Slashdot Mirror

← Back to Domains

Domain: secunia.com

Stories and comments across the archive that link to secunia.com.

Comments · 2,642

  1. Re:You cannot use viruses/bugs as an example of co by Anonymous Coward · · Score: 0 · on The Hidden Cost of Using Microsoft Software

    Uhm, where are you getting your figures? Seems like IIS has been doing a better job of keeping up on everything. (Figures from secunia.com which seems about as neutral as I can find)

    IIS 7 has only had 1 advisory and it was patched, http://secunia.com/advisories/product/17543/
    IIS 6 has had 6 advisories and they were all patched, http://secunia.com/advisories/product/1438/
    IIS 5 had 17 advisories and all but 1 were patched out, http://secunia.com/advisories/product/39/

    Apache 2.2 has had 11 advisories and 2 remain unpatched, http://secunia.com/advisories/product/9633/
    Apache 2.0 has 39 adviseries, and 4 are unpatched, http://secunia.com/advisories/product/73/
    Apaches 1.3 has 21 and 1 is unpatched. http://secunia.com/advisories/product/72/

  2. Again, where is your PHD in English, Troll? apk by Anonymous Coward · · Score: 0 · on Doctors Baffled, Intrigued By Girl Who Doesn't Age

    "Why are your "P.S." blocks longer than the actual comment? Are you that dim-witted that you don't understand what P.S. means?" - by Americano (920576) on Wednesday July 01, @09:55AM (#28541653)

    Again: Where's that PHD in English of yours to support anyone actually lending YOU any credence as to your "critiques" of others' writing style?

    (Above all else though, on this note - it's only a forums, not my "last will & testament", nor legal correspondence of any kind, or even a paper for a grade (so, lighten up, & get real - you're no authority on how to write ("to WHIT" "to wit" -> , lmao!))

    "INSTANT REPLY EVERYONE - a quote from the "wannabe PHD in English", Americano, & his mistakes writing, evidenced below"

    "To whit:" - by Americano (920576) on Friday June 26, @05:56PM (#28488875)

    And, once more (for your reference, AND OUR "VIEWING PLEASURE" @ this moment of absolutely HIGH COMEDY (you tell others how to write, but screwup yourself? LOL!):

    The CORRECT PHRASE & SPELLING, is "To Wit"... not (lmao) "To whit", as you stated it...

    ----

    NOW, let's "Top that off" with the rest of your mistakes, & misdoings, A-D below (that got you called a TROLL here by TomHudson for putting words in his mouth he never stated on your part & got you modded down for impersonating me here also, despite your denial of it - you can see plainly, NOBODY believed you & modded you down for it!)

    ----

    A.) YOU were "modded-down" -1 when you tried to deny impersonating me here in this exchange & in that SAME post I quoted your "To Whit:" from -> http://slashdot.org/comments.pl?sid=1283193&cid=28488875 [slashdot.org] (lmao - which seeing you modded down, it seems NO ONE BELIEVED YOUR b.s. then, either)

    B.) Bottom-line though: You said I was 'crippling my OS'? BEG TO DIFFER: Funny - I can still watch .avi files, just fine, WITHOUT unregistering quartz.dll (or, disabling access to it, until it is fixed), by passing .avi files thru VideoInspector, to see if they indeed, legitimate... but, I do agree that unregistering it or altering its ACL is good medicine until it's fixed (hopefully, on Patch Tuesday 1-2 week(s) from today by MS)

    C.) Look into "reading comprehension" yourself, because YOUR "security suggestions" for MacOS X fall FAR short of those @ SECUNIA.COM, and FROM APPLE.COM as well & fall more into line with what I show users of Windows NT-based OS of modern variety how to do for both files/folders & the registry, for the BEST in possible security on them (especially vs. threats like Conficker lately, for example)!

    D.) Also QUITE HILARIOUS, is your 'ultra secure' MacOS X only has a "partial fix" on this one though -> http://secunia.com/advisories/18963/2/ & YOU CANNOT FIX IT FULLY (period, as it deals in PEBKAC issues + more) & to fix up the outstanding issues on Windows NT-based OS, I am able to fix them all, or easily work-around them - WITHOUT ADVERSELY IMPACTING FUNCTION, or, CRIPPLING MY SYSTEM (as you put it, & are clearly WRONG on as well)!

    ----

    (SO, like you said? Don't do "stupid shit", & all the rest will be ok - trouble is, does "gramma-user/noob user" know enough? Well - I provided guides to Windows folks for it, for decades now & the latest are the best, no questions asked... ones that make it easy as possible via a free automated tool, from a respected source that was noted well in COMPUTERWORLD iirc, as far as publications in this science - have YOU done the same? I hope not, based on your mistakes & bad assumptions!)...

    (NOW - I also showed RyuuzakiTetsuya he was "off on" as well - because both SECUNIA.COM &/or APPLE themselves state that changing permis

  3. DIM Wit? To Wit "TO WHIT" (as you said it, lol) by Anonymous Coward · · Score: 0 · on Doctors Baffled, Intrigued By Girl Who Doesn't Age

    "Reading comprehension. It's wildly exciting, you should try it." - by Americano (920576) on Wednesday July 01, @12:18AM (#28538515)

    Yea, ok, "Sure"... So, why don't you see my subject-line above, & then on YOUR PART, try learning to use PHRASES, correctly:

    "To whit:" - by Americano (920576) on Friday June 26, @05:56PM (#28488875)

    The CORRECT PHRASE & SPELLING, is "To Wit"... not (lmao) "To whit", as you stated it...

    APK

    P.S.=> By the way?

    1.) Where IS that PHD in English of yours, to criticize others' writing style with? Oh, that's right - YOU DON'T HAVE ONE, obviously, by the incorrect spelling of "To Whit" on YOUR PART, above - See? YOU, the "great critic" of others' writing, in "Americano" (amongst his other personas here which we already have seen) makes BIG mistakes himself, will wonders NEVER cease (LMAO!)...

    2.) YOU were "modded-down" -1 when you tried to deny impersonating me here in this exchange in that SAME post I quoted your "To Whit:" from -> http://slashdot.org/comments.pl?sid=1283193&cid=28488875 (lmao - which seeing you modded down, it seems NO ONE BELIEVED YOUR b.s. then, either)

    3.) Bottom-line though: You said I was 'crippling my OS'? BEG TO DIFFER: Funny - I can still watch .avi files, just fine, WITHOUT unregistering quartz.dll (or, disabling access to it, until it is fixed), by passing .avi files thru VideoInspector, to see if they indeed, legitimate... but, I do agree that unregistering it or altering its ACL is good medicine until it's fixed (hopefully, on Patch Tuesday 1-2 week(s) from today by MS)

    4.) Look into "reading comprehension" yourself, because YOUR "security suggestions" for MacOS X fall FAR short of those @ SECUNIA.COM, and FROM APPLE.COM as well & fall more into line with what I show users of Windows NT-based OS of modern variety how to do for both files/folders & the registry, for the BEST in possible security on them (especially vs. threats like Conficker lately, for example)!

    Also QUITE HILARIOUS, is your 'ultra secure' MacOS X only has a "partial fix" on this one though -> http://secunia.com/advisories/18963/2/ & YOU CANNOT FIX IT FULLY (period, as it deals in PEBKAC issues + more) & to fix up the outstanding issues on Windows NT-based OS, I am able to fix them all, or easily work-around them!

    (SO, like you said? Don't do "stupid shit", & all the rest will be ok - trouble is, does "gramma-user/noob user" know enough? Well - I provided guides to Windows folks for it, for decades now & the latest are the best, no questions asked... ones that make it easy as possible via a free automated tool, from a respected source that was noted well in COMPUTERWORLD iirc, as far as publications in this science - have YOU done the same? I hope not, based on your mistakes & bad assumptions!)...

    (Which I also showed RyuuzakiTetsuya he was "off on" as well - because both SECUNIA.COM &/or APPLE themselves state that changing permissions (via CHOWN, which is what RyuuzakiTetsuya had to use vs. an attack scenario we discussed no less to secure himself vs. it OR using trusted users only) is a big part of "the way to go", to secure MacOS X fully vs. various threats, thus? You only proved my point, vs. his (RyuuzakiTetsuya) even more, thanks!,/b> AND - & gee: I wonder, who KNOWS more about securing an OS, than the makers of the OS themselves in Apple, & SECUNIA.COM, a noted respected site for security of computers? Hmmmm??)... apk

  4. Funny, you were "modded down" for impersonating me by Anonymous Coward · · Score: 0 · on Doctors Baffled, Intrigued By Girl Who Doesn't Age

    http://slashdot.org/comments.pl?sid=1283193&cid=28488875

    I wasn't the one whom others "modded down" for impersonating me, was I? See the URL above, because it appears that happened to YOU, in being modded down, when you attempted to deny your doing an impersonation of myself...

    (So, who did you think you were fooling?? Nobody here apparently, judging by the fact YOU got "modded down" for such lunacy!)

    APK

    P.S.=> And, by the by? No "crippling" of my OS occurs, I can STILL play .avi files, just fine, as long as I run avi files thru a tool like VideoInspector, to check their legitimacy (OR, I can just temporarily disable Quartz.DLL via ACL alterations & not play .avi files, either way, keeps me safe)... pretty simple!

    HOWEVER - You, on MacOS X on the other hand, per this one -> http://secunia.com/advisories/18963/2/ ??

    All you have is a "partial fix", & it's not fully secured, & the folks @ SECUNIA, and Apple, KNOW IT... (So much for your "secure MacOS X", eh???)

    Funniest part of all is, that the fixes MacOS X has recommended by SECUNIA.COM also deal in altering permissions to files, & so does YOUR use of limited privelege accounts, proving my point to RyuuzakiTetsuya where HE had to use that, & his "security guide for MacOS X" included NO USE of CHOWN, but, in the end? HE HAS TO USE IT, & so do you, via limited privelege accounts use on YOUR part on YOUR MacOS X system... period!... apk

  5. On MacOS X & your suggestions? See here by Anonymous Coward · · Score: 0 · on Doctors Baffled, Intrigued By Girl Who Doesn't Age

    "You can dick around with crippling your Windows box so it can't play videos and mess around with ACLs on your files all you want." - by Americano (920576)
    on Sunday June 28, @01:56AM (#28501419)

    Who says I do without playing videos? I can run any downloaded file through videoinspector to see if it is a legitimate .avi file if I like, OR, just use another video format (there is usually alternate downloads in diff. formats, or, I run a legit one thru a video file format conversion program)... so much for YOUR suggestions (because you obviously aren't aware of these options apparently).

    ----

    "Have fun - while you're doing that, I'll be busy over here, actually using my more-secure-by-default computer to do things that are productive and enjoyable." - by Americano (920576) on Sunday June 28, @01:56AM (#28501419)

    I will have fun, and have a job on Windows, doing all that you think I cannot, and on a system that has more softwares & hardwares available for any kind of purpose there is, including employability (since Windows has the HUGELY "lion's share" of the market, all the way from home user desktops, up through departmental workstations & servers, up to "Enterprise Class/Mission Critical" servers, especially vs. *NIX)...

    APK

    P.S.=> You only helped prove my points - first, that you *NIX people talk out your behinds & are wrong (as per usual, see this reply above for example) + that YOU had to use ACL's &/or guest accounts (which LIMIT FUNCTIONALITY, and you said you weren't doing that? B.S. on that, right there, because using limited accounts does EXACTLY that), proving my point to RyuuzakiTetsuya that his "macos x security guide" was imperfect (& even SECUNIA.COM recommends altering ACL on Mac's)...

    (and, still this one -> http://secunia.com/advisories/18963/2/ has PEBKAC issues, & you can't "fix that", fully, OR not without disabling some functionality or using limited function accounts, period)

    Whereas I can go @ it using a FULL BLOWN Administrator account, & just be cautious on Quartz.dll played .avi files, as I stated above (replying here because the thread where we discussed this was "shut" & very oddly early as well (must have been because I was going to post THIS VERY POST, disproving your b.s.))... apk

  6. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  7. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  8. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  9. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  10. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  11. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  12. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  13. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  14. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  15. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  16. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  17. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  18. ALL Windows Server 2k3 are fixable NOT MacOS X tho by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "What about ones discovered in previous years that are still unpatched, which are included in the numbers I provided to you" - by Americano (920576)
    on Friday June 26, @06:38PM (#28489297)

    Ok, 1 by 1, I will show YOU how to fix or get around them (or what I do @ least, @ present to do so, whereas YOU cannot answer how to fix the MacOS X hassle):

    Microsoft DirectShow QuickTime Parsing Arbitrary Code Execution -> http://secunia.com/advisories/35268/

    Easy, alter the ACL for quartz.dll or unregister it, until it's patched

    Microsoft Windows "IopfCompleteRequest" Integer Overflow Vulnerability -> http://secunia.com/advisories/31824/

    That's easy to fix also -> I don't use GEAR burnerware products, nor the Symantec OR APPLE (lol itunes) products listed, & thus? I am INVULNERABLE to it... why they are listing app hassles though, astounds me some here on this one

    Microsoft Windows Active Directory Logon Hours User Enumeration Weakness -> http://secunia.com/advisories/25457/

    I don't use AD, no need for it here (single machine user @ home is why, & that's who my guides are geared towards)

    Microsoft Windows NDISTAPI.SYS Denial of Service -> http://secunia.com/advisories/24598/

    Not critical, easy ACL fix, & bang - I can FIX this, easy, as per usual, via ACL alterations!

    Microsoft Windows Directory Monitoring Information Disclosure Weakness -> http://secunia.com/advisories/24245/

    Not critical, & another ACL fix... easy!

    Microsoft Windows WMF File Handling Denial of Service -> http://secunia.com/advisories/21377/

    Not critical, easy fix (1 of 2) - don't use WMF if possible, & use ACL's... again, easy!

    Microsoft Windows Unspecified USB Device Driver Vulnerability -> http://secunia.com/advisories/16210/

    Bit tougher, but easy too - avoid this -> "can be exploited by malicious people with physical access to a vulnerable system to compromise it." (in other words, keep your system where only YOU can touch it, & nobody else + apparently? It also requires not ONLY physical access, but also a "specially crafted usb device" (highly unlikely here @ least & probably most folks + usb problems? They exist on *NIX's too... just like privelege escalations do!)

    Windows Remote Desktop Protocol Private Key Disclosure -> http://secunia.com/advisories/15605/

    Simplest of all = DON'T ALLOW RDP SESSIONS (& I do not here)

    Windows Registry Key Locking Denial of Service -> http://secunia.com/advisories/14061/

    Another SIMPLE ACL fix...

    Microsoft Windows Multiple Vulnerabilities -> http://secunia.com/advisories/13645/2/

    Common-sense fix, & easy, verbatim from the webstie (I recommend the same in my security guides) -> Do not visit untrusted web sites and don't open documents from untrusted sources.

    Microsoft HTML Help Control Privilege Escalation Vulnerability -> http://secunia.com/advisories/10066/

    Piece of cake too: Another ACL fix!

    Microsoft Windows Unauthorised Thread Termination -> http://secunia.com/advisories/9921/

    Another "piece of cake", in another ACL fix!

    Windows 2003 Server Buffer Overflow Protection Mechanism Bypass -> http://secunia.com/advisor

  19. Let's review ACTUAL VULNERABILITIES not advisories by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    Funny: The latest build of MacOS X shows 971 vulnerabilities here -> http://secunia.com/advisories/product/96/?task=statistics

    Specifically this -> Affected By 130 Secunia advisories 971 Vulnerabilities

    Now, by way of comparison? Windows Server 2003 -> http://secunia.com/advisories/product/1174/ :

    Affected By 191 Secunia advisories 234 Vulnerabilities

    The VULNERABILITIES are what counts, as THEY are the problem itself!

    (Again - learn to read, or you will end up "eating your words" as you did to Tom Hudson here today + myself already 2x today, in your stating we said things we never did, and also that I was only in 'online journals' where I was clearly in written respected publications in this science (and you clearly have NOT been & then you impersonated me as well when that was all said & done, lmao, which is the SURE SIGN I "got the better of you"), lmao!)

    APK

    P.S.=> Oh well - Time to "eat your words" yet again:

    "So, Windows 2003 server has more unpatched vulnerabilities" - by Americano (920576) on Friday June 26, @05:49PM (#28488807)

    WRONG, as-per-usual: Both MacOS X & Windows Server 2003 have 1 outstanding unpatched issue each... albeit, the one for Windows Server 2003? Merely unregistering quartz.dll is nothing & easy to do (that, or just altering its ACL so NOBODY can use it, until it's fixed (which only means you do without watching .avi files is all)

    NOW - the MacOS error? Generates 3 possibles, & those are:

    1.) SYSTEM ACCESS
    2.) PRIVELEGE ESCALATION EXPLOITS
    3.) DOS/DDOS

    A "wee bit more serious" I would say, especially since MacOS X has remote "X" sessions possible, because it is a *NIX... & worse if a remoteable badware/malware gets inside of it (& lord knows, users (especially "gramma ones", which are the folks that use Macs the most from what I see & hear + who it is "geared to" no less) will make mistakes of that nature)

    Can you FIX that, as easily as I can on Windows' single exploit?

    apk

  20. Let's review ACTUAL VULNERABILITIES not advisories by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    Funny: The latest build of MacOS X shows 971 vulnerabilities here -> http://secunia.com/advisories/product/96/?task=statistics

    Specifically this -> Affected By 130 Secunia advisories 971 Vulnerabilities

    Now, by way of comparison? Windows Server 2003 -> http://secunia.com/advisories/product/1174/ :

    Affected By 191 Secunia advisories 234 Vulnerabilities

    The VULNERABILITIES are what counts, as THEY are the problem itself!

    (Again - learn to read, or you will end up "eating your words" as you did to Tom Hudson here today + myself already 2x today, in your stating we said things we never did, and also that I was only in 'online journals' where I was clearly in written respected publications in this science (and you clearly have NOT been & then you impersonated me as well when that was all said & done, lmao, which is the SURE SIGN I "got the better of you"), lmao!)

    APK

    P.S.=> Oh well - Time to "eat your words" yet again:

    "So, Windows 2003 server has more unpatched vulnerabilities" - by Americano (920576) on Friday June 26, @05:49PM (#28488807)

    WRONG, as-per-usual: Both MacOS X & Windows Server 2003 have 1 outstanding unpatched issue each... albeit, the one for Windows Server 2003? Merely unregistering quartz.dll is nothing & easy to do (that, or just altering its ACL so NOBODY can use it, until it's fixed (which only means you do without watching .avi files is all)

    NOW - the MacOS error? Generates 3 possibles, & those are:

    1.) SYSTEM ACCESS
    2.) PRIVELEGE ESCALATION EXPLOITS
    3.) DOS/DDOS

    A "wee bit more serious" I would say, especially since MacOS X has remote "X" sessions possible, because it is a *NIX... & worse if a remoteable badware/malware gets inside of it (& lord knows, users (especially "gramma ones", which are the folks that use Macs the most from what I see & hear + who it is "geared to" no less) will make mistakes of that nature)

    Can you FIX that, as easily as I can on Windows' single exploit?

    apk

  21. Re:TomHudson felt URA Troll (independent confirmed by Americano · · Score: 1 · on The Birth and Battle of Conficker
    Okay, I'll bite. Your Secunia "vulnerabilities" links? Yeah, did you read fine print where Secunia indicates the following:

    PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products.

    However, let's assume that comparing raw numbers of vulnerabilities means anything. Let's look at the number of patched advisories, and their relative criticality.

    Secunia has issued 130 advisories since 2003 for Mac OS X - that's all versions of Mac OS X. Of them, 5 out of 130 advisories remain unpatched, and the most critical of those patches is rated as "Moderately Critical" - a 3/5 on a 5-point criticality scale.

    Now let's look at your precious Microsoft Windows Server 2003 Enterprise Edition, even though 1 version of Windows versus every version of Mac OS X is not a true apples-to-apples comparison. There have been 191 Secunia advisories since 2003 for that operating system. Of those, 13 out of 191 remain unpatched, with the most critical unpatched advisory rated as an "Extremely Critical" (a 5/5 on a 5-point criticality scale. The worst possible.)

    So, Windows 2003 server has more unpatched vulnerabilities in absolute numbers, and also it's unpatched vulnerabilities are more critical in terms of the amount of access an attacker can gain by exploiting the vulnerabilities.

    So what about my statement that "Windows is less secure, by default, than Mac OS" is disproved by these statistics? Raw numbers of vulnerabilities are absolutely not to be used to compare the "relative security" of two systems, which Secunia themselves go out of their way to state.

  22. Re:TomHudson felt URA Troll (independent confirmed by Americano · · Score: 1 · on The Birth and Battle of Conficker
    Okay, I'll bite. Your Secunia "vulnerabilities" links? Yeah, did you read fine print where Secunia indicates the following:

    PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products.

    However, let's assume that comparing raw numbers of vulnerabilities means anything. Let's look at the number of patched advisories, and their relative criticality.

    Secunia has issued 130 advisories since 2003 for Mac OS X - that's all versions of Mac OS X. Of them, 5 out of 130 advisories remain unpatched, and the most critical of those patches is rated as "Moderately Critical" - a 3/5 on a 5-point criticality scale.

    Now let's look at your precious Microsoft Windows Server 2003 Enterprise Edition, even though 1 version of Windows versus every version of Mac OS X is not a true apples-to-apples comparison. There have been 191 Secunia advisories since 2003 for that operating system. Of those, 13 out of 191 remain unpatched, with the most critical unpatched advisory rated as an "Extremely Critical" (a 5/5 on a 5-point criticality scale. The worst possible.)

    So, Windows 2003 server has more unpatched vulnerabilities in absolute numbers, and also it's unpatched vulnerabilities are more critical in terms of the amount of access an attacker can gain by exploiting the vulnerabilities.

    So what about my statement that "Windows is less secure, by default, than Mac OS" is disproved by these statistics? Raw numbers of vulnerabilities are absolutely not to be used to compare the "relative security" of two systems, which Secunia themselves go out of their way to state.

  23. Learn to read then, SAMBA & NetBIOS by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    You had best learn to read, because I will now quote EXACTLY where RyuuzakiTetsuya shows he is "ill-informed", AND where he is off/wrong on technical issues as regards his "putdowns" of Windows just like I did to his INFOWORLD "Pro-Mac" (vs. Windows) article by Mr. Tom Yager, here ->

    http://slashdot.org/comments.pl?sid=1267281&cid=28439225

    (I tore it up, point-by-point & with ease, because it was SO full of mistakes, it was not even funny!)

    Here we go, with quotes of where RyuuzakiTetsuya was wrong in his init. post:

    "Home users really don't have to worry about Samba file/print sharing owning their machine like NetBIOS on Windows users have to worry about their machines being similarly owned." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

    Well, that all "said & aside"? Take a read below, & tell us who was "ill informed", lol:

    ----

    Samba Security Bypass and Format String Vulnerabilities:

    http://secunia.com/advisories/35539/3/

    Impact: Security Bypass & System access

    ----

    AND, on 6/13/2009 when he posted that? It wasn't patched (& wasn't thru most of this exchange, & not until 2 days ago in fact))

    (AND, you called ME "ill informed"? LMAO!)

    See here about his statements regarding NetBIOS/LanMan networking, to which I gave him the "simplest cure of all" for that much:

    http://slashdot.org/comments.pl?sid=1267281&cid=28335781

    (By simply cutting the server service, I gave an easy fix to THAT statement of his... to which he agreed most people don't need it running no less (since they only have 1 system much of the time))

    As far as 'curing/immunizing a user' vs. Conficker? I was on that months ago here -> http://it.slashdot.org/comments.pl?sid=1159209&cid=27178753 & I was "modded up" +1 as INFORMATIVE (funny that, especially when you called ME "ill-informed", lol!)

    APK

    P.S.=> In the end? Whoever "modded up" RyuuzakiTetsuya was obviously a fool, OR, he did it himself via a 'sockpuppet' account he keeps himself (probably YOU - see? Others can accuse YOU of that also)... apk

  24. SAMBA security holes, & Mac SATA patch? by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "He's an ill-informed troll" - by Americano (920576) on Thursday June 25, @06:39PM (#28473695)

    Sure, sure... I am "ill informed"? Let me quote what was said by RyuuzakiTetsuya on 6/13/2009, verbatim (& then, I'll supply some data that definitely contradicted it on that very date) in regards to SAMBA:

    "Home users really don't have to worry about Samba file/print sharing owning their machine like NetBIOS on Windows users have to worry about their machines being similarly owned." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

    Well, that all "said & aside"? Take a read below, & tell us who was "ill informed", lol:

    ----

    Samba Security Bypass and Format String Vulnerabilities:

    http://secunia.com/advisories/35539/3/ [secunia.com]

    Impact: Security Bypass & System access

    ----

    I think that the user's involved ought to patch that up, & F A S T... once more, your statements didn't "hold true" in your original post & @ the time of their posting...

    By the way - This didn't get patched until 2 days ago (6/24/2009) &, we started this discussion long before that on 6/13/2009 (& your initial/1st post, quoted above? Yes, it was before that date of the patch!)

    Also, as far as Mac's? Take a peek here:

    ----

    Apple Issues Firmware Upgrade For MacBook Pro:

    http://apple.slashdot.org/story/09/06/23/1338211/Apple-Issues-Firmware-Upgrade-For-MacBook-Pro [slashdot.org]

    ----

    (As to their "high quality"...? Seems that they couldn't get SATA access right!)

    APK

    P.S.=> Hilarious... & TOO easy + accusing myself of being others (or vice-a-versa)? Is THAT the "best you have"? Please - prove my technical points wrong - I did to his article by Tom Yager from INFOWORLD, point-by-point, & RyuuzakiTetsuya outright RAN, lmao! apk

  25. SAMBA users didn't have to worry? See inside! apk by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "Home users really don't have to worry about Samba file/print sharing owning their machine like NetBIOS on Windows users have to worry about their machines being similarly owned." - by RyuuzakiTetsuya (195424) on Saturday June 13, @03:18AM (#28318001)

    B.S., because they clearly DO, and currently no less:

    ----

    Samba Security Bypass and Format String Vulnerabilities

    http://secunia.com/advisories/35539/3/

    Impact: Security Bypass & System access

    ----

    I think that the user's involved ought to patch that up, & F A S T... once more, your statements didn't "hold true" in your original post & @ the time of their posting...

    By the way - This didn't get patched until 2 days ago (6/24/2009) &, we started this discussion long before that on 6/13/2009 (& your initial/1st post, quoted above? Yes, it was before that date of the patch!)

    Also, as far as Mac's? Take a peek here:

    ----

    Apple Issues Firmware Upgrade For MacBook Pro:

    http://apple.slashdot.org/story/09/06/23/1338211/Apple-Issues-Firmware-Upgrade-For-MacBook-Pro

    ----

    (As to their "high quality"...? Seems that they couldn't get SATA access right!)

    APK

    P.S.=> Hilarious... & TOO easy! apk

  26. Re:Anti-trust? by beuges · · Score: 1 · on AV-Test Deems Windows Security Essentials "Very Good"

    Oh yes of course, because no non-microsoft image libraries have ever had vulnerabilities... no wait. What's this?

    libpng Multiple Vulnerabilities

    The vulnerabilities can e.g. be exploited by tricking a user into visiting a malicious website or view a malicious email with an affected application linked to libpng.

    The WMF issue you're most likely referring to was fixed, whilst still preserving the ability to contain scripting commands inside the image file, implying that the ability to run code embedded in an image is not as incredibly stupid as you make it out to be. Or was that just some ignorant fanboy bullshit from the other side of the fence?

  27. About the MacOS X & Windows Server 2003 bugs by Anonymous Coward · · Score: 0 · on The Birth and Battle of Conficker

    "You're digging your heels in, not listening to anything anyone ever has to say to you" - by RyuuzakiTetsuya (195424) on Wednesday June 17, @01:51AM (#28358055)

    Now, how can you say THAT, when I quote your words, & simply reply back to them?

    "Most of your posts are hyping up how awesome you are" - by RyuuzakiTetsuya (195424) on Wednesday June 17, @01:51AM (#28358055)

    Hey, YOU asked "Who are you?", I simply gave you some data on that much, & then asked IF you had done the same.

    APK

    P.S.=>

    "Plus they're listing things that aren't Apple's fault as being a "vulnerability." - by RyuuzakiTetsuya (195424) on Wednesday June 17, @01:51AM (#28358055)

    What? They list it as a local exploit, the SINGLE one they don't have patched... but, with MULTIPLE problems in it, here -> http://secunia.com/advisories/34424/3/

    Problems being -> Privilege escalation, DoS, & System access

    I used the MOST current build possible... & compared it to what I use, Windows Server 2003, w/ a known issue w/ QUARTZ.DLL (& you unregister it or alter it's ACL so nobody can use it till it's patched & you're fixed: Simple)

    Can you fix the MacOS X hassle THAT easily, & if so, how? apk

  28. Re:Why are we deprived of this in North America? by shutdown+-p+now · · Score: 1 · on Microsoft Will Ship Windows 7 in Europe With IE Unbundled

    Just to spell it out for you since it's already clear that it's necessary, IE has been home to privilege escalation exploits before. And yet, these elements weren't in the browser, but in the engine.

    You'll have to spell it out in a different way, apparently, since I don't see any privilege escalation exploits for the whole lifetime of IE7.

  29. Re:Serious question by bloodhawk · · Score: 1 · on Microsoft Downplays IIS Bug Threat

    It's hard to get a fix on equivalent numbers for IIS, since they all seem to fall under the MS Windows category.

    its not hard at all. http://secunia.com/advisories/product/1438/ http://secunia.com/advisories/product/17543/

  30. Re:Serious question by bloodhawk · · Score: 1 · on Microsoft Downplays IIS Bug Threat

    It's hard to get a fix on equivalent numbers for IIS, since they all seem to fall under the MS Windows category.

    its not hard at all. http://secunia.com/advisories/product/1438/ http://secunia.com/advisories/product/17543/

  31. Re:Serious question by marcosdumay · · Score: 1 · on Microsoft Downplays IIS Bug Threat

    Wow! Using a 403 error page to make another server put bad code into the user's browser is genial. That is why I like security people, I'd never think about something lke that.

  32. Re:Subliminal messaging by Ralish · · Score: 1 · on Microsoft Downplays IIS Bug Threat

    Funny. It sounded like "use software with open standards and secure implementations" to me.

    I personally use Apache for my web-facing server, but that being said, IIS 6 (Windows Server 2003) has had a very good security track record. Secunia tracks 6 advisories since its release back in 2003 and only one of those is unpatched, that being the vulnerability this story is about.

    In contrast, Apache 2.2 was released in late 2005 and has 10 exploits listed, with 2 unpatched and 2 with partial fixes. The exploits seem to be on average less severe, but there's more of them, and some aren't patched.

    My point being, you might not want to jump to conclusions ;) IIS 5.x and earlier was absolutely shocking for security, but IIS 6.x and above does have significant improvements. It's no coincidence that IIS 6 is not vulnerable to this exploit out of the box while IIS 5 is.

  33. Re:Subliminal messaging by Ralish · · Score: 1 · on Microsoft Downplays IIS Bug Threat

    Funny. It sounded like "use software with open standards and secure implementations" to me.

    I personally use Apache for my web-facing server, but that being said, IIS 6 (Windows Server 2003) has had a very good security track record. Secunia tracks 6 advisories since its release back in 2003 and only one of those is unpatched, that being the vulnerability this story is about.

    In contrast, Apache 2.2 was released in late 2005 and has 10 exploits listed, with 2 unpatched and 2 with partial fixes. The exploits seem to be on average less severe, but there's more of them, and some aren't patched.

    My point being, you might not want to jump to conclusions ;) IIS 5.x and earlier was absolutely shocking for security, but IIS 6.x and above does have significant improvements. It's no coincidence that IIS 6 is not vulnerable to this exploit out of the box while IIS 5 is.

  34. Re:Serious question by Just+Some+Guy · · Score: 1 · on Microsoft Downplays IIS Bug Threat

    That query shows all results even tangentially related to Apache family. You need to look at the advisories for Apache 2.2, Apache 2.0, and Apache 1.3 specifically.

  35. Re:Serious question by Just+Some+Guy · · Score: 1 · on Microsoft Downplays IIS Bug Threat

    That query shows all results even tangentially related to Apache family. You need to look at the advisories for Apache 2.2, Apache 2.0, and Apache 1.3 specifically.

  36. Re:Serious question by Just+Some+Guy · · Score: 1 · on Microsoft Downplays IIS Bug Threat

    That query shows all results even tangentially related to Apache family. You need to look at the advisories for Apache 2.2, Apache 2.0, and Apache 1.3 specifically.

  37. Re:Serious question by iamhigh · · Score: 1 · on Microsoft Downplays IIS Bug Threat

    Check for yourself... http://secunia.com/advisories/search/?search=Apache&sort_by=date

  38. Disabling Javascript won't mitigate the risk still by biddly718 · · Score: 3, Insightful · on Adobe Confirms PDF Zero-Day, Says Kill JavaScript

    According to Secunia disabling Javascript does not mitigate the risk. Old news? http://secunia.com/blog/44/

  39. Re:Ditch Acrobat... by Anonymous Coward · · Score: 2, Informative · on Adobe Confirms PDF Zero-Day, Says Kill JavaScript

    According to Secunia disabling Javascript does not mitigate the risk. Old news?

    http://secunia.com/blog/44/

  40. Re:Better than mplayer? by Anonymous Coward · · Score: 0 · on VLC 0.9.9, The Best Media Player Just Got Better

    OK, I looked it up: Secunia Vulnerability Report: Media Player Classic Homecinema 1.x

    Affected By 0 Secunia advisories
    0 Vulnerabilities

    Monitor Product Receive alerts for this product

    Unpatched 0% (0 of 0 Secunia advisories)

    Most Critical Unpatched
    There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

    In words: zero vulns.

  41. Re:Surprise? by Lars+T. · · Score: 1 · on Reliability of Computer Memory?

    They use Linux, so the kernel is stable and updates aren't needed unless new features are implemented that the older kernel doesn't support.

    So fixing vulnerabilities is a feature now? http://secunia.com/advisories/14295/ 5 seconds of Googleing, and BAMM, Multiple Vulnerabilities across two "stable" strains of kernels.

    The sound Linux makes when it crashes is the sound of one hand clapping.

    Like Bart Simpson said: "Peace o' cake" - Clap.

  42. understating the problems with MSIE by SgtChaireBourne · · Score: 1 · on State of Colorado Calls Firefox Insecure, IE6 Safe

    Secunia states that Firefox3 has less critical issues: http://secunia.com/advisories/product/19089/

    While IE6 and IE7 have moderate problems. Making IE less secure: http://secunia.com/advisories/product/11/ http://secunia.com/advisories/product/12366/

    Firefox3 also has only 1 issue unpatched, while IE6 has 22 open issues.

    Good. I hit a nerve. Don't fall for Secunia's misleading descriptions and understate the risk significantly. Qo re-read those "moderate" problems on MSIE and compare them to "severe" bugs on other products. Yeah, the MSIE bugs are frequently downplayed in severity.

    The advisories are also hidden away for some products and lifted to the start page for others. Just try to find the MSIE advisories in the by product listing. Can't easily do it. Also notice that in the scope notes, most of the MSIE vulnerabilities expand out to include all applications which can inadvertently call MSIE through hard-coded options, such as WMP. That works out to a very large base of vulnerable applications.

    Secunia's not the only one obfuscating the unsuitability of MS products. Even the US NVD is affected. None of them mention avoiding the defective product (Windows) or problem tool (MSIE). It wasn't too many years ago that mainstream magazines were talking about banning MS Outlook for the sake of security. Now even "security" specialists are changing the subject or mumbling when asked if the emperor is really wearing any clothes.

    There's just not a business case to stay on the autoflagellation combination, Windows+MSIE

  43. understating the problems with MSIE by SgtChaireBourne · · Score: 1 · on State of Colorado Calls Firefox Insecure, IE6 Safe

    Secunia states that Firefox3 has less critical issues: http://secunia.com/advisories/product/19089/

    While IE6 and IE7 have moderate problems. Making IE less secure: http://secunia.com/advisories/product/11/ http://secunia.com/advisories/product/12366/

    Firefox3 also has only 1 issue unpatched, while IE6 has 22 open issues.

    Good. I hit a nerve. Don't fall for Secunia's misleading descriptions and understate the risk significantly. Qo re-read those "moderate" problems on MSIE and compare them to "severe" bugs on other products. Yeah, the MSIE bugs are frequently downplayed in severity.

    The advisories are also hidden away for some products and lifted to the start page for others. Just try to find the MSIE advisories in the by product listing. Can't easily do it. Also notice that in the scope notes, most of the MSIE vulnerabilities expand out to include all applications which can inadvertently call MSIE through hard-coded options, such as WMP. That works out to a very large base of vulnerable applications.

    Secunia's not the only one obfuscating the unsuitability of MS products. Even the US NVD is affected. None of them mention avoiding the defective product (Windows) or problem tool (MSIE). It wasn't too many years ago that mainstream magazines were talking about banning MS Outlook for the sake of security. Now even "security" specialists are changing the subject or mumbling when asked if the emperor is really wearing any clothes.

    There's just not a business case to stay on the autoflagellation combination, Windows+MSIE

  44. understating the problems with MSIE by SgtChaireBourne · · Score: 1 · on State of Colorado Calls Firefox Insecure, IE6 Safe

    Secunia states that Firefox3 has less critical issues: http://secunia.com/advisories/product/19089/

    While IE6 and IE7 have moderate problems. Making IE less secure: http://secunia.com/advisories/product/11/ http://secunia.com/advisories/product/12366/

    Firefox3 also has only 1 issue unpatched, while IE6 has 22 open issues.

    Good. I hit a nerve. Don't fall for Secunia's misleading descriptions and understate the risk significantly. Qo re-read those "moderate" problems on MSIE and compare them to "severe" bugs on other products. Yeah, the MSIE bugs are frequently downplayed in severity.

    The advisories are also hidden away for some products and lifted to the start page for others. Just try to find the MSIE advisories in the by product listing. Can't easily do it. Also notice that in the scope notes, most of the MSIE vulnerabilities expand out to include all applications which can inadvertently call MSIE through hard-coded options, such as WMP. That works out to a very large base of vulnerable applications.

    Secunia's not the only one obfuscating the unsuitability of MS products. Even the US NVD is affected. None of them mention avoiding the defective product (Windows) or problem tool (MSIE). It wasn't too many years ago that mainstream magazines were talking about banning MS Outlook for the sake of security. Now even "security" specialists are changing the subject or mumbling when asked if the emperor is really wearing any clothes.

    There's just not a business case to stay on the autoflagellation combination, Windows+MSIE

  45. understating the problems with MSIE by SgtChaireBourne · · Score: 1 · on State of Colorado Calls Firefox Insecure, IE6 Safe

    Secunia states that Firefox3 has less critical issues: http://secunia.com/advisories/product/19089/

    While IE6 and IE7 have moderate problems. Making IE less secure: http://secunia.com/advisories/product/11/ http://secunia.com/advisories/product/12366/

    Firefox3 also has only 1 issue unpatched, while IE6 has 22 open issues.

    Good. I hit a nerve. Don't fall for Secunia's misleading descriptions and understate the risk significantly. Qo re-read those "moderate" problems on MSIE and compare them to "severe" bugs on other products. Yeah, the MSIE bugs are frequently downplayed in severity.

    The advisories are also hidden away for some products and lifted to the start page for others. Just try to find the MSIE advisories in the by product listing. Can't easily do it. Also notice that in the scope notes, most of the MSIE vulnerabilities expand out to include all applications which can inadvertently call MSIE through hard-coded options, such as WMP. That works out to a very large base of vulnerable applications.

    Secunia's not the only one obfuscating the unsuitability of MS products. Even the US NVD is affected. None of them mention avoiding the defective product (Windows) or problem tool (MSIE). It wasn't too many years ago that mainstream magazines were talking about banning MS Outlook for the sake of security. Now even "security" specialists are changing the subject or mumbling when asked if the emperor is really wearing any clothes.

    There's just not a business case to stay on the autoflagellation combination, Windows+MSIE

  46. moderate vs moderate by SgtChaireBourne · · Score: 1, Flamebait · on State of Colorado Calls Firefox Insecure, IE6 Safe

    Secunia states that Firefox3 has less critical issues:
    http://secunia.com/advisories/product/19089/

    While IE6 and IE7 have moderate problems. Making IE less secure:
    http://secunia.com/advisories/product/11/
    http://secunia.com/advisories/product/12366/

    ...

    Bzzt. Thanks for playing

    On your way out go re-read those "moderate" problems on MSIE and compare them to "severe" bugs on other products. Yeah, the MSIE bugs are frequently downplayed in severity.

  47. moderate vs moderate by SgtChaireBourne · · Score: 1, Flamebait · on State of Colorado Calls Firefox Insecure, IE6 Safe

    Secunia states that Firefox3 has less critical issues:
    http://secunia.com/advisories/product/19089/

    While IE6 and IE7 have moderate problems. Making IE less secure:
    http://secunia.com/advisories/product/11/
    http://secunia.com/advisories/product/12366/

    ...

    Bzzt. Thanks for playing

    On your way out go re-read those "moderate" problems on MSIE and compare them to "severe" bugs on other products. Yeah, the MSIE bugs are frequently downplayed in severity.

  48. moderate vs moderate by SgtChaireBourne · · Score: 1, Flamebait · on State of Colorado Calls Firefox Insecure, IE6 Safe

    Secunia states that Firefox3 has less critical issues:
    http://secunia.com/advisories/product/19089/

    While IE6 and IE7 have moderate problems. Making IE less secure:
    http://secunia.com/advisories/product/11/
    http://secunia.com/advisories/product/12366/

    ...

    Bzzt. Thanks for playing

    On your way out go re-read those "moderate" problems on MSIE and compare them to "severe" bugs on other products. Yeah, the MSIE bugs are frequently downplayed in severity.

  49. Boilerplate refutation by rysiek · · Score: 1 · on State of Colorado Calls Firefox Insecure, IE6 Safe

    This might come in handy for those of you that would like to do something about those id10ts:

    "I have come across a statement on Your website, stating:

    "DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers pose a security risk."

    Here's the thing:
    Development of Internet Explorer has been absolutely stagnant for a decade, to a point where it actually became a synonym for "insecure". But don't take my word for it, let's have a look at Secunia (a great website, tracking bugs in popular software).

    Internet Explorer 6:
        unpatched : 16% (22 of 135 advisories);
        highest rated : moderately critical;
        http://secunia.com/advisories/product/11/

    Internet Explorer 7:
        unpatched : 26% (9 of 34 advisories);
        highest rated : moderately critical;
        http://secunia.com/advisories/product/12366/

    Mozilla Firefox 2.0.x:
        unpatched : 10% (3 of 29 advisories);
        highest rated : less critical;
        http://secunia.com/advisories/product/12434/

    Mozilla Firefox 3.x:
        unpatched : 9% (1 of 11 advisories);
        highest rated : less critical;
        http://secunia.com/advisories/product/19089/

    So:

    1. every single version of Firefox has less unpatched advisories than
          every single version of IE;
    2. every single version of Firefox has less overall advisories than every
          single version of IE;
    3. every single version of Firefox has less (percent-wise) unpatched
          advisories than every single version of IE;
    4. every single version of Firefox has a less critical rating than every
          single version of IE;

    Hence - how exactly have you come to the conclusion that Firefox is less secure? It's IE that poses security risks, and its worse than Firefox by leaps and bounds!

    I must consider dispersing such information about browsers as you do as utterly irresponsible."

  50. Boilerplate refutation by rysiek · · Score: 1 · on State of Colorado Calls Firefox Insecure, IE6 Safe

    This might come in handy for those of you that would like to do something about those id10ts:

    "I have come across a statement on Your website, stating:

    "DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers pose a security risk."

    Here's the thing:
    Development of Internet Explorer has been absolutely stagnant for a decade, to a point where it actually became a synonym for "insecure". But don't take my word for it, let's have a look at Secunia (a great website, tracking bugs in popular software).

    Internet Explorer 6:
        unpatched : 16% (22 of 135 advisories);
        highest rated : moderately critical;
        http://secunia.com/advisories/product/11/

    Internet Explorer 7:
        unpatched : 26% (9 of 34 advisories);
        highest rated : moderately critical;
        http://secunia.com/advisories/product/12366/

    Mozilla Firefox 2.0.x:
        unpatched : 10% (3 of 29 advisories);
        highest rated : less critical;
        http://secunia.com/advisories/product/12434/

    Mozilla Firefox 3.x:
        unpatched : 9% (1 of 11 advisories);
        highest rated : less critical;
        http://secunia.com/advisories/product/19089/

    So:

    1. every single version of Firefox has less unpatched advisories than
          every single version of IE;
    2. every single version of Firefox has less overall advisories than every
          single version of IE;
    3. every single version of Firefox has less (percent-wise) unpatched
          advisories than every single version of IE;
    4. every single version of Firefox has a less critical rating than every
          single version of IE;

    Hence - how exactly have you come to the conclusion that Firefox is less secure? It's IE that poses security risks, and its worse than Firefox by leaps and bounds!

    I must consider dispersing such information about browsers as you do as utterly irresponsible."