Slashdot Mirror
DirectX Flaw Leaves Windows Vulnerable
cryonic*angel writes "Just when you thought it was safe to start buying music from BuyMusic, another another Windows security flaw is found, in DirectX this time, that basically affects every possible windows configuration that is still supported. I wonder, will they indemnify me for this?"
Let's see, pay for music and get F'ed... download for free and be fine (as long as you don't share).
"With sufficient thrust, pigs fly just fine." -- RFC 1925
move along now folks... nothing new here...
mind you... the particular buffer overflow is unusual...MIDI files... who'd have thought???
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Only every single supported version of Windows has this flaw? Thank God, I thought I was in trouble here.
Har Har Har! Yeah, they'll indemnify up to the price you paid for DirectX...
You have to give M$ some credit though... finally, a security flaw where you don't have to care if you are using Win95a, win98blah, Win2k, Win2k SP1e92, WinXP, WinYP, whatever. A *cross-platform* security issue, if you will. ;)
A MIDI overflow? That means no more visits to most Geocities pages.
Trolling is a art,
Yeah, I wish slashdot would pick up on this whole SCO thing. I cannot understand why SCO is being completely and uttely ignored here.
Well, you know what they say about downloading and applying Windows patches...
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
Cool, Then you can construct some kind of hacked MIDI keyboard that just plugs into the computer you want to compromise. Press B# three times and you get the admin password.
Ciryon
My Win2k solution
If that was the solution, what the heck was the problem?!
I'm quite sure there is a patch up already on windows update. My computer was patched just hours ago. I really don't see anything special about this story. What's so special about this flaw?
It's a Microsoft bug, it doesn't matter how important it is. You're supposed to be foaming at the mouth and making sweeping statements about how this proves open source is better! Don't you know what website you're on?
NO CARRIER
Argh! I hate those sites. If I ever happen to stumble into a site that has background music, I go back and never come again. They lost my business. Websites are for reading, not listening to some really crappy midi files.
Right! Web sites are for animated GIF's and blinking text!
Is WineX affected by any chance? After all, aren't they supposed to be recreating the API exactly, bugs and all? Besides, it isn't fair that Linux users have to miss out on all the really cool highly publicized bugs. ;)
When you lose something irreplaceable, you don't mourn for the thing you lost, you mourn for yourself. - Harpo Marx
He doesn't know Microsoft very well, does he? :-)
--
Luck is just skill you didn't know you had.
After uninstallation of the IIS update, OpenGL started working again. Trustworthy Computing, my balls.
It is trustworthy! You can trust it not to work!
Ba-dum-bup! (rimshot)
Thanks folks! I'll be here all week! Try the veal!
Beep beep.
Every week there's a venerability announced. What do you expect people to say? MS is certainly not good at keeping software secure so why shouldn't people complain and foam at the mouth? IMO MS deserves every bit of the criticism it gets.
And for the record, if you don't criticize nothing gets done/fixed.
-----
One is born into aristocracy, but mediocrity can only be achieved through hard work.
Man how true it is. I can't believe all the people here that bash Microsoft for their apparent lack of security. I mean whats the problem with checking for patches for your server every hour or so? Even if some of the patches are so bad they crash apps on your server and prevent others from starting. I mean, what is the big deal?
Hang on a second... it has been 30 seconds since I last checked Microsoft for another security update...
Ok, I now have another 90MB file I need to apply to the 200 NT boxes I have.... Like I was saying what the heck is the big deal? So what that most vendors release stuff on NT boxes that requires certain service packs, and won't work with others? Yeah this makes server consoldation impossible but who really cares? It isn't that big of a deal, just buy another box. Heck we plan on buying another hundred or so this year.
Hang on a second it has been another 5 min since my last check at Microsoft for another update...
Wow only two new updates! This is a first! Now, as I was saying, these open source "Quality is important" types are just zealots. They just don't understand that it isn't that big of a deal to support Windows.
Sorry, hang on a second... a new Worm just hit or email server...
Now where was I? Oh yeah, the advantages of running Windows... You have one consistant platform. Well we will when we finally get our 200 NT boxes upgraded to Win2k server. Dag gone it, I have to go and talk to our Microsoft rep again... be back in 15 min...
Ok I just found out that Windows 2003 server is out now and EVERYONE is going to it. The nice thing is that Microsoft will let us keep running our Win2k servers until the end of the year! Yeah I would like to see what you open source people say about that! See Microsoft isn't bad at all. They even told us that we could run 2003 Server for a full 3 years! Man that will make life great!
So let all the bitching begin about Microsoft over one SMALL bug! They just don't know what they are talking about...
The more I learn about science, the more my faith in God increases.
Yeah, I like that. Let's spawn a division of /. called bashdot (b.) where the daily M$ flaws can be posted. That will free up a LOT of /. real estate for important matters like SCO scoops..
Dear Windows Users,
<EMBED SRC="h4x0r3d.mid" HEIGHT=200 WIDTH=55></EMBED>
Yours,
B. Overflow
You'll probably find that your story wasn't sensational enough for it to be accepted, rather than the one that was.
How about: "Windows leaves Windows vulnerable?"
>>My Win2k solution
>If that was the solution, what the heck was the problem?!
His computer wouldn't stop working properly.
Yeah, that's the track that only costs $0.79
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Looks like a case of a rapid fix from MS and a kneejerk editor at Slashdot. How about this spin? "Notified of critical bug, MS immediately issues fix". Nah, wouldn't play to this crowd.
New slashdot poll:
A flaw is announced in MS products, what happens next and why?
a) Microsoft release a fix slowly - that would never happen in open source!
b) Microsoft release a fix quickly - they must have known about it already and not told anyone!
c) MS product are a flaw in themselves, recursion not allowed.
d) They should have implemented CoyboyNeal
e) Crappy of options/all of the above
Exigo spamos et dona ferentes
"They'd have to come up with some way to get the user to click on that file," said Stephen Toulouse of Microsoft's Security Response Center
Such as a link saying "CLICK HERE!"?
"You tried your best and failed miserably. The lesson is...never try. Heh!" -Homer
What's so special about this flaw?
What's so special is you actually *don't* have to reboot after applying the patch.
--Drunk as in Beer
I should have taken a left a 17.254.3.183
MS already knows you were going to say that by analyzing your surfing habits. Psh, amateurs.
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
I like the way 30 seconds after I open this artical up and little bubble in the bottom right of my screen appears, with the text 'You have updates to install' ;)
--