Note: This column represents the opinions
of the writer and as such, is not purported as fact
Sponsor's Message
|
LATE ENTRY -- this one was too good to neglect -- even though
I didn't spot it until around mid-day today. Check out
this story from Stuff
(check this screencap if it's
already been fixed)
which proudly announces that they won "Best News Service" in the annual
Netguide Awards. Unfortunate however, it appears that the "best news service"
can't seem to spell the name of this fine country correctly -- even when
reporting its own excellence.
Time for another serving of the silly, stupid and stupendously funny stuff
that hides amongst the billions of web-pages on the Net.
The Predator Execution Drone is another of those
Flash vignettes which are now becoming so popular. Good use of music to create
the mood.
A reader sent me this link to Silohome
and suggesting that it might be just the thing for me, given my noisy and
seemingly dangerous pastimes.
Comes complete with its own Atlas missile silo -- cool!
Cut Da Mullet is
a site that starts off a little slowly but the Flash animation features lots
of famous faces, complete with that trendy hair-do of the '80s -- "the mullet"
Check Out The Aardvark PC-Based Digital
Entertainment Centre Project
Updated 29-Oct-2002
Microsoft Admits: We're Untrustworthy
Boy, the egg is flying and the faces are covered over at Microsoft today.
After Billy's recent epiphany and bold statement that Redmond's resources
would now be focused on security ahead of new features, some people were
silly enough to expect that the result would be significant improvement
in the water-tightness of Microsoft's products.
And, sure enough, Windows XP has turned out to be a little more secure
than its predecessors.
However, the security vulnerabilities in Billy's software continue
to flow like water and some believe the whole "trustworthy computing"
initiative is rapidly turning into a farce.
Take the latest in a long line of security holes for example...
Detailed in Microsoft's own security bulletin,
it's a buffer overrun exploit affecting users of Microsoft's Explorer (versions
5,01, 5,5 and 6.0) -- except those running on Win XP.
Of course there's a patch available -- but it's not a guaranteed 100% fix
as explained in this caveat.
If you want that all-important 100% guarantee that even a patched system can't
be exploited through this bug then Microsoft suggests that
"the simplest way is to make sure you have no trusted publishers, including
Microsoft".
Yes, that's right -- Microsoft admits that the cornerstone of its own
"security model" (misnomer) is fatally flawed.
When developers and users have complained in the past about the lack of
sandboxing (restricting the scope of commands that a downloaded applet
can perform so as to eliminate risk to the user's PC), the company's
response has been that signed certificates are perfectly adequate.
Now they're effectively saying "don't trust anyone" and the signed certificates
aren't worth the bits they're written on.
Yet again we see that "Active-X" is an abbreviation for "Active eXploit".
What's even worse is the growing number of web-pages that rely on Active-X
components to provide critical functionality.
If, like me, you use IE with Active-X disabled (for obvious reasons) then
you're probably finding it increasingly difficult to navigate your way
around the web without roadblocks popping up.
So why aren't people using Java instead of Active-X? After all, Java's security
model is (in many people's opinion) far more robust and less open to abuse.
Well both Sun and Microsoft can be blamed for the decline in Java applets on
the Web.
Sun was far too slow in fixing many of the annoying bugs that proliferated
in early versions, and of course Microsoft sees Java as a direct competitor
for its own products so isn't at all keen on supporting it.
In the meantime, people like you and I are forced to keep checking for security
patches and given little option but to disable the very functionality that
Microsoft so proudly tout as being safe and secure.
So what happened to the push for security over functionality? I guess
Active-X is exempt from this directive or they'd implement a sandbox
mechanism.
Contacting Aardvark
As always, readers are invited to submit their comments on material covered
in this column. If you'd like your comments published here then please
be sure to use this form and select For Publication.
Other media organisations seeking more information or republication rights
are also invited to contact me.
Add Aardvark To Your Own Website!
Got a moment? Want a little extra fresh content for your own website or
page?
Just add a
couple of lines of JavaScript
to your pages and you can get
a free summary of Aardvark's daily commentary -- automatically updated
each and every week-day.
Aardvark also makes a summary of this daily column available via XML using
the RSS format. More details can be found
here.
Contact me if you decide to use either of these feeds and
have any problems.
Linking Policy
Want to link to this site? Check out Aardvark's
Linking Policy.
|
Did you tell someone else about Aardvark today? If not then do it
now!
|
|
| 
= open in new window