"High risk of leaking?" And what would the consequences of such a leak be? The affected vendors are only slightly better off than they were with how it actually turned out with Heartbleed?
When Heartbleed was disclosed, virtually no affected vendor (e.g., Ubuntu, Cisco, Juniper, etc.) had an update available. So there was a window where the vulnerability was public, but nobody had official updates from their vendor that would protect them. You are claiming that this is better than a coordinated release, where there would have been actual updates available to install?
It's not "buddies" that is being discussed here. It's the people producing the software that is affected!
1) This has nothing to do with Netflix. I am a Netflix user and I suspect that my Roku is not affected by the vulnerability in question. 2) Silverlight *does* get updated with automatic updates. 3) The vulnerability in question was fixed in March (MS13-022).
Has there been the same sort of outcry for iPhones being unacceptable security risks? I mean, Apple controls what software you can put on the device. And they can pretty much do anything to the device that they want without asking you. For any software that you use, you are trusting the vendor. You trust Microsoft to not push out a backdoor on patch Tuesday. You trust Google to not intercept your banking credentials with an automatic/silent Chrome update. etc. etc... There's no justification to say OMG Windows 8 now suddenly gives the ability for someone else to do something I might not want.
On a technical level (e.g. included exploit mitigations), Windows 8 is safer than any other Windows operating system. Even if Windows does go down the iOS route of only running approved software, does that really make it less safe? Maybe vendors are starting to realize that it's OK if Joe Home User can't run CuteKittens.exe that was just emailed to him.
Don't trust software vendors or other people? Good. Write your own OS and don't plug it into the internet. If you get that far.
You're asking how to ask a question? You request them to send a public PGP key so that you can encrypt the email. If they don't know what that means, you elaborate and point them in the right direction.
The same technique can be extrapolated to any request that you have in life.
Yet! What does "yet" mean anyway? It means you're gonna do it, doesn't it? Or does it? Just come on. What would it mean to you, that sentence: I haven't seen Evil Dead II yet?
Even though it's currently supported by Microsoft, Windows XP isn't safe to use. Why? No ASLR or other exploit mitigation techniques. When vulnerabilities are found in the apps that you're using, being on the XP platform makes you a sitting duck.
If you crashed an OS as the result of copying files, and claim that the hardware is fine, you're clearly hiding back story. The problem is probably not which distro that you're using, but rather computers in general.
So by your logic, no public web server can ever be hacked? SQL injection, bruteforce password guessing, hell, even something that allows remote code execution on the server... those all happen by sending one or more requests to a web server. And the result is something that violates an implicit or explicit security policy of the system involved.
Slashdot Mirror
When on earth did AV detect 95% of attacks? (hint: never)
"High risk of leaking?" And what would the consequences of such a leak be? The affected vendors are only slightly better off than they were with how it actually turned out with Heartbleed?
When Heartbleed was disclosed, virtually no affected vendor (e.g., Ubuntu, Cisco, Juniper, etc.) had an update available. So there was a window where the vulnerability was public, but nobody had official updates from their vendor that would protect them. You are claiming that this is better than a coordinated release, where there would have been actual updates available to install?
It's not "buddies" that is being discussed here. It's the people producing the software that is affected!
Right. Because the primary concern at Microsoft is that people get the legitimate software that they're looking for: http://i.imgur.com/ydSDGNR.png
Depending on your monitor brightness/contrast and your attention to detail, well, you get the picture...
The vulnerability is a use-after-free bug triggered by DHTML. If DHTML is a feature that you don't care for, feel free to switch to Lynx or Mosaic.
Give me a break. A vulnerability was disclosed, and then some time after that it was leveraged by attackers in the wild. This is what happens.
1) This has nothing to do with Netflix. I am a Netflix user and I suspect that my Roku is not affected by the vulnerability in question.
2) Silverlight *does* get updated with automatic updates.
3) The vulnerability in question was fixed in March (MS13-022).
You're criticizing the grammar of a submitter's summary? You must be new here.
If you'd bother to RTFA, you would have noticed that the phrase "crazy Nikon tech" is hyperlinked.
A drug that causes scaly green skin and is called crocodile? Ok, I have to admit that I had to look up that this isn't an early/late April fools joke.
I tell folks if they want an SSD don't have anything on it they would feel bad if they lost
How about you tell people that it's unsafe to use a computer without a viable backup scheme, regardless of the type of drive they use?
Has there been the same sort of outcry for iPhones being unacceptable security risks? I mean, Apple controls what software you can put on the device. And they can pretty much do anything to the device that they want without asking you. For any software that you use, you are trusting the vendor. You trust Microsoft to not push out a backdoor on patch Tuesday. You trust Google to not intercept your banking credentials with an automatic/silent Chrome update. etc. etc... There's no justification to say OMG Windows 8 now suddenly gives the ability for someone else to do something I might not want.
On a technical level (e.g. included exploit mitigations), Windows 8 is safer than any other Windows operating system. Even if Windows does go down the iOS route of only running approved software, does that really make it less safe? Maybe vendors are starting to realize that it's OK if Joe Home User can't run CuteKittens.exe that was just emailed to him.
Don't trust software vendors or other people? Good. Write your own OS and don't plug it into the internet. If you get that far.
You're asking how to ask a question? You request them to send a public PGP key so that you can encrypt the email. If they don't know what that means, you elaborate and point them in the right direction.
The same technique can be extrapolated to any request that you have in life.
If you care about security, you're running NoScript. And they do not run.
I mean, if a car has an airbag, that's just an admission that the driver isn't skilled enough. Right?
You're implying that the problems are in the compiler, which clearly indicates your lack of knowledge of software and vulnerabilities.
You're joking, right? Please tell me that you don't think you're protected from banking malware because your bank uses POST instead of GET.
OpenSMTPD was first introduced for testing with OpenBSD 4.6. OpenSMTPD version 5.3 was released with OpenBSD 5.3. Seems reasonable to me.
What the hell does that even mean? Perhaps you mean software vulnerabilities?
My 16-cores-per-processor servers question your statement. I don't think any other vendor beats AMD on the core density aspect.
"Windows: Not Doomed Yet"
Yet! What does "yet" mean anyway? It means you're gonna do it, doesn't it? Or does it? Just come on. What would it mean to you, that sentence: I haven't seen Evil Dead II yet?
Even though it's currently supported by Microsoft, Windows XP isn't safe to use. Why? No ASLR or other exploit mitigation techniques. When vulnerabilities are found in the apps that you're using, being on the XP platform makes you a sitting duck.
If you crashed an OS as the result of copying files, and claim that the hardware is fine, you're clearly hiding back story. The problem is probably not which distro that you're using, but rather computers in general.
So by your logic, no public web server can ever be hacked? SQL injection, bruteforce password guessing, hell, even something that allows remote code execution on the server... those all happen by sending one or more requests to a web server. And the result is something that violates an implicit or explicit security policy of the system involved.
Or Eszett, if you're good at spelling. :)
ASCII indeed. But it's called an Esset, FYI.