Osama, I thought I knew ye.

Zak McGregor zak at mighty.co.za
Sun Sep 30 08:01:48 PDT 2001


On Sun, 30 Sep 2001 09:02:01 -0400 "pms" <laflame at mindspring.com> wrote:


> So any tech types out there know if a computer can be tapped?

Easiest thing in the world - if what yoiu mean by "tapped" is knowing what you're doing on it all the time. Hell, with minimal effort your pc can be _used_ remotely without your knowledge. Those CdC guys (http://www.cultdeadcow.com) gave us a wonderful remote administration thingy called "Back Orifice". Other than that, yes, Microsoft will try and collet as much data as possible from you, including what you typed into forms, what software you have installed etc., even when you have set the various options to not do it. (references will have to wait until I'm less busy :( ).

Your best bet, seriously, is to just say no to anything from Redmond (ie Microsoft), and more generally anything that isn't, in the broadest sense of the term, open source. Although it won't _guarantee_ that nothing malicious is happening, chances are that such activities will be spotted and fixed much quicker if you're using open source software. Also, a better security model for your OS won't hurt either... Face it, Windows 9x and ME have laughable security - in fact I feel embarassed using the term here. NT and 2000/XP are better, but still kindergartenesque. To support my last point, all I need do is point at CodeRed I & II. Pathetic. The Ramen worm offered a recent example of a similar idea in Un*xland, and although a side-by-side comparison isn't exactly fair (Ramen had differences in terms of propogation); Ramen was more a joke, a non-issue, and passed quickly. CodeRed, on the other hand, had a far greater impact in every area, from bandwidth to CPU time to financial implications. CodeRed could have been even worse, had those who wrote it not been sloppy in their random seeding.

So, yes, especially if you're using Windows 95, 98 or ME you should be ultra-paranoid.

Cheers

Zak



More information about the lbo-talk mailing list