Yet another MS exploit uncovered!
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Yet another MS exploit uncovered!

  1. #1
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658

    Yet another MS exploit uncovered!

    So much for the 'secure computing initiative'. Yes, yet another hole in Microsofts incredibly secure Windows family has been discovered. This one will let you get into online banks and leave instructions for transfers of funds to an account of your choosing anytime an online transaction is conducted from the account(s) you choose to hack. This one is a variation of the recently discovered SSL flaw that MS says it isn't very concerned about. Could this be the secret to how Redmond has built up such a tremendous cash reserve? Read all about it...


    http://zdnet.com.com/2100-1105-955442.html

    Windows.....we're almost as secure as your screen door....
    Al
    It isn't paranoia when you KNOW they're out to get you...

  2. #2
    Member
    Join Date
    Aug 2002
    Posts
    86
    So the SSL encryption ainīt as secure as they say huh? Gosh what a shock!
    I breathe, therefore I am!
    I type, therefore I live!
    [shadow]I love, therfore I die![/shadow]

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    177
    Thanks for the info! You spawned a nice little security discussion here at work!

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    You forgot the mention the most important thing in the article.. He could not have exploited the problem if the software had been installed properly. Software is only as secure as the person doing the installation makes it..

    "The attack technique exploited a combination of vulnerabilities over which Microsoft exerts only partial control. A large share of the blame should fall on network administrators inside banks and other organizations who fail to install Microsoft's software properly, he said. "

  5. #5
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    Originally posted here by mohaughn
    You forgot the mention the most important thing in the article.. He could not have exploited the problem if the software had been installed properly. Software is only as secure as the person doing the installation makes it..

    "The attack technique exploited a combination of vulnerabilities over which Microsoft exerts only partial control. A large share of the blame should fall on network administrators inside banks and other organizations who fail to install Microsoft's software properly, he said. "
    Actually, I didn't 'forget' it...I gave a quick summary based on my point of view, then provided a link to the article so you can form your own. I think it is M$'s responsibility to ship a product that INSTALLS secure. Administrators shouldn't have to remember eleventy-dozen configuration changes that have to be made because of M$'s shortsightedness or crappy coding. Typical M$ spin....theres a flaw in the SSL that you didn't know about, but it's part your fault because your configuration allows it to be exploited. That, my friend, is just purely pathetic...plain and simple.
    Al
    It isn't paranoia when you KNOW they're out to get you...

  6. #6
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    My favorite quote from the article:

    Microsoft in Sweden denied that SSL could be breached in the way shown to Reuters. "I can't even see the theoretical possibility for it to happen", said Mats Lindkvist, responsible for security at Microsoft in Sweden.
    Deny till you die, baby! The fact that it already has been done seems to have escaped his notice.... this is the kind of arrogance that makes Microsoft so dangerous. "Oh well, it's there but nobody will ever find it." As Dr. Evil would say, "Rrrrriiiiiight....."

    allenb - I agree with you 100%. Software should install with secure defaults. It's much better to begin from a locked down state and then selectively enable services than to start with all the faucets on and work backward. I find this to be a problem with software generally and not limited to Microsoft products, although some of the Linux distributions are getting better.

    This is where OpenBSD really got it right: Secure by default.
    Do what you want with the girl, but leave me alone!

  7. #7
    Member
    Join Date
    Jul 2002
    Posts
    41
    M$ security is such a joke that it isn't even amusing anymore. I am trying to convert over to linux, but until I become good enough to be able to break away from m$ and skeet shoot my m$ products, I'm stuck using some of it....*sigh*

  8. #8
    Antionline Quitter..Srsly
    Join Date
    Aug 2001
    Posts
    457
    wot a surprise MS just keeps making them cheese OS'es
    \"\"A weak mind is like a microscope, which magnifies trifling things but cannot receive great ones.\" — G.K. Chesterton, 19th-century English essayist and poet\"

  9. #9
    Junior Member
    Join Date
    Aug 2002
    Posts
    5
    Originally posted here by allenb1963


    Actually, I didn't 'forget' it...I gave a quick summary based on my point of view, then provided a link to the article so you can form your own. I think it is M$'s responsibility to ship a product that INSTALLS secure. Administrators shouldn't have to remember eleventy-dozen configuration changes that have to be made because of M$'s shortsightedness or crappy coding. Typical M$ spin....theres a flaw in the SSL that you didn't know about, but it's part your fault because your configuration allows it to be exploited. That, my friend, is just purely pathetic...plain and simple.

    Exactly

  10. #10
    What's a REAL joke is that they're taking shorter and shorter spans of time to make OS's... windows 2000 to ME to XP was what, like less than a year almost?

    Youd' think they'd stop trying to get us all into "newer is better" upgrade mosde and FIX the things the right way. Linux has exploits too, but it's been out since win95 and hasn't had NEARLY the count that MS has against it.

    And then the government says "but open source is insecure."

    WHATEVER, dudes.
    Hic ego barbarus, sum quillo non intelligor illis.
    Because they do not understand me, I am a barbarian.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •