OT: There are no words for how broken everything is
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Mon Jan 11 23:26:09 EST 2016
There are no words to explain just how broken everything is. This post
tries:
https://medium.com/message/everything-is-broken-81e5f33a24e1
but barely covers even a fraction of the breakage.
Thanks goodness for anti-virus, right?
One of the leading anti-virus vendors in the world, TrendMicro, has been
opening their victims^W users' computers to trivially-discoverable remote
execution attacks, exposing passwords to the internet, and running an old
and insecure browser with security settings disabled (no sandbox).
https://code.google.com/p/google-security-research/issues/detail?id=693
What's the worst security screw-up you've seen? The worst I've seen was a
sys admin I used to work with who put a new Linux server on the internet
with root ssh enabled. Guess what password he used for the root account?
"test". Guess how long it took before it was broken into? Less than two
hours.
That is at the top of my list only because I can prove exactly what
happened. Otherwise it would be an incident that I can't completely explain.
I have my suspicions, but I'm not entire sure what happened.
This was one of the last incidents that drove me off Windows. I was running
Windows XP, protected behind a firewall, with commercial up-to-date anti-
virus installed. I started up Windows update one day, and went out for a few
hours, and came back to find the computer absolutely swarming with malware
and the firewall turned off. I don't know what happened, I can only guess
that the Windows update process turned off the firewall, but I don't really
know. All I know is that whatever it was, it was a completely automated
attack, as nobody was home to click on any buttons or visit any dubious
websites.
Took me three weeks to remove the last of the malware, and another two weeks
to track down the cause of an annoying glitch where every 30 seconds the PC
would freeze up for a fraction of a second. It was one of the anti-virus
programs I had installed.
--
Steve
More information about the Python-list
mailing list