelated to my post which you are responding to...
I was simply indicating that getting rid of plugins like flash, locking down javascript, and in general getting the seperation of data and executable code right is never going to happen because the people who are currently calling the shots and driving the market either do not understand computer security, or do not make it a priority.
In my opinion, t
Re: (Score:2)
"We're outgunned and outnumbered."
Because of that, I can see a future where active monitoring/detection of system changes is going to become more important. Maybe even services that either log into your machine and look at file size, diff, etc.. or actually make requests of your website, mimicking every possible thing a user could do, and look for unintended outcomes (file automatically downloading, for instance.)