Slashdot Mirror

← Back to Stories (view on slashdot.org)

Serious IIS Hole; Minor X Bug

Posted by michael on from the truthworthy-computing dept.

EyesWideOpen writes "Microsoft announced Wednesday that there is a serious software flaw with its IIS web server. The 'vulnerability affects a function in the server software that allows Web administrators to change passwords for an Internet site.' A researcher with eEye Digital Security discovered the flaw in mid-April but it wasn't announced publicly because of an agreement with Microsoft. The Wired article is here and this appears to be the MS bulletin describing the vulnerability in detail." And several people reported this Register story on a way to DOS Mozilla users by trying to display ludicrously large fonts. Microsoft's time to patch a remote hole where the attacker can gain complete access to your computer: two months. Open Source's time to patch a much less serious bug where the attacker can merely crash your computer: three days.

11 of 467 comments (clear)

  1. Status Quo by Johnny+O · · Score: 2, Funny

    About Status quo in M$ land....
    About Status quo in Linux land :-)

  2. DOS Mozilla users??? by Xpilot · · Score: 5, Funny


    Wow, I didn't know that Mozilla had a DOS version! How many users does it have? Three?

    --
    "Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
    1. Re:DOS Mozilla users??? by jaavaaguru · · Score: 3, Funny

      It's a single user system,if my memory serves me correctly.

      --
      Follow me
  3. New MSN.com homepage code by SeanTobin · · Score: 4, Funny


    <font size=<?php
    if (stristr(HTTP_USER_AGENT,'mozilla')){
    echo '16666666666';
    } else {
    echo '12';
    }
    ?> >
    Welcome to the new MSN.COM website, powered by the .NET framework....

    (sorry about the previous post... previewed ok, but didn't post correct without extrans...)

    --
    Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
  4. Re:Only affects HTR - a rarely used feature by edrugtrader · · Score: 4, Funny

    "this really affects those [microsoft] sysadmins who don't bother to lock their server down"...

    ...right... so EVERYONE is affected... hardly a major bug at all.

    --
    MARIJUANA, SHROOMS, X: ONLINE?! - E
  5. Re:Maybe by GutBomb · · Score: 3, Funny

    first time i heard someone bitch about the fonts in vi :)

  6. Serious money in this. by WasterDave · · Score: 5, Funny

    It strikes me that there might be some quite serious money in these "agreements with Microsoft". In a post dotcom world, it's a pretty plausible business plan:

    * Find holes in MS software.
    * Publicise them frantically.
    * Come to "an agreement".
    * Kachingggggg!

    Dave

    --
    I write a blog now, you should be afraid.
  7. H1 by JohnHegarty · · Score: 2, Funny

    <H1>Your Hacked</H1>

    but i am sure there is more to it than that...

    --
    Cruise TT
  8. Re:Incorrect ! by ActiveSX · · Score: 2, Funny

    An X bug allows all available memory to be consumed

    All these years and I thought X was supposed to do that. Silly me!

  9. armweak by alphapartic1e · · Score: 0, Funny

    That's one small bug for open source, one giant bug for microsoftkind.

  10. Open Source business plan finally complete by DeadMeat+(TM) · · Score: 5, Funny
    You've done it!

    1. Write open-source software
    2. Find holes in MS software, publicize them frantically, and come to "an agreement"
    3. Profit!