deeply penetrated with spy software

Tee hee...

Did they use the firewall like a condom?

Golly, that "common data store" wouldn't have been a Microsoft "protected" server? It was probably co-ordinated with Mossad.

I wish some 16 year old Communist Chinese hacker would do me a favor and hit the "delete" button on any existing financial records for my mortgage leaving me showing my loan free and clear -- and non-existent.

Thanks Wang Xing Loo, I'd appreciate it!

CC = FF.

I was asked regarding this exact scenario last month.. Smells like inside work to me.

Golly, that "common data store" wouldn't have been a Microsoft "protected" server? It was probably co-ordinated with Mossad.

#3 | Posted by redlightrobot at 2008-10-11 01:09 PM | Reply | Flag:

Actually, it's a high-security Unix system.

And contrary to what your local neighborhood l337 kid will tell you, Unix isn't actually inherently more secure then anything else. It's just that the systems are less widespread as pretty much everyone writes their own, therefore there aren't as many people working on any one system's vulnerabilities in tandem.. It's security through obscurity. A perfectly acceptable method, and in the long run for exactly that reason a better choice then the more commonly commercial security solutions, but don't fool yourself into thinking it's inherently better or worse then Microsoft's offerings.

Or, short version: Microsoft isn't actually swiss cheese, it's just the biggest target.

Ching Chong Chinaman sitting on a fence, trying to make one dollah outta fifteen cent.

What about Chinese hookers?

Contrary to what your local redneck will tell you, Unix is very secure and almost bulletproof. It is built on a system of permissions, and if you don't have the admin access, then forget it.

Contrary to what your local redneck will tell you, Unix is very secure and almost bulletproof. It is built on a system of permissions, and if you don't have the admin access, then forget it.

#9 | Posted by dxlingr at 2008-10-11 09:45 PM | Reply | Flag

*sigh*

Every NT-descended OS has had the same thing going for as long as I can remember. One setup built on a system of permissions is absolutely no different then any other built on a system of permissions. What is at issue is the flaws that can be exploited to gain permissions your account is not supposed to have. The security routines written on a UNIX system are nearly always written onsite by software engineers tailoring it specifically to that organization. Every time you try to break in to a UNIX system, you are basically starting from the ground floor with no idea of anything working. One of the last-ditch security efforts that has stopped even the best of crackers in security tests has been an alternate shell that operates like nothing seen before. Even if you secure an account with proper permissions, it won't do you a fly's vomit of good if you don't know how to issue commands. UNIX based systems are _that flexible_, that they can have a kernel compiled in such a way that only one type of shell even translates instructions properly.

A _commercial_ security option, however, is built in a nearly identical fashion for everyone who has it. That means that Jerry Joe Jimbob Raheem Kurosawa the hacker can acquire the exact SAME security suite, and find holes at his leisure. Security through obscurity is actually a wonderful ideal, and highly encouraged, but that does not make anything written on a UNIX box _inherently better programmed_ then something written on a Server 2008 box. The same guy who can rip the pre-sold package to shreds can do the same to a "high level" UNIX security setup, if he had access to it in his own sandbox.

Take a high-level computer security course. You might learn something. Just because your local Linux usergroup says something doesn't make it true.

Now, that aside, it's time for some more education for you: In 999,999,999 out of 1,000,000,000 of _all_ cases, EVEN WITH THE SANDBOX PLAY, the only real threat to any kind of system is someone already inside your organization breaking security. UNIX, Server 2008, or even your some home-brewed up thing running off that new mini-hyperspeed 6502, the only REAL threat is an inside job.

Even in this article, if you had taken the time to read it before running out and looking up a Google "reason UNIX is superior" phrase to use (that you clearly don't even understand), the attack came from inside. They stupidly outsourced some of their work to India, and programs tailored to their system were installed to open backdoor access.

I've long thought that China and Russia should be disconnected from the Internet. Don't do any surfing on sites ending in .ru if you don't have spyware and virus protection. But Russia is homegrown, entreprenurial stuff; China wants the keys to the whole damn world.

What about Chinese hookers?

WHAT about Chinese hookers???