UK wants backdoor into Windows Vista

[Eraser]

http://yro.slashdot.org/yro/06/02/15/131222.shtml

he BBC is reporting that the British Government is working with Microsoft in order to gain backdoor access to hard drives encrypted by the forthcoming Windows Vista file system. Professor Anderson, professor of security engineering at Cambridge University, urged the Government to contact Microsoft over fears that evidence could be lost by suspects claiming to have forgotten their encryption key.

Great. Now that hackers know this they won't sleep before they've located and abused it.

[Foo]

I hope they do, so it isn't attempted again.

Encryption has benefits and drawbacks, and it's not possible to seperate them.

Give individuals data security and you lose the ability to snoop on them.

Give users anonymity and you lose the ability to track them.

Seems pretty straightforwards.

[Grudge]

lol, how stupid, it's never going to work

[DiscoDave]

I know of many people who will get Vista as soon, and possibly for free (including myself) as its released, but this is kinda why I'm going to wait for it to mature a bit before screwing up my computer.

[Grudge]

why would you need to encrypt your HDD in the first place, and why would anyone want to hack you?

lol @ average joe worrying about being H4XX0r3d

[+JuggerNaut+]

lol @ average joe worrying about being H4XX0r3d

exactly.

[MKJ]

true grudge

so vista uses yet another file system?

[R00k]

That's what I'm wondering. WinFS has been delayed, so are they talking about it in the future tense, or are has MS included an updated encrypted file system in the current version of Vista?

[Dave]

lol @ average joe worrying about being H4XX0r3d

exactly.

laff.. not the response I would have expected from a security guy unless you're being sarcastic

[D'Artagnan]

Does someone has a date on when this VISTA will come out, not beta...the full version of course...

[+JuggerNaut+]

lol @ average joe worrying about being H4XX0r3d

exactly.

laff.. not the response I would have expected from a security guy unless you're being sarcastic

the avg joe is actually NOT worried enough considering the amount of open wifi networks in ANY given suburb or apt complexes.

it boils down to getting them educated. i've yet to run across a wifi router's setup wizard that says "hey, you might want to secure you're network. here are the different algorithms and what they do. we recommend you use one of them" or something along those lines. nope. hook it up, give it an SSID to broadcast to your neighbors and you're good to go.

of course that's one of a just few things your avg joe will need to learn along with not storing sensitive information on your pc, strong passwords, knowing which sites are secure, etc.

[R00k]

My biggest peeve is when users think that since they have a router, they don't need to use any firewall software.

Granted, cable is worse than DSL, but you're always getting slammed with broadcasts, port scans and such. Even with no activity on my LAN, my internet connection on the router is almost constantly blinking.

[dzjepp]

Well a good router should take care of all port trafficing for you, and most software firewalls are resource pigs on midrange systems.

[+JuggerNaut+]

Well a good router should take care of all port trafficing for you, and most software firewalls are resource pigs on midrange systems.

for your average user, that's not good enough, sorry.

[dzjepp]

Well I've noticed Sygate PFP is one of the rare firewall packages that runs pretty fast performance wise (and almost idles when minimized to the taskbar)

[+JuggerNaut+]

kerio PF was also very very well behaved. point is, a user SHOULD have both a router and a software firewall for the sheer fact that people LOVE to click. the software firewall is not so much for "hacking intrusions" but to keep an eye on spyware/malware and browser hijacking.

[Grudge]

Everyone with SP2 have one.

[+JuggerNaut+]

i've not checked recent updates, but sp2's firewall was only monitoring inbound connections, not outbound. correct me if i'm wrong, kthx.

[Foo]

yup no egress packet filtering AFAIk

[Grudge]

well, that's dumb

[dzjepp]

Yeah, and imagine all the average users that are actually using the built-in firewall (there are tons), getting a false-sense of security in that regard.

[R00k]

Well a good router should take care of all port trafficing for you, and most software firewalls are resource pigs on midrange systems.

I've got a pretty good Netgear router, and my Kerio PF is constantly blocking portscans, ping/dos attacks, etc.

Having just a router is not enough. Unless you have a top of the line industrial product, they can't detect all kinds of pc-directed attacks that you might get.

[R00k]

Really, only $650 to get a router for my home network?

Are you kidding man?

[R00k]

get a fortigate 50A bundle then piss on using a software firewall

regardless, if you have a good router/firewall with access lists and know how to configure it, software firewalls aren't all that necessary.

If you have a normal, decent home router (Netgear, Linksys, etc), and you are on a cable modem, you need a firewall.

I get dozens of hits a day from random addresses all over the internet, port scans, ping attacks, dos attempts, activity from people running trojans, everything.

If you don't think you need a firewall in that situation, you're in denial man.

And telling users/clients they don't need a firewall because they have a router is irresponsible.

[Dave]

I don't use a software firewall... it's a waste of resources when I have a hardware box sitting out in front of everything.