FBI, Pentagon Talk to MS about XP Hole

(eternal_software) writes: "The Associated Press is reporting that the FBI and Defense Department are talking to Microsoft about the serious flaws found in the XP operating system. As we all know, the most recent flaw allowed any XP machine to be hijacked simply by connecting it to the internet. The government is getting involved because of growing U.S. concerns about risks to the 'net as a whole." In fact, the FBI would like you to go a bit beyond the MS patch. davecl points out the updated page put out by the National Infrastructure Protection Center about this vulnerability as well.

Just a thought

[peripatetic_bum]

First we hear rumors that al-queda may have hacked into windows,

now we see the Gov't take a special interest in

the latest XP hole.

Dont know about you, but I am really dont know what to think?

Re:Just a thought

[nels_tomlinson]

I believe it was irresponsible of them not to at least inform the government about this bug. Heck, I think they should have gone as far as tell the consumers.

Given that AOL can afford to stuff the mailboxes of the entire US with CD's, Microsoft ought to be able to afford a replacement CD for their paying customers. Instead, they expect you to risk further compromise by going online to get a patch.

They wouldn't even admit that there was a problem until the Washington Post held their feet to the fire. Must be nice to know Uncle Bill cares about his customers ... It's even nicer not to be one of his customers.

did anybody notice this....

[Merik]

"Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it. "

thats really messed up that and scary

(Hmmm.. magic latern)

Re:did anybody notice this....

[innocent_white_lamb]

Nevermind that such an exploit could also be used to do just the same thing and send people off to download a "patch" form a psuedo MS site.

Probably not as easily done as it appears on the surface. I suspect (though I could be wrong) that there would be some kind of key-signing of the update patch that's done by MS and then checked by XP before installing the same.

Or maybe not. This is, after all, Microsoft. But still, it seems an obvious precaution to me.

Trust us!

[robinjo]

Microsoft has known for five weeks that XP had a serious security hole. They didn't do anything to warn customers who bought XP during that time. They just kept telling how XP is so secure.

It's unbeliavable what Microsoft can get away with. I don't think the hole and the patch are the important issues here. I'm shocked how Microsoft can lie to the whole world for five weeks and people still trust them.

Microsoft should have withdrawn XP and fixed it. Expecially as they don't even have any serious competitors. What they showed was that they don't care about the safety of their customers. They just want to make money no matter what.

Re:Trust us!

[uchian]

Microsoft should have withdrawn XP and fixed it. Expecially as they don't even have any serious competitors. What they showed was that they don't care about the safety of their customers. They just want to make money no matter what.

In my opinion they should _STILL_ withdraw it and fix it.

By this, I mean that they should recall every vulnerable CD off of shelves, and send everyone who they know has bought one a new copy that is already patched.

Computers bought with Windows XP preinstalled should have the offer of being recalled to have the patch applied, and everyone should be sent an updated recovery disk.

Why? Because otherwise, 90% of computers out there, run by the technologically clueless population will never get this patch applied.

Re:Trust us!

[uchian]

Hmmm... Great. But we still get a race between the autoinstaller downloading the patch, and the attacks from the all new improved Code Red XP which isn't out yet but which I guess there are at least one or two versions of being written in back bedrooms the world over.

If I recall, on average I was getting one attack every fifteen minutes from Code Red. So how long does this patch take to download? Especially since it's happening in the background, I guess that means it takes a lower priority over a users normal browsing.

all rightey then!

[Jburkholder]

Microsoft explained that a new feature of Windows XP can automatically download the free fix, which takes several minutes, and prompt consumers to install it.

I must be living under a rock because this is the first I've heard of this. XP just starts downloading files without any action from the user? Does anyone beside me feel uncomfortable about that?

Re:Just a thought/Microsoft a target?

[texchanchan]

MagikSlinger is almost certainly right about this. However, if there is a terrorist group out there which was organized and sophisticated enough to carry out another large-scale, imaginative attack (which I doubt), Microsoft might be on their list for these reasons:
- It's American, and a symbol of American characteristics such as innovation, which is in itself hated by reactionaries.
- It's extremely visible.
- Its market dominance could be perceived as "imperialist" or culturally imperialist by people who think like that.
- It's a center of wealth and therefore, in puritanical minds, of evil decadence.
- It could be thought of as a "vital organ" of the American economy by someone who doesn't realize how decentralized the American economy is.

Arguing against an attack on Microsoft is the idea that it's causing enough trouble for the US by itself, but this concept is probably beyond the reach of most fanatics.

You know

[ASIO]

This would be a damm good way to get Magic Lantern on a whole lot of systems.

This was mentioned earlier, but now the FBI is pushin it as well, Coincedence??