What follows Patch Tuesday? Exploit Wednesday. Grab this bumper batch of security updates from Microsoft Microsoft released an XL-sized bundle of security fixes for its products for this month's Patch Tuesday, and other vendors are close behind in issuing updates. The Windows goliath's batch for July has 117 patches, 13 for what's said to be critical bugs, 103 important, and one moderate. Normally, we'd encourage you to install …
One day someone might work out to how to write code that isn't riddled with hazardous vulnerabilities, or am I dreaming?. No mainstream OS or major application has to date been rendered free of critical bugs prior to being retired. Hence the obsession with "legacy" being dangerous. But the replacements rapidly demonstrate that they're just as bad. In any other branch of engineering this record would not be tolerated - but does software development yet qualify as engineering? I think not. Until it does, we're going to continue spiralling downwards towards digital oblivion, and considering the increasing penetration of software into pretty much everything we use, it's no longer that far off.
When the customer gets fed up with non-performing products, or $1000 devices that won't be usable next Christmas, that is when we will see reliable systems--and not before.
To quote the CEO of IBM (in 2000), "One of these days, the customer is going to say 'E-nough!' But until he does, it's e-everything."
The other route is regulation. That worked for seat belts. This is a much tougher environment, however.
I regularly engineered software, hardware, and systems for the US Navy for a decade and, despite another twenty years of further use, no defects nor vulnerabilities have ever been found. All safety I critical systems and large as well. They were designed with formal verification. Internally, they are very definition of zero a trust as defects in the tools chain, operating system, even the hardware are assumed as possible conditions to defeat detected and addressed. If not, well the results would headline International news. For weeks.
"To be totally safe, disable the print spooler service entirely."
This is Windows we're talking about. Certainly the only way to be "totally safe" involves taking a large hammer to the Internet router, and possibly burning the building down as well. Anything less than that is just postponing the inevitable. Again.
Oh well, I guess it keeps us employed.
That takes me back to the Windows NT giggle I (we?) had way back when.
Microsoft claimed C3 certification for NT. The only problem was the configuration had to be standalone, amongst other things. Whoop-de-doo!
So, Dave, I reckon your hammer is in-line with MS "best practices"! ;)
Not sure about burning the building down, that's either Facilities Management, or better "on-boarding" the BOFH with a few bevvies!
eg:
"Microsoft likes to trumpet the fact that Windows-NT is certified by the government for C3 security. What they leave out is that that was only for a certain version of Windows-NT (which they no longer support) and a certain hardware configuration (which had no network card.) In the real world, a typical Windows-NT installation would never come close to getting C3 certification."
From the first ref. I found: http://www.oualline.com/practical.programmer/cpm.html
[Icon - seems BOFH got there already!]
Microsoft claimed C3 certification for NT. The only problem was the configuration had to be standalone, amongst other things. Whoop-de-doo!
I once read the requirements for Windows C5 certification:
Standalone
In a closed vault
No networking
No power
At one point I believed that was how Microsoft stored their root CAs (think early oughts) at a Microsoft campus. I don't know if that was rumor or whatever.
I know that when I heard of that, I knew very little about PKI at the time and for sure didn't know about HSMs, which is where valuable data like root certificates reside these days.
Yes, I made a mistake, substitute private key for certificate, there fixed.. Everything else typed remains true. Must be nice not to make typos.
A CA does hold its own private key. How else can it sign a request presented to it?
A HSM is just a tamper-evident device which can store private keys and sign things with them. One among a whole slew of things that they can do.
Once and a while, a Root CA does need to sign a new sub-CA cert, so the story was plausible to me back then as it is still today. You want to ensure that the root CA is in a protected and trusted state so that it can not sign an unauthorized CSR.
Corollary is that with it physically disconnected from any network and physically secured, the private key is at a known and safe location.
Nothing stopping people having all sorts of drinks.
Always a few single malt Scotch whisky knocking around the house (amongst other spirits), but also often a bottle of Southern Comfort (or similar bourbon style spirit) around.
Different drinks but also drunk in different ways / for different reasons - I'll irk the purists by saying I will occasionally have a small single malt (or a bourbon, or a rum, etc.) to accompany a dessert - depends on dessert flavour & sweetness but its a matter of picking something to complement it e.g. simplistically if you are going the contrasting flavours approach a "tangy" dessert gets a sweet drink such as rum or bourbon, a "sweet" desert gets a single malt etc. The appropriate drink for a meal course is a thing of argument though (some go for "matching" approach e.g. a sweet drink with a sweet dessert).
Verbosity aside, context is key, no such thing as a "bad" drink in the right circumstances.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
