Slashdot Mirror
Microsoft Discloses Security Flaws in XP and WMPlayer
An anonymous reader writes: "Salon is running a story on Microsoft's disclosure of a number of security flaws in WinXP and Windows Media Player, versions 6.4 and 7.1. The story also states that there are 2 critical vulnerabilities in Commerce Server 2000. Will I ever get the bang for my MS buck?"
After seeing holes in OpenBSD and Apache recently, I guess it's Microsoft's turn again. ;)
INT, STORE, NIGHT. CUSTOMER walks into a near empty store, he steps through the doors cautiously, peering around curious as to where the hell the clerks are.
Customer: Hello..? uh... hello...? I want ta get a copy of Windows XP. Is anybody here?
CLERK, unseen: Is it safe?
Customer: Is what safe?
Clerk: Is it safe?
Customer, preturbed: Yes... It's safe. It's very safe...
Clerk: Is it safe?
Customer: Lissen! Are you going to come out, or what?
Clerk: Is it safe?
Customer: THIS ISN'T FUNNY!
Clerk 2: It puts the lotion on its skin and puts it in the basket.
Clerk: Shut up man. Is it safe? Is it safe? IS IT SAFE?
Customer: STOP IT! I JUST WANT A COPY OF WINDOWS XP! (Customer breaks down to the floor, sobbing) I just want a copy of XP...
Clerk: Is it safe?
Customer screams and runs out of the store, climbs into his car, which immediatley spins out and slams into a fire hydrant. The car bursts into flame. The customer bails from the car and runs down the darkened, abandoned street. He gets a half dozen steps from the car, and then he, illogically and without reason, bursts into flame himself.
Clerk 1: Thirty seconds, You owe me five bucks.
Clerk 2: I don't have five bucks.
Clerk 1: Take it from the register.
On-topic discussion part.
THEY TOLD ME IT WAS SAFE! I TRUSTED YOU MICROSOFT! I TRUSTED YOOOOOOOOOOOOOOU! YOU BLEW IT UP, YOU MANIACS YOU BLEW IT UP!
"PokeySteve, are you drunk?"
"Yes, but on love.
And whisky.
But mainly whisky."
Why is it when I hit ^R that ZSH calls me a cocksucker?
If there were security bugs in Linux or Freeamp, would it warrant front page news?
Yes. If there were a security bug in Linux, Mozilla, XMMS, FreeAmp, etc, that allowed your computer to be compromised, it would warrant front page news on Slashdot.
Or was that supposed to be one of those rhetorical questions?
Maybe Cringley's right ...
Given the revenue stream of say Win-XP compared to that of commercial Linux distributions, I am very surprised that MS still makes code with so many holes. If XP ius too big for MS to manage the development and support, then they should simplify it.
Will I ever get the bang for my MS buck?
Oh please, when was the last time you actually bought a microsoft product?
I know I'm going to hell, I'm just trying to get good seats.
--
Seeing is believing; You wouldn't have seen it if you didn't believe it.
one of my XP-running friends went through this upgrade.. It compleatly trashed all his funky video codecs.. He currently cant watch about 2/3rds of the stuff hes downloaded. Most of them being independant music videos.
has anyone else experienced this?
no
"Why on earth would there be a bug in Media player that allows uncontrolled access to the system. What we have here folks is a very good example of what a horribly designed OS Windows is..."
Why on earth would there be a bug in OpenSSH/Sendmail/Apache/BitchX that allows uncontrolled access to the system. What we have here folks is a very good example of a troll posting before it thinks, going with the crowd in its 'M$ sucks! Linux rules! Muahahha' mindset.
Software has bugs. Sometimes exploitation of those bugs, if they're severe enough, can allow an attacker to run code on the target system. This is not a flaw unique to Windows.
Please, think before you post.
Janie took my gun...
Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ("Secure Content"), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update.
Security update? Who's security are they protecting? There is no option to uninstall media player. Your choices (if you wish to continue using Windows) areA: Leave your system open to bugs that give system level access to the next worm (imagine nimda with a malicious /default.htm)
B: Bite the bullet and install the patches. But if Microsoft releases an update that silently and without notification installs itself and 'disable(s) your ability to ... use other software', you're SOL. But hey, it's ok. Don't you know Microsoft is supporting 'Trustworthy Computing'?
M$ announces bug. Everybody required to download a critical update...
What's the bug?
DRM doesn't work... turns out you can hear copyrighted MP3s. This is a big security vulnerability and you mush download this patch, otherwise the finanical security of the RIAA will be at stake, and that's unamerican.
[Note: This is intended as a joke and as food for thought. This is not fact.]
Make even shorter URLs - 8LN.org
I think it's more the tone of the post. Just a few days ago a venurability in OpenSSH poped up (and was fixed). The post about that is very neutral and newslike, simply reporting the bug, it's nature and the fix. This one is whiny and sounds immature. It would be like if the OpenSSH post read:
"Security focus has a post on a huge venurability in all versions of OpenSSH from 2.9.9 to 3.3. Just another example of you getting crap for paying nothing."
I think the poster's intent was to remind everyone that MS is not the only company that has security problems and that they did deal with the issues already.
"Security focus has a post on a huge venurability in all versions of OpenSSH from 2.9.9 to 3.3. Just another example of you getting crap for paying nothing."
If the openSSH people were running at 1 critical bug/two weeks this is exactly what you would read.
and their repeated use of backward IN-compatibility to force people to upgrade or lose access to their old data, this phrase from "Cringely's Pulpit" scared the fuckin' crap out of me: "then encrypting the data EVEN INSIDE YOUR COMPUTER PROCESSOR."
... I'm a loss to find words to describe the enormity of the evil.
Its the ultimate in Big Brother technology. The eradication of memory or of access to memory.
Ever seen people with disorders of the hipo-thalamus? They can't form short term memories. Their lives are hard and extremely confusing since the world is a new mystery every damn day. They are extremely vulnerable to being scammed from one minute to the next.
Whoever proposed this inside of M$ is an absolute diabolical monster. A human being (given the events of the last two centuries and the incredible slaughter perpetrated on each other, that is NOT a compliment,) with delusions of god-hood. One that looks bad even compared with the most the megalomaniacal tyrant to slaughter people in order to change their minds about something.
At least when you kill people, you're show for the sub-simian scum you are and/but your victims a're well and truly safe from further predation.
But this deliberate creation of the potential for maiming of the aggregate memory of an entire culture makes the death camps is so utterly base, so vile, so despicable, so
And M$ will find enough "Judas Goats," enough imbeciles to plunge mankind into a second dark ages. Would that the road to the coming Hell was not paved with moot intentions and banal disregard.
Slavering drooling monsters and utter despicable despots, we can overthrow. But our doom will come in the form of some utterly reasonable man in a suit who's just doing his job.
There are a hundred million graves prematurely filled by the victims of some utterly reasonable men in some (uni)form of suit, who's just doing his job.
The ultimate triumph of Voltaire's bastards will be even more thorough and degrading than the patrician nightmare of the religious maniacs who merely preach evil and bring subjugation and death.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.