Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Pwn2Own 2009 Winner Charlie Miller Interviewed

samzenpus posted more than 5 years ago | from the chief-hacker dept.

Security 160

crazipper writes "Tom's Hardware interviewed Charlie Miller, winner of this year's Pwn2Own contest and formerly with the NSA. He discusses the effort it took before the contest to be able to take down a MacBook within seconds, sandboxing, and the effectiveness of the NX bit and ASLR. His outlook on end-users protecting themselves against attacks? 'Users are at the mercy of the products they buy.'"

Sorry! There are no comments related to the filter you selected.

Obama Policies Will Bankrupt USA Tsarkon Reports (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27336765)

Obama Policies Will Bankrupt USA Tsarkon Reports

Czech Prime Minister Mirek Topolanek, whose country currently holds the EU presidency, told the European Parliament that President Barack Obama's massive stimulus package and banking bailout "will undermine the stability of the global financial market." Calls Us policy a "way to hell"

Yuan Forwards Show China May Buy Fewer Treasuries, UBS Says []
Anemic Treasury auction effects felt beyond bonds []
The Sherminator Kicks Some Wall Street Ass []

China Angry That Fed Is Deliberately Destroying The Dollar []

China suggests switch from dollar as reserve currency []

What are the reserve currencies? []

Anatomy of a taxpayer giveaway to investors []

Geithner rescue package 'robbery of the American people' []

Geithner just put only the rich in Titanics lifeboats []

Geithner Plan Will Rob US Taxpayers []

A False Choice []

Bargain-hunting house buyers wearing on sellers []

Time to Take the Steering Wheel out of Geithner's Hands []

Socialising and Privatising []

Fannie, Freddie to pay out bonuses []

Fitch Raises Prime Jumbo Loan Loss Estimates Sharply []

Chinas central bank on Monday proposed replacing the US dollar as the international reserve currency with a new global system controlled by the International Monetary Fund []

- Russia too: It is necessary to work out and adopt internationally recognized standards for macroeconomic and budget policy, which are binding for the leading world economies, including the countries issuing reserve currencies - the Kremlin proposals read. []

- President Barak "The Teleprompter" Obama is deeply connected to corruption, Rahm Emanuel (Radical authoritarian Statist whose father was part of the Murderous Civilian Killing Israeli Terrorist Organization known as IRGUN), Connected to Rod Blagojevich (Rahm inherited Rod's federal-congress seat), Connected to Ayers, a man who promotes the concept that civilian collateral damage is ok in a war against freedom, Preacher Jeremiah Wright, who is himself a black-elitist who wants all the people who largely "pay the freight" to suffer, 31 million on food stamps, more blacks are in prison and on food-stamps per capita than anyone else. The problem with Wright is simply this: the facts are "racist."
- Obama: Racist, AIPAC-bootlicker, Corrupted to the bone Chicago style and a Traitor to the US Constitution and a Liar whose real "legal" name could very well be Barry Sotero and an Indonesian citizen (The US does not allow plural citizenship) (If you care, not that it matters anymore under a Lawless Authoritarian Totalitarian Regime, you can see more here at an aggregator; [] )
  - Raytheon lobbyist in Pentagon, lots lobbyists getting exemptions even though he promised not to have them.
- Goldman Sachs insider second in command at Treasury. Bumbling tax cheat idiot in "command" of Treasury with 17 positions unfilled as of late March 2009.
- Cabinet has had several nominees and appointees with multiple tax fraud issues.
- Lied about having a new degree of accountability and a SUNSHINE period of new laws, he has signed bills with little or no review at as promised.
- Appointed a second amendment violating Rich-pardoning treasonist Eric Holder as AG, the top cop of the USA, a man who helped a fugitive evade justice.
- Has not put a dime in for a single new nuclear power plant but wants to help bridges and roads to promote more driving.
- Obama, Blagojevich and Rahm Emanuel have a LOT to hide. They literally lived next to each other, Rahm had (until being Chairman Obama's Chief of staff) Blagojevich's old federal congressional seat. Blagojevich helped Chairman "The Teleprompter" Obama cheat his way to the Illinois senate by getting other candidates thrown off the ballot in Illinois. Why do you think Blagojevich was so mad? Obama DID owe him, big time. Rahm and Obama are using Blagojevich and trying to cut his head off to keep him away.
- Tony Rezko, Iraqi Arms Dealer Nahdmi Auchi, and of course Aiham Alsammarae. Chairman "The Teleprompter" Hussein Obama is so corrupted its a joke.
- Fools and "useful idiots" twist the pie charts by leaving welfare, workfare, interest on debt, social security, Medicare and Medicaid out and focusing only on non-whole "discretionary" pie charts.
2007 high level pie chart, Federal Budget, USA []
2009 Pie chart, detailed, Federal Budget, USA []
- Chairman Obama is drastically increasing spending and creating more entitlements that will make the US less competitive (especially against China, India, East Europe/Russia). This will be a huge disaster and change you can believe in will strap you and your grandkids with more debt. No taxation without representation? Obama is spending money for the next two-three generations and they can't even vote yet, or even have been born.
- An alternative to the dollar and a forex and a reserve currency came up at the last G20 meeting. The world will not take faith in Obama's liar-socialist spending and welfare state, why should the taxpayers (plebian citizen-slaves of a police state).
- The spending going on now vastly eclipses all previous spending. In fact, the massive trillion plus debts is a thing of the 80's onwards. Congress signs the checks, remember that Year after year, as egregious as the pentagon spending is, that the social spending is completely a waste of money and it is unfunded over the long term. Eisenhower built the interstates, the US could build a new power infrastructure with this money but instead is being pissed into creating more of an entitlement system that is STILL unfunded, and without massive poll-taxes and far more aggressive progressive taxes, could NEVER be funded.
- The budgeting being done today were recently reported by a non-partisan auditing commission will lead to about 10 TRILLION in new debt over the next 10 years. Obama is going to double the national debt while doing nothing to address the unfunded debt obligations of Social Security.
- Clinton appointed David Walker of the GAO, he quit, the unfunded debt obligations have rendered the USA insolvent according to accounting standards.
Taxpayers on the hook for $59 trillion []
US Public Debt Unfunded Debt Obligations []
- Most of the world population gets NOTHING from their governments, or a very bare minimum or services that benefit only the upper echelons of society. However, the liar Chairman Obama says we need his universal "state-hospital" rationed health care to be competitive. Bull. China and India give nothing, and they are the biggest threat to the American worker. By forcing healthcare and higher taxes, Americans will be less competitive.
- If you think 60% tax rates end to end (income, accounts receivable tax, building permit tax, CDL tax, cigarette tax, corporate income tax, dog license tax, federal income tax, unemployment tax, gasoline tax, hunting license tax, fishing license tax, waterfowl stamp tax, inheritance tax, inventory tax, liquor tax, luxury tax, Medicare tax, city, school and county property tax (up 33 percent last 4 years), real estate tax, social security tax, road usage tax, toll road tax, state and city sales tax, recreational vehicle tax, excise tax, state franchise tax, state unemployment tax, telephone federal excise tax, telephone federal state and local surcharge tax, telephone minimum usage surcharge tax, telephone state and local tax, utility tax, vehicle license registration tax, capital gains tax, lease severance tax, oil and gas assessment tax, misc internet sales tax and many more taxes that I can't recall at the moment) will make the US competitive, along with compulsory programs to provide everyone with health care is going to make the US competitive in the age of India and China, you are a joke.
- As the US nationalizes (read: rations healthcare) to the least common denominator of affordability without regard to efficacy, people with money will simply look into medical tourism so those with money can go to medical parks in India and get real health care. Those who have lived in Canada or in the UK can tell you "free" healthcare is NOT a panacea. If you think this, you are again, a useful idiot. The NHS in the UK has given bad blood and Hepatitis and AIDS blood to people, and Jade Goody who just died was misdiagnosed twice resulting in her death (She was all cleared twice of cervical cancer which she just died of). The NHS in the UK is not able to be sued or held accountable. Neither will Chairman Obama's rationed health care service for America.
- Sorry to bust the socialist bubble-lie, but support of these types of policies will simply lower the standard of living in the USA, particularly for the middle class. At least at the end of the Eisenhower projects the USA got roads to show for the spending, and with this new spending, the USA could have built power plants that get the USA out of the middle east, but the age of government for the sake of government is upon us, and the useful idiots line up and believe empty promises.
The pentagon (and Bechtel, Kroll, Bluewater, Halliburton, etc) could get less than half of what they get today, but that will fix nothing fundamental in terms of government spending. It is simply not enough to make a difference when compared to the Medicare, Medicaid, welfare, workfare and social security entitlements.
See: YouTube - US Government Immorality Will Lead to Bankruptcy []
- If Obama thinks its ok to lie to 300 million people about being able to "take care of them" without even being honest about what that care would look like, then being an idiot and believing in Obama is for you.
- The head of the IRS and the head of the Treasury, Geithner, is a Tax Cheat
- Lied about no lobbyists - their numbers are growing.
- The US Government already have over 50% of the budget on Medicare, Medicaid, welfare, workfare and social security. Socialists: Good job on that one, its working great. Solution to the current near-collapse-due-to-over-spending: add more unfunded entitlements!
- You Socialist-liars can break my spirit and my financial back to force me to "need" a federal government that is turning this country into a police state and turn it into a quasi-socialist lie, but I will, I must put up a fight. I have kids to educate and feed, and the stuff you sell (which is failing to various degrees everywhere else as implemented) is simply forcing a culture of failure on a once great, libertarian free country.
- I will not be complacent with your "change," and there will be a point where civil war will become an option. See how hard you can push before you get it. How much more than half can the truly productive workers in this country afford to pay. Keep pushing to find out how to start a civil war.
- The socialist-lie of a plan will not work, its not fundable, it WILL destroy the currency to fund it, and its really as simple as this: if this insanity is funded by borrowing from the US's economic and military adversaries then Obama and his socialist cabal is NOT fit to administrate society. Rome fell. Kings who mis-manged their treasuries all fell. Every example of unhinged spending leads to the same result: systemic collapse.
- Obama and his sycophantic lunatics would want to have a civil war to get Chairman Obama's way and force the socialist-lie system on my already tax paying law abiding ass. And as far as "no new taxes" for those under 250k, its a lie, the tax is called inflation, which is set to begin just about now that the Chinese wont want the USA's worthless treasuries to fund the socialist-lie fantasy (one that COMMUNIST China doesn't even try and sell to its people!)
- Chairman Obama's numbers don't add up. There is a $59 trillion dollar hole (UFDO) in social security alone. AIG $150 billion here, TARP $350 billion there. $800 billion for a highly dubious stimulus package. Another one on the way. $59 trillion hole in the balance sheet IGNORED. China saying they aren't going to buy treasuries, Clinton clamoring to find buyers now. $3.6 trillion dollar budget, potential military action on Mexico, Iran still a "terrorist state" at the behest of the AIPAC, spending up, dollar about to fall, inflation over time since Breton Woods extremely easy to document, yet, the socialist-liars question when the numbers (the Federal Government numbers) simply don't add up to the point where if the US-GOV was a company it would be insolvent.
  -How dare the taxpayers question what Chairman Obama's drastic spending increases are going to do to the purchasing power of our savings because Chairman Obama wants to recklessly spend and try to maintain and American empire AND guarantee a standard of living, and Chairman Obama doesn't even want to build a single nuclear power plant to do it? Chairman Obama must be a complete and total lunatic moron.
- Obama is either a negligent idiot or an unhinged maniac with delusional fantasies. Meanwhile, Chainman Obama's tax dodging Treasury Secretary has 17 unfilled positions, the Treasury Dept. isn't even functioning at this point.
- "General welfare" in the constitution was, according to the man who wrote it, Madison, meant to be extremely limited in scope. The federal government per the constitution doesn't even have the enumerated POWER to deal with economic messes. A lot of these "POWERS" were created while there is a crisis to dupe the public into accepting an un-constitutional authoritarian regime as the government and to usurp authority over the people.
- The USA is a constitutional republic. A democracy is two wolves and a sheep voting to eat a sheep. Also a constitutional republic isn't about using a barely-majority or a plurality to stuff your (un-fundable disastrous) crap down the disenfranchised other-half's throat.
- With Obama's authoritarian corrupted criminal (aiding and abetting a criminal in flight of prosecution, Rich case) Eric Holder in charge, we won't have our inalienable and enumerated rights to firearms much longer. For a constitutional law expert, Obama must have never read the federalist papers or he would simply hand himself as a traitor.
- The arbitrary expansion of "general welfare" is not only unconstitutional, it may very well lead to a serious conflict on the issue.
- Here is a debate on general welfare and how stuff like this came to pass, but was clearly no intended by the authors of the document of root law.
In Federalist No. 41, James Madison asked rhetorically: "For what purpose could the enumeration of particular powers be inserted, if these and all others were meant to be included in the preceding general power?" (In reference to the general welfare clause)
So strongly did the founders believe that "general welfare" wouldn't be expanded as written:
In Federalist No. 84, Alexander Hamilton indirectly confirmed Madison's point. (That the "general welfare" clause was "clearly" nota free pass for government)
Hamilton argued that a bill of rights, which many were clamoring for, would be not only unnecessary, but dangerous. Since the federal government was given only a few specific powers, there was no need to add prohibitions: it was implicitly prohibited by the listed powers. If a proposed law a relief act, for instance wasn't covered by any of these powers, it was unconstitutional.
"why declare that things shall not be done which there is no power to do? Why, for instance, should it be said, that the liberty of the press shall not be restrained when no power is given by which restrictions may be imposed?"
Hamilton goes on to argue that making Amendments (e.g., enumerating Free speech, press and assembly) and enumerating the 'right' would have the following effect:
(A bill of rights) "would furnish, to men disposed to usurp, a plausible pretence for claiming that power that is, a power to regulate the press, short of actually shutting it down. "
"With respect to the words 'general welfare,' I have always regarded them as qualified by the detail of powers (enumerated in the Constitution) connected with them. To take them in a literal and unlimited sense would be a metamorphosis of the Constitution into a character which there is a host of proofs was not contemplated by its creators." --James Madison [The US Supreme Court has found the meaning of "general welfare" in the Constitution to be much more elastic than did Mr. Madison. But as the "author of the Constitution," what does he know?]
James Madison, when asked if the "general welfare" clause was a grant of power, replied in 1792, in a letter to Henry Lee,

If not only the means but the objects are unlimited, the parchment [the Constitution] should be thrown into the fire at once.

"...We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed. That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish is their right, it is their duty, to throw off such Government , and to provide new Guards for their future security. ...--The Declaration of Independence
- Wrong, monetizing failures causes more. Japan showed us this for decades. But hey, Chairman Obama thinks you can fix a problem DECADES in the making with a quick fixer-upper, he is screwed in the head.
- The complaints are with the Federal government (in general) since Breton Woods. The Federal Government and Obama's minions STILL didn't listen to David Walker, a Clinton appointee and former head of the GAO. This isn't about political parties anymore morons!
- Show me a single federal budget that was less than the previous. If this $3.6T budget goes, its never coming back barring systemic collapse.
- The United States Federal Government, The United States Federal Reserve, and the banks which were enabled to continue down reckless paths by a quasi government agency known as the Federal Reserve whose actions are not subject to congress and whose members are unelected. This situation is untenable and unconstitutional.
- Every inflationary road taken in history ends in collapse. Keynesian policies are widely regarded as no longer workable.
- Inflation is a tax: What ignorant tax and spenders don't take into account here is the relative percentages of people's wealth (both net and gross) and the costs of owning and maintaining houses, cars, standards of living.
- Inflation via deficit spending is going to make it such that you will be paying a lot more by percentage of your income to maintain a given standard of living. Obama's arguments are so poorly thought out and seek to blame "Republicans" for the mess, its really simply laughable - the needs cleanup now, not worsening.
- You can't spend your way out of a hole if the creditors (e.g. China) start telling the USA they won't buy. It is that simple. Now America starts to have to collateralize the debt with assets. The USA will be selling off chunks of American assets to back the new debt. One day, it may even be necessary to sell Alaska back to Russia because no one will take greenbacks to prop up a failing version of a modern Rome.
- Ah, here we go with the Matthew Lesko arguments. []
Interest rates were on the rise before the government stepped in with free money for everyone (the fine print of course indicate massive strings attached).
Other economies, for example, India, have the central rates set to far more reasonable/realistic rates (at the moment ~ 8+%), which is still tends to be too low, but shows that if you need someone else capital you need to pay a premium for it, and given that capital is in short supply, it would stand to reason that a premium must be charged for it.
The problem is the unrealistic growth rates of mature economies don't allow for profiting via growth projections (rather than simply earning money). So the government steps in, turns on the free money spigot, gets the interest rates for savings down in the 1-2% range while diluting the value of the whole currency in order to prop up dying companies that ran the business like a Madhoff Ponzi scheme.
- The Republicans aren't solely responsible for the crisis as Obama's minions would have you believe, congress is (no particular congress), the Executive of the US government (no particular one) and the US Federal Reserve System are all at fault.
- Fundamentally, the government is trying to fix the prices of various things to "make it all work." This pulling on the invisible hand is a fools venture. It was predicted long ago the housing collapse (and those, such as myself, in the know, wished while realizing the housing collapse coming that we were wrong for everyone's sake - but the truth is the truth) . It may be that the Austrian (von Mises) economists will ultimately be proven right.
- We are a nation of partially educated whiney grabby idiots, and we got the government that represents this. The Chinese, India and other up and coming nations will show no mercy for this arrogant abuse of our status as the world's forex reserves.
- War and asset sales will continue to be the only option for this scheme until it is corrected at the core. And to say that the government has already averted a depression by doing what they did (most of the monies injected wont be "felt" for some time), is just arrogance and stupidity. Price fixing prolonged the Great Depression. Price-fixing (or attempting to) houses will do the same, but probably worse.
- Obama's minions simply don't care if the US is bankrupted and rendered insolvent, they just want a say in how its done, presumably to "feel safe." Rather selfish.

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." AND "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (Possibly Richard Jackson)

- Everyone better realize that inflation will pay a major role in funding un-fundable fantasies, wiping the savers and the middle class out. The problem is, that other countries are growing tired of making our Federal Reserve notes worth something by buying our debt as treasuries. Obama's minions talk about spending, but in order to "get what YOU want" you will sell debt to potential economic and military adversaries? Real bright. What's really sad is that despite David Walker being an authority on these issues, people refuse to even watch him and listen to what he is saying.
- On the success of Canada and its form of Socialism: A huge country like Canada with massive amounts of uranium and tar sands and natural resources and a huge land mass with a scant 30 million people is an order of magnitude less of a problem to manage than a country with 10x its population, a serious leaky southern border, backfiring aggressive foreign policy, particularly with Iran, and the US is competing with countries like India and China whose middle classes are larger than the US's entire population. The top 5 students in every Indian and Chinese primary school out numbers all the kids in primary school in the US. Canada is a idyllic island, the USA is front and center in an all out economic and political clash of ideologies.
- Cap and trade (and pollution control for solving global problems) will never work unless the top 10 countries in the world (in terms of both GDP and manufacturing capacity and population) are on board. Period end. If the world doesn't quickly move to nuclear now and fusion shortly, it is OVER possibly not if every home on the planet gets a wind vane, but that seems unlikely to happen (since its possible now).
- Keynes calls it "the paradox of thrift" and suggested that policies forcing people not to save is a "good idea." The guy wanted people spending all the time, or if he didn't, he never conveyed that to his protégés well enough for them to not do what they are doing. Right now the plebeians in the US are actually stashing cash, and everyone from Obama to the media is trying to get people to spend spend spend. The best thing for the long term is for people to prepare for the coming hell, not set out with no reserves.
- I have seen Keynes invoked to justify nearly every bad move in the past decade, and its warming up to be a potential currency collapse, the collapse of the US Treasury and Federal Reserve notes, and a collapse of the NYSE. And then they invoke Keynes to suggest the best way out of the mess is to spend out of an already near-critically debt massed black hole.
- A house is run like a town is run like a country or business is run like a state is run like a government. If there are things the government is doing that would either force your home into bankruptcy or into jail via fraud charges, then the government and banks shouldn't be operating in that fashion. A certain degree of stretchy liquidity is in order, but in terms of percent of GDP, there is no way of justifying what they US has now.
- Iceland failed at 850 percent debt to GDP. The US is at 350 and rising. It is not a good thing at all.
- What is happening to the dollar as a forex standard. []
- March 19, 2009 C-SPAN - "Let's Quit Destroying Our Dollar!" []
- HR 1207 (A bill to make the Fed more accountable and to answer questions regarding the dollar policy) []

Title: Obama sidetracked by fiscal mess, but presses on []
"Being heard above the din may prove difficult. Lawmakers are wrangling over taxing people who got big bonuses and worrying the president's budget could generate $9.3 trillion in red ink over the next decade."
- Kremlin to pitch new global currency []
Russia proposes creation of global super-reserve currency

Holy crap, even the Russians and Chinese get it. Strange days are here.

Re:Obama Policies Will Bankrupt USA Tsarkon Report (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27337223)

Fed begins move that could sink dollar - Economists warn government subsidizing purchase of its debt
Posted: March 25, 2009 4:04 pm Eastern

NEW YORK The Federal Reserve began today to buy longer-term U.S. Treasury securities in a move some economists believe will end up "monetizing" the dollar, a process that could inflate the amount of money in circulation and cause serious devaluation of the currency on world markets.

The move comes the same day U.S. Treasury Secretary Tim Geithner told the Council on Foreign Relations that the U.S. is "open" to a proposal by China to replace the dollar as the world's reserve currency with a "super-currency" to be created by the International Monetary Fund, or IMF.

The Federal Reserve Bank of New York released yesterday a statement specifying that the Federal Open Market Trading Desk within the Fed will purchase up to $300 billion of longer-term U.S. Treasury securities over the next six months in what amounts to the a government-subsidized purchase of U.S. government debt.

To many Americans, the move appears equivalent to a retail consumer in debt using a Master Card to pay a Visa credit card bill.

"The Fed is monetizing U.S. Treasury debt in order to debase the dollar to create inflation in hopes of avoiding deflation," economist John Williams, author of the Internet newsletter Shadow Government Statistics, told WND in an e-mail.

"This move also sets the precedent for the Fed acting as lender of last resort to the U.S. Treasury, if foreign and other investors in U.S. treasuries balk at upcoming auctions or look to dump existing holdings," Williams said.

"The record federal deficits ahead mean record Treasury borrowings," he explained. "Fed monetization of the debt eventually means surging money supply growth and much higher inflation."

WND previously reported Williams' analysis of the U.S. Treasury's GAAP accounting of the federal budget deficit, which indicated the negative net worth of the U.S. government last year was $65.5 trillion in total obligations, a sum that exceeds the gross domestic product of the world.

"Because of the U.S. government's effective insolvency with $65 trillion in obligations, even before the Obama administration deficits, the higher inflation caused by the Fed buying Treasury debt has the early potential of evolving into an uncontrolled hyperinflation in which the U.S. dollar becomes totally worthless."

Williams' comments were especially pertinent after Britain announced earlier today that for the first time in almost seven years the country failed to find enough buyers of £1.75 billion ($2.55 billion) of bonds as debt investors rejected Prime Minister Gordon Brown's plan to stimulate England's economy with deficit-financed government spending, according to Bloomberg.

International economist Bob Chapman, author of the Internet newsletter International Forecaster, agrees.

"This is just the beginning," Chapman told WND in an e-mail. "The Obama administration expects to run annual deficits between $1-$2 trillion a year for the next decade, and we estimate that foreign buyers might only buy one-third to half that amount of debt. The Fed will have to monetize $3.75 trillion to $5.25 trillion over the next few years, just to buy the U.S. government debt."

The move by the Fed to buy Treasury debt comes as China proposes to replace the dollar as the world's reserve currency.

As the Financial Times in London reported today, China's central bank governor Zhou Xiaochuan has proposed to utilize Special Drawing Rights, or SDRs, issued by the IMF as a world reserve currency.

Red Alert explained in an article in this week's issue that the IMF, with the support of the United States and Russia, appears positioned to launch a one-world currency at the G-20 meeting scheduled for London April 2, with the move intended as a last ditch effort to prevent massive bank failures throughout the European Union.

The idea is for the IMF to issue at least $250 billion in Special Drawing Rights, or SDRs, to IMF member states, as a method of placing a safety net under developing countries that might otherwise have to declare bankruptcy.

The idea gained momentum last week when the Moscow Times published an article revealing that the Kremlin intended to use the G-20- meeting to push for the IMF to utilize SDRs as "a super-reserve currency widely accepted by the whole of the international community."

U.S. Treasury Secretary Tim Geithner is on the record calling for the G-20 to support "substantially increasing emergency IMF resources" by up to $500 billion to deal with the global economic crisis.

SDRs are international reserve assets calculated by the IMF in a basket of major currencies allocated to its 185 member nation-states in relation to the capital, largely in gold or widely accepted foreign currencies that the members have on deposit with the IMF.

China's proposal would require the IMF to issue SDRs to central banks of IMF member states far in excess of any gold or currency reserves the states have on deposit with the IMF.

The idea to utilize the little-understood and largely ignored SDR's in this new capacity, as a sort of an international overdraft facility made available to bankrupt or financially failing IMF member nation-states, originated with Ted Truman, formerly a senior official at both the Federal Reserve and the U.S. Treasury.

According to Reuters, Truman has returned to the U.S. Treasury for the past six weeks to explain his proposal to revitalize the IMF Special Drawing Rights facility with at least a $250 billion commitment from the Obama administration.

This year, China's holdings of U.S. Treasury securities have jumped to $739 billion, up dramatically in less than a year, from $535 billion in June 2008.

China is clearly worried that its massive holdings of U.S. dollars are at risk of devaluation because of the massive deficit financing required by the Obama administration's proposed $3.7 trillion budget, on top of the administration's deficit-financed $787 billion economic stimulus plan and $410 billion omnibus funding bill passed by Congress in the last two months.

China currently holds approximately $2 trillion in foreign exchange reserves, the most any nation has ever held in the history of the world. The reserves have been gained largely by the positive balance of trade China has enjoyed exporting cheap goods to the U.S. since 2000, when President Bill Clinton signed a landmark bill granting permanent normalized trade relations status to China to accommodate the communist nation's entrance into the World Trade Organization.

Re:Obama Policies Will Bankrupt USA Tsarkon Report (0, Offtopic)

Onymous Coward (97719) | more than 5 years ago | (#27337401)

I don't think anyone's falling for your subtle scheme of trying to make conservatives look like rabid nutsos.

Damned liberal sock-puppet-operating conspirators.

Re:Obama Policies Will Bankrupt USA Tsarkon Report (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27337717)

Why on earth would one need a scheme to know conservatives are nutso?

Its been completely obvious for years!

  just wish to say how amusing I find the above poster. The Right wingers are such good losers arent they?

In the light of the way the previous administration used the US constituion as toilet paper, any rational person sees the Obama adminstration as a quality unit.

Right wingers, they kick and scream, make up any lie they can think of and still get ignored, they find this very annoying and then spit their dummies and resort to spam and trolling.

You can post as much of this as you like but no one cares at all about your delusions.

Thanks for the laughs!

Re:Obama Policies Will Bankrupt USA Tsarkon Report (1, Insightful)

Anonymous Coward | more than 5 years ago | (#27337553)

You know we dont read this shit dont you troll?

In other news... (0, Troll)

djupedal (584558) | more than 5 years ago | (#27336839)

> Users are at the mercy of the products they buy

Terminator the movie...1984 - Kyle Reese: "Pain can be controlled - you just disconnect it."

in other movies.. (2, Funny)

vancondo (986849) | more than 5 years ago | (#27336903)

The first rule
next page>
about robot overlords is
next page>
we don't talk about robot overlords
next page>
-- []

Re:in other movies.. (2, Funny)

djupedal (584558) | more than 5 years ago | (#27337097)

we don't talk about robot overlords

Ya, know.... I thought about that. Then I thought...what if they know what I'm thinking?!!

So then, naturally, I didn't think about that. Showed them!

NX and ASLR (1)

sexconker (1179573) | more than 5 years ago | (#27336851)

The NX bit is awesome.

ASLR is effective, but it's generally used as a way to slow down attackers after they've already figured out how to break your broken shit.

Re:NX and ASLR (1)

Ethanol-fueled (1125189) | more than 5 years ago | (#27337229)

I'm suuuuure his time in the NSA had nothing to do with it. It's not like the NSA knows things that the general public aren't allowed to know.

Re:NX and ASLR (5, Insightful)

Sycraft-fu (314770) | more than 5 years ago | (#27337363)

ASLR is just more defense in depth. Real security, physical or virtual, comes from having multiple layers. While it is a nice theory to say "Well just make sure X is secure and nothing will ever get past it," that doesn't work in reality. Shit happens, your border security can fail. Thus real security comes in multiple levels. Not all of them are as critical or as effective as others, but they all help.

ASLR is just another level. If you find a flaw in some software connected to the network, you now have an additional problem in terms of getting code to execute. Is it insurmountable? No, but it is just more shit to get around.

The more levels of security you have, the less likely someone is to break through all of it, especially before you notice they are trying. Have a border firewall, and host based firewalls. Run a virus scanner on every computer. Enable execute disable on systems. Operate as a deprivileged user whenever possible and so on. The more you do, the more things there are to trip up an attacker. Don't say "Well we don't need this because we have this other thing."

I see that most common with firewalls. People will have a network firewall and thus assume that host based firewalls aren't worth the trouble. Well, they are. What if something gets by the network firewall? Just because it isn't supposed to doesn't mean it won't happen. Maybe someone brings in an owned laptop, maybe there's a flaw in the firewall, maybe yo just set it up wrong. Whatever, point is have multiple security layers. Make it so that just because you got by the network firewall, doesn't mean you are in.

So while I certainly wouldn't want to see a company rely on ASLR, as in say "No we don't need to fix that app bug, they can't exploit it since we randomize addresses," I do like it as another layer of defense. Not a magic bullet, but just that much harder to get in.

Re:NX and ASLR (1)

pclminion (145572) | more than 5 years ago | (#27337607)

The NX bit should have always been there, and the fact that it wasn't is incomprehensibly stupid.

Re:NX and ASLR (1)

lurch_mojoff (867210) | more than 5 years ago | (#27339295)

Both NX flag and ASLR are present Leopard. For a number of compatibility reasons they are not implemented as extensively as they are on other systems, but it's disingenuous to say Mac OS X doesn't have them.

If you go look at Jordan Hubbard's From the Server Room to Your Pocket presentation: []
or listen to it: []

you'd realize that Charlie Miller is milking his 15 min of fame for all they are worth with his incendiary comments - basically trolling for publicity.

Re:NX and ASLR (3, Interesting)

VGPowerlord (621254) | more than 5 years ago | (#27337949)

I agree. One time when I was cleaning malware off of a neighbors computer (wasn't my idea, I got volunteered by someone else in my household), the NX bit kept one of those annoying fake antivirus ones from reinstalling itself when I had Procmon kill its process. At least I think it was Procmon.

Anyway, Windows came up with a nice dialog box telling me that execution was blocked, and it didn't appear to be running after a reboot.

so buy nothing (1)

hguorbray (967940) | more than 5 years ago | (#27336857)

at then you will not be at anyone's mercy ...of course you may not be able to do much then..

I'm Just saying'

Re:so buy nothing (1)

MrEricSir (398214) | more than 5 years ago | (#27336975)

Pirating software won't make it any less vulnerable...

Re:so buy nothing (0)

Anonymous Coward | more than 5 years ago | (#27339359)

i didn't mean steal -I meant DON't GET IT -then you won't be vulnerable

I'm just sayin'

Wording (1)

Idiomatick (976696) | more than 5 years ago | (#27336901)

'Users are at the mercy of the products they buy.' So clearly he is a big supporter of FOSS? Then you are at no ones mercy.

Re:Wording (0)

Anonymous Coward | more than 5 years ago | (#27336945)

No, in that situation, you are at the mercy of the products you choose to use. Being OSS doesn't make any difference.

Re:Wording (0, Flamebait)

Brian Gordon (987471) | more than 5 years ago | (#27337411)

The difference it makes is that with OSS more people can sneak in malicious code without jeopardizing their careers. I always avoid unstable releases and especially nightlies.. but for stable releases "somebody" is reading through everything in the source tarball, right?

The kernel is always safe though of course due to extremely high profile.

Re:Wording (0)

Anonymous Coward | more than 5 years ago | (#27337767)

Agreed. The "many eyeballs" are nowhere to be seen.

Re:Wording (1)

Plutonite (999141) | more than 5 years ago | (#27338799)

Or at everyone's mercy ;)

Things like OpenBSD are the best for security not only because they are designed specifically with it in mind, but because the people working on it are of a limited, genuine species. With that said, it is probably better to be at 'everyone's mercy' than to be at the mercy of corporations who only want your money. It doesn't matter that the people inside them may want your admiration and recognition. It matters very little, at least. The corporations are who you deal with in the end. :(

Any feminist grandmothers out there? (0)

Anonymous Coward | more than 5 years ago | (#27336933)

Thought I'd beat you to the punch...

"If you set me down in front of an application I've never seen before and told me I have 2 minutes to hack it, as is often the case in movies, I'd have no more luck than your grandma at accomplishing it. Well, maybe a little more of a chance, but not much!"

I hope you are offended.

Users are at the mercy of the products they buy (4, Interesting)

clarkkent09 (1104833) | more than 5 years ago | (#27336949)

Why can't you sue a software company if you suffer a loss due to poor security in their product?

Re:Users are at the mercy of the products they buy (0)

Anonymous Coward | more than 5 years ago | (#27337021)

Because there's no such thing as perfect security.

Re:Users are at the mercy of the products they buy (2, Insightful)

TheRealMindChild (743925) | more than 5 years ago | (#27337031)

Because you would end up being able to sue almost everyone... ask the same type of question about a car and you will get the same answer "Why can't I sue a car manufacturer for a shitty design?" ... "Because you would end up being able to sue almost anyone"

Re:Users are at the mercy of the products they buy (2, Interesting)

Yarhj (1305397) | more than 5 years ago | (#27337123)

Because you would end up being able to sue almost everyone... ask the same type of question about a car and you will get the same answer

Actually, you CAN sue a car company if their poor design causes you harm - think of the Ford Pinto or any number of automotive recalls.

Re:Users are at the mercy of the products they buy (0)

Anonymous Coward | more than 5 years ago | (#27337517)

Narrator: A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.
Woman on plane: Are there a lot of these kinds of accidents?
Narrator: You wouldn't believe.
Woman on plane: Which car company do you work for?
Narrator: A major one.

Re:Users are at the mercy of the products they buy (2, Funny)

Aphoxema (1088507) | more than 5 years ago | (#27337065)

Because the EULA says so.

*dodges rotten tomatoes*

EULA (1, Informative)

Anonymous Coward | more than 5 years ago | (#27337071)

EULA, ever read it?

"[SomeStupidSoftwareCompany] is not responsible for any damages caused by the use/misuse of this software."

From Mozilla's EULA:



So maybe you can get $500 from Mozilla of something goes wrong?

Re:Users are at the mercy of the products they buy (5, Insightful)

supernova_hq (1014429) | more than 5 years ago | (#27337095)

The same reason you can't sue an alarm company when someone breaks into your house.

If your data is

  • Important: back it up
  • Sensitive: encrypt it
  • Not yours to lose: get insurance (good for companies)

Re:Users are at the mercy of the products they buy (0)

Anonymous Coward | more than 5 years ago | (#27337185)

Ah, but if the alarm fails due to negligence on the installer's part... there have been lawsuits.

Re:Users are at the mercy of the products they buy (1)

maxume (22995) | more than 5 years ago | (#27337139)

Are you really sure you (always) want to pay for high quality software?

Re:Users are at the mercy of the products they buy (4, Insightful)

MrMista_B (891430) | more than 5 years ago | (#27337297)

I illustrate the ridiculousness of your question, I'll rephrase it "Why can't you sue the construction company that built your house if someone vandalizes oor you suffer a loss due to break and enter?"

Re:Users are at the mercy of the products they buy (3, Insightful)

Brian Gordon (987471) | more than 5 years ago | (#27337443)

If they left a gaping hole in your wall..

Re:Users are at the mercy of the products they buy (0, Troll)

Savage-Rabbit (308260) | more than 5 years ago | (#27337331)

Why can't you sue a software company if you suffer a loss due to poor security in their product?


It's because the leadership of the USA realised years ago that if such laws were passed the subsequent class-action lawsuits might bankrupt Microsoft.... they just couldn't go and do that to one of the nation's biggest tech companies, now could they?

Re:Users are at the mercy of the products they buy (0)

Anonymous Coward | more than 5 years ago | (#27337365)

Because it's against the EULA.
Even FOSS does this. Software is not always predictable, and they don't want to be sued because somebody did something and somehow killed their computer.

Re:Users are at the mercy of the products they buy (2, Insightful)

Brian Gordon (987471) | more than 5 years ago | (#27337433)

Because you're not buying the software you have none of the explicit protections of a normal sale. You're licensing it. And read the license: "We don't guarantee this even does anything. It could wipe your hard drive for all you know. WE PROMISE NOTHING"

Re:Users are at the mercy of the products they buy (2, Insightful)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#27337445)

Why can't you sue a software company if you suffer a loss due to poor security in their product?

You can. You are just highly unlikely to win.

Re:Users are at the mercy of the products they buy (4, Insightful)

phantomfive (622387) | more than 5 years ago | (#27337609)

Basically because
  • No one claimed that their software is 100% secure
  • Making secure software is really hard
  • If you do want software that approaches optimal security, it is going to be expensive, not as expensive as making sure it has no bugs, but similar
  • There would be no software companies left, and we try to avoid making laws that wipe out an entire industry.

When someone I'm working with writes a bug or leaves a security hole, I tease them, but the truth is I still have not found a way to write bug-free code myself. You can't really sue someone for not doing something that is impossible.

OK, I admit some companies could do a significantly better job of making things secure. The article gives a couple examples of what Apple could have done to make their code more secure. But if it were possible to sue someone for that, I would be quite worried personally, as a programmer, I don't trust a jury to determine what is a reasonable vulnerability and what is not, so from my point of view it is better to not make insecure software illegal. And in most non-internet code, security isn't really an issue.

Not only that (2, Interesting)

Sycraft-fu (314770) | more than 5 years ago | (#27337897)

But if you want something with guaranteed security or uptime or the like, you aren't going to be allowed to mess with it. That means whatever software/features it comes with, you are stuck with. No installing 3rd party tools and such. The design needs to be verified, which means testing all the components against each other and making sure there are no unexpected problems.

So not only would your computer be more expensive, and use older technology (since it'd take longer to develop and test) but it'd be an appliance type device. It would do only what it was originally designed to do. You'd not be allowed to install things on it, or change the hardware.

If you want computers as they are today, where it's the "wild west" situation of being able to do whatever you want with them, well then you have to take some security problems with that. Just life. Me? I'll deal with having to have some security issues for the ability to run whatever I want, and to get systems cheaply.

Grandma can't run Linux? (0, Insightful)

Anonymous Coward | more than 5 years ago | (#27337001)


Charlie: I'll leave Linux out of the equation since I know my grandma couldn't run it.

Uh, I think you're quite wrong there. I know more than a few Grandmas running Linux. The thing is, they're the ones that usually need the least amount of software. A browser, maybe e-mail if they don't do it in a browser, that's about it. Linux is perfect.

Re:Grandma can't run Linux? (4, Insightful)

supernova_hq (1014429) | more than 5 years ago | (#27337129)

Linux is NOT perfect. Anyone who thinks so is either an idiot or lying. For a lot of people, it is the best and of much better quality and calibre than the alternatives (windows, macOS), but definitely not perfect.

Disclaimer: Proud Ubuntu user since 7.10 and have never even considered moving back to windows.

Re:Grandma can't run Linux? (1)

meeve (923391) | more than 5 years ago | (#27337379)

What AC meant is that Linux is perfect for a particular "Grandma" use case, not perfect in all ways.

Re:Grandma can't run Linux? (3, Insightful)

Idiot with a gun (1081749) | more than 5 years ago | (#27337385)

I think the OP's comment about perfect was within the context of the most basic users. And I'd agree. For the vast majority of "simple" tasks (a very ambiguous statement), the setup/use of Linux (esp. Ubuntu) is exceptionally easy (also subjective).

Within the spheres of some Windows power users, who understand the ins and outs of Windows perfectly, Linux is foreign and useless. But the same could be said about Linux power users and Windows. So that is more of a statement about the difficulty users who are strongly versed in one OS have in switching to another. And that proves nothing in the Linux vs. Windows debate.

As far as security is concerned, I'd probably argue that Linux is more secure, but not completely secure. It's possible to get a Linux box completely screwed up (someone was talking about that here, where they accidentally exposed a Linux box with a very old version of OpenSSL to the web and got it compromised), but the question of which is easier to get more secure, or which will have fewer issues. No software is perfect (please no BSD comments), it's all a game of lesser of two evils.

Re:Grandma can't run Linux? (0)

Anonymous Coward | more than 5 years ago | (#27338129)

You are right, Linux is not perfect.
OpenBSD is :D

But seriously if you get all your data stolen and your bank accounts wiped you should blame your vendor. Even Linux has some more security features than what gets released by distros.

And unlike what Miller states(Because it makes Macs look even worse, and he is a Mac retard). ASLR does a great deal against hackers, NX is important too of course, and other techniques that haven't arrived to "popular" systems. Still, ASLR done right is game over for most.

Even OpenBSD devs will tell you that its best not to have holes in your apps. But the same hole in OpenBSD and Mac isn't even remotely in the same order of exploitability.

All your popular systems compromise your security just to be able to state that they gained 1% performance over the previous version for spawning 65535 threads.

Instead of, well, -30% because we saved you from identity theft.

I use Ubuntu but I wouldn't access my bank account on it.

Re:Grandma can't run Linux? (1)

jeff419 (1112781) | more than 5 years ago | (#27338687)

Switched to Ubuntu from XP right around the time Vista was becoming a popular term, version 5,04 or 5.10 was the first install I ever used.

Compared to my experience with Windows Ubuntu has been way better. Never had a virus or spyware. It has always just worked and that's all I need.

Re:Grandma can't run Linux? (3, Insightful)

Anonymous Coward | more than 5 years ago | (#27337133)

Uh, I think you're quite wrong there. I know more than a few Grandmas running Linux. The thing is, they're the ones that usually need the least amount of software. A browser, maybe e-mail if they don't do it in a browser, that's about it. Linux is perfect.

You can't be serious.

Of those "more than a few" Grandmas you know running Linux, how many bought and set up their own computer? How many Grandmas do you know that enjoy compiling drivers?

I'm not a Mac user myself, but for what it's worth, my own Grandma was able to buy herself a Mac and get it plugged in and running on her own. It's similarly easy with a Windows machine as soon as you figure out where all the plugs go, Windows setup is a breeze.

Sure, they need help figuring out what to do once the thing is running, but that's OS-independent.

Re:Grandma can't run Linux? (0)

Anonymous Coward | more than 5 years ago | (#27337407)

But Grandma doesn't install Windows or OSX either, they just buy the system and the operating system is already there.

My Grandma uses an EeePc. It works fine for her.

Re:Grandma can't run Linux? (0)

Anonymous Coward | more than 5 years ago | (#27337531)

Did you forget the eeepc? Old people love that shit more than their jitterbug []

Re:Grandma can't run Linux? (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#27337835)

Compiling drivers? You're living in the 90's man.

Try a modern Linux distro, seriously, so you don't sound so retarded.

Re:Grandma can't run Linux? (3, Insightful)

Repossessed (1117929) | more than 5 years ago | (#27337927)

Um... how many grandmas do you know who set up their own windows machine? Plugging it in doesn't count, they have to actually install windows.


thought so. Windows is just as much of a PitA as Linux, and the same people who need help setting up one need help setting up the other.

Where Linux fails is the power users, who have learned how to do things beyond email (that someone else set up) in windows, and who have to re learn a sometimes less intuitive way in Linux. (that and peripheral hardware)

Re:Grandma can't run Linux? (1)

briggsl (1475399) | more than 5 years ago | (#27339383)

The point you're missing is, even those "Grandmas" that bought Mac or Windows machine didn't have to set up their system either. There are plenty of PC builders that will preinstall Linux on a machine with drivers etc, so your argument isn't really valid.

Re:Grandma can't run Linux? (1)

Abreu (173023) | more than 5 years ago | (#27337253)

Ah, you must be talking about the mythical "Aunt Tilly"

Please provide some proof of these Grandmas' existence... I would like to see some actual seniors using Linux

...and no, McGrew doesn't count ;), I mean non-techically saavy seniors!

Re:Grandma can't run Linux? (1)

chill (34294) | more than 5 years ago | (#27337351)

Okay, here [] you [] go [] .

Re:Grandma can't run Linux? (1)

ushering05401 (1086795) | more than 5 years ago | (#27338373)

If you really have a thing for ogling old people using FOSS, then check out continuing education programs in your area.

That is a reliable place to find seniors using Linux - as many use the local community center/community college as a place to find new hobbies/friends.

Twenty years ago it was Bingo/Bridge clubs, now all the oldsters are taking ceramics, piano, and 'internet' classes.

Re:Grandma can't run Linux? (1)

VGPowerlord (621254) | more than 5 years ago | (#27338001)

Uh, I think you're quite wrong there. I know more than a few Grandmas running Linux. The thing is, they're the ones that usually need the least amount of software. A browser, maybe e-mail if they don't do it in a browser, that's about it. Linux is perfect.

Only until your mom, aunt, or great aunt gives them a copy of some Popcap (or really any casual) game and it won't run.

Re:Grandma can't run Linux? (3, Funny)

AHuxley (892839) | more than 5 years ago | (#27338137)

If grandma needs to use Linux, she just seduces a 20 something... and gets any task done correctly and for free.
Thats where grandma's decades of real life experience is more useful than a 20 something's decade in moms basement.
Grandma can seduce her way onto any OS or system or network.
Or just have the best looking forum, blog, webpage or social networking page ever.
The best part is she passed the same skills onto her daughter too.

Classic Quote (0)

Anonymous Coward | more than 5 years ago | (#27337039)

I've spent a lot of my research time on Macs because I like them and they also happen to be pretty easy to break!

That is classic

Re:Classic Quote (1)

Doctor_Jest (688315) | more than 5 years ago | (#27338575)

Funny that. Easy to break because the userbase is so trusting? Because last I checked, the "pwnage" he used still required a click. Unlike Windows that can get worms and other fun stuff just by turning on the DSL modem. :)

That's not to say I'm flaming Windows... I'm more flaming Mac users (of which I am one/split between Leopard and Ubuntu) who need to be more concerned about WTF they're clicking, downloading, and giving their sudo pw too. So put your pitchforks away... I am not pleased with the lack of expedience by Apple in fixing flaws like the one used by this guy either. Even if it's not automatic... so I use Opera... then they have unpatched flaws they don't tell anyone about (platform independent I suppose), so what's a guy who can't get Chrome do? BE CAREFUL, that's what. I wouldn't go into a bad neighborhood with my wallet dangling from a string, so why would I surf the web like I'm on Sesame Street? Why would anyone?

pwnd & ownD (4, Insightful)

binarybum (468664) | more than 5 years ago | (#27337045)

Tom's Hardware
  PWNs & OwnZ U
  If you read
  their articles
[To continue reading this comment, click here [] ]

Re:pwnd & ownD (2, Informative)

moderatorrater (1095745) | more than 5 years ago | (#27337163)

It's true. Not only that, but the interviewer ended up with the majority of the words on the screen anyway. I don't know why the interviewer felt the need to talk so much, but I would have much preferred if the questions were shorter and the answers longer.

Re:pwnd & ownD (0)

Anonymous Coward | more than 5 years ago | (#27337255)

Tom's Hardware

  PWNs & OwnZ U

  If you read

  their articles
[To continue reading this comment, click here [] ]

increase your font size. then you get the scroll feel of slashdot

Re:pwnd & ownD (3, Funny)

adavies42 (746183) | more than 5 years ago | (#27337579)

burma shave

all you really need to know (1)

drinkypoo (153816) | more than 5 years ago | (#27337923)

He says: OSX is less secure but there's less malware because there's less users than Windows; You need Vista with SP1 to be dramatically more secure than OSX; Linux has mediocre security but is about to get a bump; His grandma can't use Linux; noscript can keep you safe but he doesn't think it's worth it. I figure the last part is just about job security...

Re:pwnd & ownD (0)

Anonymous Coward | more than 5 years ago | (#27338035)

Yes. It's time click through malware stops being posted to Slashdot.
The interview is pretty uninteresting. We get to know that however math security genius he is, Miller(aka "my grandma") is a retard that cannot use Linux NOR Windows, so he uses only Macs even though he knows they are full of holes.

*hoping someone hacks into his computer and steals all the prize money from his bank accounts*

He was sitting on the winning weakness (5, Insightful)

iminplaya (723125) | more than 5 years ago | (#27337093)

since last year.

A quote from another interview:

"Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away."

Who know what other goodies they have in store. But the browsers and the phones were hardly touched. The contestants are holding out for something better.

Re:He was sitting on the winning weakness (1)

Fluffeh (1273756) | more than 5 years ago | (#27337115)

You got to compare [$10k prize money] Vs [Value of exploit].

It's probably very easy to work out.

Re:He was sitting on the winning weakness (2, Informative)

nicolas.kassis (875270) | more than 5 years ago | (#27337221)

yeah it's a little sad that these guys are hoarding this info for so long just to win a stupid contest. And he only had to use one of these exploits. What else is he's hoarding for next year? Just saying that that might be of interest to someone with time to get his macbook ya know ;p he does carry around to many countries.

Re:He was sitting on the winning weakness (1)

vux984 (928602) | more than 5 years ago | (#27337437)

Just saying that that might be of interest to someone with time to get his macbook ya know ;p he does carry around to many countries.

Just tip off the TSA. They'll confiscate it in a heartbeat.

Then its just a matter of liberating it from the TSA and getting it into the hands of someone who'll know how to read the information on it.

Baby steps...

Re:He was sitting on the winning weakness (3, Interesting)

maxume (22995) | more than 5 years ago | (#27337491)

The software companies could offer worthwhile bounties. Short of that, I can't fault the prizewinners much.

Re:He was sitting on the winning weakness (2, Interesting)

Seraphim_72 (622457) | more than 5 years ago | (#27338595)


Try this then - I have the cure for Cancer (all of it), but I will only take the bounty for each one. How much will you give me for breast cancer? Oh and BTW I set my own price.

This guy is the Pharma of computers.

Re:He was sitting on the winning weakness (1)

J Mack Daddy (774273) | more than 5 years ago | (#27339143)

Now try this... I don't have a cure for cancer (all of it), but I could do if I expend a huge amount of my own time and effort. Since I know that as soon as all my time and effort is put in, I will receive zero compensation (apart from bragging rights, which I can't eat), I decide not to bother. Net result, 'Pharma' doesn't exist. Yeah, good plan!

Re:He was sitting on the winning weakness (1)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#27337519)

yeah it's a little sad that these guys are hoarding this info for so long just to win a stupid contest. And he only had to use one of these exploits. What else is he's hoarding for next year?

Which is why software vendors should have standing bounties for useful exploits or, at very least, make a point of hiring these people to do pen testing on their software.

Re:He was sitting on the winning weakness (1)

Brian Gordon (987471) | more than 5 years ago | (#27337633)

It's not like if he spills it all then the platform will be secure.. there are a million vulnerabilities and he's not doing anything wrong by keeping a few up his sleeve.

Re:He was sitting on the winning weakness (1)

iminplaya (723125) | more than 5 years ago | (#27337753)

It's the same as refusing to throw a life preserver to a drowning man until he throws you his wallet. But in the context of the free market, you are right. He is doing nothing wrong.

Re:He was sitting on the winning weakness (4, Interesting)

zonker (1158) | more than 5 years ago | (#27338985)

I've been in a lengthy argument about this guy on the Ars Technica forums. I ended up emailing Bruce Schneier [] about this and asked his thoughts.

Here was my email to him:

Hi Bruce,

I've been following the Pwn2Own contest for the last couple of years.
Last year a researcher from ISE ( [] )
named Charlie Miller used an exploit in a Perl library included in
WebKit, the base code for Apple's Safari browser and won a cash price
for his effort. In the press it was claimed he "hacked Safari in mere
seconds". In truth it took a lot more time than that to devise the
exploit and only seconds to execute it.

This year he did it again with another preplanned exploit which he
says he discovered while researching last years bug. Again he won a
cash prize of $10,000.

In an interview with ZDNet he said: "I never give up free bugs. I have
a new campaign. It's called NO MORE FREE BUGS. Vulnerabilities have a
market value so it makes no sense to work hard to find a bug, write an
exploit and then give it away," Miller told ZDNet. "Apple pays people
to do the same job so we know there's value to this work."

I have a major problem with his philosophy and feel this is a
dangerous precedent to set and a bastardization of the goals of
security in the fist place. I feel he has an obligation to inform
Apple and not dangle a dollar amount for the how-to.

Sure he should be paid for his time and effort which is why he works
at a security firm. This contest is basically bonus money and about
bragging rights. Sitting on a bug puts the safety of other users at
risk. But he is basically demanding bribe money for bugs. Who is to
say he wouldn't give up his research to the highest bidder? I'm sure
there are blackhat groups like those in Russia and China that would
pay handsomely for some juicy exploits like this.

Yes there is a long history of security firms hiring hackers and there
have been many questions of whether that is a good idea. But security
firms should take notice of this philosophy and not employee those who
engage in this kind of behavior. It's bad form for his employer and
makes the security industry as a whole look bad by proxy. Would you
hire a security company that employees hackers who blackmail for bugs
to work on your systems? If we hired his firm while I was working IT
at a large New York bank I would advised my boss to make sure he's not
on our project (and perhaps hire an entirely different firm altogether).

I've been in a discussion with other users about this. There seems to
be a split in viewpoint, one side saying he should let Apple and the
WebKit developers know about this exploit for the betterment of
everyone (for free). The other side feels this is purely about
capitalism and he has no moral or ethical obligation to tell anyone.

Some have likened it to seeing a crack in a bridge that might fail.
Are you obligated to inform someone of the problem? What if Dan
Kaminsky demanded $1 million to divulge details on the DNS BIND problem?

What are your feelings on this?


Here's the discussion I've been following: [] []

Bruce wrote me back today with his response:

There's a fine line between being paid for your efforts and extortion. This seems to cross it.

What's this all about "PC/Mac/Linux"? (1)

Zapotek (1032314) | more than 5 years ago | (#27337481)

PC meaning what? Windows?
And... Mac meaning OS X?
And... Linux meaning a Linux distro?
Whenever I hear someone referring to systems like that I get in a mood to tell them off.
Last time I checked PC meant Personal Computer. Are OS X and Linux only running on Cray mainframes nowadays?
He's a security expert and I've also heard my CS professors talk like that..I mean, shouldn't they at least refer to systems properly?

Sorry for the rant, I couldn't help myself...

Re:What's this all about "PC/Mac/Linux"? (1)

pclminion (145572) | more than 5 years ago | (#27337625)

PC has not meant "personal computer" for a long, long time. If every "personal computer" is a PC, then your iPhone is a PC. Your freaking wristwatch is a PC. I think we can all agree that this usage is dead. "PC" means an Intel architecture computer capable of running Windows. It stands for nothing. Let's call it an "obsolete-cronym"

Re:What's this all about "PC/Mac/Linux"? (2, Insightful)

somebody1 (1068052) | more than 5 years ago | (#27338091)

"PC" means an Intel architecture computer capable of running Windows.

Well, current Macs are Intel architecture computers and they are capable of running Windows.

Re:What's this all about "PC/Mac/Linux"? (1)

ushering05401 (1086795) | more than 5 years ago | (#27338397)

What are you talking about?

PC and PC-Clone originally meant IBM, not MS.

Go to wikipedia and type in IBM PC.

Before that it was all micro/mini naming conventions.

Re:What's this all about "PC/Mac/Linux"? (1)

Starker_Kull (896770) | more than 5 years ago | (#27338549)

Let's call it an "obsolete-cronym"

Hmmm... we can do better at coining a new word.

Let's start with an anachronism:

anachronism |É(TM)ËnakrÉ(TM)ËOEnizÉ(TM)m| noun a thing belonging or appropriate to a period other than that in which it exists, esp. a thing that is conspicuously old-fashioned.

Now, let's combine that with an acronym:

anachronism + acronym = anachronym! Sounds better...

Re:What's this all about "PC/Mac/Linux"? (1)

99BottlesOfBeerInMyF (813746) | more than 5 years ago | (#27337719)

Whenever I hear someone referring to systems like that I get in a mood to tell them off. Last time I checked PC meant Personal Computer.

Actually, as I recall the term was originally, "IBM compatible personal computer". Thus, the term excluded Macs. It was shortened to "PC" after the meaning was established.

Re:What's this all about "PC/Mac/Linux"? (1)

chthon (580889) | more than 5 years ago | (#27339111)

Yeah, Apple only builds home computers.

I think the best quote was... (5, Interesting)

vux984 (928602) | more than 5 years ago | (#27337523)

Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there.

That pretty much been my take on the situation as well. Vista SP1 really is one of the most secure OSes I've used.

They glossed over Linux on this question, but I suspect Vista SP1 is probably more secure than linux too 'out of the box'... but again less safe in actual practice. Again simply due to the sheer relative volume of malware and the relative high value of windows exploits to linux ones.

(Although Linux at least does have 'SE Linux', AppArmor, Exec Shield, support for ASLR, etc, etc so its more a case that its just not on by default yet. (Ironically a complaint usually levelled at Windows).

And while improvements are added with each kernel release, too Linux admins refuse to install them because would reset their belowed uptime scores which they feel the need to post to /. on a regular basis...

I kid... I kid...

Re:I think the best quote was... (0, Flamebait)

VGPowerlord (621254) | more than 5 years ago | (#27338105)

They glossed over Linux on this question, but I suspect Vista SP1 is probably more secure than linux too 'out of the box'... but again less safe in actual practice. Again simply due to the sheer relative volume of malware and the relative high value of windows exploits to linux ones.

And the sheer amount of users who are trained to click OK at every dialog.

Which is half of the reason why UAC is, on the whole, a failure.

(The other half being that certain actions have too multiple prompts)

Re:I think the best quote was... (1)

vux984 (928602) | more than 5 years ago | (#27339233)

I don't really think it was flamebait.

And the sheer amount of users who are trained to click OK at every dialog.

This is legitimate. Its not a windows 'flaw' though.
Its what comes of being the system used by the majority of the least technical people. If the other oses gain siginifant marketshare, the people there will 'ok' away warning or prompt that's between them and their 'free cookie'.

Linux users are for the most part more savvy... for now.

Which is half of the reason why UAC is, on the whole, a failure.

UAC isn't a failure. Expecting UAC to fix unsophisticated users from themselves is unrealistic. Either you let the user have final say, or you don't. It would have been far worse if Microsoft had final say on what runs. That's the TPM/DRM worst case scenario that we REALLY don't want.

But what UAC does is let sophisticated users use Windows safely, and it works well at that. Very nearly as good as Linux in my opinion, especially given how much backwards compatibility with insecure applications that expect admin access it has to provide some sort of accomodation for.

(The other half being that certain actions have too multiple prompts)

See above. Particularly the part about 'backwards compatibility'. Linux doesn't have this problem. There aren't 2 billion programs from two to twenty years ago that linux users expect to use that all were written assuming they had root access. This is exactly the situation on Windows.

Re:I think the best quote was... (1)

ion.simon.c (1183967) | more than 5 years ago | (#27338415)

It seems that ASLR of some form or another has been enabled by default in Linux since 2.6.12. [0] Also, IUC compiling code with gcc's -PIE flag helps.

I have a PaX + grsecurity enabled server at home. It'd be *really* nice if the gdb folks could make debugging a possibility under that configuration. Not having stack traces or being able to set breakpoints [1] is a bitch! :)

[0] []
[1] Not being able to set breakpoints is probably something that I can fix with a little Googling.

Re:I think the best quote was... (1)

ion.simon.c (1183967) | more than 5 years ago | (#27338417)

Er, make that -fPIE. Proofreading FTL.

How can you not love this guy? (4, Funny)

mindstormpt (728974) | more than 5 years ago | (#27337603)

I've spent a lot of my research time on Macs because I like them and they also happen to be pretty easy to break!

Every time you quote this, somewhere in the world a mac zealot's head explodes. I just did my part :P

Re:How can you not love this guy? (1)

ciaohound (118419) | more than 5 years ago | (#27337743)

Surely he meant that the mac is easy to break if you DROP it or knock it off your desk. That's what went through my head. That has to be it... Whew... Getting warm in here... ahhhh... pressure... aghhhh! (pfffft!) []

Re:How can you not love this guy? (4, Informative)

Concerned Onlooker (473481) | more than 5 years ago | (#27338731)

I'm beginning to think this "Mac zealot" business is a figment of overly sensitive Windows users imaginations. I work at a place where around 40-50% of the employees choose to use a Mac. The only derisive comments I EVER hear are little snipes aimed at Macs by the Windows crowd. "The page isn't loading? Is it because you're using a Mac?" "You just can't get any work done on a Mac." And yet the Windows crowd loves to complain about Microsoft. I think Microsoft owes their success to the Stockholm syndrome.

ASLR? (5, Funny)

tux0r (604835) | more than 5 years ago | (#27337831)

... 24/M/Australia/Jedi?

Re:ASLR? (1)

rhenley (1194451) | more than 5 years ago | (#27338315)

Man, I NEVER have mod points when I need'em.

Google has connected all the dots... (0)

AHuxley (892839) | more than 5 years ago | (#27337843)

A former NSA person is pushing a google browser as safe?
A US company could have your long term search history, your location away from the computer via your mobile phone OS and the application you surf the web with.
Running Mac, Win or Linux is just a matter of lifestyle.
Thats a lot of tracking options for everyday people.

On the Payroll Much? (0, Flamebait)

Techman83 (949264) | more than 5 years ago | (#27338465)

Charlie: I'll leave Linux out of the equation since I know my grandma couldn't run it. Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there. For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.

Pity that question wasn't earlier, I wouldn't of had to waste my time reading TFA. Nothing he said was particularly surprising and most of it had a fairly obvious bias.

Re:On the Payroll Much? (1)

Techman83 (949264) | more than 5 years ago | (#27339179)

Possibly the Subject is flame bait, but in fairness those that modded this flame bait, have they read the article?

I wonder if you can mod articles flame bait, as going by moderation of my comment it certainly qualifies

Re:On the Payroll Much? (0)

Anonymous Coward | more than 5 years ago | (#27339361)

No reason to offer fairness to the mod. A Microsoft type just spent all of their points on this discussion. You [] weren't [] alone [] .

My take on the story is the same. Dismissing noscript was particularly stupid.

I've got a message for the mod, too: Can you really believe that the ability to exploit a webkit vulnerability makes this guy automatically right about any security question about an OS generally? It does not follow.

The first rule of project GNU/Linux (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#27338773)

is you don't talk about it! The second rule of...

Of course these people won't discuss GNU/Linux, because it's different. It's just as secure as YOU like it do be, would drive these guys right out of business if people started using it. So they keep doing their silly mac versus pc things...

Grandmas (1)

shem (83687) | more than 5 years ago | (#27339137)

My mother is 80 and uses Ubuntu. My grandma, on the other hand, is dead and has big difficulties using MS-DOS, let alone Linux.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?