bush approves of homeland security outsourcing to arab emirates?

[Hypnospin]

let me get this straight, the us taxpayer spends billions upon billions to profiteering homeland security high bid industry to protect, one would reasonably assume, the us borders and points of entry, while 6+ separate major us city seaports are to be sold to and controlled by the same "axis of evil" cohorts (bush's wording) that were considered high risk to all things america?

is there nothing that will not be up for grabs to the highest bidder gratis bushco? for those of the international corporate family and friends syndicate, record profits all 'round.
esp. in these times of war in the interest of, what was it again this time now?, oh, yeah, national security, wasn't it?

interesting to see senators clinton (yes, hillary!) and menendez (self made man of the people underdog and giant killer) take on the powers that be on this one.

http://clinton.senate.gov/news/statements/details.cfm?id=251709&&

seems a perfectly fine deal with bush and his handlers:
http://news.yahoo.com/s/nm/security_congress_ports_dc

"so it is obvious something must be done, the pathetic thing is that it has to be us"
-jerry garcia, on rainforest benefit concerts

 

[MountainPro]

who are the security experts in micro$oft?

ex-computer hackers who M$ would rather have on thier side.

no one knows the weakeness of the systems better.

let me get this straight, the us taxpayer spends billions upon billions to profiteering homeland security high bid industry to protect, one would reasonably assume, the us borders and points of entry, while 6+ separate major us city seaports are to be sold to and controlled by the same "axis of evil" cohorts (bush's wording) that were considered high risk to all things america?

is there nothing that will not be up for grabs to the highest bidder gratis bushco? for those of the international corporate family and friends syndicate, record profits all 'round.
esp. in these times of war in the interest of, what was it again this time now?, oh, yeah, national security, wasn't it?

interesting to see senators clinton (yes, hillary!) and menendez (self made man of the people underdog and giant killer) take on the powers that be on this one.

http://clinton.senate.gov/news/statements/details.cfm?id=251709&&

seems a perfectly fine deal with bush and his handlers:
http://news.yahoo.com/s/nm/security_congress_ports_dc

"so it is obvious something must be done, the pathetic thing is that it has to be us"
-jerry garcia, on rainforest benefit concerts

 

[darkboong]

who are the security experts in micro$oft?

ex-computer hackers who M$ would rather have on thier side.

no one knows the weakeness of the systems better.

That's not strictly true MP... Money doesn't buy loyalty.

The way Microsoft really wants it to work is that a bunch of
other people do the work, report the bug on the quiet to them
and then they sit on it until they can be arsed to fix it. In
practice that simply doesn't work because not everyone goes
meekly cap in hand to tell Microsoft what's wrong with their
products. The last time I tried doing that back in '97 to report
a critical showstopping bug in NT 4.0's filesharing they asked
me to cough up $128 for the priveledge of telling them their
software was broken. A few months later the bug was listed in
their knowledge base, so I guess someone must have paid MS
to report a fault in their product.

MS did **** all about it though, and consequently it cost a
company I worked for a couple of years later a few $K every
week.

Microsoft and many of the other big vendors have fought tooth
and nail against public disclosure. In practice that just hurts the
users because the hacks and exploits will continue even if the
general public doesn't know about them. The only difference is
that they will be lower-profile and therefore the users will live on
in ignorance while the malicious and nefarious hackers can operate
with greater ease against an unprepared userbase.

In my experience companies mostly hide stuff to protect them-
selves, not their users. The same appears to be true for
governments.

 

[MountainPro]

did you se ethe documentary on C4 about the Cult of the Dead Cow..(i think that was thier name)..

these guys spent 24/7 hacking away at Microsofts servers and databases trying to gain illegal access, which was suprisingly easy for them..

they got it, promptly told MS and siad, pay is $10,000 and we'll tell you how we did it.

it was a good arrangement they had with each other. No one took anyone to court because MS needs these guys and they always showed them how the trick was done...

That's not strictly true MP... Money doesn't buy loyalty.

The way Microsoft really wants it to work is that a bunch of
other people do the work, report the bug on the quiet to them
and then they sit on it until they can be arsed to fix it. In
practice that simply doesn't work because not everyone goes
meekly cap in hand to tell Microsoft what's wrong with their
products. The last time I tried doing that back in '97 to report
a critical showstopping bug in NT 4.0's filesharing they asked
me to cough up $128 for the priveledge of telling them their
software was broken. A few months later the bug was listed in
their knowledge base, so I guess someone must have paid MS
to report a fault in their product.

MS did **** all about it though, and consequently it cost a
company I worked for a couple of years later a few $K every
week.

Microsoft and many of the other big vendors have fought tooth
and nail against public disclosure. In practice that just hurts the
users because the hacks and exploits will continue even if the
general public doesn't know about them. The only difference is
that they will be lower-profile and therefore the users will live on
in ignorance while the malicious and nefarious hackers can operate
with greater ease against an unprepared userbase.

In my experience companies mostly hide stuff to protect them-
selves, not their users. The same appears to be true for
governments.

 

[darkboong]

did you se ethe documentary on C4 about the Cult of the Dead Cow..(i think that was thier name)..

Did you know that C0DC actually released an exploit (BackOrifice) that has been widely used to hack unpatched systems (espionage & kicks) ? Did you know that many systems were hacked using that exploit before Microsoft actually got around to releasing a patch ? Did you know that Microsoft pretended nothing was happening for weeks while people's machines were getting raped for money and kicks ?

Let's say you know that there is an exploit knocking around, but you don't know how it works and Microsoft won't tell you... What do you do ? Physically disconnect your business critical machines from their business crticial networks ? Damned if you do, damned if you don't.

Consider these additional points :
1) If C0DC found it, how many others found it and kept quiet before them ?
2) How long did Microsoft take to repair the flaw since it was discovered (possibly by someone other than C0DC) ?
3) What is the $ value of the damage and information leakage that happened during that time ?

As for taking them to court, MS couldn't at that time, they might well be able to now though as a result of the legislation pushed through on the back of the "War on Terror". Word to the wise, in practice that legislation (and the DCMA for example) are being used to gag people who give warnings and information about exploits. In other words they are shooting the messengers while the crooks '0wn' the systems of innocent bystanders.

For an example of shooting the messenger see :
http://www.schneier.com/blog/archives/2005/07/cisco_harasses.html

Bruce Schneier is pretty much spot on with respect to security (in general), and a lot of what he has to say is pretty uncomfortable.