New Batch of XP SP2 Holes

terap writes "Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in the 'Remote Desktop' feature. It affects fully patched versions of Windows XP Service Pack 2, even with the integration firewall turned on. There is a possibility this could lead to code execution attacks."

You ARE aware that...

[DaedalusHKX]

Most unix based OS's have, years ago, patched the "new" flaws that M$ heroically pats itself on the back for patching or trying to patch today within their oh so popular piece of crap... (jpg and png library holes come to recent memory... redhat (which is traditionally LATE with their patches had those patched 3.5 and 2 years ago, respectively) but hey... why not bash Linux when your favorite $299.99 off the shelf piece of crap OS gets rooted (or is that just plain pwned?)

Its actually gamer geeks fault for getting our parents hooked on windows so we could get them to pay for a 386 with 8 megs in 1991 to play Doom on... and that comes from personal memory of my childhood... my parents didn't give a rats ass about which OS they used since they would ask me of my friends (at the time) about what to do next.

Too bad, since we could've been making more productive use of our time with a linux kernel, hacking away at that code, instead of trying to do workarounds of the buggy and expensive windows OS to try to build our network security tools and the like. Otherwise we wait years for M$ to patch things... Anyone remember the good ole Winnuke? Port 139? M$ issued a "security" patch... namely a port blocker, which was promptly circumvented the same day by roughly every hacker that ever wrote a network penetration tool.

Check out the fine usage of RPC in Windows 2000 and XP now... Microsoft makes a practice of making things insecure by default.

Remote desktop is used by a LOT of IT companies that base their entire business models around selling people Windows and then charging them to constantly "repair" damage done by those "ev1l h@x0rs" or what not (and they NEVER blame Microsoft's own lousy code and business practices for all their bad name and rep).

Those same IT people use Remote Desktop for windows to loginto various Server 2003 installs and then only charge for the time spent working (or peeing with the remote desktop logged onto) thus "saving" the time to drive to a site. Most lusers are usually too low on IQ to be able to comprehend most "type this" or "click that" instructions, so telephone support is always a living hell for those who engage in it. (Or perhaps they simply choose not to care about their computers, the same way they forget to change the oil in their cars and their engines shoot up in smoke.)

But anyways, it's always those haxors... yep. Never put the blame on shitty expensive business models designed to enrich only the support and vendor companies. (The users just get shafted into buying MORE shit that STILL sucks to patch the shit that doesn't "just work".)

For the record, I avoid using VNC, but I do like remote login features of KDM and GDM (or XDM). Link them up with SSH or Webmin/SSL/TLS and life is simple over a LAN or the internet.

In fact, this particular reply is written from a GDM (Gnome) remote login to my app server on the LAN. It is by no means slower than Windows 2003 Terminal Services was when I used it, and this machine is significantly cheaper (single CPU, AMD Athlon 1400mhz as opposed to the dual 2.4 ghz xeons at my last IT job.)) Hint, the app server also doubles as a private email server, ftpd, httpd, IRC and occasionally as a print server. Did I also mention that it runs Postgre AND Mysql without a hitch? on less than 1 GB of ram? Try THAT with microsoft's SeQueL (SQueaL?)... but as I recall, using less than 1.0 GB expressly for a M$ SQL server, ends up being a frustrating exercise in inadequacy for the foolish IT guy doing it.

~ DaedalusHKX

PS - I personally have made a practice of shelling out cash, hardware or code to OSS projects, Debian, Gentoo, OpenBSD, etc... at least this way I help people, organizations and movements that help me.