Homeland Security's new concern: Microsoft

[Jack]

The involvement of the US Department of Homeland Security with regard to a newly announced critical vulnerability in Microsoft Windows is a wake up call. The serious nature of cyber attacks on the operating system sitting on most of the world's desktops has reached the level where it is now a matter of national and international concern.

For Microsoft, having a government security agency taking a high profile interest in a serious vulnerability in Windows must be a concern of the highest order.

The flaw outlined in Microsoft's MS06-040 security bulletin is apparently so serious that all Windows versions are affected and users can be hacked just by having their computers switched on and connected to the internet.

Security specialists, including Homeland Security's Computer Emergency Readiness Team (US-CERT), are saying its not a matter of if but when a major attack happens. And when the attack does occur, it could affect government, corporate and private computers around the world.

Exploits for the vulnerability have already been publicly demonstrated that can initiate a denial of service attack and experts are warning that a major worm could well be on the way.

For many users, who pay diligent attention to their patch Tuesday security updates, the expected exploits will be no problem. However, for the myriad of pirate Windows users and users who may only turn on their computers sporadically, a vulnerability of this nature could prove disastrous as exploits, including possible worms, are expected to be just days away.

Obviously, the Department of Homeland Security is concerned enough by the ramifications of having sources of exploits with malicious intent gaining remote access to large numbers of US computer systems to issue a public warning for users to patch their systems immediately.

The Homeland Security alert should also serve as yet another warning to Microsoft to get its security house in order. Hopefully, such gaping holes in the software company's operating system will no longer be discovered with the release of Vista.

Source

Frankly I’m amazed it’s taken so long for the government to show its concern about the security of the most popular operating system running on federal computers everywhere in the world. Imagine if every government office used the same type of door lock, and every month or so we discovered someone with a master key. How long would it be before there were calls from every agency demanding the lockset be changed?

[Milton Bradley]

I heard that Microsoft bought the data miner GATOR a while back,a nd planned on incorporating it into all future releases.


While that may an "after the crime" investigation tool, it's also the most sinister data miner that I have ever heard of, or experienced.


It really is 1984, well, 2008 will be.


Thats my story, and I'm sticking to it.

[5010]

And even worse, the recent black hat show had a demo where they hacked a mac in less than 60 seconds, and that targetted hardware. That kind of attack can't be protected by firewall or anything you can run on your system. They said they did this specifically to the mac because of their nyah-nyah-boo-boo-you-are-more-vulnerable-than-me marketting.

I fully expect anything connected to the internet is subject to spying but the thing that protects me is my utterly boring life.

[Osborn F Enready]

If you have a computer, on the internet, your privacy has been for sale for quite some time.

[Milton Bradley]

Quote:

Quote by: 5010 I fully expect anything connected to the internet is subject to spying but the thing that protects me is my utterly boring life.

Heh, you too?

[Captain Chaos]

I don't normally have a lot sympathy for Microsoft, even though I do applaud the Gates' efforts in the public health arena.

However, when it comes to security holes - what a freakin' nightmare! I mean, the very architecture of software that connects to a wide open net (the internet) is such that there are like a million different ways to sneak worms into your system. Microsoft is the target, because it is the standard. But Linux and Mac are not immune, they are just being mostly ignored right now.

In this one area, I feel sympathy for microsoft. That does not mean they are not a big nasty company in other ways.

[Milton Bradley]

Sympathetic enough to buy a product with a proven sinister data miner that reports your activities back to some unknown entity?

[ima9rd]

Quote:

Quote by: Milton Bradley Sympathetic enough to buy a product with a proven sinister data miner that reports your activities back to some unknown entity?

I would like to know where you read this information. The last I read, the deal between Gator and Microsoft died.

[Milton Bradley]

Quote:

Quote by: ima9rd I would like to know where you read this information. The last I read, the deal between Gator and Microsoft died.

That could very well be true.


As to the original story, I saw it on CNN I believe.


Either way, just the fact that they would consider such a move should send chills down your spine.


I have a good relationship with my big brother, I don't need another one.