Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Encryption Security Your Rights Online

New Crypto-Gram 5

Posted by michael from the good-reading dept.
TRingstad writes: "The newest issue of Bruce Schnier's Crypto-Gram is out and available here. It has more on Microsoft's Bastardization of Kerberos, and includes their request to Slashdot to remove the postings. He also threw in another link to a mirrored copy of the Kerberos specification. Funny. Also good is an article on why companies like Microsoft aren't held responsible for pushing out poor products, the way a company would be in any industry other than the Software industry, and another article about "ILOVEYOU" and the problems with scripting languages like VB."
This discussion has been archived. No new comments can be posted.

New Crypto-Gram More

New Crypto-Gram

Comments Filter:
  • From "ILOVEYOU Virus":
    Do these "customers" really specifically ask for fully general scripts that attachments can execute, or do they only ask for certain features that can be implemented in many ways, some of which involve attachments that execute scripts? Do the customers who supposedly ask for these crazy things understand the consequences of them?

    I think this is an underestimation of Microsoft's users. Sure, this stuff is dangerous to have and some of the things Melissa and ILOVEYOU have done should have been anticipated by the original designers of VBA and the ones integrating it into their product. But still, I have used scripting a lot to automate all kinds of tasks in a Windows-environment and I have to say it actually works quite well. People here don't just run attachments in an e-mail called "ILOVEYOU" and consequently turn off macros in a document unless they know beforehand what they do. But once you know what you're doing, the scripting environment that allows all these things is very powerful.

    I think the main problem of Windows is that the design goal is to create an OS that is easy for everybody but turns out only to be safe for experienced users. Because apart from the occasional hole that turns up in the software directly (but that happens in all software), a Windows NT or 2000 box can be customized and used very safely.

  • I know over 200 people (some at work, some at home) who use Windows on a daily basis. Not a single one of them could write a script to do anything if their life depended on it. It's criminaly insane that M$ installs a scripting host with the OS. If you need scripting you know that you need it, and you can download an installer for it. If you don't need it (or, like most Windows users, don't even know what it is), all it can do is fuck up your life.
  • "Software is different. It is sold without any claims whatsoever. Your word processor can accidentally corrupt your files and you have no recourse. it's your fault. Microsoft fielded Hotmail with a bug and never bothered to apologize. "

    "According to studies, 90% to 95% of all bugs are harmless. They're never discovered by users, and they don't affect performance. It's much cheaper to release buggy software and fix the 5% to 10% of bugs people find and complain about."

    This brings up some good points! Why do we put up with this from software companies?

    I expect my car to run right whenever I need it. I expect mechanical failures once in a while, but with proper maintainence, any mechanical system can be kept running properly. But if the airbags deploy when I tune the radio to a certain frequency, I'd get a little miffed!

    I shouldn't have to try many products out because; "oh, Lotus Notes has better security that Outlook, but Outlook is free.." or "Star Office is free, but Management wants Office,r even though it creates more down time..."
    Software isn't perfect, but it should be a matter of pride, whether it's free or not, that is works as advertised.
    I already vote with my wallet. I don't use Microsoft at home, and since I make decisions for my companies choice of software, we don't use IE or Outlook. And recently I converted several servers from NT to RH. I prefer software that people take a little pride in.

  • Can anyone suggest a good working Gnutella client for Linux that can share files? If I can find one I'll go back to those posts in question, make a local copy and put the Kerberos spec on Gnutella net.

    In the meantime, keep searching for ms-kerberos-spec.txt on Gnutella.
  • Microsoft could make the default /NOT/ to run the script, and just open it as text. Then, if someone really needed it, they could right-click and go to "Run" or if they were really lazy, they just change the default command run on the file. This is just Microsoft's excuse for making insecure software.

    Chris Hagar

Slashdot Top Deals

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.

Close