Forgot your password?
typodupeerror
Security Software Apple Your Rights Online

Ex-NSA Analyst To Be Global Security Head At Apple 145

Posted by Soulskill
from the keeping-the-worms-out dept.
AHuxley writes "Cnet.com reports that Apple has tapped security expert and author David Rice to be its director of global security. Rice is a 1994 graduate of the US Naval Academy and has a master's degree in Information Warfare and Systems Engineering from the Naval Postgraduate School. He served as a Global Network Vulnerability analyst (Forbes used cryptographer) for the National Security Agency and as a Special Duty Cryptologic officer for the Navy. He is executive director of the Monterey Group, a cybersecurity consulting firm. He's also on the faculty of IANS, an information security research company and works with the US Cyber Consequences Unit. In a 2008 interview with Forbes, 'A Tax On Buggy Software,' Rice talks of a 'tax on software based on the number and severity of its security bugs. Even if that means passing those costs to consumers. ... Back in the '70s, the US had a huge problem with sulfur dioxide emissions. Now we tax those emissions, and coal power plants have responded by using better filters. Software vulnerabilities, like pollution, are inevitable — producing perfect software is impossible. So instead of saying all software must be secure, we tax insecurity and allow the market to determine the price it's willing to pay for vulnerability in software. Those who are the worst "emitters" of vulnerabilities end up paying the most, and it creates an economic incentive to manufacture more secure software.'"
This discussion has been archived. No new comments can be posted.

Ex-NSA Analyst To Be Global Security Head At Apple

Comments Filter:
  • As private industry becomes the next government, more overtly as time goes on..

    • As private industry becomes the next government, more overtly as time goes on..

      A little offtopiic here:

      Isn't it weird how intelligent and skeptical people see it as "corporate takeover", and ignorant people believe corporations telling them that its a 'socialist takeover'.

      From the looks of the lobbies and actual authors of bills, its hard to believe the latter -- but I suppose you'd believe anything if you don't question it.

      • by vbraga (228124)

        Is there any difference between a corporate takeover of the government and a government takeover of enterprises? The end result is the same.

        • Re:Makes sense (Score:5, Insightful)

          by artor3 (1344997) on Monday January 24, 2011 @08:56PM (#34989104)

          Sure there's a difference. One exists, the other is a bogeyman intended to scare the uneducated into voting against their interests.

          • by Dunbal (464142) *

            Yes because "voting" really is how you change things.

            • by Nadaka (224565)

              Not when the only choice is between overlapping but not quite identical set of corporate interests D and overlapping but not quite identical set of corporate interests R.

            • by tehcyder (746570)

              Yes because "voting" really is how you change things.

              It's not as much fun as talking about guns and blowing shit up, but, yes, it is how you change things.

          • Hitler, Mussolini, Stalin, Mao, even Saddam Hussein and Pol Pot were elected at first.

            The tyranny of the masses known as democracy (implemented in the electoral college in the 'States and known by other names in other hegemonies,) is no insurance against stupidity.

            Look at how long people thought the earth was flat and the sun went around the earth instead of the other way around.

            • by Guy Harris (3803)

              ... Stalin, Mao, even Saddam Hussein and Pol Pot were elected at first.

              [citation needed] Were any of those elected in a free election by the general electorate (as opposed to a "one candidate only" election, or a "funny, 99 44/100% of the people voted for them, I guess they're popular" election, or a choice by the leadership of the ruling party)? (I'll let you have Hitler and Mussolini for that one, but even those might be subject to review.)

        • I shouldn't consider it as a "takeover" by either. They are a team. One is muscle for the other.

      • by Suki I (1546431)

        As private industry becomes the next government, more overtly as time goes on..

        A little offtopiic here:

        Isn't it weird how intelligent and skeptical people see it as "corporate takeover", and ignorant people believe corporations telling them that its a 'socialist takeover'.

        From the looks of the lobbies and actual authors of bills, its hard to believe the latter -- but I suppose you'd believe anything if you don't question it.

        The really basic individual rights issue is: What is so damn bad about someone wanting to leave a government job for a non government job?

        • Can you please reword or elaborate? I don't quite understand what you mean.

          • Re: (Score:2, Insightful)

            by Suki I (1546431)

            Can you please reword or elaborate? I don't quite understand what you mean.

            You must be kidding. I even quoted both the person you responded to and you also.

            The NASA guy going to Apple is nothing more than some person getting a job he thinks is better, the same way I would do, maybe you too. Nobody should be denied the right to do that.

            • I"m not kidding.

              Thanks for being less vague this time around.

            • by Divebus (860563)

              Um... not NASA... it's NSA which is the National Security Agency [nsa.gov].

              • by Suki I (1546431)

                Either way, no big deal. Moving to a new job that you want better should not be an impediment to what you want to do.

                • Regulatory capture is already a major problem in the agriculture, chemical, and energy, amongst many other industries. We don't need any more of it here.

        • by hairyfeet (841228)

          If that is all that it is, I see no problem in it. When I DO see a problem with it is when industry insiders use jobs as rewards for getting what they want out of government. Too many in government get cushy private sector jobs for themselves and even members of their families as a payoff for playing ball and THAT I do have a problem with.

          And where will this guy's loyalty lie? Will it lie with Google and their customers? Or when one of his old spook buddies waltzes in and says "hey old buddy, we are needin

          • by Pseudonym Authority (1591027) <SammyKake@@@gmail...com> on Monday January 24, 2011 @11:45PM (#34990334)

            And where will this guy's loyalty lie? Will it lie with Google and their customers?

            If it does, Apple is going to look really stupid for hiring this guy.

          • by Suki I (1546431)

            If that is all that it is, I see no problem in it. When I DO see a problem with it is when industry insiders use jobs as rewards for getting what they want out of government. Too many in government get cushy private sector jobs for themselves and even members of their families as a payoff for playing ball and THAT I do have a problem with.

            And where will this guy's loyalty lie? Will it lie with Google and their customers? Or when one of his old spook buddies waltzes in and says "hey old buddy, we are needing some info on the quiet side. Can you help us out?" will he just walk outside for a long lunch break while his "friend" has access to his computer?

            And the whole "taxing insecurity" is about the dumbest idea I've ever heard of! Talk about an easy way to take out your competitors, just pay a team of hackers to find bugs and voila! They are buried under so many taxes they go out of business! I mean who do you think could afford 20 million in fines more, a company like MSFT or Oracle, or your average Linux distro? Seems like a great way to take out the smaller weaker corps to me, just keep getting them hit with fines and then buy them out for cheap when they can't fight back anymore. If people want more security then they can buy it, it is JUST that simple.

            Sounds like most of that is something for the employer to evaluate. In the US labor market the employers may demand zombies all they like but there is no guarantee that they get them.

          • by geekoid (135745)

            It's not a dumb idea, it is impractical. And he has a point. Create a force that allows the market to respond in a manner that has them design and properly test security into software.

            Better would be to have an agency that rates software.
            They get to look at the code. EVEN if it was rated for federal internal reasons only, we would still have a good stick to measure by, and corporations that want their software on Federal systems will have to raise the bar.

      • by Graff (532189)

        Isn't it weird how intelligent and skeptical people see it as "corporate takeover", and ignorant people believe corporations telling them that its a 'socialist takeover'.

        There's also plenty of ignorant people seeing it as a 'socialist takeover' and intelligent people seeing it as a 'corporate takeover'. Ignorance and intelligence are on both sides of the issue because it's a complex issue. In fact you can even have both takeovers at the same time, they don't need to be mutually exclusive.

        I personally think that the best take on it is to protect the ability of people to think for themselves and decide their own fates. If they want to band together into collectives then let t

        • by Graff (532189)

          There's also plenty of ignorant people seeing it as a 'socialist takeover' and intelligent people seeing it as a 'corporate takeover'. Ignorance and intelligence are on both sides of the issue because it's a complex issue. In fact you can even have both takeovers at the same time, they don't need to be mutually exclusive.

          Blergh messed that one up, I meant to flip socialist and corporate in my first paragraph to contrast the grandparent's statement. My main point is that both sides have their bright and dim people, to say that only one view is the view of intelligent people is to commit a type of ad hominum attack on the issues.

          Although I'm sure it would be abused there's some times that I wish Slashdot had an edit post feature!

          • An "edit until someone replies or mods it" feature would be useful and hard to abuse.

            • by N3Roaster (888781)

              I'm sure that's on the roadmap, right after proper Unicode support.

            • by Graff (532189)

              Yeah, or an edit which has a diff-like [wikipedia.org] functionality so you can see what was done in the edit. There has to be some reasonable solution that would let you correct stupid mistakes without being too revisionist.

              Ahh well, someday Slashdot will catch up with modern technology! lol...

              • by coolmadsi (823103)

                There has to be some reasonable solution that would let you correct stupid mistakes without being too revisionist.

                You mean like previewing a comment before submitting it? Case in point, I seemed to have messed up the end quote tag in this comment, noticed it in the preview, so went back to correct before actually submitting (which I will do so now so long as I don't see any other errors)

                • by Graff (532189)

                  You mean like previewing a comment before submitting it?

                  Yeah, if you read further I already replied to someone about this. I always do preview but sometimes things still slip through. Mistakes happen, it's be nice to have a better system for handling mistakes that slip through.

                  Preview works great for stuff like missed html tags and other stuff that jumps out at you. It doesn't work as well for subtle mistakes you make because a lot of times your mind replaces the version you have on the page with the version that's in your head. That's why mistakes like a double

          • by tehcyder (746570)
            Or you could just re-read your post before submitting it.
            • by Graff (532189)

              Or you could just re-read your post before submitting it.

              Did that, still missed it. Totally my fault, sure, but it's a common enough thing here that there probably should be some kind of edit feature. The bandaid of replying to your own post to correct it just isn't a great solution.

      • Corporations depend on the great unwashed mass of people out there not being able to tell the difference.

        Lenin and Mao were trying to be communists (an extreme form of socialism,) where resources are owned and controlled by the state. They ended up being murderous tyrants.

        Hitler, Mussolini and Hirohito were fascist, where resources are owned by an oligarchy and controlled by the state. (Actually that is MUCH more wide spread than that. Look at what has been happening to the economy of the United States sinc

  • Windows users (Score:4, Insightful)

    by ronmon (95471) on Monday January 24, 2011 @08:30PM (#34988914)
    pay a crapload and Linux users pay nothing. Sounds like the tax is already in place. Maybe the money is just going to the wrong people.
    • pay a crapload and Linux users pay nothing. Sounds like the tax is already in place. Maybe the money is just going to the wrong people.

      The pro-audio version of this goes like this:

      Digidesign users pay the most and get the most bugs

      Cubase/Logic/Live users pay less, and have far less bugs.

      ----I bet you can guess which company used every dirty business tactic in the last 20 years to establish as a studio 'norm'.... (if you're bad at guessing its DIGIDESIGN and their always crashing ProTools software)

    • by jjb3rd (1138577)

      pay a crapload and Linux users pay nothing. Sounds like the tax is already in place. Maybe the money is just going to the wrong people.

      You are so dumb, you are really dumb.

      Clearly none of this matters because Linux is free. The community finds all the bugs and satisfies all of the user's every need. It is, therefore, installed on all computers, the world over, and security would no longer be an issue were it not prevalence of the password, "password".

      Paying extra for security is basically akin to insurance. If you're paying extra for insurance, you typically have a certain level of responsibility, but when you get screwed by that which i

    • I figure every hole that is found should cost $1/day its left unpatched ... * # of users.

      Given the fact that security has NEVER been a priority of MS, they could/should/would be bankrupt in a week.

      The money would go to a regulatory authority who are paid by the number of vulns they find. (Ain't I a stinker... :-)

      • Given the fact that security has NEVER been a priority of MS, they could/should/would be bankrupt in a week.

        Well, they'd at least have to stop selling Windows 98.

        Oh wait! They already have!

    • by gl4ss (559668)

      well, none of the linux distributions would run my old binaries from 1995..

      but this guy sounds like an idiot, he says that sw can't be perfect(it can, if you decide what perfect means) and then that it should be taxed, so everyone writing software would be taxed in advance by a random amount.

      no wonder he's going to work at apple! just up that developer fee to couple of kilo dollars and call it bug tax.

      • but this guy sounds like an idiot, he says that sw can't be perfect(it can, if you decide what perfect means) and then that it should be taxed, so everyone writing software would be taxed in advance by a random amount.

        "Rice's controversial solution? Create a tax on software based on the number and severity of its security bugs" - who sounds like an idiot again?

  • That'll bankrupt companies like Microsoft, won't it?

    • by Suki I (1546431)

      I think he was the guy keeping the stealth secrets [slashdot.org], don't worry so much.

      • by fredmosby (545378)
        According to your link the Chinese got that technology by reverse engineering a plane that had been shot down. What does that have to do with computer security?
        • by Suki I (1546431)

          According to your link the Chinese got that technology by reverse engineering a plane that had been shot down. What does that have to do with computer security?

          That is what the link said. Look at what I said.

          • by fredmosby (545378)
            I'm not sure what you're trying to say. The post you replied to said that taxing companies based on security holes would bankrupt Microsoft. Your reply said you thought the guy Apple hired had something to do with stealth plane secrets. I don't see how those two statements are related.
  • Oh Great (Score:4, Funny)

    by SilverHatHacker (1381259) on Monday January 24, 2011 @08:37PM (#34988970)
    We'll never jailbreak the iPhone 5. It'll either have government-grade digital locks, or it'll be accompanied by guys in black suits who "don't really exist".
  • Microsoft has deep pockets, and can hire Lobbyists by the score! This is never getting through either the Congress or the Senate. Microsoft has too much to lose if this was law, they'd have to start over from scratch and toss out all their legacy code!
    • by artor3 (1344997)

      Considering it's supported by someone who was never a politician and is no longer even working for the government, I'd say it's not going to even see Congress any time soon.

    • It doesn't have to be restricted to the US. If other nations start applying it and getting visible, palpable results, it'll get adopted by others (even the US) faster.
  • Good for Apple (Score:5, Insightful)

    by StuartHankins (1020819) on Monday January 24, 2011 @08:55PM (#34989100)
    It's a good thing, it signals they take security seriously. He seems to have impressive credentials. When you've got a target as large as Apple you need to be smart about security.
    • by MattskEE (925706)

      When you've got a target as large as Apple you need to be smart about security.

      Or you need to be William Tell.

  • by noidentity (188756) on Monday January 24, 2011 @08:56PM (#34989106)

    From the article:

    But consumers prefer secure software to insecure software. Isn't that preference enough to create an incentive for companies to focus on security?

    Wouldn't that be great? The problem is that right now people can't figure out whether software is secure. They buy software based on what's asserted and take companies at their face values.

    If you look at the five-star rating on automobiles, you don't have to be an expert to make a decision about safety. You can appraise the risk you're purchasing based on that rating. Today almost all the cars on the road are four or five star rated: The market has chosen more safe cars because the safety rating is visible.

    OK, so have a private certification company so you can see their rating on the product. Why is a tax needed? The example he cites, of automobiles, gives the buyer the choice of how safe the vehicle must be.

    How would you measure software vulnerability?

    The types of attacks we've seen over the past four years haven't changed. [The U.S. Department of Homeland Security] keeps a repository of attack patterns. So just as we run cars in various crash tests to see how they respond, we can run these attack patterns on software, judge how it performs and give it a security rating.

    If determining software vulnerability were as simple as running some automated tests, it wouldn't be a problem in the first place. In his example of testing vehicles, it would be like having to protect them against a near-infinite variety of crash situations. How can you automate this, so as to give a simple rating?

    A tax on insecure software would be passed on to the consumer in higher prices. Is that really the goal?

    There's a notion in economics of private cost and the social cost of behavior. The results of insecure software--cybercrime and cyber-espionage--are largely social costs, not paid by the individual who's responsible for the behavior.

    Vulnerabilities lead a consumer's computer to be hijacked by malicious software that allows the attacker to do practically anything with it. Sometimes the attacker targets the infected machines, like the attacks on the Pentagon last year. But often the machine is used to send out more spam, more phishing attacks, or it becomes one of the hundreds of thousands of machines that are used in "denial of service attacks" like the ones that shut down Estonia's Web last year. Those social costs are very heavy.

    If a tax raised the private cost of cybercrime, people would get educated very quickly. When insecure software starts costing more, people will adjust their behavior.

    OK, so let's say all software is secure. That doesn't stop people from combining it in ways that leads to insecurities, or even configuring a single piece so that it's insecure. How will this tax help that?

    Here he talks of negative externalities and making those responsible pay, so that they educate themselves and avoid creating them. Sounds good, so why not do that? That doesn't involve taxation, it involves making those with vulnerable systems pay. That's the way to make the market respond.

    For example, a home user's machine is infected and is now part of a botnet? Charge a fine. He'll quickly clean up his machine, switch/secure his OS, or find an ISP that will detect such a thing and automatically cut his internet connection until he cleans his machine up. Or a business leaks customer information. Fine it. That will encourage it to do what's necessary to secure the data. This way the need for security moves up the chain, from user to supplier, with whatever things are necessary to give it. Leave taxation out of it.

    • by lennier (44736)

      OK, so let's say all software is secure. That doesn't stop people from combining it in ways that leads to insecurities, or even configuring a single piece so that it's insecure.

      Doesn't it?

      It depends, I suppose, on what you mean by 'secure'. If you adopt a very wide view, like 'not making available any information in posession of the user which someone else would not want made available' - like, say, uploading and tagging a photo of a friend on Facebook at a party they would rather their boss/girlfriend not know they had attended - then yes, achieving perfect 'security' in a world of perfect knowledge is probably theoretically impossible, much like DRM.

      However, if you define securi

  • It's not a bug... It's a feature!
  • by Anonymous Coward

    Remember, people who worked for the government should be barred from working anywhere else for LIFE!

  • by SethJohnson (112166) on Monday January 24, 2011 @09:31PM (#34989436) Homepage Journal
    Do these guys actually leave the NSA? Why aren't there quotation marks around the 'EX' part of his title? Sounds to me like a good way for no-such-agency to get a mole in a powerful position to install backdoors in a popular line of consumer communication devices. At a minimum, they could get a direct hotline listing of every vulnerability as soon as Apple is alerted to them, but before patches are released.

    Seth
    • by russotto (537200)

      Do these guys actually leave the NSA? Why aren't there quotation marks around the 'EX' part of his title? Sounds to me like a good way for no-such-agency to get a mole in a powerful position to install backdoors in a popular line of consumer communication devices. At a minimum, they could get a direct hotline listing of every vulnerability as soon as Apple is alerted to them, but before patches are released.

      If NSA wanted to get a mole in place, his official background would not include the NSA.

      • by bughunter (10093)

        Correct, and if they wanted effective moles, they'd put them in at the middle-management level where the detail decisions get made, not at the Executive level where -even at Apple- they are too far removed from the code and too visible to be effective saboteurs.

    • by Anonymous Coward on Monday January 24, 2011 @10:31PM (#34989896)

      Yes...we do. No, I'm not talking smack. Used to work there (network warfare shop). When you're done, you leave. You carry with you your "Lifetime Obligations" and some hella good memories, but there are no strings attached save for a couple (they can interview/poly you at any time, they have to review your resume any time you modify it, etc.). You watch too many movies.

      • by DCFusor (1763438) on Monday January 24, 2011 @11:11PM (#34990146) Homepage
        I left too, and the above AC is telling it straight. No big deal. Hard to get permission to visit some adversary countries for a few years if you knew a lot of secrets, otherwise, they pretty much ignore you after that. They once called me a few years after I'd left to help them with something in my specialty, that was it.

        The trouble with conspiracy theories around government agencies is that, well, they are government agencies. Not all that good at what they do, with some small exceptions, and mostly terrible about keeping things secret after they do them. Some secrets last years, but most of them are too boring to actually talk about, and are mostly "policy" which means, some incompetent fool classified something to cover his lousy (or unethical) job performance. We're not working with supermen or angels anymore than any other part of society there.

        There's already a tax on buggy software, it's just paid by the wrong side of the equation, the user. Bruce Schneier has a ton of stuff on the issue, and as long as the makers aren't paying the price, it'll never happen. http://www.schneier.com/ [schneier.com]

        The thing is, at the point of perfect security, no system is usable -- there is always a trade-off of some kind. This sounds so hard to adjudicate, I kind of doubt it will ever happen -- and at least one software outfit that has the most issues also has enough lobbyists to keep things the way they want them -- the billions of lost dollars yearly due to their bugs will still be with the users, not them.

        As long as people can pass off the costs of insecurity, there will be little to no progress in the field. Anyone remember the British banks claiming in court they were liable for hacked chips and pins because they were "perfect" so the customer must have made a mistake? As long as that sort of crap flies, why should they invest in security? Good security is hard.

        • by lennier (44736)

          We're not working with supermen or angels anymore than any other part of society there

          But... but... you guys are the NSA! You have a crashed alien spaceship on every desk, a 100 terabit cranial jack just for the office World of Starcraft guild, and spend every waking moment clustered around huge 3D wall screens hacking all the Gibsons on the Interplanetary Interweb, simultaneously!

          Don't you? Hollywood, surely you haven't put me wrong!

        • by Pastis (145655)
          > There's already a tax on buggy software, it's
          > just paid by the wrong side of the equation, the
          > user.

          I don't think software is paid by the wrong side of the equation.

          Software being insecure is most often insecure when used in ways not intended by their creators.
          Security is most often a property of the software, often ranked well below real functionality.

          e.g. You don t buy Outlook because it protects you from viruses, you buy it to read your mail.

          <bad_analogy>
          You don t put windows on your h
        • I can't help but point out the paradox of believing the statements of ex-NSA guys regarding the NSA. Granted, you are more informed than any of us, but you're also not exactly impartial.

          It's Catch 22, I'm afraid.
        • by geekoid (135745)

          Actually, almost all government agency are very good at what they do, with few exceptions.

          Something thats be shown over and over again.
          The problem is key hole perceptions.

          People look into a room(agency) through a key hole, they will see a lot of things that don't make sense. When you open the door and look at what is actually going on, it turns out the perception wrong.

          Another issue is that in a government job you can do what you like and be good at it and not worry about being pushed out because you don't

      • by mozumder (178398)

        Definitely hella good memories..

      • by MoeDumb (1108389)
        NSA relies on polygraphs?
    • Sounds to me like a good way for no-such-agency to get a mole in a powerful position to install backdoors in a popular line of consumer communication devices.

      I don't think this exec. is going to be allowed to check in code to the main repository without anyone reviewing it.

      So if your theory is correct, that the NSA wants back doors in iphones, they will need Apple mgmt to go along.

      And if Apple mgmt goes along with that (who knows), then what would the NSA need this mole for?

      What I'm saying is, your theory doesn't really pass Occam's razor.

    • Except "anti government" types (many exist), most of security professionals will happily serve their country or the globe, it can be NSA or Interpol or FBI. Of course, I don't speak about "the code to watch everyone" kind of contribution, perhaps some serious quirk (like the DNS one) which may effect entire country or globe.

      It is not like 1990s anymore, every machine is connected and I am betting there are many serious security issues being found, fixed behind closed doors.

      Anyway, it really seems impractica

    • by geekoid (135745)

      because may people who get articles posted are stupid gits.

  • Holy Crap!
    RICE BOWL??

  • For open source software that is easy, since bugs reports and their gravity is usually available. For proprietary software, that is definitively not the case. I guess the certification should rely on independent reports (Secunia?). Furthermore, should not just the number of bugs, but the promptness in fixing them be considered? Finally, should design choice being considered too? For example, buggy third party software that also affects your main system should be penalised against systems where a more integr
  • I really love it when people recycle solutions for completely different problems.

  • This appears to be very bad for OpenSource. Unless the tax is in % of cost, which I highly doubt, then it will make distributing free software cost prohibitive.

    If I choose to produce a free library that ends up being widely used and is later found to having a security bug, I could be forced to pay thousands or tens of thousands of dollars. Why would I want to create that risk for myself? It could have a strong chilling effect with sharing.

    The US Federal Government has no authority to levy that kind of tax.

    • >The US Federal Government has no authority to levy that kind of tax.

      100 years of SCOTUS rulings on the Interstate Commerce Clause say they do.

      >Any effort to enforce this should be fought.

      Which is what Tea Party / conservatives are doing w/r/t mandatory health insurance, which Congress claimed falls under the ICC.

      This NSApple guy is in favor of something that will destroy Free Software. Apple is just behind ExxonMobil in market cap at $300 billion.

      Who will win, FSF or AAPL?

  • Rice talks of a 'tax on software based on the number and severity of its security bugs.

    The tax shall be called "The Apple Tax". Now we know why they're so damn expensive... they have to pay a tax based on the number and severity of security bugs...

    It seems like just yesterday the Safari browser was carpet bombing hundreds of malicious files to my desktop without my permission [zdnet.com].

    Make a typo or logical error? There's a tax for that.(TM)

    How about we reform EULA law such that if you pay for software, and it is full of bugs that get exploited, you can sue those responsible? Why not take the actua

  • ...if you can't beat'em, then buy'em. Perhaps, his bug tax seemed like enough of a threat to warrant action.
  • As a person who still only uses Apple computers, I think Apple's "security issues", once exploited will be at computer Armageddon levels.

    The reason is simple. Windows users have learned their lesson in Blaster era and figured the importance of firewall/antivirus and what the heck is a zero day. For Apple community, this didn't happen and there are millions of people who thinks they are somehow using some kind of "secure NSA terminal", downloading/running all kinds of junk out there and believing every promi

    • And how does using Quark Classic infect you with a virus? I think you may be confusing cause and effect here. I also think your analysis of OS X security if full of shit. The thought that OS X, an OS with ZERO viruses, must somehow be viral swiss cheese waiting to happen is about the biggest leap of BS logic I've ever heard.

  • The problem is that right now people can't figure out whether software is secure. They buy software based on what's asserted and take companies at their face values.

    Nothing mentioned about FOSS. It sounds like the focus is on proprietary software exclusively, as FOSS allows anybody to scrutinize and code-review the source, making his entire argument invalid.

    Oblig Image: http://imgur.com/Vnbwb.png [imgur.com]

  • Yes great idea, but alas, the people always end up paying more, look at the gas prices, we are non stop getting slammed with higher prices because the refineries need to make that much profit, and when they get slammed by the gov.s with such taxes, they respond in shooting the prices way up some more...instead we need a gov. with some balls, and actually make certain companies more accountable for their problematic software...if you create a crash in some company where your software allowed xxx to happen, p

  • Caveman: Nyaaaa.. I want no irc an no irfanview..no twisted Firefox extensions yeh..no buggy libraries.. I wan Aple to win big man...argghh...apple can afford to pay da tax....waiiit...small men cahhnnt. Ohhhh... goooodddd... Apple winnnnn. Yeeeaahhh. Me: Meh.

If bankers can count, how come they have eight windows and only four tellers?

Working...