Open Source does something good for m$?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Open Source does something good for m$?

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    Open Source does something good for m$?

    Wow... I would have never expected this!

    Open source helps m$... do you think that m$ will ever do anything for open source?
    Nah.. they'd rather badmouth it. They'll probably try to sue whoever made this patch...

    Open Source comes out for a patch for closed source software that fixed the URL bug that has been posted here already.

    http://www.theage.com.au/articles/20...337072117.html

    EDIT: Before installing this patch, please read my post below and then decide if you really want to install it.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Member
    Join Date
    Sep 2003
    Posts
    69
    Sue the guy for finding it..
    Signature image is too tall!

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    Good find...and good for them. Maybe Microsoft should consider outsourcing?

  4. #4
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    While Microsoft has released an article providing details about the vulnerability, the company is yet to provide a patch.
    Actions speak louder than words. PhishPhreek80 excellent find.

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Looking a little further into it... it seems that it doesn't really patch it.

    The URL I found in the source code is http://www.openwares.org/cgi-bin/exploit.cgi? .. try it with http://www.openwares.org/cgi-bin/exploit.cgi?slash dot.org [openwares.org]. It's the error page that the program displays when it hits a probable exploit. The program does the checking in your computer and when the link doesn't have %00 or %01, it just shows it normally. Only when it does see a %00 or %01, it sends the link to the above mentioned page.
    I found that in a discussion on slashdot.

    http://slashdot.org/comments.pl?sid=89854&cid=7760333

    I just uninstalled it and am awaiting the true m$ patch. I'm sure the code doen't exploit anything... but there is potientiel for misuse here. Think about it... someone hacks into their server, and replaces the cgi script that "corrects" this bug. The cgi that they replace it with could cause more damage than the original bug. Or, they start using it as a way to get $$ from ads placed on that page. Maybe they'll just announce and advise to download the real patch after its release? Who konws...

    I'm a little parinoid bout this "patch" now...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    Im a member over at slahdot PM your name(if you want). All of my network admin buddys are all over there.Slashdot.org 4 life.

  7. #7
    Member
    Join Date
    Feb 2003
    Posts
    95
    Hmm, perhaps downloading a patch that isn't microsoft certified isn't a good idea.. Theres a bit of risk.. Whos responsible if this thing does cause damage? I'm not saying open source is wrong.. I'm just saying, know what your downloading before ya do! And make sure its from a trusted source

  8. #8
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    K I need some advice on this then.

    I'm home for the holidays and considering installing this third-party patch on the computer that my mother and suster use. Personally, I think that being send to a page which may contain advertising is a better alternative that having their banking passwords sent to attackers.

    They know nothing about computers except email, instant messaging, word processing, yada yada yada. Typical computer illiterates. It is my job, so to speak, to keep this computer secure enough to bank with.

    I am only here maybe once a month and so will not be able to install the patch when it comes out. And they never update Windows like I tell them to, and leave the computer off when it is set to do it automatically. (actually, no adware or viruses this time I came home thanks to NAV automatic updates and ad-aware adwatch)

    I would think that this patch is the best option for me right now.

    What does everyone else think?

  9. #9
    yea striek i think you better just go with the patch. you never know with these computer illiterate people we all know that microsoft wont release any patches for a while, and when they do, it probably wont be any better than this one... excellent post phishphreak, quite interesting that an open source freeware company is making patches for IE (not that i mind, cuz IE needs quite a bit of patching up).

  10. #10
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    I wouldn't touch it guys, spyware and buffer overflows galore...... Full Article here

    http://www.theregister.co.uk/content/55/34618.html
    "It is a shame that stupidity is not painful" - Anton LaVey

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •