Slashdot Mirror

It's pretty amazing how they've managed to get their customers to swallow the line that it's reasonable to be expected to pay a third party for "anti-virus" software to fix their errors and vulnerabilities.

No need to pay for a 3rd party solution because they offer a Free As In Beer Antivirus Solution.

Verisign is one of the few CAs that _has_ given out bad certs.
http://www.cert.org/advisories/CA-2001-04.html
http://www.microsoft.com/technet/security/bulletin/ms01-017.mspx

But it doesn't matter. It only takes one CA in your browser/OS's huge list of CAs to sign a cert that's used to MITM you.

None of the popular browsers will give you a warning if the CA changes. For example if you went to China and went to your bank, if CNNIC (one of China's CAs) signs a cert that claims to be your bank, and used that to re-sign your intercepted HTTPS connections, your browser will not warn you. Your traffic would be visible to them without any warnings.

Unless of course you use something like the certificate patrol plug-in.

Who says it has to be the banks own software? Have a standard way of reporting PC health, and then prompt to let it report to the bank. It could be signed so known signatures of software the bank trusts could be validated, but you couldn't fake it out with software of your own.

This is already built into Windows, kind of. Network Access Protection won't assign IPs until the results of a health check is sent. If the health check fails machines can be switched to a segment which only allows access to the corporate update servers, so users can update the OS/AntiVirus and then resubmit.

Not like it's a particularly "new" plan.. and oh look, it even has built in support for RADIUS.....

Sorry to break it to you, but your grandma didn't have a magic modem. On a plus side, she probably wasn't a witch either.
http://en.wikipedia.org/wiki/56_kbit/s

A 56 kbit/s line is a digital connection capable of carrying 56 kilobits per second (kbit/s), or 56,000 bit/s, the data rate of a classical single channel digital telephone line in North America. In many urban areas, which have seen wide deployment of faster, cheaper technologies, 56 kbit/s lines are generally considered to be an obsolete technology.

The figure of 56 kbit/s is derived from its implementation using the same digital infrastructure used since the 1960s for digital telephony in the PSTN, which uses a PCM sampling rate of 8,000 Hz used with 8-bit sample encoding to encode analogue signals into a digital stream of 64,000 bit/s.

However, in the T-carrier systems used in the U.S. and Canada, a technique called bit-robbing uses, in every sixth frame, the least significant bit in the time slot associated with the voice channel for Channel Associated Signaling (CAS). This effectively renders the lowest bit of the 8 speech bits unusable for data transmission, and so a 56 kbit/s line used only 7 of the 8 data bits in each sample period to send data, thus giving a data rate of 8000 Hz × 7 bits = 56 kbit/s.

See also here:
http://en.wikipedia.org/wiki/56_kbit/s_modem#Speed

Like 10 years ago, there was a period of a few weeks where, by some random bug or glitch somewhere, my grandmother's computer (with 56k modem) would regularly connect to her dial-up service at 118.2kbps. She, of course, never noticed it. I don't think anyone else did, either. I noticed it when my parents and I went over to visit, and I asked to use the computer because I was bored.

Let me guess... Windows 98?
That was a common bug back then. Probably something to do with all that 16-bit and 32-bit code just thrown on the pile there.
You were probably connecting way bellow even 56k, it's just that you couldn't really notice it.

Also, it could simply be that her PC was reporting the port speed, not the actual speed it connected at.
Even XP will gladly report to you the speed of your NIC or your hub/switch/router instead of your actual internet connection speed.

You might be interested to know that Windows 8 will run on ARM SoCs.

Press Release: http://www.microsoft.com/presspass/press/2002/feb02/02-19PhoneEditionPR.mspx

Touchscreen: http://gdgt.com/htc/pocket-pc-phone/
Smartphone (standard cell keyboard): http://gdgt.com/htc/canary/

Any other Google research I can do for you?

Or, if you *really* want fine control over what your system runs at startup, use Autoruns. Free from technet. It's what msconfig should have been.

--Jeremy

Yes, there was a $1B mistake with the early XBOX 360. That was written off and paid for a couple of years ago. But, despite that, its proving to be a successful profitable platform - being profitable since 2008.

Im not sure where you get your WII numbers - could you cite your source?

XBOX 360 currently enjoys about 30% market share compared to WII at 36% and PS3 at about 32% (cite). Thats not "two to one" - its 6 percentage points. If you look at the numbers, the WII is loosing market share rapidly. 2010 was a decent year for the Entertainment and Devices Business but revenues were down a bit. You can read the gory (and boring) details in our annual report. Dont forget that the XBOX business is a systems business - we make money many ways with the XBOX system. For example, in July 2010, this article explains that XBOX Live is a $1.2 Billion dollar business. Steam is close to that (cite).

Big companies can make costly mistakes and still thrive. Look at Intels recent $1B problem with SandyBridge. Nobody seems to be freaking out about that (will not too much anyway). There stock price hasnt even really taken a hit.

-foredecker.

Fanboy,

Seriously, Google starting to charge for VP8 at some point is about as likely as Microsoft opensourcing their most recent Windows and Office.

Look at the political and corporate landscape of 20 years ago and see how many ways you can begin the sentence, "...then seemed about as likely as Microsoft opensourcing their most recent Windows and Office." It takes a teenager, or someone with a teenage mindset, to look so much in the here and now.

Also, Windows source code. "I meant open in precisely the way I want it to be open." Of course you did.

Also, of course Google hasn't promised a blanko cheque for every user of VP8. MPEG-LA hasn't done it either for h264.

Which, after a long and complicated series of technical legal arguments, allows us to conclude that you're no safer with one than the other.

Here you go. http://msdn.microsoft.com/en-us/aa937791 Now if you are talking about the mods to allow the system to run pirated games, that is obviously a different matter.

Or you could use the .Net Code Contracts which do all this with static analysis. Therefore you get proof up front that your contracts will never be violated by non exposed code, and without a performance penalty at run time. If a contract cannot be verified, warnings are given. You can then introduce appropriate branching to provide guarantees as necessary. http://research.microsoft.com/en-us/projects/contracts/

One of the best ones was the DEC Extended Static Checker for Java in the late 1990s. That project died after Compaq acquired DEC and shut down research. But it formed part of Microsoft's efforts for Spec#, which has a formal verification system.

Microsoft has had a huge success with formal proof of correctness - the Static Driver Verifier. This is a system which tries to formally prove that a Windows driver can't crash the operating system. All drivers for Windows 7 have to pass this verifier to be signed, It's an impressive system which works by symbolic case analysis. It yields a proof, a counterexample, or times out analyzing too many cases. About 3% of programs time out. (If your kernel driver has undecidable behavior, it needs work.)

I headed a team that did a proof of correctness system for Pascal back in the early 1980s. That was pushing the limits of what you could do back then; verifying a small program took 45 minutes on a 1 MIPS VAX. Today, with about four orders of magnitude more CPU power, it's a practical technology.

There have been many attempts to bolt some "design by contract" features onto various languages, but they're usually not very good. The problem is saying things about collections. The hacks that try to do design by contract at run time tend to avoid expressions which examine big data structures, since they have to run them over the whole data structure every time. Real verifiers prove or disprove such things at compile time. It turns out, though, that a few standard cases for collections cover many of the usual things you want to say.

Another big issue, which Spec# handles and this Google hack apparently doesn't, is the "insideness" issue for object invariants. Object invariants are supposed to be true whenever control enters and exits an object. But what if an object calls one of its own public methods, perhaps through a long chain of calls? Now, control is inside the same object twice. That violates the invariant rule.

This class of bugs is common in window systems, where all the widget, pane, window, and event objects are frantically calling each other. It also comes up in concurrency, which I don't see Google's hack addressing either.

No.
You can read more on the benefits for each company here. I personally think this is great news for Nokia, I've been watching them down with a bit of sadness during the last year, that said I wouldn't have touched an E71 or an E72 with a ten-foot pole. I hate to say it but Windows Phone 7 is great (unlike prior versions), and this is something I think can turn the ship around and actually save Nokia.

Here's the documentation for what is in 3.5.1: http://support.microsoft.com/kb/977683. This list appears to include all publicly documented bugs that were fixed in 3.5.1 (in other words, bugs in earlier versions that warranted a hotfix and KB article).

I would guess that there were other bugs in 3.5 that didn't meet the hotfix bar (for example, low severity issues or ones that no customers had reported). Fixing these kinds of bugs on their own would require lots of testing. Instead, 3.5.1 included fixes for these issues and got to piggyback on all the testing that happens as part of a Windows release anyway.

Microsoft has had a competing virtualization product for years.

Full list IE9RC features

All that I care about is SVG.

It was promised in IE 7, then pulled at the last moment. They said it would be in IE 8.

IE 8 came out, and it wasn't included. They said it would be in IE 9

Finally, it looks like most SVG features will finally be available. Half of that document is about SVG. It's a shame that SMIL isn't included, but considering it's MS, and especially considering it's something free from MS, you have to have low expectations.

What do you mean? It's simple - look at this page:

http://support.microsoft.com/kb/967715

Don't forget to read the whole page first, including hiliarious "faq" questions like "Why am I being redirected to update 967715 when I was looking for update 953252?".

It's buried in the fucking registry. You can access it through the GUI only by downloading Tweak UI from Microsoft, which is at least free. Or by using group policies. here is a trivially located MS KB article on the subject.

That thumbnail stuff sounds similar to the windows "shortcut icon" vulnerability: http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx

Perhaps Microsoft may start sandboxing more of their stuff too.

IMO Windows and Linux are about the same from an IT security POV.

By default if you can get a user to run something, all their data can be pwned, and you can also have malware running with the user's full privileges. Things don't have to be like this.

it does not impact "shiny media" such as CDs or DVDs that contain Autorun files. We are aware that someone could write malware to take advantage of that, but we haven't seen it in the wild. (We also think malware on shiny media would be less likely to have widespread impact, because people burn CDs less often than they insert USB drives.)

They are just messing with windows registry settings for autorun. Any admin concerned with security has already done this manually since conflicker.

The only sure way to kill this vector for infection is :

REGEDIT4
[HKEY_LOCALMACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

That's only half accurate. The update was released for Vista also, as well as Server 2003/8.

http://support.microsoft.com/kb/971029

Also, it has always been possible on XP and Server 2003 domains to disable autorun in group policy. Anyone with Win7 can (and should) still do that.

I've been using sysinternals stuff seemingly forever. Mark Russinovich, he of Sony rootkit fame, has made his utilities available for download since the web was young. Many of the utilities, such as Procmonitor, aren't for neophytes, but Process Explorer and autorun should be on every windows box. Please note I'm not well informed as to the details of the story and am just throwing the above out there should it be of benefit to anyone.

I've been using sysinternals stuff seemingly forever. Mark Russinovich, he of Sony rootkit fame, has made his utilities available for download since the web was young. Many of the utilities, such as Procmonitor, aren't for neophytes, but Process Explorer and autorun should be on every windows box. Please note I'm not well informed as to the details of the story and am just throwing the above out there should it be of benefit to anyone.

This is an update to KB967940, regarding the patch offered in KB971029 going to automatic updates.

I had to look up the numbers, so I thought I'd just share, and save anyone else the trouble.

This is an update to KB967940, regarding the patch offered in KB971029 going to automatic updates.

I had to look up the numbers, so I thought I'd just share, and save anyone else the trouble.

There is a free version of VS2010. It requires registration but not money.

http://www.microsoft.com/express/Downloads/

Just shop at a Microsoft store (online or at retail). The PCs they sell are part of their "Signature" program whereby they remove all crap/bloatware and optimize the Windows install to run its best on that hardware.

Of course it's a bit more expensive, but it looks like it's worth it for the performance improvements and lack of hassle that you get.

No, i don't work for MS. I just think it's a good option.

  http://signature.microsoft.com/

Maybe OT, but here's MS's information for controlling this "feature" in Windows.

There've been various sets of instructions and registry hacks floating around, but this appears to be from the horse's mouth, relatively recently updated, and addresses some of the shortcomings of previous fixes.

Article ID: 967715 - Last Review: September 9, 2010 - Revision: 6.2
How to disable the Autorun functionality in Windows

http://support.microsoft.com/kb/967715

(I'm posting this due to the confusion all the various instructions / search results can create, and because this article addresses Autoruns and so I expect a number of Windows users will be having a look out of curiosity.)

Microsoft does disclose that Suggested Sites collects information about sites you visit. From the privacy policy: When Suggested Sites is turned on, the addresses of websites you visit are sent to Microsoft, together with standard computer information. To help protect your privacy, the information is encrypted when sent to Microsoft. Information associated with the web address, such as search terms or data you entered in forms might be included. For example, if you visited the Microsoft.com search website at http://search.microsoft.com/ and entered "Seattle" as the search term, the full address http://search.microsoft.com/results.aspx?q=Seattle&qsc0=0&FORM=QBMH1&mkt=en-US will be sent. I've bolded the key parts. What you're searching on gets sent to Microsoft. Even though the example provided involves a search on Microsoft.com, the policy doesn't prevent any search -- including those at Google -- from being sent back.

It's worth reading the IE privacy policy to see what all they reserve the right to do with what you do in IE. I don't see the limitations regarding which components specifically will spy on you; some mention it specifically and then there's a broad statement about recording what you do and sending it to Redmond.

IMHO, that's the real story here. That, and the fact that people apparently still need reminding that MSFT is an advertiser just like GOOG, just less successful at it to date.

Microsoft does disclose that Suggested Sites collects information about sites you visit. From the privacy policy: When Suggested Sites is turned on, the addresses of websites you visit are sent to Microsoft, together with standard computer information. To help protect your privacy, the information is encrypted when sent to Microsoft. Information associated with the web address, such as search terms or data you entered in forms might be included. For example, if you visited the Microsoft.com search website at http://search.microsoft.com/ and entered "Seattle" as the search term, the full address http://search.microsoft.com/results.aspx?q=Seattle&qsc0=0&FORM=QBMH1&mkt=en-US will be sent. I've bolded the key parts. What you're searching on gets sent to Microsoft. Even though the example provided involves a search on Microsoft.com, the policy doesn't prevent any search -- including those at Google -- from being sent back.

It's worth reading the IE privacy policy to see what all they reserve the right to do with what you do in IE. I don't see the limitations regarding which components specifically will spy on you; some mention it specifically and then there's a broad statement about recording what you do and sending it to Redmond.

IMHO, that's the real story here. That, and the fact that people apparently still need reminding that MSFT is an advertiser just like GOOG, just less successful at it to date.

PDF reader... sandbox...

A Document Format that needs a sandbox. I don't have a sandbox around my text editor, nor my PNG viewer, nor my MP3 player... Tell me again, why do we need our document formats to be little programming languages?

Image formats or even MP3 you mentioned can be a viable transport for malicious code too. If you think it over well enough, even text files can be used to exploit e.g. your text editor's buff overflow vulnerabilities...

I don't have a sandbox around (...) my PNG viewer

Microsoft Security Bulletin MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution

(...) nor my MP3 player

Winamp MP3 Player Lets Malicious MP3 Files Control the Winamp Mini-browser and Cause Arbitrary HTML Scripts to Be Executed

I wonder if they are still using the BSD backend that Hotmail originally used?

No dude, not for over a decade: http://technet.microsoft.com/en-us/library/bb496985.aspx

I can't believe I'm recommending a Microsoft product. At least it's from Microsoft Research, rather than a regular product from the lying bastard sales division.....

Microsoft Image Composite Editor

I've used it for panoramic shots before, and it works great. Not sure if it does vertical, as well as horizontal, but you could always do all the horizontal sections, then use Irfanview's lossless JPG rotation, and stitch all the horizontal strips into a whole.

It's not in the EULA.

You're right; it's perhaps in the privacy policy (arguably, this is part of the EULA, but it's also a separate document):

Microsoft does disclose that Suggested Sites collects information about sites you visit. From the privacy policy: When Suggested Sites is turned on, the addresses of websites you visit are sent to Microsoft, together with standard computer information. To help protect your privacy, the information is encrypted when sent to Microsoft. Information associated with the web address, such as search terms or data you entered in forms might be included. For example, if you visited the Microsoft.com search website at http://search.microsoft.com/ and entered âoeSeattleâ as the search term, the full address http://search.microsoft.com/results.aspx?q=Seattle&qsc0=0&FORM=QBMH1&mkt=en-US will be sent. Iâ(TM)ve bolded the key parts. What youâ(TM)re searching on gets sent to Microsoft. Even though the example provided involves a search on Microsoft.com, the policy doesnâ(TM)t prevent any search â" including those at Google â" from being sent back.

(source: TOFA: http://searchengineland.com/google-bing-is-cheating-copying-our-search-results-62914) It's worth reading the rest of the privacy policy; apparently other bits of IE can and will send your information to Microsoft. http://www.microsoft.com/windows/internet-explorer/privacy.aspx

It's not in the EULA.

You're right; it's perhaps in the privacy policy (arguably, this is part of the EULA, but it's also a separate document):

Microsoft does disclose that Suggested Sites collects information about sites you visit. From the privacy policy: When Suggested Sites is turned on, the addresses of websites you visit are sent to Microsoft, together with standard computer information. To help protect your privacy, the information is encrypted when sent to Microsoft. Information associated with the web address, such as search terms or data you entered in forms might be included. For example, if you visited the Microsoft.com search website at http://search.microsoft.com/ and entered âoeSeattleâ as the search term, the full address http://search.microsoft.com/results.aspx?q=Seattle&qsc0=0&FORM=QBMH1&mkt=en-US will be sent. Iâ(TM)ve bolded the key parts. What youâ(TM)re searching on gets sent to Microsoft. Even though the example provided involves a search on Microsoft.com, the policy doesnâ(TM)t prevent any search â" including those at Google â" from being sent back.

(source: TOFA: http://searchengineland.com/google-bing-is-cheating-copying-our-search-results-62914) It's worth reading the rest of the privacy policy; apparently other bits of IE can and will send your information to Microsoft. http://www.microsoft.com/windows/internet-explorer/privacy.aspx

It's not in the EULA.

You're right; it's perhaps in the privacy policy (arguably, this is part of the EULA, but it's also a separate document):

Microsoft does disclose that Suggested Sites collects information about sites you visit. From the privacy policy: When Suggested Sites is turned on, the addresses of websites you visit are sent to Microsoft, together with standard computer information. To help protect your privacy, the information is encrypted when sent to Microsoft. Information associated with the web address, such as search terms or data you entered in forms might be included. For example, if you visited the Microsoft.com search website at http://search.microsoft.com/ and entered âoeSeattleâ as the search term, the full address http://search.microsoft.com/results.aspx?q=Seattle&qsc0=0&FORM=QBMH1&mkt=en-US will be sent. Iâ(TM)ve bolded the key parts. What youâ(TM)re searching on gets sent to Microsoft. Even though the example provided involves a search on Microsoft.com, the policy doesnâ(TM)t prevent any search â" including those at Google â" from being sent back.

(source: TOFA: http://searchengineland.com/google-bing-is-cheating-copying-our-search-results-62914) It's worth reading the rest of the privacy policy; apparently other bits of IE can and will send your information to Microsoft. http://www.microsoft.com/windows/internet-explorer/privacy.aspx

Will Microsoft be releasing the source code for this plug-in so that we can properly trust it? I doubt it. And will there be a 3 mile long EULA attached to it?

Win 7 supports hardware accelerated H.264 video natively.

Not so very different, really, than what Canonical offers to its OEM customers.

DirectX Video Acceleration Specification for H.264/AVC Decoding

Another huge culprit is the dynamic sizing of the page file. Not only does this fragment the hard drive terribly, you end up with a badly fragmented page file that can't be defragmented using Window's own built-in defraggfer (as it can't defrag files that are in use). Best thing to do with the page file is to set it to some large fixed size and leave it there. And download a boot-time defragmenter like Defraggler to get your page file back into one continuous chunk. You can also try Page Defrag but that apparently doesn't work on anything newer than XP.

The wave function is a *concept of method* used to aid the mind in understanding reality. The fact that it conveniently and easily predicts reality does not imply there is anything *physical* about the wave function, any more than the use of complex numbers to calculate phase shift in electrical circuits, or the use of "electron holes" to simplify equations, implies the actual physical existence of imaginary numbers or "electron holes".

As for the apparently strange fact that observation affects reality - that is simply due to the fact that we must bounce particles off of something in order for us to measure it. To *see* electrons going through the double-slit experiment, we have to bounce photons off of them - and that interferes with the experiment, changing the result. It has nothing to do with us being "entangled observers" or having some "privileged reference frame".

I recommend Richard Feynman's 1-hour lecture on the quantum mechanical view of nature, which clarifies much of the poor philosophizing that has come out of quantum mechanics.

Media serving (as the phone in your video is doing) is only one of DLNA's abilities (albeit the most common). UPnP AV allows separate Server, Renderer and Control components, and a Server can push to a remote Renderer just as easily (iMediaShare and others do this, as I said above). Or a Controller can instruct a remote Renderer to stream from a different remote Server, or any other combination.

Another example of DLNA pushing is Microsoft's "Play To" in Windows. I use this to push music from my laptop to my Yamaha amplifier, though it also works to my phone, my Xbox, XBMC, other PCs etc - much the same as your Apple TV, except it's built in to my amp (I can also tell my amp to pull from a PC etc; it works both ways). Other Android apps I'm aware of that do this are UPnPlay and Andromote.

Windows has a UPnP Framework component of its own, of course, but there are various other opensource cross-platform libraries for apps to use. Hardware and software support is far wider than AirPlay.

As always, the solution to a Microsoft problem is in the Knowledge Base: http://support.microsoft.com/kb/981974?sd=xbox

The Xbox 360 has always had the ability to backup most of your data through the use of proprietary "Memory Units". With the Spring 2010 Update they added the ability to use standard USB devices as well; granted you do have to partition it to a proprietary format and allow half a gig storage loss for 'security' data. They also impose a 16GB limitation per memory device and allow a max of 2 connected at a time. They don't want to cut into the profitable proprietary hard drive market.

Yes, it is cumbersome but it is possible and at least the data isn't tied specifically to the console it was backed up from, which means that you should be able to move your saves to a new system should your old one die.. unlike say the PS3.

Chrome seems to just render a blank document for mhtml: urls, and doesn't let you enter them in the omnibox directly... Firefox gets confused and thinks mhtml: is not associated with any application

Yeah. Probably because "mhtml" isn't a valid URL protocol, according to HKEY_CLASSES_ROOT.

"My Computer\HKEY_CLASSES_ROOT\mhtml" doesn't exist.

"My Computer\HKEY_CLASSES_ROOT\mhtmlfile" exists, but it doesn't have the "URL Protocol" REG_SZ flag set.

Here we have yet another example of Internet Explorer / Windows doing things in non-standard ways and breaking everything else. The MSDN Library even has a how-to page describing how to register an application to a URL protocol...

For instance, to add an "alert:" protocol, add an alert key to HKEY_CLASSES_ROOT, as follows [...] Under this new key, the URL Protocol string value indicates that this key declares a custom protocol handler. Without this key, the handler application will not launch. [...]

HKEY_CLASSES_ROOT
    alert
        (Default) = "URL:Alert Protocol"
        URL Protocol = ""
        DefaultIcon
            (Default) = "alert.exe,1"
        shell
            open
                command
                    (Default) = "C:\Program Files\Alert\alert.exe" "%1"quote>

Your question stumped me, so I asked the experts. It turns out that it *is* possible to disable NTLM in Windows 7/Server 2008 R2 with the "Restrict NTLM" option. But my expert pointed out that enabling this option isn't sufficient to fix pass-the-hash attacks. It turns out that pass-the-hash attacks (or rather pass-the-tgt attacks) also can work against Kerberos, it's just that there aren't any tools available to mount them. But the attack works.

Digging in deeper, the only reason Windows is considered vulnerable to pass-the-hash is that Windows is the only major OS where tools to automate pass-the-hash attacks are available. Every major OS out there is vulnerable to pass-the-hash attacks, the issue isn't unique to Microsoft (and thus the existance of pass-the-hash attacks not because 'microsoft developers are clueless').

One other thought: pass-the-hash attacks require that the local user be an administrator. If you want to defeat pass-the-hash attacks, don't allow your users to be local administrators. Microsoft's best practices have strongly recommended that users not run as administrators since well before Windows 2000. And to preempt your next question: you're right, Microsoft only made it possible for users to run as non-admins in Windows XP and even then it was challenging. It wasn't until Windows Vista that they enabled something that resembled standard-users as the default (which in turn forced software developers to change their applications so that they'll run as standard users).

http://support.microsoft.com/kb/2501696

Or they could implement IPv6 using anonymous address interface identifiers as described in RFC 3041 to provide an increased level of anonymity.

In addition to that, IPSec encryption is a standard part of the protocol, so just by implementing it you get instant security. Older OSs could use a 4to6 interface that wouldn't break older apps that have not yet been updated to support the protocol.

IPv6 is much closer to be a reality now than ever before. It's about time that some ISPs start taking the lead on this instead of going the VPN or NAT route. It will happen any way and they could get some good PR out of it while addressing the issue they are trying to solve.

Now you link to some blogpost/article on some random site, which only rehashes what Microsoft's own article at teched has to say as well..

Link to direct advisory:
https://www.microsoft.com/technet/security/advisory/2501696.mspx

Uh that's all the data most of their users need. Most of their users want a simple "FixIt" (that's how they often get into trouble in the first place, but that's not MS's fault). Most of these users aren't going to even know about this problem though. They'll only get a fix if MS ever releases it in a Windows Update and they have Windows Updates enabled.

As for the rest of the users who actually care to know more: https://www.microsoft.com/technet/security/advisory/2501696.mspx
The very few who are that interested can find out even more details themselves.

So it's inaccurate to say MS doesn't give a shit about this problem.

Hi MR AC! If you would have read TFA or even TFS (I know I know, but I got bored) you would see they provide a link to The MSFT "fix it for me" page for this problem. Just click on "fix it for me" run the fix it, and that's it. Don't even need a reboot.

I'm sending the link to my customers and family now, and since it makes a restore point before applying it is easy to undo if you need to, although with previous "fix it for me" tweaks that I've run the MSFT patch released later took care of the fix it tweak before applying the patch.

Oh I so trust Microsoft to not have any ill intentions regarding previously undocumented operations. And remember those disgusting and insulting commercials from MS for the "release party" for the latest os? Yea the above quote doesn't smack of that at all...

From the Software company that still refuses to acknowledge Back Oriface was a threat to "Here, take this pill trust us" .

F You Microsoft.

- Dan.