[121394] in North American Network Operators' Group
RE: Anyone see a game changer here?
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sat Jan 16 11:35:48 2010
Date: Sat, 16 Jan 2010 11:34:45 -0500
In-Reply-To: <878BCDA1-59A7-43C2-A219-E6FC58C62364@puck.nether.net>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "Jared Mauch" <jared@puck.nether.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>Personally I was amused at people adding cement to USB ports to mitigate
>against the "removable media threat". The issue I see is people forget
>that floppies posed the same threat back in the day.
Do you mean the "AutoRun" threat, since this sort of thing is usually done =
by people who (a) run M$ Winders and (b) do not know how to turn off the re=
ally annoying "helpful" features created by the clueless idiots in Redmond =
... and those idiots keep on creating more and more security hole "features=
" that have to be disabled.
Someone should tell the idiots who design API's that API's are designed to =
be used -- and they will be used to do what it was designed to do -- and if=
that design constitutes a security flaw, then it will be used as such and =
the only solution is to stop designing stupid APIs. The most laughable exa=
mple is the creation of API hooks into the kernel for use by AntiVirus vend=
ors. Unfortunately, these APIs can, by their very definition, be used by a=
nyone who wants for any purpose they desire.
Personally I would prefer a secure kernel that cannot be tampered with or c=
ompromised by anyone. Adding a deliberately designed security flaw to enab=
le a third party to stay in business providing a partial plug for the delib=
erately designed hole is utter lunacy!
Back to removable media, AutoRun is, and always has been, completely trivia=
l to completely, utterly and irrevocably disable -- and I have been doing s=
o since, well, since this idiotic mis-feature first appeared somewhere in t=
he early 90's.
The same applies to other crap-ware vectors such as Flash.
Just because some people are slow or do not pay attention to what has been =
going on in the world for 20 years on, does not make these "new".
Its like dogs -- they have been around for thousands of years. Some people=
just don't notice that they have teeth until they, through their own stupi=
dity, get bitten by one.
Now, back to your regularly scheduled programming ...
