Open Source does something good for m$?

[phishphreek]

Wow... I would have never expected this!

Open source helps m$... do you think that m$ will ever do anything for open source?
Nah.. they'd rather badmouth it. They'll probably try to sue whoever made this patch...

Open Source comes out for a patch for closed source software that fixed the URL bug that has been posted here already.

http://www.theage.com.au/articles/20...337072117.html

EDIT: Before installing this patch, please read my post below and then decide if you really want to install it.

[Scriptersx]

Sue the guy for finding it..

[groovicus]

Good find...and good for them. Maybe Microsoft should consider outsourcing?

[Computernerd22]

While Microsoft has released an article providing details about the vulnerability, the company is yet to provide a patch.

Actions speak louder than words. PhishPhreek80 excellent find.

[phishphreek]

Looking a little further into it... it seems that it doesn't really patch it.

The URL I found in the source code is http://www.openwares.org/cgi-bin/exploit.cgi? .. try it with http://www.openwares.org/cgi-bin/exploit.cgi?slash dot.org [openwares.org]. It's the error page that the program displays when it hits a probable exploit. The program does the checking in your computer and when the link doesn't have %00 or %01, it just shows it normally. Only when it does see a %00 or %01, it sends the link to the above mentioned page.

I found that in a discussion on slashdot.

http://slashdot.org/comments.pl?sid=89854&cid=7760333

I just uninstalled it and am awaiting the true m$ patch. I'm sure the code doen't exploit anything... but there is potientiel for misuse here. Think about it... someone hacks into their server, and replaces the cgi script that "corrects" this bug. The cgi that they replace it with could cause more damage than the original bug. Or, they start using it as a way to get $$ from ads placed on that page. Maybe they'll just announce and advise to download the real patch after its release? Who konws...

I'm a little parinoid bout this "patch" now...

[!mitationRust]

Im a member over at slahdot PM your name(if you want). All of my network admin buddys are all over there.Slashdot.org 4 life.

[Turmoil]

Hmm, perhaps downloading a patch that isn't microsoft certified isn't a good idea.. Theres a bit of risk.. Whos responsible if this thing does cause damage? I'm not saying open source is wrong.. I'm just saying, know what your downloading before ya do! And make sure its from a trusted source

[Striek]

K I need some advice on this then.

I'm home for the holidays and considering installing this third-party patch on the computer that my mother and suster use. Personally, I think that being send to a page which may contain advertising is a better alternative that having their banking passwords sent to attackers.

They know nothing about computers except email, instant messaging, word processing, yada yada yada. Typical computer illiterates. It is my job, so to speak, to keep this computer secure enough to bank with.

I am only here maybe once a month and so will not be able to install the patch when it comes out. And they never update Windows like I tell them to, and leave the computer off when it is set to do it automatically. (actually, no adware or viruses this time I came home thanks to NAV automatic updates and ad-aware adwatch)

I would think that this patch is the best option for me right now.

What does everyone else think?

[Deimos326]

yea striek i think you better just go with the patch. you never know with these computer illiterate people we all know that microsoft wont release any patches for a while, and when they do, it probably wont be any better than this one... excellent post phishphreak, quite interesting that an open source freeware company is making patches for IE (not that i mind, cuz IE needs quite a bit of patching up).

[Wazz]

I wouldn't touch it guys, spyware and buffer overflows galore...... Full Article here

http://www.theregister.co.uk/content/55/34618.html