Simon spent time on Friday with Mike Nash, HP’s vice president of consumer PCs, to discuss the keylogger that was found in one of their device drivers. Nash was open, honest, accepted responsibility and demonstrated that HP already had the problem addressed despite the researchers who found the issue being less than effective.
The whole incident shows how vulnerable our Windows-dominated approach to IT is however. Stateful desktops delivered in a cut-throat-competitive market are beyond the oversight of any individual and as the Wanacry worm shows malware can spread rapidly using a defect just like this one.
Simon ends by suggesting “Maybe we need to break that problem apart — stateless desktops, open source code, cloud-hosted statefulness — if we’re to avoid disaster.”
Read more over on InfoWorld.
The action law enforcement services have taken against the GameOver-Zeus malware syndicate is great news for a change. In the UK, this was communicated with typical tabloid alarmism, framed as “two weeks to save the world” instead of “unusually effective action by law enforcement”. As a result, UK publications have been posting self-preservation information for their readers.
The BBC’s instructions start with the statement “If your computer does not run Windows, stop right here.” Users of other operating systems like Linux or ChromeOS have nothing to worry about this time, even if they are increasingly likely to be targeted elsewhere. As a result, some have asked whether Microsoft is to blame for all this malware. Continue reading
We’ve had some time for the shock of the Heartbleed announcement to sink in and there’s a lot to consider. While the first impressions might be about the serious, exploitable bug and the repercussions of its abuse, the incident casts light on both the value and risks of open source. Continue reading
Earlier today Sonatype released the results of their annual survey. The survey looks at the extent to which developers use open source components, with a particular focus on how they balance the competing needs of speed and security. The data makes it clear that security is very often not the priority.
The results of the survey show the massive extent to which developers now rely on components. Of course, this has been the case for many years, but the full maturation of the concept of component assembly rather than code writing is well illustrated here. Continue reading