Slashdot Mirror

← Back to Stories (view on slashdot.org)

Serious IIS Hole; Minor X Bug

Posted by michael on from the truthworthy-computing dept.

EyesWideOpen writes "Microsoft announced Wednesday that there is a serious software flaw with its IIS web server. The 'vulnerability affects a function in the server software that allows Web administrators to change passwords for an Internet site.' A researcher with eEye Digital Security discovered the flaw in mid-April but it wasn't announced publicly because of an agreement with Microsoft. The Wired article is here and this appears to be the MS bulletin describing the vulnerability in detail." And several people reported this Register story on a way to DOS Mozilla users by trying to display ludicrously large fonts. Microsoft's time to patch a remote hole where the attacker can gain complete access to your computer: two months. Open Source's time to patch a much less serious bug where the attacker can merely crash your computer: three days.

3 of 467 comments (clear)

  1. DOS Mozilla users??? by Xpilot · · Score: 5, Funny


    Wow, I didn't know that Mozilla had a DOS version! How many users does it have? Three?

    --
    "Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
  2. Serious money in this. by WasterDave · · Score: 5, Funny

    It strikes me that there might be some quite serious money in these "agreements with Microsoft". In a post dotcom world, it's a pretty plausible business plan:

    * Find holes in MS software.
    * Publicise them frantically.
    * Come to "an agreement".
    * Kachingggggg!

    Dave

    --
    I write a blog now, you should be afraid.
  3. Open Source business plan finally complete by DeadMeat+(TM) · · Score: 5, Funny
    You've done it!

    1. Write open-source software
    2. Find holes in MS software, publicize them frantically, and come to "an agreement"
    3. Profit!