Posted by
CmdrTaco
on from the you-can-do-it dept.
Rantastic writes "In a recent interview with Wired Magazine, Microsoft Security Program Manager Stephen Toulouse, when asked about their now 2 year old focus on security, comments "it's more of a 10-year timeline." He also reveals that he runs Firefox."
Actually, the exploit only worked on Windows Machines. Firefox for Linux, MacOS etc was not affected. It had more to do with native Windows security than it had to do with Firefox.
-- Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Even XP SP2 is easy to tamper with
by
mslinux
·
· Score: 5, Informative
Change the following registry value to 4 and the new "Windows Security Center" will stop working upon reboot... it runs as a service that any admin user can kill. Did I mention that by default all XP users are admin;)
Also, here's a Python script that will automatically kill the new "Windows Firewall" in to XP Service Pack 2. You can bet your ass that hackers are already tampering with this. Click a URL and bam... the firewall goes down.
This is just two example of what MS does to "secure" their systems. God help us all.
Re:Firing offense?
by
brickbat
·
· Score: 5, Informative
This really needs to be modded down, as it's not only not insightful, it demonstrates a total lack of comprehension of Toulouse's response.
He did not say he didn't use IE. He simply mentioned needing to install a security update of Firefox. Yes, Virginia, there are other browsers that have security flaws other than IE. That doesn't make them better or worse, it just illustrates that the problem isn't isolated to Microsoft.
And I suspect that in performing his job duties, he needs to be familiar with a wide array of browser technologies, not just IE.
So, please mod the parent down -1, Needs a Clue.
Misleading statement.
by
halfabee
·
· Score: 5, Informative
From the article: "Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
I presume that Toulouse was referring to the update that fixed the "shell:" exploit.... this was only a problem with Firefox on Windows machines, because the flaw is inherit in the OS, not in the Firefox browser.
True, security is an issue about which everyone in the industry should be concerned. Call a spade a spade, though... Microsoft is well behind the curve.
-- --
Halfabee
Actually, you're wrong.
by
transops.net
·
· Score: 5, Informative
Your comment was:
"He doesn't "reveal" that he uses Firefox either. Nowhere in the article does it state such."
To quote TFA:
"Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
Please RTFA before posting corrections to the comments of others. Thank you.
Slashdot Mirror
Download.Ject information is actually here. The exploit referred to above is actually the "what a drag" exploit. Still pretty scary if you ask me.
Anyway, the editor (me) regrets this error. =)
Right is wrong when left is right.
Actually, the exploit only worked on Windows Machines. Firefox for Linux, MacOS etc was not affected. It had more to do with native Windows security than it had to do with Firefox.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Change the following registry value to 4 and the new "Windows Security Center" will stop working upon reboot... it runs as a service that any admin user can kill. Did I mention that by default all XP users are admin ;)
w scsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
Also, here's a Python script that will automatically kill the new "Windows Firewall" in to XP Service Pack 2. You can bet your ass that hackers are already tampering with this. Click a URL and bam... the firewall goes down.
This is just two example of what MS does to "secure" their systems. God help us all.
This really needs to be modded down, as it's not only not insightful, it demonstrates a total lack of comprehension of Toulouse's response.
He did not say he didn't use IE. He simply mentioned needing to install a security update of Firefox. Yes, Virginia, there are other browsers that have security flaws other than IE. That doesn't make them better or worse, it just illustrates that the problem isn't isolated to Microsoft.
And I suspect that in performing his job duties, he needs to be familiar with a wide array of browser technologies, not just IE.
So, please mod the parent down -1, Needs a Clue.
From the article:
"Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
I presume that Toulouse was referring to the update that fixed the "shell:" exploit.... this was only a problem with Firefox on Windows machines, because the flaw is inherit in the OS, not in the Firefox browser.
True, security is an issue about which everyone in the industry should be concerned. Call a spade a spade, though... Microsoft is well behind the curve.
-- Halfabee
Your comment was:
"He doesn't "reveal" that he uses Firefox either. Nowhere in the article does it state such."
To quote TFA:
"Security is really an industry-wide problem. Just this morning I had to install an update to Firefox to block a flaw that would've allowed an attacker to run a program on my system."
Please RTFA before posting corrections to the comments of others. Thank you.