Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Downplaying Recent DNS Vulnerability

Posted by kdawson on from the it's-nothing-really dept.

Microsoft Watch writes "Microsoft downplays a recent DNS vulnerability in all Microsoft operating systems (XP, Vista, 2000, and 2003), claims Amit Klein, the security researcher who published the original vulnerability description (PDF) earlier this month. According to Klein, the description in Microsoft's Secure Windows Initiative blog entry is misleading, contains disinformation about the DNS transaction ID algorithm, and downplays the severity of the issue. Klein refutes Microsoft's claim that there is no way to reproduce the next transaction ID, given a series of observed transaction IDs. He shows that this is possible in his paper, which Microsoft had before publishing the SWI post, as well as on the series of data provided in the SWI blog itself."

3 of 93 comments (clear)

  1. Super Secure Vista! by billy901 · · Score: 1, Flamebait

    Recently, Microsoft has talked a lot about how secure Vista is when they won't fix known vulnerabilities. Microsoft hasn't been fixing many security issues in Vista because they think it is very secure. They have been focused a lot on fixing how slow the OS runs and the GUI because it has caused bad reviews.

    --
    Please visit http://www.mederbil.com/ i7, GTX 275, 4 1TB Caviar Green in RAID 0+1 array, EVGA X58 3X SLI Board, Silver
  2. "Making money through doing evil"? by Futurepower(R) · · Score: 0, Flamebait

    "Microsoft hasn't been fixing many security issues in Vista because they think it is very secure."

    I think that Microsoft has not been fixing security issues in Vista because, if they ever deliver a secure operating system, PC customers will never buy another.

    It's not an impossible challenge, making a secure operating system. Other organizations have done it. If Microsoft hasn't, that is because it doesn't want to.

    Microsoft exploits the ignorance of its customers. But now the customers are beginning to be more technically knowledgeable. Many are, for example, rejecting Vista. Eventually Microsoft's abusive practices will have more complete recognition. What will it do then?

    Of course, if Microsoft had a good reputation, there is a huge amount of other software that needs to be wriiten. But that is not an option, because Microsoft has never been known for creativity.

    Maybe Microsoft's slogan should be, "Making money through doing evil." That's my opinion, but I'm not the only one who thinks that way.

    Eventually software's Dr. Death, the Chief of Grief, the Main Chain of Pain, will become much less influential. Until then, the company is putting the world through a lot of hassle and extra expense, and wasting the time of some of the world's most capable people.

  3. Re:la la la la I CAN'T HEAR YOU la la la by Adambomb · · Score: 0, Flamebait

    Yes.

    Religion.

    --
    Ice Cream has no bones.