CNN on buffer overflows...
Results 1 to 4 of 4

Thread: CNN on buffer overflows...

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    712

    Talking CNN on buffer overflows...

    Ok, I must confess that I toyed with this needing to be under "humor" or something similar, but... CNN's article, Microsoft admits another critical flaw was, rather "enlightening" you might say...


    Thursday, July 17, 2003 Posted: 1439 GMT (10:39 PM HKT)

    WASHINGTON (AP) -- Microsoft acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software.


    [...]

    Spending millions
    Microsoft spent hundreds of millions of dollars on security improvements for its latest Windows software and included new technology to defend against a category of hacker attacks known as "buffer overflows," which can trick software into accepting dangerous commands.

    [...]

    ...all in all, if you can get past the typical or not-so-surprising "Cooper spin" (for lack of better or more "polite" commentary/phrasing), it's an ok article (sorry, I just woke up not-too-long-ago). Perhaps particularly apropos...

    [...]

    The announcement came one day after the Department of Homeland Security announced that it awarded a five-year, $90-million contract for Microsoft to supply all its most important desktop and server software for about 140,000 computers inside the new federal agency.

    ...but, puh-leaz... am I about the only one that's been complaining about windows RPC since, well... since Win2k, if not earlier? This really isn't a "new" threat by any stretch of the imagination...

    [rant]
    ...sometimes I just think the so-called "security experts" just don't bother complaining about things related to MS so that they can have something else to give them sh*t about later... yeah, yeah... I know... perhaps a bit of a stretch, but... (*sigh*) *shakes head*
    [/rant]
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  2. #2
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    The announcement came one day after the Department of Homeland Security announced that it awarded a five-year, $90-million contract for Microsoft to supply all its most important desktop and server software for about 140,000 computers inside the new federal agency.
    [rant]
    Go figure, our government paying Microsoft. This may or may not be a good idea. If they have some good admins, it might work ok. If they don't, they might as we'll give us all guest accounts, with admin rights. Besides all of that, yet again the government announces deals that should be kept under wraps. That guest account is looking more promising
    [/rant]
    Your heart was talking, not your mind.
    -Tiger Shark

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Originally posted here by dopeydadwarf


    [rant]
    Go figure, our government paying Microsoft. This may or may not be a good idea. If they have some good admins, it might work ok. If they don't, they might as we'll give us all guest accounts, with admin rights. Besides all of that, yet again the government announces deals that should be kept under wraps. That guest account is looking more promising
    [/rant]

    Hehe, well, they wanted to go the OpenBSD way, but they "had to" drop it when Theo spoke up agaisnt the war in Irak!
    Now they'll get what they paid (or is it didn't pay) for


    Ammo
    Credit travels up, blame travels down -- The Boss

  4. #4
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    I love the idea about the guest account. And yes I am picking on the cheese again Highlander I know Microsoft spent hundreds of millions of dollars on security but what they should do is either make it open source (will never happen unless hell freezes over) or do brute force testing on it with a third party to find most of the holes and patch them before releasing it to the public.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •