Friends.
Spoke Joseph Menn, FT, re the sinister and potent nature of the Chinese launched cyber attacks on Google that prompted the present confrontation between Goog and Beijing. Astonishing information that the Chinese are using military teams - the PLA is likely the main attack force -- to spy on and penetrate the machines of particular company officials who have access to the real names and identifications on the google mail accounts. If the PLA invaded Seattle or Palo Alto with fireteams, if the PLA occupied the West Coast, it could not gain as much data on its rivals and citizens as it now gathers from the hacks -- which have been underway at least since 2006. The hackers did not make direct attacks on the targets. Instead they tracked the friends and associates of the targets, people who were unlikely to practice severe security with their machines. The hackers would draw from Facebook or Twitter or Im accounts to learn the names of the friends. They would then penetrate the friends's machines usng a Trojan Horse that gained access through a hole in Internet Explorer. (It does not work to gain access through Safari or Firefox or Chrome -- so far.) The entry route is likely exclusively Internet Explorer. Once the Chinese hack soldiers are inside the unprotecte machine, they send an e-mail to the target, figuring the target is more likely to click on a message form a pal. Once the click, then the Trojan goes into the target machine to install a key logger. And from there, the hackers watch the traffic on the target's machine and find a way into the most secure areas in Google.
IE
Am told that Internet Explorer is totally unreliable, in all forms. Only safe browsers for now are Safari (my recommendation), Firefox (for Mac), and Chrome (not ready for Mac yet.) Does this make Bing suspect? Unknown.
Who else in China has the resources to pull something like this off? Technology is the only edge we have, and we are losing it. While our enemies work tirelessly to eliminate our ever shrinking technological advantage, we obsess over windmills. They, or at least someone, has successfully hacked into our power grid, when they shut our lights off we may all be wishing we had installed one in our back yard.
The new cold war is upon us, and we apear to be both ill equiped to fight it, and unwilling to take it seriously. WWIII may be won, or in our case lost, without a shot being fired.
http://www.nytimes.com/2010/01/26/world/26cyber.html?pagewanted=all
Everything from Microsoft is suspect.
There are too many middlemen between the authors of the code, who probably do love the technology they work with, and getting a product out the door.
As the vocabulary of their leadership often reveals, their goal has to do with "destroying" the competition, "crushing" the alternatives.
From the federal government's point of view they are in the class of companies that are "too big to fail" and so instead of punishing them for monopolistic practices they reward them by mandating internal use of their products. This has lead to a permanent sense of complacency within the company. They really don't have to work to succeed, just show up on the battlefield.
Not that Google is perfect, but whenever I've read headlines of security issues involving them, there is usually a Microsoft product lurking at the bottom of it all. Break-ins on Gmail ids turned out to be the result of combined carelessness of users with the funky way the Hotmail IDs are recycled. Prior to that I at least thought MS capable of running an online service, but no more.
Remember, when Microsoft first got to be a major IT player Bill Gates found out that much of their infrastructure (Hotmail as a major example) was not built on Windows technology. He ordered everything rewritten. Politics, and appearances, nothing more (like our curent administration come to think of it).
It is unfortunate that although Googles infrastructure uses mostly Linux software they must test agains all maner of Microsoft abominations, and to be honest, with the size of the Google staff there are no doubt a fair number of people who know no better than what they grew up with: Windows.
There is order of magnitudes more spam on the loose new than when Bill Gates announced his company was going to focus on eliminating it (and later claimed that they had!) I expect no more than meaningless pronouncements from the company about their perennial security issues.
I do hope our more computer literate friends in the Obama administration start to think carefully about our government's reliance on a lazy lumbering company for so much of its infrastructure though. A department running Windows is like giving a room full of toddlers adult scissors to play with.
JB, not only is MS IE an insecure browser, the Windows Operating system is as well. Microsoft has ignored security for decades, Federal employees use "locked down" versions, but may still be insecure. Spyware and key-loggers are the bain of InfoSec.
Last night was an eye-opener, the attack on Google was very sophisticated. I wonder if it were only a peripheral attack would Google had acted similarly.
Even Google is more concerned about making money over principal. Everyone is willing to sacrifice morals over profit. Many in the government are willing to sacrifice security for a lavish ceremony in the Forbidden city, it gives them street cred at Foggy Bottom.
China is a more sophisticated enemy (oops I used that E word) than anyone we have ever encountered. We need to treat them as such. Trust but verify.
Wisdom
We are vulnerable. Our economy was attacked (it didn’t just fail on its own). Our educational system was attacked (it didn’t just fail on its own). Our military is under attack; ditto, banking; transportation; big oil, pharma, media… you get the idea. We ourselves are under attack. Of course there are many Kumbaya types who think that it’s we who are attacking everybody.
I’ve long known the intensity of hatred Google has of Internet Explorer and vice versa. I’ve long known of the conflict between Apple and Microsoft. It’s more than just a preference. It’s political – almost to the point of being religious. I automatically distrust anyone who tells me one is better than the other, even if they do so with conviction. I always think of the jihads soberly explaining why all Israeli’s must be killed.
I know I’ll get a lot of heat for this one. But one thing I can tell you: the Apple users I happen to know are nuts; as is the guy next door who works for Google. It’s not a significant sample, but it’s got me convinced.
http://peterkoelliker.blogspot.com/
PK, I prefer PC over Mac, It's just the OS is too insecure. There are religious Mac bigots out there, Unix bigots as well.
I've asked legal eagles as to whether someone could sue MS over the lack of secure operating systems and software products. They always point to the End User License Agreement (EULA) which basically says we only warrant for 90 days this software will behave as expected, no guarantees of quality. Toyota must be wishing they could get away with this!
Most Developers are anti-social, but many are very wealthy!
PK: I have a good friend who recently asked me to stop "preaching" to him about the problems with Windows.
I reminded to him that most of my sermonizing was in response to specific tales of woe that he wasted my time with regarding his computers. If you are happy with what you are using I told him, then stop complaining about it, since I don't have any of those problems, and I am not in a position (a thousand miles away and not having run Windows since 2001) to help you with it in any event. What do they say about someone who continues to do the same experiment over and over hoping for different results?
I made my living in computers and the tail end of that career involved supporting Windows users. I have no desire to do it into retirement as well. The cure for sluggish Windows systems is to save off your data to a safe backup location, reinstall Windows, copy your data back. My experience was this would buy you about a year of pain free computer use. Because most people are intimidated about doing this, there are a slew of packages that can attempt to "clean up" your system in place. I know people that spend about an hour a day "tuning" their system in one way or another, defragging, scanning, registry-cleaning. Far more time than my single re-install per year. Sounds to me like it is they who are engaging in religious behavior.
When I was in government we worked with Windows systems haphazardly for some time, but what eventually evolved was an agency-wide script (derived I think partially from something the security agencies came up with) that went through a Windows system setting by setting (including many setting that users never see) turning things off. This made web pages not render properly, caused programs to crash, and was the source of many user complaints BUT, it rendered a Windows system relatively safe. RELATIVELY. If you had a "mission critical" activity that required these settings to be changed you had to go through a rather unforgiving process involving your management, network administrators, security specialists, and even lawyers. I even got a call from a lawyer, who making the final decision was going to deny my request for such a variance. She apologized and said it was nothing personal. I said ditto. I said I'm "outta here" anyway, and no doubt my department would pick another knight to fight the fight all over again. We agreed that it was a shame that so few involved understood how vulnerable the systems were and how great the risk was to trade a security vulnerability for what was (in this case anyway) a trivial advantage.
I don't know of any major break-ins to our systems while I was there (and I'm not taking credit for that) but break-ins have been reported in the news since then (no inside information being disclosed here). I am so glad to no longer be involved, but as a citizen I'd love to see the country clean up its act. No operating system is invulnerable from careless users, but Windows is particularly "carless users friendly". You can run a safe Windows system, but in my opinion, it is more trouble than it is worth.
To each his own.