.NET in General


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Page 1 of 2 12 LastLast
Results 1 to 15 of 28

Thread: .NET in General

Hybrid View

  1. #1
    Joe Guest

    .NET in General


    Hi all,

    I'm not a web programmer (currently an app programmer) but studying to be.
    However, I need to vent and want feedback. I have no problem with the .NET
    concept under certain circumstances and am currently using it for a stock
    application - nothing else could be better for such. It sounds like the greatest
    idea on earth for learning experiences, etc. but for OPERATING SYSTEMS?!!!
    Be real! Microsoft can't even protect itself from hackers why on earth is
    he demanding all businesses to make themselves entirely vulnerable?!! Until
    security is spotless, I don't see how Microsoft can ask businesses to put
    their entire business on the web? Am I severely misunderstanding .NET or
    do you all agree?!!

    Thanks for listening.

  2. #2
    Jason Bock Guest

    Re: .NET in General


    Joe <maui664@capital.net> wrote in message news:3a7a1fdf$1@news.devx.com...
    >
    > Hi all,
    >
    > I'm not a web programmer (currently an app programmer) but studying to be.
    > However, I need to vent and want feedback. I have no problem with the .NET
    > concept under certain circumstances and am currently using it for a stock
    > application - nothing else could be better for such.


    It can also be used for a lot of other programming tasks. Keep playing with
    it - it's fun.

    > It sounds like the greatest
    > idea on earth for learning experiences, etc. but for OPERATING SYSTEMS?!!!
    > Be real! Microsoft can't even protect itself from hackers why on earth is
    > he demanding all businesses to make themselves entirely vulnerable?!!


    "He" being who?

    > Until
    > security is spotless, I don't see how Microsoft can ask businesses to put
    > their entire business on the web?


    Which web site is completely secure from any form of an attack?

    Every site is vulnerable.

    > Am I severely misunderstanding .NET or
    > do you all agree?!!


    I think you misunderstand how security works in general.

    Jason



  3. #3
    Mike Mitchell Guest

    Re: .NET in General

    On Thu, 1 Feb 2001 21:49:01 -0600, "Jason Bock" <jrbock@execpc.com>
    wrote:

    >> Until
    >> security is spotless, I don't see how Microsoft can ask businesses to put
    >> their entire business on the web?

    >
    >Which web site is completely secure from any form of an attack?
    >
    >Every site is vulnerable.
    >


    Ah, but it's not every web site that is asking to host our data. Those
    web sites that do, really do need to be secure. If they can't provide
    data mirroring they're not worth considering as a viable storage
    medium. Imagine your finance department is about to forward the
    monthly salaries to the banks, and all of a sudden a key web site over
    which you have absolutely no control goes down? How do you think your
    employees are going to react on hearing the news "...Every site is
    vulnerable." ?

    >> Am I severely misunderstanding .NET or
    >> do you all agree?!!

    >
    >I think you misunderstand how security works in general.


    What? That "every site is vulnerable", that's it?

    MM

  4. #4
    Sjoerd Verweij Guest

    Re: .NET in General

    > Until security is spotless

    Security is never spotless. Ever. On any platform. Besides, if you have a
    foolproof way to prevent DoS attacks, I think there are a few companies that
    might want to talk to you.

    HTH,
    Sjoerd




  5. #5
    Mike Mitchell Guest

    Re: .NET in General

    On Fri, 2 Feb 2001 10:12:11 -0800, "Sjoerd Verweij"
    <nospam.sjoerd@sjoerd.org> wrote:

    >> Until security is spotless

    >
    >Security is never spotless. Ever. On any platform. Besides, if you have a
    >foolproof way to prevent DoS attacks, I think there are a few companies that
    >might want to talk to you.
    >


    Like the banks, credit card companies, building societies, Western
    Union, etc? You don't hear too much about *their* security being
    compromised. My bank, for example. I've been with it for twenty years,
    and never a mention of any outage. And yet Microsoft, the most
    significant software company on planet earth (we are led to believe),
    suffers not one, but two outages in the space of a few days.

    For example, where I work we have to change passwords regularly. Does
    Hotmail ever prompt me to change my password? No, it never did.

    MM

  6. #6
    Sjoerd Verweij Guest

    Re: .NET in General

    > Like the banks, credit card companies, building societies, Western
    > Union, etc? You don't hear too much about *their* security being
    > compromised.


    Correct me if I'm wrong, but the incidents have been human error (password
    security and router misconfiguration) and a DoS attack. If I had your bank
    manager's passwords, I could go to town. And if someone did a good DoS
    attack on your bank's website...

    > For example, where I work we have to change passwords regularly. Does
    > Hotmail ever prompt me to change my password? No, it never did.


    What does Hotmail have to do with it?




  7. #7
    Jonathan Allen Guest

    Re: .NET in General

    > > For example, where I work we have to change passwords regularly.

    That has the greatest potential for security leaks in many companies. By
    forcing the user to change their password on a regular basis, many employees
    start to have trouble remembering their latest password. This causes them to
    do dangerous things like writing it on a post-it note and placing it under
    the keyboard or on top of a drawer.

    --
    Jonathan Allen


    "Sjoerd Verweij" <nospam.sjoerd@sjoerd.org> wrote in message
    news:3a7b1244$1@news.devx.com...
    > > Like the banks, credit card companies, building societies, Western
    > > Union, etc? You don't hear too much about *their* security being
    > > compromised.

    >
    > Correct me if I'm wrong, but the incidents have been human error (password
    > security and router misconfiguration) and a DoS attack. If I had your bank
    > manager's passwords, I could go to town. And if someone did a good DoS
    > attack on your bank's website...
    >
    > > For example, where I work we have to change passwords regularly. Does
    > > Hotmail ever prompt me to change my password? No, it never did.

    >
    > What does Hotmail have to do with it?
    >
    >
    >




  8. #8
    Jeff Peil Guest

    Re: .NET in General


    "Mike Mitchell" <kylix_is@hotmail.com> wrote in message
    news:3a7b0dd4.3495944@news.devx.com...
    > Like the banks, credit card companies, building societies, Western
    > Union, etc? You don't hear too much about *their* security being
    > compromised. My bank, for example. I've been with it for twenty years,
    > and never a mention of any outage. And yet Microsoft, the most
    > significant software company on planet earth (we are led to believe),
    > suffers not one, but two outages in the space of a few days.
    >


    Mike,

    Banks have historically had all kinds of problems with crackers breaking in
    and stealing from them. However banks have always taken extreme steps to
    keep consumers from hearing about it. Even then, if you take the time to do
    a little research, I think you'll find that they have all sorts of headaches
    and that it was particularly bad for them in the 80s.



  9. #9
    Karl E. Peterson Guest

    Re: .NET in General

    ForumMonster --

    > Like the banks, credit card companies, building societies, Western
    > Union, etc? You don't hear too much about *their* security being
    > compromised. My bank, for example. I've been with it for twenty years,
    > and never a mention of any outage. And yet Microsoft, the most
    > significant software company on planet earth (we are led to believe),
    > suffers not one, but two outages in the space of a few days.


    Two salient points:

    * They probably wouldn't be _your_ bank if you heard their security was
    compromised.

    * Microsoft is the most hacked domain on the planet.

    Later... Karl
    --
    http://www.mvps.org/vb



  10. #10
    Alessandro Coppo Guest

    Re: .NET in General

    Jonathan Allen wrote in message <3a7b17db@news.devx.com>...
    >That has the greatest potential for security leaks in many companies. By
    >forcing the user to change their password on a regular basis, many

    employees
    >start to have trouble remembering their latest password. This causes them

    to
    >do dangerous things like writing it on a post-it note and placing it under
    >the keyboard or on top of a drawer.



    <sarcasm mode="on">
    You are right. Password scheduling is useless. By the way, why don't give
    every user a default, unchangeable password using e.g. (in US) is IRS
    number? easy to remember and they won't write it down because Uncle Sam has
    already done it...
    </sarcasm>

    Alessandro Coppo
    a.coppo@iol.it

    P.S.: visit http://www.counterpane.com/labs.html




  11. #11
    Mike Mitchell Guest

    Re: .NET in General

    On Fri, 2 Feb 2001 12:00:37 -0800, "Sjoerd Verweij"
    <nospam.sjoerd@sjoerd.org> wrote:

    >Correct me if I'm wrong, but the incidents have been human error (password
    >security and router misconfiguration) and a DoS attack. If I had your bank
    >manager's passwords, I could go to town. And if someone did a good DoS
    >attack on your bank's website...


    No, you're not wrong, they were human error. And in an organisation
    that is hoping to assume responsibility for looking after billions of
    our dollars, there isn't room for human error. Dos attack? How do we
    know if that was really the case? Maybe there was too much egg flying
    around...

    Yes, if you had the bank's passwords...but the point is, really
    effective security will try very hard to stop you from getting them.
    Banks sometimes have DoS attacks, too, in the form of physical
    hold-ups and robberies. But those isolated cases affect but one branch
    at a time, not the entire world, like the MS outages did.

    >> For example, where I work we have to change passwords regularly. Does
    >> Hotmail ever prompt me to change my password? No, it never did.

    >
    >What does Hotmail have to do with it?
    >


    I was merely illustrating how a Microsoft division treats some of its
    password protection, i.e. you can keep a Hotmail account active with
    the same password for ever, I suppose. No one will ever ask you to
    change it for security reasons. You'd think they would at least remind
    you every month that changing it would be a good idea.

    MM

  12. #12
    Mike Mitchell Guest

    Re: .NET in General

    On Fri, 2 Feb 2001 12:20:21 -0800, "Jonathan Allen"
    <greywolfcs@bigfoot.com> wrote:

    >> > For example, where I work we have to change passwords regularly.

    >
    >That has the greatest potential for security leaks in many companies. By
    >forcing the user to change their password on a regular basis, many employees
    >start to have trouble remembering their latest password. This causes them to
    >do dangerous things like writing it on a post-it note and placing it under
    >the keyboard or on top of a drawer.
    >


    So what's the alternative? You never have them change their passwords,
    and they still share them (we know they do). They say "Tracey, if you
    need to access my spreadsheet while I'm out of the office the password
    is..." We know this happens. And then Tracey leaves the company for
    whatever reason and because that password has been lingua franca for
    so long, she won't forget it in a hurry. A new boyfriend perhaps, and
    soon that password is winging its way across the city. But if Tracey's
    colleague had changed the password regularly, then the knowledge that
    Tracey had would have naturally timed out over time. Surely it isn't
    too difficult to enter a different password once in a while and
    remember it without writing it down?

    Just no one THINK of getting one of those retinal scanners looking in
    MY eyes, thanks all the same! Only needs one recalibration snafu and
    my eyes are toast. Same with the daft fingerprints. How long will it
    be before someone gets their finger chopped off for nefarious
    purposes? Else if it catches on, people will walk around the whole
    time with their hands in their pockets and bump into things.

    MM

  13. #13
    Mike Mitchell Guest

    Re: .NET in General

    On Fri, 2 Feb 2001 12:31:01 -0800, "Jeff Peil" <jpeil@bigfoot.com>
    wrote:

    >Banks have historically had all kinds of problems with crackers breaking in
    >and stealing from them. However banks have always taken extreme steps to
    >keep consumers from hearing about it. Even then, if you take the time to do
    >a little research, I think you'll find that they have all sorts of headaches
    >and that it was particularly bad for them in the 80s.


    Bad in the 80's, and then they learned their lesson and improved their
    security. This needs to happen in the online world, and fast. For
    example, people have been talking FOR YEARS about microcash for online
    payments, and still the only one way that is acceptable all over is
    the credit card. Why isn't there a credit card that is valid for only
    a single transaction? That's why all the DotComs went bust recently.
    No one wants to trust them by buying anything.

    MM


  14. #14
    Mike Mitchell Guest

    Re: .NET in General

    On Fri, 2 Feb 2001 13:50:41 -0800, "Karl E. Peterson" <karl@mvps.org>
    wrote:

    >
    > * Microsoft is the most hacked domain on the planet.
    >


    Seems like exactly the wrong place to upload anything of worth to,
    then, doesn't it?

    MM

    (Oh, sorry, almost forgot, you can't say...!)

  15. #15
    David Bayley Guest

    Re: .NET in General

    ForumMonster,

    > > * Microsoft is the most hacked domain on the planet.

    >
    > Seems like exactly the wrong place to upload anything of worth to,
    > then, doesn't it?


    Exactly... Unlike the Sun/Oracle vision, MS recognise that users want to
    keep sensitive data on the client offline.

    BTW, how are you getting on with Delphi's OOP and manual memory handling?

    --
    David.




Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center