I don't have words to describe this one..
http://news.bbc.co.uk/2/hi/technology/8499859.stm
Printable View
I don't have words to describe this one..
http://news.bbc.co.uk/2/hi/technology/8499859.stm
Wow... just... wow.
Kind of makes you want to switch to a less targeted OS?
Lol you mean like DOS? I'm starting to wonder if they were really just tired of fixing it and said switch to Windows now.
Man....17 years of the same thing sitting there ready to be exploited, and NO ONE fixed it. I wonder if they're going to change those ads about how they take care of problems better than Linux does now. (Remember? With Linux you're waiting on a kid in China to fix your exploit, with Windows, we fix them!"....)....
I don't think I've ever heard of a bug going for this long ever. Anyone know if this is a record?
HAHAHAHAHA!!
Wow. Good job Microsoft.
And the ad campaign about "some kid in China" is hysterical. As if Linux is still primarily supported by random freelance coders. They are totally exploiting that misnomer.
Maybe we should go easy on them. After all, Microsoft bloatware is huge and hard to fully patch.
But then again, 17 years?! Wow.
Wasn't it the big Steve who said that originally? The part about "Well yea Linux has customers but do you really want to have to tell your boss the system will be patched once some 12 year old in China is done writing it?" ... I can't remember the exact quote but it was along those lines about a kid in China being the one writing your patches.
I think he was pissed off because people have seen a problem in Linux where there was an exploit possible, and within like 4 hours, there was a patch. The same problem popped up on a few other OSs and it took like a month to get one.
Not really..................you need an authenticated login and physical access from what I can see?Quote:
Kind of makes you want to switch to a less targeted OS?
Hell! I am looking at a CD on my desk that will reset the admin password from bootup................no login required.
I am still of the opinion that if someone has unrestricted physical access you are as good as owned.
Anyway, it took 17 years to find it..............hardly earth shattering?
Since it took me lot of time to find words to describe this one (abuse basically). I've decided to switch to Linux. OpenSuse, buddy i love you.. ;)
Well,
1. I don't believe in security through obscurity as a general principle.
2. I will certainly stay where the money is (Microsoft).
3. What makes you think that Linux is any better?..............if I have physical access and a password you are owned.
Do you still run 16bit applications?...............I do, and have Windows 3.11, 98, 98SE and ME boxes for that. They are mostly games that won't work in compatibility mode anyway, because they want to directly access the hardware and do other things that 2000, XP, Vista and 7 don't allow.
This is the fix:
1.
Click Start, click Run, type gpedit.msc in the Open box, and then click OK.
This opens the Group Policy console.
1.
Expand the Administrative Templates folder, and then click Windows Components.
2.
Click the Application Compatibility folder.
3.
In the details pane, double click the Prevent access to 16-bit applications policy setting. By default, this is set to Not Configured.
4.
Change the policy setting to Enabled, and then click OK.
Impact of Workaround: Users will not be able to run 16-bit applications.
REMEMBER: You have to make the change in both User and Computer settings. If it isn't turned off in Computer settings it will be allowed because they override the User settings ;)
No big deal as far as I am concerned. :D
Nihil how dare you come in defense of Microsoft.. I write this from my Opensuse using Opera (and after uninstalling Firefox).. :D
The thing about linux is these distros either lie or spend so much time repackaging stuff they have no idea whats-what themselves. They'll sit there and call something a "local denial of service flaw" for five years intil someone changes a single byte in the return address. People know better than that... you don't just make something seg fault at ring-0.
Meh... people don't want to admit there are more kernal flaws out there than the number of waves in the pacific ocean.
Well disabling the 16 bit compatibility is just not an option for some businesses that run older applications .....I sure hope the patch doesnt break things :rolleyes:
Good to hear physical access is required ...and a valid local account
MLF
It wasn't so much the 1 17 year old patch that got me...
At least they are patching them :rolleyes:Quote:
The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as "critical".
It's a copy paste and i am not sure if there is a solution except waiting however,
From Secunia:
Windows XP (Home)
250 Secunia advisories
286 Vulnerabilities
31 unpatched
Quote:
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Windows XP Home Edition, with all vendor patches applied, is rated Highly critical
Windows XP (Professional)
271 Secunia advisories
309 Vulnerabilities
34 unpatched
quote:
The most severe unpatched Secunia advisory affecting Microsoft Windows XP Professional, with all vendor patches applied, is rated Highly critical
Windows Server 2003 (enterprise edition)
221 Secunia advisories
297 Vulnerabilities
15 unpatched
quote:
The most severe unpatched Secunia advisory affecting Microsoft Windows Server 2003 Enterprise Edition, with all vendor patches applied, is rated Highly critical
This is the best:
Windows Vista
81 Secunia advisories
147 Vulnerabilities
5 unpatched
quote:
The most severe unpatched Secunia advisory affecting Microsoft Windows Vista, with all vendor patches applied, is rated Less critical
Now who the **** said Vista sucked ;) :D
PS: I write this using Opera on Linux (after uninstalling firefox) :D
There is something i want to point out (hence the separate post)
I checked around secunia for OpenSuse, Ubuntu, Debian, Fedora and Mint (top 5 on dirstro watch).
ALL OF THEM HAD 0 UNPATCHED VULNERABILITIES. ZERO!
Although number of vulnerabilities between version's were high, like 1700+ between debian 4 to 5 - All of them were patched.
I today for the first time honestly think community driven software (free is not the word for me) is HONESTLY BETTER !
I honestly have found new respect for community effort and community driven software's :)
Respect.
PS: Except Firefox.
ByTe,
You need to be a bit more careful in interpreting Secunia.....................they tell me my system is 100%, when I know that there are at least 24 items that are vulnerable.
Also remember to differentiate between OS and application vulnerabilities. Application vulnerabilities tend to work cross-platform.
And Linux..........................nobody cares about it............no brownie points for finding a vulnerability in that...........Windows is where you make your reputation and money........trust me ;)
Obviously, as open source you would be a leper if you posted a vulnerability without the fix............closed source stuff is a far better target.........you can just bitch and moan but can't do anything about it because it is proprietary :D
It isn't that the vulnerabilities aren't there, it's just that nobody gives a damn.
EDIT:
Hey MLF,
I live in sticksville and I do not know of any commercial/corporate/institutional that is running 16bit applications other than process control or lab equipment monitoringQuote:
Well disabling the 16 bit compatibility is just not an option for some businesses that run older applications
My argument would be that they should have a separate computer and network for that?
I have 2 sites that use old database apps...used for tracking inventory and manufacturing scheduling, materials management etc....one is so customized I rely on the programmer to fix all the time. The other is off the shelf...and data need to be manipulated outside the system to get any decent reports
Currently migrating over to SQL...but both systems are still required until all the BOMs are ported over....and I know for a fact there are several older systems in place in this area...as I get called to fix them all the time.
I live in the sticks of Canada.....much different then the sticks of the UK ;)
We are true country hicks over here.
MLF
Aaaaahhh!
Over here we do have old apps, but they would run on mainframe or midrange, not on Windows PCs. I see very little bespoke software that has been developed on a Windows platform, other than Excel, Access and SQL.
My best claim to fame (down in London.....UK, not Ontario:D) was supporting an app written in Lotus 1-2-3 for DOS 3.1 and 3.4. Yep you needed to load 3.1 and 3.4 to get this hybrid baby to work :eek: I had it on a Digital Venturis P/I 75MHz with 48Mb of RAM (total waste I know........it was the crappiest machine I could find that hadn't been thrown out...........and those memory sticks on the window ledge........:D)
I did use it to support a couple of Office 4.3 (Access 2.0) apps until I replaced them.
OK. I don't believe in replacement for the hell of it, but if you have ever tried to convert Access 2 to Access 8 you will know that there is a time and place?..............preferably before you joined the company?:D