Yea GODS!!!
David Mohring
publicity problem, the team at Microsoft have *finally* decided to
make some fundamental changes to address the issues.
Great! Fantastic! ABOUT BLOODY TIME!
So does mister Gates do? He writes an email to his employees and
has it promptly "leaked" to practical every major news organization
on the planet.
Mr Gates and the other Microsoft's management grasp of the concept
of 'irony' must surely be matched only by the likes of Alana Morrisette.
What is interesting is the comments from other MS executives
on the leaked news sites.
"Microsoft Makes Software Safety a Top Goal"
January 17, 2002
http://www.nytimes.com/2002/01/17/technology/17SECU.html
+ Last month the company was again stung when an embarrassing security flaw
+was found in a feature known as Universal Plug and Play in Windows XP, its
+new operating system.
+
+"The Universal Plug and Play thing was what put me over the edge," said Jim
+Allchin, Microsoft's group vice president for operating systems. "I said
+enough's enough."
+
...
+"Every developer is going to be told not to write any new line of code," Mr.
+Allchin said, "until they have thought out the security implications for the
+product."
YES !!! Finally, but a little too late since almost all of the core OS and
application code has already been written.
In Reuters' press release Jim Desler contradicts Allchin first quote.
"Microsoft's Gates Calls for New Focus on Security"
January 17, 2002 2:33 am EST
"""http://www.iwon.com/home/technology/tech_article/0,2109,202482|
technology|01-17-2002%3A%3A02%3A29|reuters,00.html"
+A Microsoft spokesman said the memo was not in response to a particular
+incident or attack.
+
+"It's a continuation of what we're doing on security and the recognition of
+the importance of meeting the critical challenge of making safe and secure
+software," spokesman Jim Desler said.
"Microsoft Shifts Focus
Software Giant to Concentrate on Security and Privacy"
Jan. 16
http://abcnews.go.com/sections/scitech/DailyNews/microsoft020116.html
+One person with knowledge of the change said new products and features will
+be tested for security risks before going any further -- if they fail, the
+feature won't be included.
+
+"Things are going to have to go through a crucible, and the crucible will be
+security-first," according to this person, who spoke only on condition of
+anonymity.
...
+Russ Cooper, a security expert with TruSecure Corporation, said the change
+occurred in part after a new security team assigned to attend every product
+meeting met resistance from product teams.
Note that the above two quotes have managed to be "leaked" to many other
news sites. including
http://www.theglobeandmail.com/ and
http://cbsnews.cbs.com/now/story/0,1597,324663-412,00.shtml
So much for not treating the issue of security as a publicity problem.
I fully welcome any *real* shift by Microsoft towards securing *their*
products, at least it will make the internet a safer place,
but ( there is always a "but" ) it would have been more belevable if
Microsoft had "quietly" instituted the required changes first.
But all told, I fully admit, it is a Great Leap Forward, just like another
one in history...
http://www.asiaweek.com/asiaweek/magazine/99/0924/cn_economy.html
+Mao launched the Great Leap Forward program in 1958, arguably the greatest
+economic folly of the 20th century. To help China surpass the economies of
+Britain and the U.S. in 15 years, he decreed that every Chinese should
+produce smelt iron. Hundreds of millions of citizens neglected farms to make
+low-grade pig iron. Beijing did not know that grain was rotting in the fields
Why the above quote? Check out the language Mr Gates uses in his letter
( see the register
http://www.theregister.co.uk/content/4/23715.html
). Remind you of the announcements of the old "five year plans" from
the old Soviet and Maoist regimes? Even down to the use of catch phrases!
If Microsoft's Management is serous ( and given their past pronouncements
on the security of their products - thats a very big "if" ) , it is a
Herculean but not impossible task ahead. It will not happen overnight.
Microsoft should have started this process three years ago.
The attempt to turn their current inherently designed insecure products
into a "trusted" system is like that of turning a sows ear into a silk
purse. The result is more likely to be pots and pans into useless,
unsaleable pig iron. A lot of the core design for many of the products
is going to have to be rewritten.
As for "Trustworthy computing" ( I wonder where they picked up the
idea for that phrase ? ) See
"Avoiding bogus encryption products: Snake Oil FAQ" ...
http://www.faqs.org/faqs/cryptography-faq/snake-oil/
... the principals apply as much to "secure" software products
as it does to cryptographic products.
For software to be "Trustworthy" it requires that both the source and
build processes be verifiable by public inspection by peers in the
industry. That *requires* an unrestrictive license such as open
source ( http://www.opensource.org/docs/definition.html ).
Microsoft's Shared Source like license, which requires the user agree
to non-competition clauses, prevents real peers from examing the source.
So all you Microsoft executives ( I know you read my posts ) do you
really have the guts to do what it takes to get the job done?
David Mohring - "Trust Microsoft" Sung to the Southpark tune of "Blame Canada"
E. Scrooge
"David Mohring" <her...@heretic.ihug.co.nz> wrote in message
news:slrna4dr78....@heretic.ihug.co.nz...
>
> So all you Microsoft executives ( I know you read my posts ) do you
> really have the guts to do what it takes to get the job done?
>
> David Mohring - "Trust Microsoft" Sung to the Southpark tune of "Blame
Canada"
My God! It's like watching the mind of a child at work somewhere inside the
head of an adult.
It's like watching some poor fool standing on a beach trying to stop the
tide from coming in.
E. Scrooge
David Mohring
E. Scrooge <e.sc...@xfree.co.nx> wrote:
>
>"David Mohring" <her...@heretic.ihug.co.nz> wrote in message
>news:slrna4dr78....@heretic.ihug.co.nz...
>>
>> So all you Microsoft executives ( I know you read my posts ) do you
>> really have the guts to do what it takes to get the job done?
>>
>> David Mohring - "Trust Microsoft" Sung to the Southpark tune of "Blame
>Canada"
>
>My God! It's like watching the mind of a child at work somewhere inside the
>head of an adult.
I've said it many times before Scrooge, when you personaly abuse me
I know I'm on the right track. That you snipped the article, completely
failing to address any of the issues raised, proves it.
>It's like watching some poor fool standing on a beach trying to stop the
>tide from coming in.
If your refering to Mr Gates with that last statement, its a good analogy.
See "The Gates Declaration and Microsoft Security Day"
Richard Forno - 16 January 2002
http://www.infowarrior.org/articles/2002-02.html
>
>E. Scrooge
>
>
David Mohring - "We can only hope for the best - time will tell."
BrianM
<her...@heretic.ihug.co.nz> wrote:
> After *years* of treating the lack of security in it's products as a
> publicity problem, the team at Microsoft have *finally* decided to make
> some fundamental changes to address the issues.
***** snipped *****
Oddly enough, Richard Fromo writing in The Register
http://www.theregister.co.uk/content/4/23727.html
thinks its a load of old bollocks and he's heard it all before.
Read on, you cynics out there.
Brian
--
Regd Linux user #235194
Adam Warner
> After *years* of treating the lack of security in it's products as a
> publicity problem, the team at Microsoft have *finally* decided to make
> some fundamental changes to address the issues.
>
> Great! Fantastic! ABOUT BLOODY TIME!
>
> So does mister Gates do? He writes an email to his employees and has it
> promptly "leaked" to practical every major news organization on the
> planet.
At least we get to see what a faux leak looks like. The full text of the
leak is even posted on Paul Thurrott's WinInfo site
(http://www.wininformant.com). Bill Gates must be devasted at the
unprecedented circulation and news coverage.
Did you check out some of the self-congratulation? You'd be hard pressed
to think anything needed to be fixed:
We have done a great job of having teams work around the clock to
deliver security fixes for any problems that arise. Our responsiveness
has been unmatched -- but as an industry leader we can and must do
better.
And unless I missed it the actual memo makes no mention of any bonus or
remuneration structures. So why did that feature as a prominent part of
the initial leaks?
> Mr Gates and the other Microsoft's management grasp of the concept of
> 'irony' must surely be matched only by the likes of Alana Morrisette.
>
> What is interesting is the comments from other MS executives on the
> leaked news sites.
>
> "Microsoft Makes Software Safety a Top Goal" January 17, 2002
> http://www.nytimes.com/2002/01/17/technology/17SECU.html + Last month
> the company was again stung when an embarrassing security flaw +was
> found in a feature known as Universal Plug and Play in Windows XP, its
> +new operating system.
> +
> +"The Universal Plug and Play thing was what put me over the edge," said
> Jim +Allchin, Microsoft's group vice president for operating systems. "I
> said +enough's enough."
And to think some Windows apologists didn't think so yesterday. What a
difference a day can make.
> For software to be "Trustworthy" it requires that both the source and
> build processes be verifiable by public inspection by peers in the
> industry.
What would allow you be sure of the trustworthiness of the build process
David? Even if the source was available how would you verify the binaries
correspond with the source? Wouldn't it just simply come down to whether
you trust the operating system vendor or not? It actually goes so deep as
being able to trust the compiler. And what/who compiled the compiler
[because if you want to install backdoors in code and you know that the
source that is being fed into your compiler is verifiable by public
inspection then you'd just use a compromised compiler. Or a compromised
compiler to compile the source verified compiler].
There is a seminar article about this: http://www.acm.org/classics/sep95/
The moral is obvious. You can't trust code that you did not totally
create yourself. (Especially code from companies that employ people
like me.) No amount of source-level verification or scrutiny will
protect you from using untrusted code. In demonstrating the possibility
of this kind of attack, I picked on the C compiler. I could have picked
on any program-handling program such as an assembler, a loader, or even
hardware microcode. As the level of program gets lower, these bugs will
be harder and harder to detect. A well installed microcode bug will be
almost impossible to detect.
So to my mind it comes down to whether I trust an operating system vendor
to have all my interests foremost and especially not have conficting
loyalties to any individual or agency that may wish for social, economic
or political reasons to be able to break into my computer.
Trustworthy computing appears to be an (almost) impossible task.
Regards,
Adam
David Mohring
Adam Warner <use...@consulting.net.nz> wrote:
>David Mohring wrote:
>
>> After *years* of treating the lack of security in it's products as a
>> publicity problem, the team at Microsoft have *finally* decided to make
>> some fundamental changes to address the issues.
>>
>> Great! Fantastic! ABOUT BLOODY TIME!
>>
>> So does mister Gates do? He writes an email to his employees and has it
>> promptly "leaked" to practical every major news organization on the
>> planet.
>
>At least we get to see what a faux leak looks like. The full text of the
>leak is even posted on Paul Thurrott's WinInfo site
>(http://www.wininformant.com). Bill Gates must be devasted at the
>unprecedented circulation and news coverage.
>
>Did you check out some of the self-congratulation? You'd be hard pressed
>to think anything needed to be fixed:
>
> We have done a great job of having teams work around the clock to
> deliver security fixes for any problems that arise. Our responsiveness
> has been unmatched -- but as an industry leader we can and must do
> better.
>
>And unless I missed it the actual memo makes no mention of any bonus or
>remuneration structures. So why did that feature as a prominent part of
>the initial leaks?
You have to wonder.
>
>> Mr Gates and the other Microsoft's management grasp of the concept of
>> 'irony' must surely be matched only by the likes of Alana Morrisette.
>>
>> What is interesting is the comments from other MS executives on the
>> leaked news sites.
>>
>> "Microsoft Makes Software Safety a Top Goal" January 17, 2002
>> http://www.nytimes.com/2002/01/17/technology/17SECU.html + Last month
>> the company was again stung when an embarrassing security flaw +was
>> found in a feature known as Universal Plug and Play in Windows XP, its
>> +new operating system.
>> +
>> +"The Universal Plug and Play thing was what put me over the edge," said
>> Jim +Allchin, Microsoft's group vice president for operating systems. "I
>> said +enough's enough."
>
>And to think some Windows apologists didn't think so yesterday. What a
>difference a day can make.
>
Time for them to (re-)read George Orwell's "Animal Farm" me thinks.
>> For software to be "Trustworthy" it requires that both the source and
>> build processes be verifiable by public inspection by peers in the
>> industry.
>
>What would allow you be sure of the trustworthiness of the build process
>David? Even if the source was available how would you verify the binaries
>correspond with the source? Wouldn't it just simply come down to whether
>you trust the operating system vendor or not? It actually goes so deep as
>being able to trust the compiler. And what/who compiled the compiler
>[because if you want to install backdoors in code and you know that the
>source that is being fed into your compiler is verifiable by public
>inspection then you'd just use a compromised compiler. Or a compromised
>compiler to compile the source verified compiler].
>
>There is a seminar article about this: http://www.acm.org/classics/sep95/
>
> The moral is obvious. You can't trust code that you did not totally
> create yourself. (Especially code from companies that employ people
> like me.) No amount of source-level verification or scrutiny will
> protect you from using untrusted code. In demonstrating the possibility
> of this kind of attack, I picked on the C compiler. I could have picked
> on any program-handling program such as an assembler, a loader, or even
> hardware microcode. As the level of program gets lower, these bugs will
> be harder and harder to detect. A well installed microcode bug will be
> almost impossible to detect.
>
Other than manual inspection of the resulting compiler binary, a solution
for this is too use many third party C compilers and enviroments for the
original bootstrap compiler build and compare the resulting code after
the resulting compiler has rebuild itself for the third time. If the
result greatly differs then manualy inspect the generated code where
it differs.
You can do this with GCC, but I don't know if the source Microsoft's C
compiler is currently portable enough to do this.
The rest just good secure housekeeping, Don't build as Root and
keep the build systems isolated and secure as you should be
doing for vital public key signing enviroments.
>So to my mind it comes down to whether I trust an operating system vendor
>to have all my interests foremost and especially not have conficting
>loyalties to any individual or agency that may wish for social, economic
>or political reasons to be able to break into my computer.
>
>Trustworthy computing appears to be an (almost) impossible task.
Difficult, Yes. Fallible Yes. Impossible No.
>
>Regards,
>Adam
David Mohring - "... the impossible takes a little longer."
BrianM
<bmo...@nilads.co.ny> wrote:
typo correction: "Richard Forno"
Brian