Slashdot Mirror
SecurityFocus On MS Security "Hole"
friday2k writes "There is an interesting writeup at SecurityFocus that puts the latest security 'hole' in XP into perspective. It is a worthy read and should remind us all of the real issues out there." And it collects into one place much of the flak I caught after posting about the claimed security hole opened by the XP Recovery Console.
So what you're saying, what, that goat guy is actually Bill Gates?
I mean, if I wanted to hork data off of a system I had full physical access to, I'd just grab the drive, stick it in my pocket, and walk out whistling "Jimmy Crack Corn and I Don't Care."
Now I can't get that song out of my head!
Anybody else stunned that Slashdot posted an article about MS that didn't involve an explanation as to how they're incompetant?
... who still thinks the Registry is a bad thing?
(comment to be taken lightly. Should irritation persist, chill.)
"Derp de derp."
Jornalistic integrity? Man which world do you live in?
does XP Recovery Console run on Linux?
If they reported _every_ M$ bug on Slashdot all the good articles would get pushed off the front page.
As opposed to now, when all the good stories getting pushed off the front page by reposts, you mean?
sig:- (wit >= sarcasm)
Listen up! I come to Slashdot for one thing only: Microsoft bashing. If I want to read pro-MS stuff I'll go to -- um, some site that people talk about how great Microsoft is.
This is too much. Let's hope it's not the start of a trend. Thank God I didn't subscribe.
Ceci n'est pas une pipe.
No he's right! All these people are doing are installing [Linux|OSX] on servers just hoping nobody's going to spend the time h4x0ring them.
And for some reason, they just get left alone! Yes, that's why Linux is so lean! They just don't put in any code for checking things like passwords, buffers etc. because nobody even tries to hack into any OS if it isn't windows...
God forbid any h4x0rs read the Linux source, lest they find all the /* FIXME - we probably should compare the password entered with the hash in /etc/shadow, but nobody reads this stuff anyway */
Yes, Linux affords security only through obscurity. Anybody reading the source code could find 10 security holes in as many minutes eh?
As a fun antecdote along these lines. The company I work for produces computer based physical security systems. (i.e. those cards you carry at work to get through the doors, they are for more than the CEO to identify you by).
We had a server come back to us for maintainance one time, and as I was picking thorugh the registry, I came across the entries for Diablo 2. Now, it occured to me that Diablo 2 generally runs in full screen mode, so how exactly was the guard monitoring the security system while playing?
Moreover, why in the world did the guard have access to the CD-ROM drive? There is no need for him to have it, the box itself should have been locked up, with the cables for the keyboard, monitor, and mouse coming out.
In the end, I sent the system administrator an email asking him to tell the guards to leave the game files on the system next time they send it in, so that I can play while I work. (They had deleted the files) Never did get a response, but I imagine that the SysAdmin wasn't happy.
Necessity is the mother of invention.
Laziness is the father.
If they reported _every_ M$ bug on Slashdot all the good articles would get pushed off the front page.
Gotta leave room for all the articles about toasters modified to run linux and whatnot.
::.. check out some Cell Phone Reviews
The idea was to use a Win2K disk on a WinXP box and the Win2K thinks it is a "corrupt" install.
After seeing WinXP in action, I would tend to agree with the Win2k disk on its assessment...
Since when has accuracy been a concern to the editors at Slashdot?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Quick, make sure both Ashcroft and the Department Of Homeland Posturing know that anybody whistling Jimmy Crack Corn needs to be tackled at the knees!
- First they ignore you, then they laugh at you, then ???, then profit.
In other news, Linux was found to have the same flaw as Windows XP this week, after Jimmy Costain, a four year old boy, hacked into his father's Linux machine with a RedHat recovery disk.
/etc/passwd file."
/etc/passwd file is an old Unix recovery technique, used since the dawn of time, and that he's happy to see Windows XP finally catching up on the feature list.
"It was quite easy. I just booted the floppy, mounted the root filesystem, and zeroed the root password from the
Linus Torvalds was available for comment.
"Well, of course, you idiot, if you have physical access, anything is open."
Linus went on further to say that booting a floppy to wipe a password from the
"I wish people would stop trying to find lame security flaws which are not security flaws at all and actually concentrate on the serious ones" mused Linus.
Mr. Greg Mundie confirmed this at the RSA Europe 2002 confrence. Of course, it is not a flaw but a feature.
He's got long arms