The timeline of the vulnerability tells us that Microsoft was informed November 12, 2003. Now, they got 4 months to find a patch and release their security bulletin. Couldn't they find out that it was more critical in the 24*30*4 hours before?
From MS04-009:
Reason for Major Revision
Subsequent to the release of this bulletin, it was determined that this vulnerability could also affect users who do not have the "Outlook Today" folder home page as their default home page in
Outlook 2002. As a result, Microsoft has re-released this bulletin with a new severity rating of "critical" to reflect the expanded
attack vector.
What the heck? Does the severity of a bug depend upon how much people are affected?
Does a local root depend upon the number of people who are potentially affected? Ask someone who has lost money via such a local root.
Another interesting posting is available on full-disclosure mailing list, covering Microsoft's understanding of "security" (the Author, Nick FitzGerald, is a helpful and understanding regular poster on full-disclosure)
Buy a copy of Windows XP and you are licensed to run it forever
But are you licensed to install it forever? Are you sure Microsoft will let you activate your copy for ever? I really doubt that. I believe they will stop the activation as soon as XP's lifetime (as seen by Microsoft) has reached its end.
> I think that question depends on whether the C64 had DMA or not
Well, since the cs8900 which is used in the "The Final Ethernet" and/or "RR-Net" has to be polled in 8 bit mode; even the interrupt mode does not work when used with 8 bit, cf. http://www.cirrus.com/en/pubs/appNote/an181.pdf
Slashdot Mirror
According to http://lists.seifried.org/pipermail/security/2004- August/004631.html and http://www.blackboxvoting.org/?q=node/view/78, there is even more than just missing security in the Diebold election machines. If these are true, than Diebold might have more troubles than it seems so far.
The timeline of the vulnerability tells us that Microsoft was informed November 12, 2003. Now, they got 4 months to find a patch and release their security bulletin. Couldn't they find out that it was more critical in the 24*30*4 hours before?
From MS04-009:
Reason for Major Revision
Subsequent to the release of this bulletin, it was determined that this vulnerability could also affect users who do not have the "Outlook Today" folder home page as their default home page in Outlook 2002. As a result, Microsoft has re-released this bulletin with a new severity rating of "critical" to reflect the expanded attack vector.
What the heck? Does the severity of a bug depend upon how much people are affected?
Does a local root depend upon the number of people who are potentially affected? Ask someone who has lost money via such a local root.
Another interesting posting is available on full-disclosure mailing list, covering Microsoft's understanding of "security" (the Author, Nick FitzGerald, is a helpful and understanding regular poster on full-disclosure)
Thank you, I did not know this. This is good news (at least to me).
> I think that question depends on whether the C64 had DMA or not
Well, since the cs8900 which is used in the "The Final Ethernet" and/or "RR-Net" has to be polled in 8 bit mode; even the interrupt mode does not work when used with 8 bit, cf. http://www.cirrus.com/en/pubs/appNote/an181.pdf