Re:Help me out on this one...
on
Code Red III
·
· Score: 2, Informative
What kind of server buffer handler would execute the content of the buffer? You have to go out of your way doing stupid things to make it happen. Who are these morons at Microsoft who write that kind of code? Flippant answer. The kind that win benchmarks. Anything that reserves reasonable amounts of memory for variable-length things and cannot or does not insure that nothing spills outside its limits has this kind of problem, and that's most everything, not just Microsoft. Note that the real problem is not the exploits, it is the unnoticed cases where innocent input corrupts logically unrelated data.
Hmmm, no. Bad idea. It is somebody else's box and it's best not to mess with it.
It might be fun to start selling "CodeRed Linux", if nothing else unofficial RedHat with current security updates, preferable dated with something like "Patches current to 10 August 2001 04:40 GMT".
I bet they try to blame their problem on Linux somehow Hehe. Well there's all these Linux users standing on the sidelines, watching the spectacle unfold, and making rude comments from time to time. I'm surprised that no-one has mentioned how to turn off this index-server thingee or whatever it is. Download this patch to protect your network. Sheesh.
You're using Unix criteria, not Microsoft Windows criteria. Remember, in the Microsoft Window world, mediocrity is an aspiration. Symantec hasn't lost their mind. They never had one to lose.
Hmmm, does the MSCE cover installing patches?
At least microsoft.com not mentions Code Red II on its home page. New variant. Download the patch now to protect your network. Somehow I think I want to stay far, far away from.NET.
There is a critical difference with open source, paid or unpaid. With open source, the recipient of the code is in a position to diagnose and debug the code. Without open source, the recipient of the code must rely on the authors. If the legal system is at all reasonable, that should make a lot of difference.
... Windows more brainless? I didn't think that was possible. I don't know how. I don't know what. But Microsoft will find a way. It's called innovation.
In my opinion, the only monopoly they have is a monopoly on Microsoft software. For that statement to have any meaning, Microsoft is a monopoly. The alternative of doing without is not a defense.
Offense almost always has the advantage. They get to decide where when and how. That's why lack of source hurts the defense more than the offence. The offence just needs to find something that causes the target to misbehave and trace it at the machine-state level. Should be pretty good pickings, especially if due to some subtle compiler or library error.
That doesn't indicate an error in SQL Server, just in how this customized accounting software uses it. Correct. The customized accounting software uses SQL Server.
What kind of server buffer handler would execute the content of the buffer? You have to go out of your way doing stupid things to make it happen. Who are these morons at Microsoft who write that kind of code?
Flippant answer. The kind that win benchmarks. Anything that reserves reasonable amounts of memory for variable-length things and cannot or does not insure that nothing spills outside its limits has this kind of problem, and that's most everything, not just Microsoft. Note that the real problem is not the exploits, it is the unnoticed cases where innocent input corrupts logically unrelated data.
Hmmm, no. Bad idea. It is somebody else's box and it's best not to mess with it.
It might be fun to start selling "CodeRed Linux", if nothing else unofficial RedHat with current security updates, preferable dated with something like "Patches current to 10 August 2001 04:40 GMT".
I bet they try to blame their problem on Linux somehow
Hehe. Well there's all these Linux users standing on the sidelines, watching the spectacle unfold, and making rude comments from time to time. I'm surprised that no-one has mentioned how to turn off this index-server thingee or whatever it is. Download this patch to protect your network. Sheesh.
The internet has been IIS'd.
Blame it on the UN-patchy web server.
Mod parent up, please.
Seems like Code Red will be with us for a long time (as will be unpatched IIS servers).
You're using Unix criteria, not Microsoft Windows criteria. Remember, in the Microsoft Window world, mediocrity is an aspiration. Symantec hasn't lost their mind. They never had one to lose.
Hmmm, does the MSCE cover installing patches? .NET.
At least microsoft.com not mentions Code Red II on its home page. New variant. Download the patch now to protect your network.
Somehow I think I want to stay far, far away from
There is a critical difference with open source, paid or unpaid. With open source, the recipient of the code is in a position to diagnose and debug the code. Without open source, the recipient of the code must rely on the authors. If the legal system is at all reasonable, that should make a lot of difference.
Dunno. They said you couldn't get a virus from email, too.
From the Three stooges, possibly elsewhere.
Coke cans painted green. Must be St. Patricks day.
Once that starts, bad things are sure to follow. Any company that treats its customers as enemies will not last long.
No, not all of us registered users are anti-ms conspiracy nuts. Just the ones of us who (have to) use what ms claims to be software.
You hear "Light Sabre", you think "Star Wars".
... Windows more brainless? I didn't think that was possible.
I don't know how. I don't know what. But Microsoft will find a way. It's called innovation.
Neither Sun nor Corel has a monopoly on their software.
Sun has a monopoly on Sun software.
Not when you can download GNU tools from Sun.
Not when I can download IBM's Java.
Corel has a monopoly on Corel software.
With Corel Linux???
Probably one of the oldest actually.
Not by a long shot. I was well over 40 before (s)he was born.
Or Getafix, the Druid.
All letters wrong.
In my opinion, the only monopoly they have is a monopoly on Microsoft software.
For that statement to have any meaning, Microsoft is a monopoly. The alternative of doing without is not a defense.
Offense almost always has the advantage. They get to decide where when and how.
That's why lack of source hurts the defense more than the offence. The offence just needs to find something that causes the target to misbehave and trace it at the machine-state level. Should be pretty good pickings, especially if due to some subtle compiler or library error.
That doesn't indicate an error in SQL Server, just in how this customized accounting software uses it.
Correct. The customized accounting software uses SQL Server.
Well, ... this is Microsoft software we're talking about.
(ducks and runs for cover)
Microsoft's idea of reliability, not mine.
Even funnier, searching microsoft.com for code red worm or codered worm returns 0 results. Maybe they'll find in in another day or two.