Slashdot Mirror
Microsoft Notes Critical Security Holes in Windows, Office
Scoria writes "CNN is reporting that the infamous Microsoft has disclosed six critical Internet Explorer vulnerabilities, including some that would allow an attacker to execute arbitary commands. According to the relevant TechNet bulletin, a cumulative patch has been released to address them." Please be sure to read the EULA before installing the patch.
Arbitrary commands run by strangers if I don't,
Arbitrary commards run by Microsoft if I do.
If only more sites complied with standards, I could dismiss MS entirely for Opera.
I can spell. I just can't type.
Download now to continue keeping your computer secure.
So apparently my computer is allready secure and there is no need to download the patch then!
Silly Microsoft.
As my grandfather who was a doctor said, "Doctors, mechanics and others like these all benefit from the misfortunes of others".
Today I just spent 3 1/2 hours updating security patches on a group of machines in an office for office 2000. The people there are annoyed about all the patches, and we joked about it being "this months security update". Now there's this, and I'm going to be called in again to update their machines. On one hand it's irritating, on the other hand it gives me more work, which I need at the moment.
A few of them are curious about Linux, and I keep it in their mind - not telling them that it will solve all their problems, but that in the near future it may be beneficial for them to consider it. I let them know an alternative is there, and they are positive, no knee-jerk reactions. I'm honest to them about it's advantages and disadvantages - where it will help them and where it will be a challenge. When the time is ripe they will change over - it is inevitable. This won't eliminate the need for security patches, but I hope through the use of thin clients only one or two machines will ever need updating.
For the quickfixes listed on the url, there is no EULA to install them.
GPL'd web-based tradewars themed space game
I just installed it now (q323759.exe) and it didn't ask me to agree to anything. In fact the only question I got was "Do you want to install this update?".
For now, my PC is safe from Microsoft forced modifications (relativily speaking)
Avantslash - View Slashdot cleanly on your mobile phone.
They already know. Remember a couple of months ago, when Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. The architecture of Windows is inherently insecure and cannot be fixed. Read all about it here.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
What if Microsoft has an API to by pass the filters Zone Alarm hooks in?
I have never seen the sense in firewalling a machine with the same machine.
Maybe it's just me, but I fail to see a single mention of the EULA, much less a statement that it changes when you apply this patch. Even when installing, the only dialog presented to the user is the "Do you want to install this update?" box. I'm as concerned as the next guy about Microsoft's propensity to sneak in unannounced EULA changes and automatic updates without telling you, but let's not point fingers where there's nothing to see.
Yet six more reasons why I dont allow my family to connect to the internet using MS. They can't be trusted.
:-)
Who? Microsoft, or your family?
"Mod, mod, mod...and another troll bites the dust."
People who actually examine the patches on their Open Source O.S. raise your hands.
Linus put your hand down.
Seriously, we should be pushing for accountability, not a world were everybody's grandma has to learn C++ just to make sure that the big bad software company hasn't installed a trojan horse.
When you got your oil changed last, did you take the engine apart to make sure that your mechanic didn't put a rabbit in there?
I know that you probably change your own oil. It's an example.
*everything* is Orwellian to cats.
Especially considering to get the "Designed for Windows 2000 / XP" Logo on your software, you have to have an install that doesn't require a reboot.
I am not a number! I am a man! And don't you
First off, this is funny! :-)
But it does kinda miss the point, as no doubt many people will be quick to explain. (Don't you think ``You missed the point'' should be the Official Slashdot Motto? :-)
The point is that if a patch is open source, and if only 1% of the 10,000 people who install it bother to read through, then that's still 100 pairs of eyeballs that will spot any funny business. So, crucially, the other 99% (and yes, I admit to falling into the 9,900 here more often than not) also benefit from the code's openness.
Summary: I don't want it open so I can look at it; I want it open so Linus can look at it for me and tell me if there's anything wrong with it! :-)
ObDisclaimer: no, I'm not really a degenerate freeloader. Usually I am in the 99% that doesn't read the code. But every often - say 1% of the time - I will read it. See also my open source Net::Z3950 module at perl.z3950.org before you dare question my Free Software credentials. Infidel! :-)
--
What short sigs we have -
One hundred and twenty chars!
Too short for haiku.
Hey, those of you who actually operate a printing press raise your hands.
See? There's only about three of them. There's no point in freedom of the press if only three people use it.
Ok, now everyone who's been arrested this week raise your hands.
Only a couple dozen out of a couple hundred thousand? Ok, no point in rights for the accused, then.
Next up, let's see how many of you are black. Only about ten percent? Well, what's the point in those equal protection and non-discrimination clauses? Most people don't need them.
Hell, my 3 year old son gets it OK?
(While playing Zoboomafoo Alphabet the Critical Update came onto the screen obscuring the Lemurs. "Daaaad stupid Windows is bothering me!")
This
No, because I could sue my mechanic for breaking my car. I can't sue Microsoft for breaking my computer.
>The fact of the matter is Windows is the most common target of hackers. They occasionall find stuff, it gets fixed.
No, the fact of the matter is that the oldest security hole still present in internet explorer is over...
2 years and 2 months old.
Look, if they ACTUALLY fixed their OS (and by OS I mean browser, which MS says is the OS) we wouldn't care. But, you see, since they don't care to fix their OS (and if you can't fix it in 2 years then you are one very pathetic uncaring company) then we will care to explain to others that they don't care.
Get it?
You can apply every security patch in the world, but IE is still lets any site read:
- Any and all of your files
- Run any code they please
- Upload files of their choosing
- Modify files they want to
- Delete files they want to
- Delete your BIOS so you can't boot up your computer
- Make your computer dial 911 constantly, tying up emergency systems
- Install viruses on your computer
- Make your computer do DDOS attacks
- Make your computer email bomb threats to the president under your name
All without warning you. And any amount of patching won't affect it.
Is that not serious enough? Do they need to set your computer on fire to make it serious enough? Does your computer have to reach out and throttle you before you see how serious it is?
Sheesh.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
I have personally caught M$ stuff going around ZoneAlarm on two occasions:
... until Frontpage98. My first clue was when FP98 whined about being unable to find the nonexistent modem. ZAP didn't make a peep.
WinME, no patches, ZAPro; system had no modem, thus no internet connexion. ZAPro dutifully reported every attempt to connect (which a lot of programs try to do for one reason or another, usually innocently)
Win98, no patches, ZA Amateur 2.63 (I think); system has moden and DUN configured in the usual way. HAD been well-behaved. Made the mistake of installing TurboTax this past April, and it forcibly installed IE5.5. Which FUBAR'd DUN. When I finally got DUN working again and went online, ZA *immediately* reported an attempt to intrude, from a M$ IP address (I whois'd it, so I'm sure), IIRC on a UDP port. Excuse me? What business does M$ have trying to get into MY computer? And since IE5.5 wasn't running per se (I only use Netscape online), clearly it had suborned Windows itself. And again, ZA didn't make a peep, tho it had always reported every other attempt to get in or out.
This is why I IEradicated IE5.5 [see 98lite.net] and reverted the system to IE5.0, which had never exhibited any underhanded behaviour (tho I don't let it out on the net, I only use it for checking my HTML locally).
And yes, there is a hardware firewall in my future, exactly because of this sort of security breach.
~REZ~ #43301. Who'd fake being me anyway?