vanderwal.net

MS security causes sad day

Life sucks when: You have to pull an e-mail account that you manage from service. Particularly when this account is for your Dad. My Dad can be reached at Tom and I will be keeping Thomas. The TJV account is closed.

Why you ask? The account was hacked with the klez virus. He cleaned his hard drive, as he had no choice it or another virus took the hard drive out. He took another hard drive and put it in that machine and started fresh. This may have also infected his new laptop. Yes, all of these machines run Windows (the swiss cheese security system). My dad is more than computer savvy and Windows is not a consumer OS, as it is nothing more than an e-mail away from destroying everything digital you own (among many other issues, which I spend hours assisting friends and relatives with their continual problems with the MS OS). Microsoft continues to lie about its focus on security and the basic problem is the OS itself, it is not secure and it seems it will never be secure. UNIX has some issues, but has many more years of development under its belt, which is why is far more secure. UNIX variants (Apple Mac OS X, Linux, BSD, etc.) all have the advantage of years of experience and advanced developers working on the OS.

Keeping a MS box secure requires somebody with a lot of experience and they are not cheap. The MS total cost of ownership being lower than UNIX is a myth and unfounded. If you have MS open to the outside world (Internet server, DSL at home, or unfiltered (through virus scanner) e-mail, etc.) you need an MS security expert focussed on ensuring the sanctity of whatever is considered valuable on the MS boxes. This person will cost as much, if not more, than a senior UNIX systems administrator (who are, by and large, veterans in UNIX security also as it comes with the territory).

Too many folks (that are near and dear to me) have had MS servers hacked or been victims of viruses in the past couple of weeks. Granted the MS boxes hacked may not have been watched over by MS security experts, but that is what it takes.

Making choices, as far as what language to develop Internet applications, should keep in mind lock in factors. A UNIX only or a Microsoft only solution that requires the application be only run on a certain type of server has never been a great idea. This becomes even more apparent now. In my opinion this has never been a good option. Fortunately, there are many more options available that run on nearly all OS platforms. These include: Perl, PHP, Java (JSP), Python, ColdFusion, etc. Each of these languages have their own plusses and minuses, but if a certain OS platform becomes an unavailable option the applications can relatively easily be moved to another OS. This is not the case with ASP, and even less so the .Net framework (as noted before. Sure ASP can use ChiliSoft, but that is a very short term solution (as you know if you have ever had to use it, it buys you time to recode everything into a portable application language) and requires double to triple the hardware resources to run it compared to ASP on MS or any other language running natively.

All of this is just the beginning of the reasons why I most likely have bought my last Windows machine. The other reasons fall into the areas of trust and pricing. This explanation may follow soon.

Microsoft really did have swiss cheese security with all the holes in their servers. Seriously this is an imediate mandatory patch for the MS servers, so says Microsoft.

The Microsoft rants of late have been attributable to horrible networking problems that keep corrupting my mapped drives. The mapped drives to production and development servers work fine for days then blow-up. The server's response was the file was already open, when I was trying to copy over a file on one of the servers. Some days I could not even log on. I can have more than one mapping to a server so to copy to different project drives. Windows 2k says no way Jack. Not only this but setting up passwords for others today for them to log into the dev box, MS popped up an error message stating they had to have changed their password on their first login. That was their first login. Fully patched machines running too. What a poor excuse for an OS. Things have improved by the end of the day, but too much time is wasted on the crappy OS.

Wearable Computing and Airport Security

NT Times Circuits offers a look at Steve Mann's problems getting his weable computing self through airport security. All seemed to be fine until last month.

The NY Times writes about methods to protect our laptops from theft. (I saw more laptops this past week to make it seem like it was a revolution, not to mention approximately 80% of the laptops were Apple).

Representational State Transfer (REST) and the Real World provides the ability to add security to XML-based Web Services, among other beneficial elements.

PHP secure programming musts from the fine folks at Zend. [hat tip Bill]

Tips on how to secure a wireless LAN (WLAN). [hat tip Bill at WHUMP]

I was hoping this article would never be written as it is the antithesis of the Web. The Washington Post writes about setting up international boders on the Internet, which includes a digital border patol that denies access. My hope is that while there is a Web there is a way to get arround these restrictions. The whole world does not need to become like China and block content from outside its borders.

SecureMac seems to offer solid information, warnings, and fixes for Apple Mac security issues. It will be a good site to keep my one's on.

Part 2 of the PHP security issues, which explains how to shore up your PHP application builds.

On Earthweb, Jordan Dimov, provides PHP securtiy guidence. Some of this is a restating of known holes, which have been closed, or can be closed. It is good to read through this just to be safe.

The Beeb News provides a wake-up call to those that are still in the dark about wireless network security. The article welcome to the era of drive-by hacking shows how pervasive lax security is in London. This unaware approach to wireless network security can be a nice cheap way to get a fast Internet connection, but it also leave corporate and/or home networks wide open for abuse. The terms used for those that partake in the break in access are "war driving", "war pedaling", or "war walking" depending on the mode of transport used to take your laptop from open access network to open access network.

The article found that none of the networks use anything stronger than the built in security measures on the wireless hubs. The London area even has maps potting wireless access areas. Some see this access as a public good, but many of the enterprises networks, which house files and account information are wide open too.

There are reasons I don't trust Microsoft with my information. The continual security lapses are astounding. I had problems years ago with MSN continuing to bill my credit card for MSN services six months after I cancelled. I had to cancel the credit card for them to stop.

Movie industry hit by courts in DeCSS decision, which states that the DVD cracking code printed on t-shirts and such is free speech. As background, DeCSS decrypts DVDs so that they may be played back. DeCSS was coded to build a DVD player for Linux. The movie industry used a very poor encryption scheme, which made for easy cracking. The DeCSS allowed people who owned DVDs the ability to play them, and nothing more. There are other copyright infringement possibilities that one can apply when using the code, but lawn fertilizer has not been banned and it has been commonly used by terrorist to make bombs. Banning code that allows a person to watch a movie they bought legally, is greedy and inane.