If you really want to see Microsoft scramble to patch a hole in its software, don’t look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond’s DRM.
Security patches used to be rare. Software vendors were happy to pretend that vulnerabilities in their products were illusory — and then quietly fix the problem in the next software release.
Since 2003, Microsoft’s strategy to balance these costs and benefits has been to batch patches: instead of issuing them one at a time, it’s been issuing them all together on the second Tuesday of each month. This decreases Microsoft’s development costs and increases the reliability of its patches.
The user pays for this strategy by remaining open to known vulnerabilities for up to a month. On the other hand, users benefit from a predictable schedule: Microsoft can test all the patches that are going out at the same time, which means that patches are more reliable and users are able to install them faster with more confidence.
In the absence of regulation, software liability, or some other mechanism to make unpatched software costly for the vendor, “Patch Tuesday” is the best users are likely to get.
Why? Because it makes near-term financial sense to Microsoft. The company is not a public charity, and if the internet suffers, or if computers are compromised en masse, the economic impact on Microsoft is still minimal.
Microsoft is in the business of making money, and keeping users secure by patching its software is only incidental to that goal.
There’s no better example of this of this principle in action than Microsoft’s behavior around the vulnerability in its digital rights management software PlaysForSure.
Now, this isn’t a “vulnerability” in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: “Oh no. I can now play the music I bought for my computer in my car. I must install a patch so I can’t do that anymore.”
But to Microsoft, this vulnerability is a big deal. It affects the company’s relationship with major record labels. It affects the company’s product offerings. It affects the company’s bottom line. Fixing this “vulnerability” is in the company’s best interest; never mind the customer.
This clearly demonstrates that economics is a much more powerful motivator than security.
It should surprise no one that the system didn’t stay patched for long. FairUse4WM 1.2 gets around Microsoft’s patch, and also circumvents the copy protection in Windows Media DRM 9 and 11beta2 files.
And it’s clear economics dictate that Microsoft doesn’t care about their customers. Are you sure you want to buy products from a company when it is this easy to demonstrate the company doesn’t have to care if the product actually works for you?
On their way to get married, a young couple is involved in a fatal car accident. The couple find themselves sitting outside the Pearly Gates waiting for St. Peter to process them into Heaven.
While waiting, they begin to wonder: Could they possibly get married in Heaven? When St. Peter shows up, they asked him. St. Peter says, “I don’t know. This is the first time anyone has asked. Let me go find out,” and he leaves.
The couple sat and waited for an answer… for a couple of months. While they waited, they discussed that IF they were allowed to get married in Heaven, SHOULD they get married, what with the eternal aspect of it all. “What if it doesn’t work?” they wondered, “Are we stuck together FOREVER?”
After yet another month, St. Peter finally returns looking somewhat bedraggled. “Yes,” he informs the couple, “you CAN get married in Heaven.” “Great!” said the couple, “But we were just wondering, what if things don’t work out? Could we also get a divorce in Heaven?” St. Peter, red-faced with anger, slams his clipboard onto the ground. “What’s wrong?” asked the frightened couple. “OH, COME ON!” St. Peter shouts, “It took me three months to find a priest up here! Do you have ANY idea how long it’ll take me to find a lawyer?”
– De Hoge Raad staat de uitlevering van terrorismeverdachte Wesam al D. aan de Verenigde Staten toe. Het is de eerste keer dat het hoogste gerechtscollege uitspraak doet in een uitleveringszaak van een Nederlandse terrorismeverdachte. De advocaat van Al D., Victor Koppe, vindt de uitspraak onbegrijpelijk. ‚ÄėHelaas hebben de hardliners in die raad nog altijd de meerderheid‚Äô, aldus de raadsman.
De VS verdenken Al D. van samenzwering voor het plegen van aanslagen op Amerikaanse militairen in Irak in 2003. Al D., van Iraakse afkomst, heeft altijd volgehouden dat hij onschuldig is. Koppe vindt het ‚Äėniet te geloven‚Äô dat het Openbaar Ministerie de zaak ‚Äėenkele dagen voor de inhoudelijke behandeling‚Äô in Nederland uit handen heeft gegeven. Hij wijst erop dat in Nederland het strafrechtelijk onderzoek heeft plaatsgevonden, dat hier (eventueel ontlastende) getuigen zijn gehoord. ‚ÄėHet was een Nederlandse strafzaak. Punt.‚Äô Al D.‚Äôs medeverdachte is wel in Nederland vervolgd en vrijgesproken.
Toch fijn om te weten dat de nederlandse staat nederlanders, die in nederland berecht worden voor een misdrijf op nederlands grondgebied, gewoon aan een ander land uitlevert voor berechting van dat misdrijf.
Kunnen we al die wetboeken niet gewoon overboord kieperen en alles uitbesteden aan het buitenland?
Reagan, Clinton and George W. Bush were all stuck in house in Kansas during a tornado warning. One tornado approached very close to the house. Reagan stood up and said, “I’ll handle this.” He went to the window and yelled at the tornado, calling it an evil empire. The tornado passed by the house. Reagan sat down and said, “I made it go away.”
Soon another tornado was reported in the area. Clinton called up Fema and laid up plans to help out anyone hurt by the tornado. He also invited a young girl named Dorothy to seek shelter with him in the cellar.
Shortly thereafter another tornado was sighted heading right for their house. All could see it right out the window bearing down on them. George W. Bush stood up and said, “I’ll fix this.” And he went over to the window and pulled down the shade.
Ymddirheurwn am unrhyw anghyfleustra a achosir yn ystod gwaith adnewyddu
Remember this? Air traffic controllers don’t get enough sleep, and that contributed to the recent airplane crash in Kentucky that killed 49.
Well, the FAA took steps to remedy that. Over labor day they instituted a dress code for air traffic controllers.
So, when your plane crashes, at least you’ll know the air traffic controller wore a decent tie.
Do you feel safer already?
The confrontation at Hewlett-Packard started innocently enough. Last January, the online technology site CNET published an article about the long-term strategy at HP, the company ranked No. 11 in the Fortune 500. While the piece was upbeat, it quoted an anonymous HP source and contained information that only could have come from a director. HP‚Äôs chairwoman, Patricia Dunn, told another director she wanted to know who it was; she was fed up with ongoing leaks to the media going back to CEO Carly Fiorina‚Äôs tumultuous tenure that ended in early 2005. According to an internal HP e-mail, Dunn then took the extraordinary step of authorizing a team of independent electronic-security experts to spy on the January 2006 communications of the other 10 directors‚ÄĒnot the records of calls (or e-mails) from HP itself, but the records of phone calls made from personal accounts. That meant calls from the directors‚Äô home and their private cell phones.
On May 18, at HP headquarters in Palo Alto, Calif., Dunn sprung her bombshell on the board: she had found the leaker. According to Tom Perkins, an HP director who was present, Dunn laid out the surveillance scheme and pointed out the offending director, who acknowledged being the CNET leaker. That director, whose identity has not yet been publicly disclosed, apologized. But the director then said to fellow directors, ‚ÄúI would have told you all about this. Why didn‚Äôt you just ask?‚Ä? That director was then asked to leave the boardroom, and did so, according to Perkins.
Close to 90 minutes of heated debate followed, but Perkins, the Silicon Valley venture capitalist, says he was the only director who rose to take Dunn on directly. Perkins says he was enraged at the surveillance, which he called illegal, unethical and a misplaced corporate priority on Dunn‚Äôs part. In an interview with Newsweek, Perkins says he was particularly annoyed since he chaired the HP board‚Äôs Nominating and Governance Committee and had not been informed by Dunn of the surveillance, even though, he says, she had told him for months that she was attempting to discover the source of the leak. After a divided board passed a motion asking the leaker to resign, Perkins closed his briefcase, announced his own resignation and walked out of the room.
The leader of the country sets an example for the leaders of the corporations…