{"id":2692,"date":"2002-05-16T12:18:53","date_gmt":"2002-05-16T17:18:53","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/wp\/?p=2692"},"modified":"2002-05-16T12:18:53","modified_gmt":"2002-05-16T17:18:53","slug":"punish_microoft","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2002\/05\/16\/punish_microoft.html","title":{"rendered":"Punish Micro$oft &#8230; and the Terrorists Win!"},"content":{"rendered":"<p>Simply amazing.  <\/p>\n<p>Jim Allchin, the GVP for Platforms at M$, testified that forcing M$ to share informations with competitors could <a href=\"http:\/\/www.eweek.com\/article\/0,3658,s=1887&#038;a=26543,00.asp\">seriously compromise national security<\/a>, including the war effort in Afghanistan.<\/p>\n<p>Why?<\/p>\n<p>When you finish sifting through it, it&#8217;s because Microsoft&#8217;s coding is riddled with bugs and revealing APIs and protocols would make it even easier for hackers to break it.<\/p>\n<p class=\"block\">In his written testimony, Allchin suggested several, far-reaching dangers that could develop if Microsoft is not permitted to withhold API and protocol disclosures when it has security-related concerns. &#8220;It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks,&#8221; Allchin, group vice president for platforms, wrote in his testimony. &#8220;Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the Armed Forces of the United States in Afghanistan and elsewhere.&#8221; <\/p>\n<p>Of course, since under the DoJ agreement (which the nine states are protesting) M$ would be able to exempt any API or protocol under security grounds, M$ is using its own incompetence as a shield to keep it from revealing anything it doesn&#8217;t want to reveal &#8230; and, not coincidentally, trying to wrap itself in the flag while doing so.<\/p>\n<p>But, then, security through obscurity (don&#8217;t admit, don&#8217;t tell, take your sweet time in fixing) has long been a hallmark of M$ overall security strategy.<\/p>\n<p class=\"block\">When pressed for further details, Allchin said he did not want to offer specifics because Microsoft is trying to work on its reputation for security.<\/p>\n<p>In other words, <i>Trust us, because we&#8217;re very security minded, so security-minded that we don&#8217;t even want to let you know where our security sucks.<\/i><\/p>\n<p>Yeesh.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Simply amazing. Jim Allchin, the GVP for Platforms at M$, testified that forcing M$ to share informations with competitors could seriously compromise national security, including the war effort in Afghanistan&#8230;.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[20],"tags":[],"class_list":["post-2692","post","type-post","status-publish","format-standard","hentry","category-hi-tech"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":133024,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/03\/13\/who-needs-hackers-when-this-kind-of-stuff-ends-up-online.html","url_meta":{"origin":2692,"position":0},"title":"Who needs hackers when this kind of stuff ends up online?","author":"***Dave","date":"Mon 13-Mar-17 9:47am","format":false,"excerpt":"Because of course your \"internet-connected backup drive\" doesn't need a password. Why would it, when you're only storing security clearance application information for US generals, passport and SSN data, userids and passwords, bits of trivia like that?'The files, reviewed by ZDNet, contained a range of personal information, such as names\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":134736,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/09\/18\/social-security-numbers-broken-alternative.html","url_meta":{"origin":2692,"position":1},"title":"Social Security Numbers are broken. What is the alternative?","author":"***Dave","date":"Mon 18-Sep-17 11:41am","format":false,"excerpt":"We are increasingly a data-driven world. There are electronic records about us everywhere, and we rely on them in a thousand different ways to identify us. But anyone who's ever worked with a system that tries to reliably and consistently identify people knows that it's a problem. What identifier is\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/Equifax-HQ.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":45011,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/09\/08\/movie-hacking-vs-real-hacking.html","url_meta":{"origin":2692,"position":2},"title":"Movie Hacking vs Real Hacking","author":"***Dave","date":"Mon 8-Sep-14 1:16am","format":false,"excerpt":"I'd love to see that in a movie some day.(h\/t +Gerard McGarry) Originally shared by +nixCraft Linux Blog So true: Movie hacking vs. real hacking (social engineering). Credit - http:\/\/www.smbc-comics.com\/index.php?id=2526#comic #hackers #socialengineering #humor #funny #IT #security #laughteristhebestmedicine View on Google+","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2014\/09\/20120220.gifimgmax%3D660.gif?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":133915,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/07\/20\/okay-can-we-stop-treating-ssn-as-a-super-seekrit-thing.html","url_meta":{"origin":2692,"position":3},"title":"Okay, can we stop treating SSN as a Super-Seekrit Thing?","author":"***Dave","date":"Thu 20-Jul-17 3:43pm","format":false,"excerpt":"Because, really, they keep getting leaked \/ hacked \/ discovered, and the there's all sorts of \"Oh noes, with a person's SSN they can pretend to be them.\"Just treat it as another attribute and figure out some other validation mechanism. This one's as broken (and obsolete) as \"Mother's Maiden Name\"\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1524,"url":"https:\/\/hill-kleerup.org\/blog\/2001\/12\/17\/security_of_a_d.html","url_meta":{"origin":2692,"position":4},"title":"Security of a Different Color","author":"***Dave","date":"Mon 17-Dec-01 1:59pm","format":false,"excerpt":"More analytical hi-jinx from the Register, looking at how Micro$oft's security modus operandi sucks chunks: Bear in mind that most, if not all, of this virtual mayhem was not the...","rel":"","context":"In &quot;Hi-Tech&quot;","block_context":{"text":"Hi-Tech","link":"https:\/\/hill-kleerup.org\/blog\/category\/hi-tech"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":44451,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/08\/19\/information-must-be-free-or-stolen.html","url_meta":{"origin":2692,"position":5},"title":"Information must be free (or stolen)","author":"***Dave","date":"Tue 19-Aug-14 1:08pm","format":false,"excerpt":"So any of you companies who are still relying on date of birth or SSN as a means of proving identity -- just ... stop.Reshared post from +Les JenkinsWell that's not good.\ufeff Hackers steal records on 4.5 million patients from healthcare system Data included Social Security numbers as well as\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/2692","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=2692"}],"version-history":[{"count":0,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/2692\/revisions"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=2692"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=2692"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=2692"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}