Skip to main content

View Diary: An even bigger potential intelligence leak: Microsoft (73 comments)

Comment Preferences

  •  Are you really that effing ignorant... (3+ / 0-)
    Recommended by:
    Wisper, Johnny Nucleo, Zero Serenity

    ...about software engineering?

    •  Your post does much to position you superior ... (12+ / 0-)

      ... but little to inform, teach, rectify, or help.

      How 'bout a lot less 'tude and a few crumbs to share from your thousand-layer data-cake?

      Vote rape. Vote torture. Vote War Crimes. Vote with the American top 1%.

      by Yellow Canary on Fri Jun 14, 2013 at 02:31:40 PM PDT

      [ Parent ]

    •  we all know that MS (11+ / 0-)

      writes software so fine that it never needs security updates. /s

      (Is it time for the pitchforks and torches yet?)

      by PJEvans on Fri Jun 14, 2013 at 02:36:11 PM PDT

      [ Parent ]

      •  And you were able to type that comment (4+ / 0-)

        without any hysterical laughter louder than a quiet snort.

        Time is a long river.

        by phonegery on Fri Jun 14, 2013 at 04:28:12 PM PDT

        [ Parent ]

      •  Unlike say Linux or Apple or Firefox or Google ... (1+ / 0-)
        Recommended by:
        demimondian

        http://cvedetails.com/...

        Top 50 Products By Total Number Of "Distinct" Vulnerabilities

        1     Linux Kernel - OS - 1062   
        2     Firefox - Application - 937   
        3     Mac Os X - OS - 817   
        4     Chrome - Application  - 810   
        5     Windows Xp - OS - 683   
        6     IE - Application - 631   
        7     Mac Os X Server     - OS - 614   
        ...

        "Anyone can support me when they think I'm right. What I want is someone that will support me when I am wrong." Sir John A. MacDonald

        by Johnny Nucleo on Sat Jun 15, 2013 at 03:53:24 AM PDT

        [ Parent ]

        •  Take a closer look at that Linux list. (3+ / 0-)
          Recommended by:
          jamesia, TheMomCat, WSComn

          The Linux "vulnerabilities" are all local exploits (the user has to be physically at the machine).  

          The tent got so big it now stands for nothing.

          by Beelzebud on Sat Jun 15, 2013 at 02:10:27 PM PDT

          [ Parent ]

          •  Actually, no (0+ / 0-)

            There are a regular stream of vulnerabilities in Linux -- because the kernel in itself is utterly useless.  if you follow the Debian vuln list, you'll be shocked (or not) how often the utilities have stupid network-visible bugs -- and we're not talking use-after-free or libc-springboard-requiring bugs, but simple, stupid, buffer overflows.  As to "you can read the source", GCC still has exploitable bugs which allow escalation of privilege -- if you can't understand every line in that package, you are open to exploitation during compilation, even if you're compiling from an unprivileged account. (Remember those "harmless" local escalation of privilege bugs in the kernel?  Yeah, about them...)

            No matter, Joan's diatribe has no more grounding reality than an anti-vaxxer's or a climate-change deniers.  In fact, since the folks who spend their lives talking up how "secure" MacOS or pick-your-favorite variant of Linux is are 'compensated' by the various manufacturers, you know, that latter comparison is quite apt.

          •  The author of the post was claiming that microsoft (0+ / 0-)

            was intentionally releasing insecure code to allow snooping.

            They ship a buggy product in the name of national security! So stop complaining all you Microsoft users. Your blue screen of death could be saving the country.
            The author was arguing that the presence of security vulnerabilities in a software product is evidence that the manufacturer is complicit with the person doing the snooping (in this case the government).  If that is the case, then the list is a heck of a lot longer than one vendor.
            The Linux "vulnerabilities" are all local exploits (the user has to be physically at the machine).  
            What's your IP?

            There are known vulnerabilities that allow unauthenticated remote attackers to execute arbitrary code on Linux.  

            Users can be socially engineered to do something that results in his or her system being exploited.  Something as simple as getting them to to open a PDF file, run some java code or clicking on a link.  

            After all, even if the O/S is secure, applications such as Adobe Acrobat or java and office software introduce their own vulnerabilities.  

            "Anyone can support me when they think I'm right. What I want is someone that will support me when I am wrong." Sir John A. MacDonald

            by Johnny Nucleo on Sat Jun 15, 2013 at 07:38:20 PM PDT

            [ Parent ]

        •  No, but what's your point... (1+ / 0-)
          Recommended by:
          3goldens

          Windows is still on the list, is still vulnerable, and is still used by more people than the other OS's.  To me that makes the effects of its vulnerabilities have more impact than attacks on other OS or Apps.

          And if you go to this year, rather than the All Time Leaders list, Windows 7 cracks the top 10 at number 9.  In fact, for 2013, M$ has more products in the top ten (3) than any other company.

          So I'm not really encouraged by the information your link provides on Microsoft.

          "It just kills me that we put that idiot in office… twice. But I guess there has never been a shortage of idiots in politics." Helen Philpot writing about GWB, April 25, 2013

          by WSComn on Sat Jun 15, 2013 at 02:19:06 PM PDT

          [ Parent ]

        •  "Linux Kernel" (2+ / 0-)
          Recommended by:
          3goldens, TheMomCat

          Well thankfully there's only one linux distribution and therefore no need to worry about how different ones interact with the kernel.

          Also, what's the deal with listing out Windows XP (specific version) whereas the rest on the list isn't versioned?

          And this diary as well as the comment you're responding to are about Microsoft. 4 out of the 5 on that list are on Microsoft systems, and who knows if a Firefox vulnerability is BECAUSE of Microsoft?

          This list is pretty bogus.

          •  The CVE database is maintained by NIST and contain (0+ / 0-)

            s a very comprehensive list of disclosed security vulnerabilities.  Currently about 55,000 vulnerabilities are contained in the database.   The CVE details database provides metadata about these vulnerabilities - for instance rolling it up by vendor and product.

            Well thankfully there's only one linux distribution and therefore no need to worry about how different ones interact with the kernel.
            Vulnerabilities specific to particular distributions are lower down in the list.  If a version of the kernel has a vulnerability, then any distribution that uses that version will have that vulnerability.
            what's the deal with listing out Windows XP (specific version) whereas the rest on the list isn't versioned?
            The list is broken out by product so that it is useful to security professionals.  If someone is responsible for securing a Windows XP system, why would they care about a vulnerability in a different product (e.g., Mac OS X, Linux or Windows7)?

            "Anyone can support me when they think I'm right. What I want is someone that will support me when I am wrong." Sir John A. MacDonald

            by Johnny Nucleo on Sat Jun 15, 2013 at 08:04:56 PM PDT

            [ Parent ]

        •  And By Corp: MS Still Leads (1+ / 0-)
          Recommended by:
          WSComn

          Look at the graph on the bottom of that page: MS 4188 vulnerabilities and Apple 2769.

          Mind you that is not a "bug total" by any stretch of the imagination. I worked on a very large system in S Cal that had hundreds of thousands of reported bugs. I'd bet that any product off the MS shelf would have millions and millions to paraphrase Carl Sagan.

          What stronger breast-plate than a heart untainted! Thrice is he arm'd, that hath his quarrel just; And he but naked, though lock'd up in steel, Whose conscience with injustice is corrupted. King Henry, scene ii

          by TerryDarc on Sat Jun 15, 2013 at 02:48:37 PM PDT

          [ Parent ]

    •  a better response would have been to explain to (3+ / 0-)

      all us stupid ignorant people where it's mistaken and why.

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site