April 2007 – Page 2 – third world county

April 25, 2007April 26, 2007

Mac “Pwned”

[Yeh, this is a repost of one I took down… and as it turned out, didn’t need to. And I know all the tb pings to the folks listed below are now invalid/broken, but hey, ya know, they were kind enough to provide me with some flogging, so they deserve the linkage from here. And yeh, Perri, I lost your insightful comment. ‘S’way it goes…]

But, but Macs are inherently secure, aren’t they? I mean, don’t the recent Mac ads tout the lack of a need to be security-conscious?

*heh*

Mac Hacked by QuickTime Bug “As Serious as ANI”

Researchers have confirmed that a QuickTime bug was the Achilles heel that felled a MacBook Pro last week in the Pwn-2-Own contest at the CanSecWest security conference…

…the vulnerability affects not only Safari but also Firefox on Mac OS X. Firefox on Windows may also be at risk…

Oooo, so Macs share a vulnerability with Windows. *heh* Don’t tell the Macrophiles; they’ll be afraid they’ll get cooties. Much as it pains me to admit it, here’s one place where Internet Exploder, in its most recent evil incarnation, betters some of the competition:

…Terri Forslof, manager of security response at TippingPoint, confirmed with me today that any Java-enabled browser is potentially vulnerable. Internet Explorer is not, she said, given its sandbox feature, which “does handle the vulnerability appropriately,” she said.

Opera 6 and 7 had a similar vulnerability in the way they handled Java (patched by Opera almost immediately when discovered), but so far, I think Opera 9 is clear. Any folks know differently? At any rate, the root problem is… QuickTime itself. And, as everyone knows, that makes it a Mac OS problems…

Because Quicktime is installed on the Mac operating system by default, turned on and ready to go, it’s comparable to a Windows media player [sic] bug, she [Forslof] said. “Even though it’s not the main system you compromise, you still own the whole system when you do compromise it. It’s every bit as serious.”

I’ve always hated QuickTime for its rude pre-empting of system preferences and annoying insistence that IT be the default media player, etc., but with multiple security holes discovered in the thing just this year coupled with Apple’s rude, obscurantist and unnecessarily complex patch procedure–unless one is a Mac user, as are about, oh, maybe 1/10 of QuickTime users–has made my move to having a different media player default for playing movs even sweeter.

So, Apple: :-p

Trackposted to Outside the Beltway, Perri Nelson’s Website, Blog @ MoreWhat.com, The Random Yak, Adam’s Blog, Maggie’s Notebook, basil’s blog, The Pet Haven Blog, Leaning Straight Up, Cao’s Blog, The Bullwinkle Blog, Conservative Cat, Conservative Thoughts, Pursuing Holiness, The Magical Rose Garden, Faultline USA, stikNstein… has no mercy, The Crazy Rants of Samantha Burns, , CORSARI D’ITALIA, and The Yankee Sailor, thanks to Linkfest Haven Deluxe.

April 22, 2007April 25, 2007

VA Tech Shootings: an interim perspective

When I first heard of the VA Tech shootings, my response was sadness tinged with horror. Knowing full well the tendency of the Mass Media Podpeople’s Hivemind and politicians *spit* to descend on such events as packs of jackals and hyenas (you choose which class is characterized by which animal–I’ve made my choices *sigh*), I decided to severely limit my exposure to pronouncements made or promoted by those creatures. Still, whiffling around the fringes, reading commentary by folks I do have some degree of confidence in and respect for, I’ve arrived at an interim position on the shootings. (My “final” position–itself subject to change based on more information–will not firm up until a more settled set of information’s available.)

Some perspective in advance, if you’ll follow along. Yes, the shootings were horrible, eveil acts, but they are certainly not the first such, nor are they the most horrific acts of a single person in mass murder in this country’s history. Not even the most horrific acts of mass murder by a single person against students and teachers. Far worse was the school bombing in Bath, Michigan in 1927 that claimed 45 lives and wounded 58 other people, an act planned, apparently over the course of a year, and carried out by one man, Andrew Kehoe, acting alone. In that instance, there was little, compared to today, media ravaging of the victims’ families and the community, and the only politicians I find mention of were local officials, with the exception of the governor, who worked carrying rubble away during the rescue and recovery operation–behavior we’d cscarecely see from our political rulers today (Do something useful? Not on your life!).

A horrible event in the early 20th century that is one data point in perspective on the VA Tech shootings.

But what of the larger setting wherein the VA Tech shootings took place? What of our society today, and particularly, the subset in our nation’s colleges and universities? Consider the contrast between mass shootings in schools and other violent deaths:

Fatal mass shootings in our nation’s elementary schools, middle schools, high schools and colleges number just over 250 killed in the past 80 years. While shooting violence is worsening, it does not approach the toll of other violence on our college youth.

We all seem unable to assimilate the fact that thousands of college students are dying violently each year. About 1,100 students each and every year will commit suicide, according to the American Academy of Child and Adolescent Psychiatry, and four of every five young people who attempt suicide exhibit clear warning signs.

The rate of drug overdoses among teens and young adults more than doubled over the five-year period from 1999 to 2004, the Centers for Disease Control and Prevention reported. And each year, on average, there are 1,400 drinking-related deaths among college students nationwide, according to the Task Force on College Drinking. The Task Force estimates that binge drinking by college students also contributes to 70,000 cases of sexual assault or rape each year.

Placed in this setting, almost 80 times as many college and university students are killed each year as a result of our sick society as were killed in the VA Tech shootings. Almost 80 times as many.

Let that sink in. Is that a sign of a sick society or what?

From the same article cited above, this:

Richard Arum, professor of sociology and education at New York University, offers one opinion on the root causes: “I would argue that discipline in our schools earlier is not working. And young men, in particular, are not internalizing the norms and values of our society. And periodically, you get acute manifestations of this, as in these rampage school shootings.”

Well, Richard Arum is wrong. It is precisely because young men are internalizing the norms of our contemporary society that these things take place. Both from the perspective of the perpetrators of these horrific acts and from the perspective of responses to these horrific acts. Youth culture is pervaded with celebrations of nihilistic, brutal, degrading violence. Just listen to all the hip-hop or rap you can stomach if you don’t believe me.

Contemporary youth culture is also pervaded with the “no responsibility” ethos. WATCH others being shot (knowing full well you could be next) and do nothing except perhaps run away or hide. Imagine that happening in a college or university filled with young men back from WWII or Korea. Not an easy task, eh? (Well, it’s not easy for folks who were there in that day to imagine… )

A different school shooting in a different Virginia institution of higher learning five years ago turned out quite differently… perhaps because two students there went to their cars when they heard the first shots… and returned armed.

Let me take this a step further. I can NOT imagine ANY “gunman” entering the west Texas schoolhouse where my grandfather and eight of his brothers were in class, succeeding in getting off more than a couple of shots before being put down. In fact, any “gunman” entertaining such thoughts would be doing so with nothing but suicide in mind from the get-go. Sure, the boys’ long guns would all have been stored in the back of the room, but I have no doubt whatever that even the youngest (whose hunting knife I still have and treasure) of the brothers would have been all over such a suicidal “gunman” even if armed with nothing so much as a writing slate. And as for them dutifully lining up like sheep for the slaughter? Not a chance. Not a snowball’s chance in hell.

After all, each one of them was in training to be men.

Trackposted to Outside the Beltway, Right Pundits, 123beta, Maggie’s Notebook, basil’s blog, The Pet Haven Blog, Shadowscope, MONICA, Stuck On Stupid, Phastidio.net, The Amboy Times, Cao’s Blog, Leaning Straight Up, Conservative Cat, Conservative Thoughts, Pursuing Holiness, Pet’s Garden Blog, Faultline USA, Sujet- Celebrities, Woman Honor Thyself, Stageleft, , stikNstein… has no mercy, Blue Star Chronicles, The Pink Flamingo, and Dumb Ox Daily News, thanks to Linkfest Haven Deluxe.

April 20, 2007

Microsoft Bashing

OK, I admit it: I like picking on the (mostly caged) 600-pound gorilla as much as you probably do, and there is certainly a LOT to B&M about when it comes to Me$$y$oft’s software. After all, we’ve been through TWO “patch Tuesday’s” this month and Microsoft is giving folks NO clue about when the DNS vulnerability that’s been actively exploited this week (!) is going to be patched. Yeh, sure, it probably doesn’t affect you directly since you’re probably not running M$ “Advanced” (*heh*) Server 2000/2003… but some of the networks you surf use it (and that might explain some ‘net wonkiness this week–might).

But the Mac ads touting how Macs just don’t need protection from malware are pure hokum, bunk, B.S. Not to put too fine a point on it, such claims are lies.

Apple has released a wide-ranging security update for Mac OS X. It’s the fourth for the year, which has us wondering if the company’s moving to a monthly schedule

Hmmm, that’s what, one fewer than Microsoft has released this year? For a platform that has juuuust about 5% of the users that Microsoft boasts, Apple doesn’t really have to try harder to appear safer. It’s such a small target, it’s little wonder it’s attacked very often, but when it is… well, from my personal experience, a far greater proportion of Mac users are clueless what to do to recover from such attacks than M$ users (or Linux users). And Apple serves its users not at all well by selling the idea that Macs just don’t have to worry about malware, that Macs are inherently secure, etc.

BTW, my month or so experience with PC-BSD has led me to the conclusion that if you really, really want to run BSD with a cool GUI on a computer, you can do it much, much less expensively than buying an Intel computer running Mac OSX (which is really just BSD with the proprietary Mac GUI straightjacket tacked on top). Heck, build the biggest, flashiest honker of an Intel box you want (or even AMD), save the $$$ shakedown from Apple and install PC-BSD for free. “Outa the box” it’s easy to use, easy to find and install apps, etc. And you can even make it look and feel mostly like Mac (a more friendly, more easily configurable) OSX, if you’re feeling particularly masochistic.

*heh*

Just a thought…

Trackposted to The Virtuous Republic, Blog @ MoreWhat.com, Perri Nelson’s Website, The Random Yak, Adam’s Blog, basil’s blog, The Amboy Times, Leaning Straight Up, Cao’s Blog, Jo’s Cafe, Pet’s Garden Blog, Rightlinx, stikNstein… has no mercy, The Crazy Rants of Samantha Burns, Pirate’s Cove, The Pink Flamingo, Gone Hollywood, and The Yankee Sailor, thanks to Linkfest Haven Deluxe.

April 19, 2007April 19, 2007

T-13, 1.26: Thirteen Stupid Computer Tricks

Well, not really tricks, stupid behaviors.

1.) Fiddle around never planning for the inevitable… crash. It doesn’t matter how good your hardware or software is, one day, right in the middle of an absolutely essential piece of work, your hard drive will fail, your OS will become irretrieveably scrambled, heck, your house will biurn down and your will be data lost forever IF you are among the nearly universal set of casual users who don’t have a backup and disaster recovery plan. Count on it.

2.) Use a computer “bare naked”. No, I’m not talking about the user. I’m talking about the computer. Plug the thing directly into a wall socket and you’re just asking for trouble. Almost as bad (and in some ways worse)? Use an under-rated faux surge suppressor. If it won’t suppress a bare minimum 1,000 joules (and that is a minimum) don’t plug into it. If it’s older than a year, well, it’s probably nearly as bad as not having one at all (surge suppressors wear out over time). All it takes is one good spike (or many small spikes spread out over time) and your MOBO is toast.

3.) Surf “naked”. Yeh, no firewall. Even the crappy Windows firewall is better than nothing. A software firewall is absolutely essential nowadays. Most Linux distros come with pretty good firewall rules ready to activate, and there are several free Windows environment firewalls available (my current fav is Comodo. Very good. BTW, if you are still using Windows 98 or *shudder* Windows “Muppet Edition”–Me–install Sygate Personal Firewall–link is to an ftp download)

4.) Really dumb (and irresponsible and completely shameless, no matter what OS is in the box): no antivirus software. Even if you don’t get infected, taking a chance of unwittingly forwarding an infected email is dumb.

5.) Even dumber? NOT UPDATING one’s anti-virus. And not USING it to MANUALLY scan downloaded files. Emperor. New clothes. Get it?

6.) Ditto anti-spyware.

7.) Cheesy passwords. Your birthdate, child’s name, pet’s name, whatever. Dumb, real dumb. Worse still? I simply cannot count the number of computers I’ve seen with passwords stuck on monitors with sticky notes. *sigh* Hello! Put a sign on your house: “It’s locked, but the key’s in the door.” Choose passwords that are based on phrases, preferably from unique incidents in your life. Mix ’em up with misspelled words using uncials, capitals, numbers and symbols. “eyEdreenkgr33nt3@” is better than “password” *duh*.

8.) Sharing is for losers. Data and security losers, that is. If you must have file and printer sharing on on your home network, at least share ONLY specific, password-protected folders! And for heaven’s sake, TURN OFF FILE AND PRINT SHARING WHEN USING A WI-FI HOTSPOT!!!

9.) And while I’m on the topic of wireless… Heck, even responsible people can be tempted to sniff your network if you leave your fly down. *heh* At least use WPA-PSK on your wireless network. WPA2 (AES) is better. Current crops of router/firewalls are easily-configured for pretty darned secure wi-fi, but it seems most people never enable even basic WEP (*yech!*) “security” and for that matter never change the default password on their routers! (most common: UN:admin; PW: password *sigh*).

10.) Willy-nilly install and uninstall any old downloaded software–betas, warez, cracks, whatever. Asking for trouble. No, begging. Windows users, make a Restore point before installing new software. For that matter, determine FIRST if you NEED that shiny new toy, do some research–reviews in mainstream computer mags are one place–and MANUALLY SCAN the downloaded file with an UP-TO-DATE anti-virus BEFORE installing it.

11.) Oh, here’s a really dumb trick: clicking on any and every link in an email. Anyone say, “Viruses, Trojans and Worms, oh my!”? Or how about phishing? Great. Infect yourself (and pass it on) and offer yourself up for identity theft, if you will. CLICK NOT unless you have a VERY GOOD IDEA where that CLICK will lead you.

12.) Opening any old attachment in an email. The classic “Infect me please!” Dumb. The rules are: Do not open unexpected attachments, SCAN expected attachments separately, MANUALLY with an up-to-date anti-virus software.

13.) And the “unluckiest of all” dumb computer trick? Listening to Cousin “Eye R a compewter goo-roo” Clem. No, he does NOT know what he’s talking about. Nod your head and keep his hands OFF your keyboard!

Tacked to the board at the Thursday Thirteen Hub and Trackposted to Perri Nelson’s Website, The Random Yak, Faultline USA, The World According to Carl, Pirate’s Cove, Planck’s Constant, The Pink Flamingo, The Amboy Times, Cao’s Blog, Leaning Straight Up, Dumb Ox Daily News, Conservative Thoughts, and Right Voices, thanks to Linkfest Haven Deluxe.