December 17th, 2008 Beardy
Ok, this is a LONG one, but what is driving the manoeuvrings by the Oz federal government surrounding the NBN (National Broadband Network for those who have been living in a cave for the past few years)….?
Is it possible that The Greens comment may have hinted at a deeper issue than anyone intended? Nationalisation of what the government deems “critical infrastructure” is nothing new (look at link at end). It is common knowledge that the ALP was fiercely opposed to the full sale of Telstra. Telstra is receiving a hammering on its share price. Finally, the effective detente that exists between the federal government and Telstra does not bode well for any brinkmanship on the part of the telco’s executives.
Now consider that the federal government could quite conceivably build its own broadband network and lease bandwidth on it to the telcos. The only thing that would be required would be the experienced technicians and management to get it built and managed….. enter the government’s long-standing insistence that Telstra break up into divisions carving off the infrastructure division complete with its staff.
While it is a very long bow to draw a possible suggestion that the government would go so far as to nationalise Telstra to force that division, they may not have to if they owned the largest broadband network in the nation. Such a situation would seriously devalue Telstra even further making a buy-back an option rather than the more brutal nationalisation (which would likely be unpopular with the electorate).
It will be interesting times ahead if Telstra gets backed into a corner on the NBN rollout….. especially if their competition is the government.
“Govt could build NBN itself: Greens”
<http://www.zdnet.com.au/news/communications/soa/Govt-could-build-NBN-itself-Greens/0,130061791,339293537,00.htm?feed=pt_telstra>
“Telstra NBN lawsuit “100%” likely”
<http://www.zdnet.com.au/news/communications/soa/Telstra-NBN-lawsuit-100-likely/0,130061791,339293827,00.htm?omnRef=1337>
“Telstra quiet on NBN legal action”
<http://www.australianit.news.com.au/story/0,24897,24801170-5013040,00.html>
“Shareholders wipe billions from Telstra”
<http://www.news.com.au/couriermail/story/0,23739,24809904-3122,00.html>
“Pressure on Telstra chiefs as shares dive”
<http://www.australianit.news.com.au/story/0,24897,24812846-15306,00.html>
Hints of a possible future….
<http://www.alp.org.au/media/0108/msinfrpm210.php>
History
<http://atlantic-cable.com/CableCos/CandW/CW/index.htm>
Posted in National Broadband Network | Comments Off
December 17th, 2008 Beardy
Latest news…
The US software giant said that in response to “the threat to customers” it immediately mobilised security engineering teams worldwide to deliver a software cure “in the unprecedented time of eight days.”
According to researchers at software security firm Trend Micro, attacks based on the vulnerability in the world’s most popular Web browser are spreading “like wildfire” with millions of computers already compromised.
Microsoft typically releases patches for its software on the second Tuesday of each month and rushing this fix to computer users out-of-cycle is testimony to the severe danger of the threat, according to Trend Micro.
“Microsoft releasing emergency patch for perilous IE flaw”
<http://www.australianit.news.com.au/story/0,24897,24813123-15306,00.html>
Posted in Security | Comments Off
December 17th, 2008 Beardy
(As seen on /.)
The mainstream press and consumer IT news services are starting to pick up on the issue. Not surprisingly, there is a fair amount of disbelief that M$ are so blithely just advising users to be cautious rather than provide a real fix.
As mentioned previously, the greater worry is not in user computers becoming infected due to the flaw, but rather the trend that is the propagation of infections that are impacting legitimate web sites causing wider spread of the problem. The obvious greatest concern would be if the non-technical news sites (eg: BBC, CNN, etc) became compromised as the flow-on would undoubtedly eventually hit the online financial services (ie: banks) sites.
So, how long can M$ persist to play the role of Nero* before people start to vote with their feet(/fingers) and switch to non-IE browsers ?
“If users can find an alternative browser, then that’s good mitigation against the threat.”
But Microsoft counselled against taking such action.
“Hackers Compromise Legit Web Sites to Target Microsoft IE Flaw”
<http://www.eweek.com/c/a/Security/Hackers-Compromise-Legit-Web-Sites-to-Target-Microsoft-IE-Flaw/>
“Serious security flaw found in IE”
<http://news.bbc.co.uk/2/hi/technology/7784908.stm>
*Nero of “fiddled while Rome burns” fame rather than the CD burning variety.
Posted in Security | Comments Off
December 15th, 2008 Pete
The data-binding exploit is apparently capable of delivering viruses, trojans and pretty much any malware the exploiters take a fancy to delivering. This would by extension include keyloggers and website infectors.
The best advice so far is to use a non-IE browser and avoid any suspect sites….
NB: Trend Micro do NOT currently provide a protection for this issue (see last link on page).
“Internet Explorer Data Binding 0-Day Clarifications”
http://secunia.com/blog/38/
To clarify three common incorrect assumptions about this vulnerability:
Assumption: Only Internet Explorer 7 is vulnerable.
Correction: No, at least Internet Explorer 6 is also affected, but not by the public exploits that are currently available. According to Microsoft’s updated advisory, IE 5.01 is also affected. We have not confirmed this yet, but it seems plausible.
Assumption: The core problem is related to XML processing.
Correction: No, it’s related to data binding. Working exploits can be created nicely without using XML.
Assumption: Setting the security level to “High” for the “Internet” security zone or disabling “Active Scripting” support protects me against attacks.
Correction: Technically no. It is still possible to trigger the vulnerability. However, it does make exploitation trickier as it protects against attacks using scripting.
“IE zero day bites broader group of users”
http://www.theregister.co.uk/2008/12/12/ie_zero_day_misconceptions/
“More on the Internet Explorer zero-day”
http://www.sophos.com/security/blog/2008/12/2204.html
“Vulnerability in Internet Explorer Could Allow Remote Code Execution (961051)”
http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VNAME=Vulnerability+in+Internet+Explorer+Could+Allow+Remote+Code+Execution+(961051)&Page=
The link that Trend Micro point to at Microsoft…. (which does NOT fix the problem, just reduces the odds of infection…)
http://www.microsoft.com/technet/security/advisory/961051.mspx
Posted in Security | Comments Off
December 8th, 2008 Beardy
“Free software… good for the end user, but not so good for the programmer who needs to eat to survive…”
“Open source software… good for the end user, but a decidedly shaky foundation on which to build a business…”
“Closed-source, expensive, proprietary software… with a few notable exceptions, of questionable quality and/or function…”
The above comments are neither new nor insightful, but they are at the heart of the discussion that the author is trying to stir.
Whether you are an OSS zealot or a M$ fan boy, it is impossible to deny that the face of the software-as-a-business industry has changed dramatically over the past 30 years. The future for the “professional programmer” (ie: needs to get $$$ from programming) is now somewhat clouded outside of some very narrow speciality fields.
Enter the debate…
Does the new era of the computing industry have room for any of the traditional software-only companies ?
LinuxWorld Article: “Open source is dying — or maybe it isn’t”
http://www.linuxworld.com.au/article/269891/open_source_dying_–_maybe_it_isn_t?fp=16&fpid=1
Posted in Opensource | Comments Off
