-
August 27th, 2002, 01:31 PM
#1
Yet another MS exploit uncovered!
So much for the 'secure computing initiative'. Yes, yet another hole in Microsofts incredibly secure Windows family has been discovered. This one will let you get into online banks and leave instructions for transfers of funds to an account of your choosing anytime an online transaction is conducted from the account(s) you choose to hack. This one is a variation of the recently discovered SSL flaw that MS says it isn't very concerned about. Could this be the secret to how Redmond has built up such a tremendous cash reserve? Read all about it...
http://zdnet.com.com/2100-1105-955442.html
Windows.....we're almost as secure as your screen door....
Al
It isn't paranoia when you KNOW they're out to get you...
-
August 27th, 2002, 01:39 PM
#2
Member
So the SSL encryption ain´t as secure as they say huh? Gosh what a shock!
I breathe, therefore I am!
I type, therefore I live!
[shadow]I love, therfore I die![/shadow]
-
August 27th, 2002, 02:44 PM
#3
Senior Member
Thanks for the info! You spawned a nice little security discussion here at work!
-
August 27th, 2002, 05:42 PM
#4
You forgot the mention the most important thing in the article.. He could not have exploited the problem if the software had been installed properly. Software is only as secure as the person doing the installation makes it..
"The attack technique exploited a combination of vulnerabilities over which Microsoft exerts only partial control. A large share of the blame should fall on network administrators inside banks and other organizations who fail to install Microsoft's software properly, he said. "
-
August 27th, 2002, 05:58 PM
#5
Originally posted here by mohaughn
You forgot the mention the most important thing in the article.. He could not have exploited the problem if the software had been installed properly. Software is only as secure as the person doing the installation makes it..
"The attack technique exploited a combination of vulnerabilities over which Microsoft exerts only partial control. A large share of the blame should fall on network administrators inside banks and other organizations who fail to install Microsoft's software properly, he said. "
Actually, I didn't 'forget' it...I gave a quick summary based on my point of view, then provided a link to the article so you can form your own. I think it is M$'s responsibility to ship a product that INSTALLS secure. Administrators shouldn't have to remember eleventy-dozen configuration changes that have to be made because of M$'s shortsightedness or crappy coding. Typical M$ spin....theres a flaw in the SSL that you didn't know about, but it's part your fault because your configuration allows it to be exploited. That, my friend, is just purely pathetic...plain and simple.
Al
It isn't paranoia when you KNOW they're out to get you...
-
August 27th, 2002, 06:28 PM
#6
My favorite quote from the article:
Microsoft in Sweden denied that SSL could be breached in the way shown to Reuters. "I can't even see the theoretical possibility for it to happen", said Mats Lindkvist, responsible for security at Microsoft in Sweden.
Deny till you die, baby! The fact that it already has been done seems to have escaped his notice.... this is the kind of arrogance that makes Microsoft so dangerous. "Oh well, it's there but nobody will ever find it." As Dr. Evil would say, "Rrrrriiiiiight....."
allenb - I agree with you 100%. Software should install with secure defaults. It's much better to begin from a locked down state and then selectively enable services than to start with all the faucets on and work backward. I find this to be a problem with software generally and not limited to Microsoft products, although some of the Linux distributions are getting better.
This is where OpenBSD really got it right: Secure by default.
Do what you want with the girl, but leave me alone!
-
August 27th, 2002, 07:56 PM
#7
Member
M$ security is such a joke that it isn't even amusing anymore. I am trying to convert over to linux, but until I become good enough to be able to break away from m$ and skeet shoot my m$ products, I'm stuck using some of it....*sigh*
-
August 27th, 2002, 08:16 PM
#8
wot a surprise MS just keeps making them cheese OS'es
\"\"A weak mind is like a microscope, which magnifies trifling things but cannot receive great ones.\" — G.K. Chesterton, 19th-century English essayist and poet\"
-
August 27th, 2002, 08:34 PM
#9
Junior Member
Originally posted here by allenb1963
Actually, I didn't 'forget' it...I gave a quick summary based on my point of view, then provided a link to the article so you can form your own. I think it is M$'s responsibility to ship a product that INSTALLS secure. Administrators shouldn't have to remember eleventy-dozen configuration changes that have to be made because of M$'s shortsightedness or crappy coding. Typical M$ spin....theres a flaw in the SSL that you didn't know about, but it's part your fault because your configuration allows it to be exploited. That, my friend, is just purely pathetic...plain and simple.
Exactly
-
August 27th, 2002, 08:38 PM
#10
What's a REAL joke is that they're taking shorter and shorter spans of time to make OS's... windows 2000 to ME to XP was what, like less than a year almost?
Youd' think they'd stop trying to get us all into "newer is better" upgrade mosde and FIX the things the right way. Linux has exploits too, but it's been out since win95 and hasn't had NEARLY the count that MS has against it.
And then the government says "but open source is insecure."
WHATEVER, dudes.
Hic ego barbarus, sum quillo non intelligor illis.
Because they do not understand me, I am a barbarian.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|