Discussion on:
View:
Show:
... that Symantec considers knowledge of their source code as a security issue. Open-source providers consider the same thing a security enhancement. That speaks volumes about "security through obscurity," as well as about closed code review practices at Symantec.
Symantec suddenly finds it of utmost importance to disable a six'ish year old product so they can patch the list of vulnerabilities they've known about all that time. Very telling.
I came to the news of Symantec's admission of breach fully expecting some cockamamie nonsense about it being "more vulnerable" now that the source has been publicly exposed. The truth is that the "bad guys" know about the vulnerabilities without the source, and they've had the source for half a dozen years anyway -- and Symantec just hasn't bothered to put any effort into securing the software. Symantec is just trying to spin the facile "security through obscurity" approach as a way of saying "It's not our fault your software isn't secure," even though it definitely is Symantec's fault.
The point was made that Symantec's network being breached is surely embarrassing for a corporate security software vendor, but the truth is that shouldn't be the real embarrassment. Given enough time and effort and ingenuity, any corporate network can be breached. It often doesn't take any more than a telephone call to get what one needs for access, in fact, or a brief visit to the office with a USB "thumb drive" or six (just leave them lying around in places where they'll be found by staff members who wonder what they are and plug them in to MS Windows desktops to find out). Getting the network breached is just a matter of bad luck, I guess, coupled with "industry best practices" kinda sucking. The real embarrassment is that pcAnywhere is such an unsecured turd that the best response Symantec has is "Stop using it until we fix what we've neglected."
In short, the real embarrassment is that Symantec, a security software vendor, is so negligent with the security of its software.
edit: clarification and typo
The point was made that Symantec's network being breached is surely embarrassing for a corporate security software vendor, but the truth is that shouldn't be the real embarrassment. Given enough time and effort and ingenuity, any corporate network can be breached. It often doesn't take any more than a telephone call to get what one needs for access, in fact, or a brief visit to the office with a USB "thumb drive" or six (just leave them lying around in places where they'll be found by staff members who wonder what they are and plug them in to MS Windows desktops to find out). Getting the network breached is just a matter of bad luck, I guess, coupled with "industry best practices" kinda sucking. The real embarrassment is that pcAnywhere is such an unsecured turd that the best response Symantec has is "Stop using it until we fix what we've neglected."
In short, the real embarrassment is that Symantec, a security software vendor, is so negligent with the security of its software.
edit: clarification and typo
With all the web and IP based desktop sharing apps both free and paid-for I'm surprised pcAnywhere is still being sold...
Some businesses have no wish to put access to their network in the hands of a third party, and some can not due to security obligations such as those that are required of a military or government contractor. And then of course there may be bandwidth concerns to take into account.
Loading someones software directly on your system vs on a web server, both are opening your world to someone else.
I have not used it since the early 90's and I don't allow it on corporate devices.
Client management, server management, asset management, deployment, etc. Acquired by Symantec in 2007? Guess what they embed in the Altlris agent now, for remote viewing/shadowing? Yep...pcAnywhere.
Those corporations on Altiris 7.x+, with thousands and thousands of agents deployed, also have thousands and thousands of copies of pcAnywhere running on their corporate networks.
Those corporations on Altiris 7.x+, with thousands and thousands of agents deployed, also have thousands and thousands of copies of pcAnywhere running on their corporate networks.
Symantec has gone on a spree for years buying decent companies with useful products and then completely destroying them.
Because the Makers of the software that is used in the Medical Offices particularly Specialists is updated through PC Anywhere by it's makers.
There is another big chunk of the industry who has to use it.
Col
There is another big chunk of the industry who has to use it.
Col
In reply to FAST!!!, that's like asking why anyone should bother with Citrix when all it is is Microsoft Remote Desktop. One feature PCAnywhere has that others lack is incremental file transfer. You copy a file a few times with RDP, and it copies the whole file, every time. Copy it with PCAnywhere, and it only copies what's changed, saving a lot of time. Although with modern high-speed connections, this is becoming less relevant, it's still one of many nice features about the software.
The point is not that it duplicates what you can get from Microsoft; it's that pcAnywhere is only one out of dozens of third-party options to do the same thing, many of which have features that put pcAnywhere to shame, and most of which cost less (if anything at all; many are free).
Besides . . . there are better ways to get copies by delta than pcAnywhere.
Besides . . . there are better ways to get copies by delta than pcAnywhere.
The people who I deal with who use it are mandated by their Software Suppliers. For instance Medical Software here is managed by it's Developer and updated Via PC Anywhere on a very regular basis.
The Company rings the Doctors Office/s gets the Secretary/Receptionist/Nurse to enable PC Anywhere and updates the Program.
Currently all Software used by the Medical Industry requires PC Anywhere and it's part of the Medical Program Package, I'm not even sure which version they are currently using as it's not a separate application it's installed with the Medical Program and incorporated into it. In other words they don't have a choice to use anything else.
Col
The Company rings the Doctors Office/s gets the Secretary/Receptionist/Nurse to enable PC Anywhere and updates the Program.
Currently all Software used by the Medical Industry requires PC Anywhere and it's part of the Medical Program Package, I'm not even sure which version they are currently using as it's not a separate application it's installed with the Medical Program and incorporated into it. In other words they don't have a choice to use anything else.
Col
social engineering...
"Hello, this is John McDoe from Medsoft Inc, I need you to enable PC Anywhere for the update, as usual. BTW this update is a bit intensive, so don't be alarmed if the system is a bit slower for a while. Thanks!"
"Hello, this is John McDoe from Medsoft Inc, I need you to enable PC Anywhere for the update, as usual. BTW this update is a bit intensive, so don't be alarmed if the system is a bit slower for a while. Thanks!"
That anyone in the medical profession would be careless enough to use something like pcAnywhere makes me feel really confident about everything else they do. Or is this just a case of them assuming that technical professionals are just as careful about their work?
I think it's that, for the most part, doctors are only as careful as anyone else given the same set of circumstances relative to their own personal needs. That is, they're mostly concerned about things like liability, their own convenience, and making money -- and not usually in that order.
The 2 major Medical Programs both use it and both include it in their Installation Package.
So it's not so much a matter of them even thinking about it but being given no option.
Here I think that PC Anywhere has been certified as Meeting Compliance by the Authorities is why it gets used and nothing else is considered. You just have to love Bureaucrats.
Col
So it's not so much a matter of them even thinking about it but being given no option.
Here I think that PC Anywhere has been certified as Meeting Compliance by the Authorities is why it gets used and nothing else is considered. You just have to love Bureaucrats.
Col
I wasn't arguing FAST!!!'s point -- just explaining it to the person who completely missed it.
Once someone has a package loaded in their network, they need a very good reason to even consider a different package. "don't fix what isn't broke", but managers often have no idea if something is broke or not until it completely stops.
People forget how fluid technology is. Just because a package is great today doesn't mean it will still be "the package" in a few years. Years ago I had moved exclusively to FF for my network and it saved me a ton of time in keeping systems from becoming infected. Now I have moved to Chrome for most of my browsing. Who knows what tomorrow will bring?
People forget how fluid technology is. Just because a package is great today doesn't mean it will still be "the package" in a few years. Years ago I had moved exclusively to FF for my network and it saved me a ton of time in keeping systems from becoming infected. Now I have moved to Chrome for most of my browsing. Who knows what tomorrow will bring?
Maybe a browser called xxxterm. I've been using it a fair bit lately, and it is much less aggravating than Firefox. It also offers capabilities that are lacking in Chromium.
Did the breach occur against Symantec servers or against Indian government servers?
I really don't have the confirmation about Symantec's systems and/or networks (Symantec do submits that their own servers were penetrated some "years" back.. and the source code exposed is from that data..which was stolen).
I still feel that Symantec's systems were hacked.."when" I could not comment
I still feel that Symantec's systems were hacked.."when" I could not comment
..and as far as I'm concerned reason enough to never voluntarily use a Symantec product again.
I banned their stuff from my home network well before they got hacked. I mean that now I will actively work in the Corporate environment to see that their crap isn't used, either.
As far as I can remember it was the year 2004 that I banned them from my home network as well and I "stopped" recommending their products to my friends and also told them to say off it (except the "Ghost". Hey its a good product; does the work straight forward :))
(except the "Ghost". Hey its a good product; does the work straight forward :)) 
I concur with the sentiments regarding Anonymous' revelations. Symantec evidently had an explicit back door in their "secret" code, and Anonymous' little "service" has exposed Symantec's irresponsibility. Symantec failed.
That doesn't mean Anonymous agents are angels.
In comics books, the superheroes always have to outsmart the police force to keep fighting evil. That's the feel I get from Anonymous. They see evil in governments, and they're using their super powers to resist injustice in all it's identifiable forms. If they have to dodge the police to make life better for the police, they're willing to bear the white man's burden.
But this isn't the comics, and Anonymous is full of normal people with superior skills. Normal people guess wrong about what's unjust, they get tempted by power in all its forms, they even make all the right judgments and accidentally break things they never meant to touch. Anonymous, should they get what they wish for, will break much more than they fix.
That doesn't mean Anonymous agents are angels.
In comics books, the superheroes always have to outsmart the police force to keep fighting evil. That's the feel I get from Anonymous. They see evil in governments, and they're using their super powers to resist injustice in all it's identifiable forms. If they have to dodge the police to make life better for the police, they're willing to bear the white man's burden.
But this isn't the comics, and Anonymous is full of normal people with superior skills. Normal people guess wrong about what's unjust, they get tempted by power in all its forms, they even make all the right judgments and accidentally break things they never meant to touch. Anonymous, should they get what they wish for, will break much more than they fix.
... if it prevents the ossification of entrenched complacency.
After Anonymous embedded LOICs in ostensibly informational links? Curious bystanders were tricked into committing felonies. Anon is bad news. They are proud of having unaccountable power. They can't be voted out. They can't be touched. Their names and addresses can't even be exposed like they're doing to police they don't like.
Ossification is bad, but see the French Revolution for a cure worse than the disease.
Ossification is bad, but see the French Revolution for a cure worse than the disease.
Technically it wasn't the French Revolution that was a cure worse than the disease; it was the Reign of Terror and growth of an oppressive Party Line regime that followed the effective end of the French Revolution.
In essence, Anonymous is the bleeding edge of 21st Century public protest, and its methods are rapidly becoming the only effective means of protest by anything less than a general, widespread public awakening that has any chance of making a dent in establishment oppression. It may be far from perfect, but it's also apparently the only generally effective means anyone has found that doesn't directly target innocents.
Don't forget, as well, that some Anonymous "agents" probably are basically angels. Anonymous is not a hierarchical organization. It's basically the emergent property of discontent. When parts of that mass of amorphous discontent in technically proficient society coalesce (mostly by chance) with a general consensus, action happens. You might think of Anonymous not as an organization or movement, but merely as a method, where organizations or movements rise and fade away as "needed".
To try to characterize Anonymous as a whole in terms of things like specific associated motives -- apart from a general desire for anonymity -- is misguided.
Don't forget, as well, that some Anonymous "agents" probably are basically angels. Anonymous is not a hierarchical organization. It's basically the emergent property of discontent. When parts of that mass of amorphous discontent in technically proficient society coalesce (mostly by chance) with a general consensus, action happens. You might think of Anonymous not as an organization or movement, but merely as a method, where organizations or movements rise and fade away as "needed".
To try to characterize Anonymous as a whole in terms of things like specific associated motives -- apart from a general desire for anonymity -- is misguided.
but then, I believe in the establishment even less.
This monkeywrenching is simply a part of renegotiating the role of the people in general. The people have been defined by market and government forces as a passive vessel for trade, and now a part of the people is saying "Beg to differ!" on behalf of the whole.
It's a battle about whether or not the people should be consulted about what it is fed.
This monkeywrenching is simply a part of renegotiating the role of the people in general. The people have been defined by market and government forces as a passive vessel for trade, and now a part of the people is saying "Beg to differ!" on behalf of the whole.
It's a battle about whether or not the people should be consulted about what it is fed.
and I agree with apotheon.
What Anonymous has been doing is simply fine..considering what we will be dealing with SOPA, IP act etc.?..shite :/
What Anonymous has been doing is simply fine..considering what we will be dealing with SOPA, IP act etc.?..shite :/
Anonymous isn't a force for good, it's a force for disruption. Out of that disruption may come some good -- or it might just force the establishment to show its hole card and tighten the screws further. That largely depends on how the majority of people respond to it -- or don't respond. Overall, though, I'm in favor of shaking things up rather than letting them stagnate.
A force for good is a contradiction in terms 
A force for a use can exist, though. Just like a tool for a purpose.
A force for a use can exist, though. Just like a tool for a purpose.
I guess whether "force for good" is a contradiction in terms depends on whether you define "good" such that it encompasses "resisting evil" as a reactive practice, and not solely doing good in a proactive manner.
It may enable good, but usually it only distracts from it: "We don't have the resources to do Good right now - we have a War on Evil to fight".
I guess victims of genocide should just lie down and die, then, so they don't distract from doing good.
But saving people from genocide by force is far less good than preventing said genocide by enlightenment.
The latter is the only lasting way, and so, the only true good.
The good that can be achieved by force of arms is not the true good, at best it is correcting a past oversight, at worst it is a selfish indulgence which will leave things worse than they were.
The latter is the only lasting way, and so, the only true good.
The good that can be achieved by force of arms is not the true good, at best it is correcting a past oversight, at worst it is a selfish indulgence which will leave things worse than they were.
. . . but the fact remains that sometimes resisting evil is necessary, and when undertaken out of necessity I call that "good".
I don't call it "good", I call it "preferable".
"Good" is a state, and an absolute state, at that : Boolean 1.
"Better" is not absolute, so "better", or "preferable" can be applied to many things, without watering down or distracting from what the absolute is about. It's not a boolean, merely an assessment of "x > y", fuzzy almost by definition.
I suppose there could be forces for improvement (forces for making things more better ), but these things are directional, and directional forces never reach the absolute, only approach it. My stance on this is in parallel to my opinion of stuff like "Political movement" (which I deem to mean "aiming to go too far" - an exercise in futility at best).
Often there will come a point where the force begins to pull away from the goal, leading it to become the opposite of what it set out to be, a force for detriment.
But be aware that I don't recognize passive force. A force is a force only in its execution. Having a gun is not force. Using a gun is force. Using a gun can be preferable to not using a gun, but it's never going to be "Good" with a capital G. Force, by my definition, is short for "use of force" or "application of force", never "potential for force", which is often just the same as "strength".
"Good" is a state, and an absolute state, at that : Boolean 1.
"Better" is not absolute, so "better", or "preferable" can be applied to many things, without watering down or distracting from what the absolute is about. It's not a boolean, merely an assessment of "x > y", fuzzy almost by definition.
I suppose there could be forces for improvement (forces for making things more better
), but these things are directional, and directional forces never reach the absolute, only approach it. My stance on this is in parallel to my opinion of stuff like "Political movement" (which I deem to mean "aiming to go too far" - an exercise in futility at best).Often there will come a point where the force begins to pull away from the goal, leading it to become the opposite of what it set out to be, a force for detriment.
But be aware that I don't recognize passive force. A force is a force only in its execution. Having a gun is not force. Using a gun is force. Using a gun can be preferable to not using a gun, but it's never going to be "Good" with a capital G. Force, by my definition, is short for "use of force" or "application of force", never "potential for force", which is often just the same as "strength".
I still call it good, as long as it doesn't do anything to violate the rights of the innocent. (Let's not get into a discussion of "innocent" now; I think you know what I mean.)
Most appear to be really brilliant people when it comes to how computers, networks and the internet function.
I suspect that many of them do what they do simply because they can rather than for any really organized sense of justice or protest against evil. I would also suspect that some are actually playing both sides and are engaging in their activities for personal gain rather than out of altruism.
Overall, I think that hacking corporate or government systems and then publicizing the insecurities is wrong. I don't know whether these individuals make any attempt to notify the owners of the systems they hack about the vulnerabilities they found to give them opportunity to improve them. If they do and the owners don't respond or care, then perhaps the publicity forces the issue. But if they don't, then they needlessly expose anyone who uses the systems to risk they might not otherwise face and perhaps cost the system owner more to repair the damage than they might otherwise incur.
Even more troubling is the potential for backlash and more government regulation or interference that may arise because of their illegal activities. We all know how government has to "protect" everyone.
I suspect that many of them do what they do simply because they can rather than for any really organized sense of justice or protest against evil. I would also suspect that some are actually playing both sides and are engaging in their activities for personal gain rather than out of altruism.
Overall, I think that hacking corporate or government systems and then publicizing the insecurities is wrong. I don't know whether these individuals make any attempt to notify the owners of the systems they hack about the vulnerabilities they found to give them opportunity to improve them. If they do and the owners don't respond or care, then perhaps the publicity forces the issue. But if they don't, then they needlessly expose anyone who uses the systems to risk they might not otherwise face and perhaps cost the system owner more to repair the damage than they might otherwise incur.
Even more troubling is the potential for backlash and more government regulation or interference that may arise because of their illegal activities. We all know how government has to "protect" everyone.
I mean i have never trusted this brand for some reason i had issues with my clients. Since i use Kaspersky 4 years ago i can say that is one thought AV. For some reason i've always mistrusted mccafee and Norton, and all that BS about a 5% you have to add a zero after that number.
This is the begining of their downfall. Rest in peace Norton.
This is the begining of their downfall. Rest in peace Norton.
And didn't bother to get up, it seems.
Only now someone has taken a pic of them there on the floor, in their own filth.
Only now someone has taken a pic of them there on the floor, in their own filth.
The weakest part of any computer is software.I think that the Windows XP that we have is a copy of a copy of a copy and so on.These operating systems actually make the rounds in industry.Each corporation uses their tricks to the OS and we get something that at least works.I don't want to watch the country drift away on TV without a fight.
That's quotable. And if "Call the FBI" is meant to be sarcastic, well played.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
