This security hole is really very sad. Microsoft has been saying that XP would be more secure than previous versions of NT and W2K. Yet it appears that this is a bigger hole than in any previous version OS, in that it allows total control of the machine without doing anything more than making a connection to the internet. (Someone please correct me if I've misunderstood the hole.)
Several months before XP was released, I found an article by Steve Gibson of Gibson Research Corporation discussing a denial of service attack he had suffered through, how he was able to stop it, and how a new feature in XP (raw sockets) would make unstoppable attacks possible. Even worse, when he tried to warn Microsoft of the problem, they basically said, "don't worry our security will be good enough to prevent this problem."
Now here we are, just a few short months after the release of XP and there's already a security hole big enough to drive the proverbial Mack truck through. And completely unprotected behind that hole is the capability to bring any portion of the internet to its knees.
It seems to me that this is certainly an instance where a lawsuit is a possibility. It's no wonder the government is looking into the security issues in XP.
Slashdot Mirror
This security hole is really very sad. Microsoft has been saying that XP would be more secure than previous versions of NT and W2K. Yet it appears that this is a bigger hole than in any previous version OS, in that it allows total control of the machine without doing anything more than making a connection to the internet. (Someone please correct me if I've misunderstood the hole.)
Several months before XP was released, I found an article by Steve Gibson of Gibson Research Corporation discussing a denial of service attack he had suffered through, how he was able to stop it, and how a new feature in XP (raw sockets) would make unstoppable attacks possible. Even worse, when he tried to warn Microsoft of the problem, they basically said, "don't worry our security will be good enough to prevent this problem."
(You can find the article here: Denial of Service Investigation)
Now here we are, just a few short months after the release of XP and there's already a security hole big enough to drive the proverbial Mack truck through. And completely unprotected behind that hole is the capability to bring any portion of the internet to its knees.
It seems to me that this is certainly an instance where a lawsuit is a possibility. It's no wonder the government is looking into the security issues in XP.
All I can say is "Be afraid. Be very afraid."
Ed "What the" Heckman