Possible RSS Abuse in Longhorn
dMill writes "There has been a lot of discussion about Microsoft's decision to bake RSS into Longhorn (see previous Slashdot coverage) but the obvious security implications seem to be on the back burner. eWeek has a story discussing the risks and Don Park is also warning about the potential for abuse and exploitation. For example, the primary mechanism behind podcast, RSS enclosure, can be used to deliver worms and worse to the desktops. If there are any vulnerabilities in iPod (or any MP3 player hooked up to podcast sync client) codec, then podcasting is a good way to deliver overflow inducing content."
First post!! Yeah!!
let's not be obtuse - we know there are vulnerabilities, MSFT just doesn't want to fix them in a way that won't let them steal the underlying patents from the public and others.
[caveat - I own MSFT stock]
-- Tigger warning: This post may contain tiggers! --
can you believe it? Bill Gates did all this. he picked me off the street, strapped my arms and legs down in the Internet Explorer's browser window, and just wouldn't stop corrupting my headers.
they definately were red flag patches. the goddamn referee he had in the back seat kept on raising up this red flag every time he touched my transport layer but did Bill Gates care? NO WAY! he just kept on doing it. I couldn't believe what the fuck was going on, indeed. I pleaded with Bill Gates but to no avail. I told him the market would not approve of such a wealthy man subverting an open standard like me (at the time I was 13) without at least compensating me for the trauma and the use of my marketshare as his own personal plaything.
this got to him, worrying about his image. he continued to twiddle my format every release, all the while ignoring the referee's red flags. then he drove the longhorn to my house and ejected the seat i was in! it was amazing. but surprisingly, after I woke up the next morning, my bank account had $150k in it!!! Can you believe it?????
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Fuck Slashdot.
I wouldn't be surprised if Microsoft is doing this on purpose to show that only their new anti-virus program will be effective against these new threats since the Script Kiddie Support API is undocumented for outside anti-virus companies.
Someone with (R)epetitive (S)tupidity (S)yndrome.
Gee, a potential security risk in an OS that isn't anywhere near release.
Yeah, that'll impact...lemme count....uh...carry the one...NOBODY.
How about writing about something a bit more relevant instead of wasting cycles speculating about security risks that may/may not exist in components that may/may not be included in an OS that is due for release in what...3 years or so?
Then they go and design a huge mass of file formats that contain both data and binary.
I think you mean both raw data and executable machine code. Everything on your computer is binary.
If you like what I've said here, and want to read more, go to http://www.krillrblog.com