“We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.”— The Continental Congress, July 4, 1776
“The task of statesmanship has always been the re-definition of these rights in terms of a changing and growing social order.”
— Franklin D. Roosevelt (Commonwealth Club Address, 1932)
“Roosevelt was wrong! The principles laid down in the Declaration of Independence are the principles of individual liberty. Our unalienable rights, given to us by God are given to us as individuals. Our rights do not come from society or the government, and they cannot be redefined by politicians. The nature of these rights carries with it the implication of individual responsibility, without which we surrender them.”
— Perri Nelson, November 6, 2008
Can you be sure your security patches are genuine?
Published Fri, May 11 2007 8:58 AM
Technorati Tags: Computers and Internet, Annoyances
Microsoft provides security patches to users free of charge and has recommended that we all use "automatic updates". This wouldn't be so necessary if there weren't so many security holes in Microsoft's software.
Of course Microsoft isn't the only software company with buggy software. There are plenty of security flaws in Apple's software, despite the slick "I'm a PC -- And I'm a Mac" ads. Linux isn't exactly free of security flaws either.
Microsoft though has the largest installed base in the OS market, and so naturally it's the biggest target. So what can we do if the Microsoft conduit for security patches is compromised?
While there's no word on whether that's happened yet, it's bound to happen eventually. And now at least a first step looks to have been made. From InfoWorld:
Hackers are using Windows Updates' file transfer component to sneak malicious code downloads past firewalls, Symantec researchers said Thursday.
The Background Intelligent Transfer Service (BITS) is used by Microsoft's operating systems to deliver patches via Windows Update. BITS, which debuted in Windows XP and is baked into Windows Server 2003 and Windows Vista, is an asynchronous file transfer service with automatic throttling -- so downloads don't impact other network chores. It automatically resumes if the connection is broken.
"It's a very nice component and if you consider that it supports HTTP and can be programmed via COM API, it's the perfect tool to make Windows download anything you want," said Elia Florio, a researcher with Symantec's security response team, on the group's blog. "Unfortunately, this can also include malicious files."
Florio outlined why some Trojan makers have started to call on BITS to download add-on code to an already compromised computer. "For one simple reason: BITS is part of the operating system, so it's trusted and bypasses the local firewall while downloading files."
...Although BITS powers the downloads delivered by Microsoft's Windows Update service, Friedrichs reassured users that there was no risk to the service itself. "There's no evidence to suspect that Windows Update can be compromised. If it has a weakness, someone would have found it by now.
I'm not reassured. I don't believe that software exists that can't be compromised. Remember that absence of evidence is not evidence of absence. One component of the Windows Update system has been compromised. New security flaws are found in Microsoft products all the time.
Is it just a matter of time before Windows Update becomes a new delivery tool for viruses?
Trackposted to Stuck On Stupid, Cao's Blog, Leaning Straight Up, The Bullwinkle Blog, The Florida Masochist, Jo's Cafe, Conservative Cat, third world county, Woman Honor Thyself, The World According to Carl, Pirate's Cove, Blue Star Chronicles, Dumb Ox Daily News, High Desert Wanderer, Gone Hollywood, and The Yankee Sailor, thanks to Linkfest Haven Deluxe.
Comments (3) | Trackbacks (0)
Weekend Linkfest
Published Fri, May 11 2007 12:31 AM
Technorati Tags: Open Trackbacks
This extended linkfest is for the 11th through the 13th of May, 2007.
If you have something interesting you'd like to share, feel free to link it here and leave a trackback.
Just remember the trackback policy.
For the best exposure, go to the blogger's oasis and use the linkfest chooser to choose the posts you'd like to hook up with.
Comments (0) | Trackbacks (42)
The American Israeli Patriot trackbacked with "Fighting The Wrong Enemy"
The American Israeli Patriot trackbacked with "Just Another Day In Pali-stan"
The American Israeli Patriot trackbacked with "The White House Policy Of Appeasement"
Stuck On Stupid trackbacked with ""I think we're dying," .... "We made brownies and I think we're dead, I really do.""
The Florida Masochist trackbacked with "The Knuckelehead of the Day award"
The American Israeli Patriot trackbacked with "Palestinians Have Fired Rockets From The West Bank "
The Florida Masochist trackbacked with "South Korean wardrobe malfunction"
The World According To Carl trackbacked with "Carey Bell — R.I.P. — 1936-2007"
Blog @ MoreWhat.com trackbacked with "Romney Surges in Polls"
third world county trackbacked with "Blood for Oil"
The World According To Carl trackbacked with "Godly Wisdom — May 11, 2007"
Dumb Ox Daily News trackbacked with "Who Can Tell of This Love?"
Pirate's Cove trackbacked with "Those Wacky Hamas Folks Are At It Again"
stikNstein....has no mercy trackbacked with "“Voice of the Voiceless” Award given to Pedophile Priest protector Cardinal Mahony (for his embracing of illegal immigrants)"
The Florida Masochist trackbacked with "Florida the rules are different here Chapter CVIII"
Blue Star Chronicles trackbacked with "Michael Moore Gets Richer"
Wake up America- trackbacked with "San Francisco Priest Tells Nancy Pelosi She is Pro"
Blue Star Chronicles trackbacked with "Fred Thompson Reacts to the French Elections"
Pursuing Holiness trackbacked with "Pursuing What?"
Diary of the Mad Pigeon trackbacked with "MOGS and The Violence Worker on The Law of Armed Conflict"
Diary of the Mad Pigeon trackbacked with "Open Topic of the Week: The Queen"
Planck's Constant trackbacked with "Guns kill people and spoons made Rosie Fat"
The Right Nation trackbacked with "Sleepy Weekend [Open Trackback]"
The Amboy Times trackbacked with "PHX Adds Foot Washing Basins"
Blue Star Chronicles trackbacked with "Troops Face Larger Threats at Smaller Neighborhood"
Pursuing Holiness trackbacked with "Anbar Rising"
Leaning Straight Up trackbacked with "Political Shocker: Democrats reconsidering lobbying reform"
The HILL Chronicles trackbacked with "Lazy day and Friday night open post"
Adam's Blog trackbacked with "The Evangelical Self-Destruction"
of Bullets and Bibles trackbacked with "Life vs Death"
Phastidio.net trackbacked with "Markets In Everything [Weekend Open Trackback]"
Pirate's Cove trackbacked with "Church Sign Angers Muslims In Spring Hope"
The Florida Masochist trackbacked with "The Knuckleheads of the Day award"
A Blog For All trackbacked with "Extremism Has No Place In Islam"
The Florida Masochist trackbacked with "Nice thought"
Planck's Constant trackbacked with "Why The MSM doesn't Report Black on White Murders"
Blue Star Chronicles trackbacked with "American Soldiers ROCK!"
Woman Honor Thyself trackbacked with "HappY Mama’s DaY!"
Adam's Blog trackbacked with "Conservative Podcast: Mormonism and American Polit"
The World According To Carl trackbacked with "Christian Cartoon"
Big Dogs Weblog trackbacked with "Texas Town Says No Ms to ILLEGALS"
Woman Honor Thyself trackbacked with "Leftstream Media doesn’t notice Muzlim GenocidE"
Blogs Against Nancy Pelosi
