Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Discloses Security Flaws in XP and WMPlayer

Posted by timothy on from the innocent-whistle dept.

An anonymous reader writes: "Salon is running a story on Microsoft's disclosure of a number of security flaws in WinXP and Windows Media Player, versions 6.4 and 7.1. The story also states that there are 2 critical vulnerabilities in Commerce Server 2000. Will I ever get the bang for my MS buck?"

2 of 292 comments (clear)

  1. Re:Get them from... by cyborch · · Score: 3, Flamebait

    After seeing holes in OpenBSD and Apache recently,

    oh come on, the apache vulnerabilities were embarrasing, but that does not make all the vulnerabilities of IIS alright. And according to the new strategy of MS you are going to pay a subscription fee to MS to get updates. Apache updates are going to remain free.

    I guess it's Microsoft's turn again.

    Microsofts turn at what? They still don't have the most widely used web server. They still do not patch as fast as the free alternatives are patched. We still cannot see the source since that would pressent a threat to national security.

  2. Why flog MS by Linux vendors? Because Hypocrisy! by Anonymous Coward · · Score: 1, Flamebait


    Why flog MS by Linux vendors? Because Hypocrisy thats why! Why would a Linux corp crow about a MS security weakness, even if easy to explain, whrn other OSes have NEVEr had a remote security weakness in many years?

    Microsoft XP trojans existed since day one. Remember the groundbreaking Reuters news stories when the reporter had his virgin laptop with XP successfully infiltrated by hackers alleging the weaknesses?

    Thats why I reccommend the Mac OS for the ultimate in security from external infiltration.... it has NEVER been shown to have any defects with its standard installation EVER, unlike even OpenBSDs SSH vulnerability this week.

    The fact is :

    No Mac webserver has ever been hacked! Ever.

    I am speaking about the the current 9.2 or older of Mac OS X (not OS X (unix FreeBSD OS)).

    This is despite two large contests (10,000 us dollars over one month duration).

    That is why the US Army once gave up being exploited and for some of its sites used Mac OS 9.x and Webstar (a commercial web server).

    There are numerous technical reasons why no mac webservers have ever been remotely hacked and exploited, many are quit interesting.

    No Linux/UNIX is as secure as Mac OS 9.x and earlier, as demonstrated by the hundreds and hundreds of exploits in Unix and the lack of a single exploit ever discoverred in OS9 web servers. Ever.

    If you want security in an OS implement what Apple's Mac OS 7 through 9.2 offers:

    get rid of root (leaves a false sense of security lazy programmers dont understand)
    make microkernel as small as possible (even if you pass gary dividians birthaday in a register to get into kernel space, you cannot cause
    mischief that can be caused external from mac kernel)
    get rid of command line (creates a huge way of exploiting between processes)
    get rid of single file fork executables (use a second invisible file associated with each executable file)
    get rid of filename extensions (use an invisible embeded file type that cannot be set by users typing)
    get rid of unix utility software (use non-command line tools that use high level scripting rules)
    get rid of ANSI C library based code (The mac uses safe Pascal Style Strings often, including in ROM)
    avoid C string buffer exploits (again, most commercial mac programs avoid null terminated strings).
    sotre all web server files meant to run as executables and CGI as specially "typed" files
    and most importantly have compilers save return addres HIGHER up the stack (prevents most clever overflow exploits)

    Basically you end up with Mac OS 7 through 9!

    If security is paramount, to exclusion of all else, then Mac OS 7 through 9 cant be beat. And is 100% secure so far according to historical facts.

    SecurityFocus concurs.

    But most linux loving slashdot readers will never understand the TECHNICAL reasons no mac web server running Webstar and Mac OS has ever been rooted, or ignore the facts.

    I wonder why people try to award silly designations to "secure" linux distros! When it has been shown to have many holes historically.

    Windows NT and XP have regularly shown to have security exploits available over their histories while the Mac has never had one published instance of an exploit.

    Now that some poeple use OS X (unix) I will have to routinely warn people that it has already had over 15 exploits since released while regular Mac OS is still untarnished.

    ---
    Please dont bother calling this informative post a Troll. This is not a troll. Why? because I am formally requesting that i am not intrerested in your rebuttals. Do not bother to criticize this post.

    A true troll, by definition, WANTS responses and is not stating anything important. By requesting no criticism, I am proving I am not a troll.

    This post is meant to only educate people on why no mac servers have been rooted and state a few inarguable facts. So quit modding it as a troll without reading the FAQ on the web regarding the definition of 'trolling'. Otherwise -1 mods are merely ignorant censorship by fanboys that hate to admit they know nothing about secure OSes..

    Now I will have to post it 5 times becuase someone keeps trying to suppress interesting posts that SPECIFICALLY opt-out of being classified as trolls such as this one.