Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaws May Be Microsoft's Undoing

Posted by ryuzaki0 on from the you'd-think dept.

tarpitt writes: "According to this article in the LA Times, repeated software flaws in Microsoft products has begun to raise concerns that they 'threaten the stability of a major piece of the world economy and to raise questions about Microsoft's future.' Flawed security is seen as a stumbling block to accepting Microsoft sponsored on-line services. It is also driving discussion about making software manufacturers liable for damages caused by flawed products." This piece in eWeek on troubles with XP's automatic updates is an interesting companion; releasing often doesn't seem to be enough. Update: 01/15 15:00 GMT by J : Bruce Schneier's January Crypto-Gram came out this morning, and is also topical: "Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense..."

2 of 505 comments (clear)

  1. I've heard this argument before... by tswinzig · · Score: 5, Informative

    ...except instead of 'security' it was 'stability.' Now Win2K/WinXP can stay up and running for weeks and months on end, and you don't hear too much about Windows stability problems for users of the new OS versions.

    Windows has been unstable for years. Did it threaten Microsoft even one iota? Nope.

    Dream on, sorry...

    --

    "And like that ... he's gone."
  2. Unpatched IE security hole list by tomgilder · · Score: 5, Informative

    Hello! I'm sure everyone will be glad to know that currently IE (even
    a fully patched IE6) can currently...

    * Run any command or program off the hard disk
    * Monitor the users clipboard, and steal the contents
    * Read or steal any file off the local disk
    * Check existence of any local file
    * Access the DOM, cookies, or read the content of any other website
    regardless of domain, protocol or security zones
    * Fake the file name in a download dialog

    ..although most of those only work if active scripting is enabled.

    These security holes are all *proven* to work, and could easily be
    used to create a devastating worm. Some of them are about a month old,
    and still not patched by MS. Delightful.

    The two latest exploits are http://tom.vpwsys.co.uk/clipboard/ (mine!)
    and http://www.osioniusx.com - see http://www.securityfocus.com for
    more.