Slashdot Mirror


User: Locutus

Locutus's activity in the archive.

Stories
0
Comments
3,890
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,890

  1. Re:ASUS website hacked on Windows .ANI Problem Surfaced Two Years Ago · · Score: 1

    I wonder how many of those 700 hacked web servers are Microsoft Windows based?

    Ask anybody about what OS was the base of an attack which makes the press and you get no answer...
    I can only imagine that someone is very persuasive at keeping this quite since there is just too much consistency in how these requests are handled.

    Atleast now we know ASUS was/is Microsoft Windows.

    LoB

  2. Re:It would be nice to have real information on th on Windows .ANI Problem Surfaced Two Years Ago · · Score: 1

    nice work finding that, thanks.

    You know, if Microsoft can pay a dozen people to make sure a reporter writes THEIR story and not his/her own, you'd think they'd be paying developers enough and putting enough "process" in place in order to make the product better. But here in 2007, it sure looks like they still suck at software engineering.

    LoB

  3. Re:Incompetent Liars on Windows .ANI Problem Surfaced Two Years Ago · · Score: 1

    I guess that is why Bill Gates has been running around the world saying that Windows Vista is "the most secure operating system available"... Sorry but they have been saying their shit doesn't stink in regards to security and reliability since the W2K release.

    And that bit about the security experts not knowing what they are talking about because they don't have the source code, well they have the binary code and from that they can generate assembly code. With that, it's pretty easy to see if an unchecked parameter to a function is being exploited just as the previous exploit was and they can tell if the flaw is in the same function as the previous one.

    Sorry but you're wrong on so many levels. IMO.

    LoB

  4. Re:Incompetent Liars on Windows .ANI Problem Surfaced Two Years Ago · · Score: 1

    it didn't sound like copy-paste to me. The first bug( found Dec 2004 ) was a failure to validate one of the parameters of an Animated Mouse function and the invalid value of "0" could be exploited. What I read in the recent story is that the current bug is due to another parameter of the same function going unchecked and/or accepting invalid data. They used the term "header" in the story but I think they must have ment parameter since that was publicly stated as the problem with the 2004 instance of the bug.

    So, here Microsoft was claiming that Windows 2000 was some rock solid and secure built-from-the-ground-up operating system, they declared something called "Trustworthy Computer Initiative", claim Windows XP is some rock solid and secure built-from-the-ground-up operating system. The do the same for Windows Vista and we've already seen that the WMF exploit was from code dating back to Windows 3.x and now we find that the monkeys at Microsoft can't even find a bug in the same program method/function as the one found in 2004. AND, now we are finding out that Microsoft knew of this recent bug in Dec of 2005 but didn't patch it for over 3 months while the previous bug was fixed/patched within 30 days. Me thinks that Microsoft didn't want the public knowing so soon after Vista shipped that an old mouse bug opens their "most secure operating system available" to attackers.

    LoB

  5. gawd, didn't we hear this same crap with Win95 on Vista Taking a Nibble Out of Apple in OS Wars? · · Score: 1

    People are buying MS Windows Vista instead of new Macs?

    Sorry but that concept is moronic at best IMO.

    LoB

  6. Just like PocketPC/WinCE, got $10B to spare do ya on Microsoft Considering Subsidizing Zune Sales · · Score: 2, Insightful

    pretty predictable considering WindowsCE/PocketPC/PocketMobile/etc is a blistering success and it only cost Microsoft over $10 billion and 10 years to purchase this success. But hey, they were only fighting Palm for that market and now they actually have to purchase marketshare from not only a consistently good design house but also one that captured the minds/hearts of non-geeks.

    I predict it'll take another 10 years but this time, it's gonna cost Microsoft atleast $20 billion in losses to do it. And, in 10 years, Microsoft will not be the same company it is now or was in the past. So, in about 5 years, you'll want to watch out for people driving their cars while attempting to reboot the Zune music player system.

    Microsoft; the maker of innovative products businesses must be paid to sell and customers must be paid to use.

    LoB

  7. Re:try virtual/multi desktop instead of 2 monitors on Using Two Monitors Makes You More Productive? · · Score: 1

    yikes, what a shame. I guess running two more more apps on Windows is a power-user kinda thing to do. ;-) wow

    LoB

  8. Re:try virtual/multi desktop instead of 2 monitors on Using Two Monitors Makes You More Productive? · · Score: 1

    I give up, you need toolbars, buttons, staus areas, bells whistles and the kitchen sink to and therefore require two monitors to edit your code. That's great and I was just silly for thinking otherwise. Good luck.

    LoB

  9. Re:try virtual/multi desktop instead of 2 monitors on Using Two Monitors Makes You More Productive? · · Score: 1

    got it but understand that we are talking about screen space here. The phrase "huge amount of data" was/is relevant to the concept of the subject at hand and that is related to screen space and multiple monitors. If, for some reason, you must have an editing window fullscreen to see 20-40 lines and things like changing font size, screen resolution, etc are unworkable then sure, you obviously must have a 2nd display and might also want to see about having your eyes checked. ;-)

    Again, I would recomment a fullscreen window running a diff tool like guiffy for what you mentioned. Good luck.

    LoB

  10. Re:try virtual/multi desktop instead of 2 monitors on Using Two Monitors Makes You More Productive? · · Score: 1

    hmm, "large chunk of code" sure looks very much like what I said about dealing with a large amounts of data at one time. But, it sounds like you could probably use a tool like guiffy ( http://www.guiffy.com/ ) instead of a 2nd monitor.

    Remember, I said that often a 2nd monitor is nice to have but selling it as a required tool is going to be tough if your IT people are not easily fooled. Using virtual desktops will often work in saving time. And if the new asset has to be tracked, inventoried, depreciated, recycled, etc, there's more cost involved than just the purchase price.

    Does Microsoft Windows even come standard with virtual desktops? If so, what version of MS Windows finally got this? I've seen just so many Windows users have a hard time with the concept of running 2 applications at one time and I think the only way they would even consider running two applications would be if they had a 2nd monitor. I guess if they can't get training on the concept, throwing hardware at them would probably make them far more productive just because they'd not have to waste time starting and stopping applications all the time.

    LoB

  11. try virtual/multi desktop instead of 2 monitors on Using Two Monitors Makes You More Productive? · · Score: 2, Informative

    The only time you can REALLY justify a dual monitor setup is when your primary job/task requires you to quickly see a whole lot of data at one time. Otherwise, use a multi-desktop configuration where you can assign quick-keys to switch views from one desktop to the other. UNIX and Linux desktop systems( CDE, KDE, Gnome, etc ) and probably others have always had multi-desktop support so you can run apps fullscreen in different desktops and with a keystroke you can instantly switch to the specific desktop. Toggling through the apps with the task-switcher( Alt-Tab ) isn't efficient since you likely vary the number of apps running at one time and switching to a specific desktop will get you right to the data or app you want/need to see.

    Again, unless you absolutely must simultaneously see a ton of data which can only be efficiently done with 2 or more monitors, you'll probably have to snowball your IT department into thinking you need the extra monitors. One thing you might try is to tell them you have epilepsy and a quickly changing/flashing display window could trigger an episode. ;-)

    2+ displays are easier but saying it's required is gonna take some work. IMO.

    LoB

  12. like XP, it doesn't matter. Preloads will eventual on Survey Finds Few Intend to Upgrade to Vista · · Score: 1

    no message cause it's a waste of time discussing something history has already shown to be true.

    LoB

  13. Re:Well it's not all Microsoft's fault here on Microsoft Sued Over Vista Marketing · · Score: 1

    one of the many problems with this: What does "runs" mean?

    Also, let me mention what I believe "Microsoft" to mean; it means you're getting ripped off and it's gonna cost you a lot of money in the long run.

    LoB

  14. should add "most secure OS available" to the case on Microsoft Sued Over Vista Marketing · · Score: 1

    that was a laugh and a half when Bill Gates went around the world spewing that load of crap. Talking about misleading the public.

    LoB

  15. idiots for trusting MSFT marketing on Microsoft Sued Over Vista Marketing · · Score: 1

    wow, how stupid are people getting to actually think that Microsofts marketing has ANY resemblance to truth or reality. Well, I guess they COULD have just been born yesterday. :-/

    LoB

  16. Re:Why would my cursor run as root? on Windows Vulnerability in Animated Cursor Handling · · Score: 1

    I understood that differently in that the flaw is in Vista but because IE 7 on Vista is defaulted in "protected mode" that application will restrict this flaw to damage on to the "protected mode" space. Ie, the sandboxed one application, IE 7, so damage caused by it is restricted to a virtual filesystem of little consequences.

    Otherwise, I don't think the security people would have listed Vista in the list of systems susceptible. Given that, I also have to imagine that though this is a likely target for HTML based attacks, the flaw is in the standard mouse handling mechanism and therefore any other means of getting into the mouse handling system are also attack vectors and IE 7 on Vista isn't going to protect it. But you won't be hearing that from Microsoft about the most secure operating system ever built.

    LoB

  17. Re:Why would my cursor run as root? on Windows Vulnerability in Animated Cursor Handling · · Score: 1

    no, it's just that there's a whole crop of newbies who just don't know the history. You know, the ones with the glazed eyes and with "Microsoft" tattooed on their foreheads. ;-)

    LoB

  18. Re:Supposedly the newest code does prevent it on Windows Vulnerability in Animated Cursor Handling · · Score: 1

    no they don't. It says that the damage is contained but that the attack is still operational. But I see where you could confuse the two.

    LoB

  19. Re:Why does it get to be this bad? on Windows Vulnerability in Animated Cursor Handling · · Score: 1

    Ah, least you forget that Microsofts security claims have a long long history of failure:

    "Microsoft is dedicated to keeping our customers' networks secure, and Windows 2000 is the most secure operating system we have ever shipped," said Keith White, director of Windows marketing at Microsoft.

    http://www.microsoft.com/Presspass/press/2000/jan0 0/cybersafepr.mspx

    mentioned in the Windows 2000 wikipedia entry too:

    http://en.wikipedia.org/wiki/Windows_2000

    So they've sucked at this for many many years while claiming otherwise.

    LoB

  20. Re:Only affects rendering using the IE engine... on Windows Vulnerability in Animated Cursor Handling · · Score: 1

    yup, I wish the press would pick up on this and mention that Firefox and Thunderbird protect from this and then give the to the free download pages. I've notified a few friends of this and their responses have been 'got Firefox and don't use Outlook so no worries here' type of responses. I've not heard from any of those I've moved to Linux so either they've finally accepted that they are protected from all the Windows security flaws or they've not heard anything about this yet.

    If anybody knows any email addresses of your local news or newspaper, maybe letting them know that Firefox and Thunderbird are safe from this, they run on Windows, and are free. Let's take the marketing opening where we can get em. :-)

    LoB

  21. Re:oldie but goodie on Windows Vulnerability in Animated Cursor Handling · · Score: 1

    I think the last one( Dec 04/Jan 05 ) was due to a function parameter of "0" causing a crash which could/was exploited. This current flaw is still in the mouse code but somehow related to how the animated mouse data is loaded.

    I don't recall exactly what this current exploit does so if someone knows, please chime in. IIRC, they are related in the fact that it is the mouse handler( ya know that's gotta be a huge codebase ;) but in different parts of the code.

    LoB

  22. Re:This old? on Windows Vulnerability in Animated Cursor Handling · · Score: 1

    that sounds about right but you must admit, Microsoft was just in this code about 15 months ago because an invalid parameter(where's the unit testing?) caused an exploit but they missed this current flaw in the same area. After hearing about the WMF flaw, how they screwed that one up, and moved that flaw/code into all versions of Windows, it's hard believe Microsoft doesn't just suck at software security. Like the Open BSD folks, they should be refactoring up the wazoo to work at actually making the product more secure and especially since perceived security of GNU/Linux is a major factor in migrations and use of OSS.

    Oh, and what is the wealth of the OpenBSD folks compared to Microsoft? OpenBSD seems to have the manpower and time to do what's needed to actually make the product more secure but somehow Microsoft doesn't. I guess it goes to show that maybe Microsoft is just way too much of a marketing company and far less of a technology company when stuff like this keeps happening over and over, year after year.

    LoB

  23. Re:Why would my cursor run as root? on Windows Vulnerability in Animated Cursor Handling · · Score: 4, Insightful

    you this that's bad, there was another security flaw in the mouse code announced over 15 months ago( Jan 05 ). They patched that but never examined the code for other exploits. I mean really, if you've got SOOO much freaking legacy code, you'd atleast want to be refactoring what you have to touch because of bugs or, for example, security holes.

    http://www.checkpoint.com/defense/advisories/publi c/2005/cpai-2005-06.html

    But, the great minds at Microsoft and their Trusted Computing efforts appear to be spending more time on marketing and public relations and less time on even attempting to make a better product. It's bad enough that the mouse code is an attack vector but to just put a band aide on it and send it right into the Windows Vista product is just plain bad.

    Remember, Vista was said to be the most secure operating system available. Not the most secure version of Windows but the most secure operating system. And yet they are letting relatively small bits of code like this mouse code get through their masterful security techniques. Well, I guess that is why they've decided their security system will be based on a billion sandboxes instead of secure model for the whole... What a joke.

    LoB

  24. He should have tested the mouse as a security risk on Top 12 Operating Systems Vulnerability Survey · · Score: 1, Informative

    News out today is that Windows( including Vista ) has another security risk in the animated mouse code. That's right, another one. The previous one was in early 2005 and I guess their Trustworthy Computing people forgot to look at the rest of the animated mouse code cause they moved it right into Windows Vista.

    I did see where McAfee said that Firefox on Windows blocked this so I'm only guessing that it's yet another Windows w/Internet Explorer flaw since one of the temp fixes is to turn off html rendering in MS Outlook and that's probably the MS IE code there too.

    pretty sad when a mouse can open security holes so far into the system. Supposedly, MS Vista does somewhat contain this but I'm not sure if that is with a standard install.

    So tell your friends to watch where their mouse has been.

    http://www.microsoft.com/technet/security/advisory /935423.mspx

    LoB

  25. Re:Microsoft needs a good PR firm on Leaked Microsoft Dossier on Journalist · · Score: 1

    [AC] you might say that of the 80s but not the 90s. Take a look at the court docs from the various antitrust cases against them. In the early/mid 90s, MS shut down projects by HP, Intel, and others at their discretion, not to mention seeing full blown lies in the press regarding non-Microsoft tech where it was obvious( to some ) that it was a pro-Microsoft article.

    The 80s might have been IBMs decade but the 90s were where Microsoft really showed its color.

    LoB