Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Malware targets holes Microsoft already plugged

Reply
Thread Tools

Malware targets holes Microsoft already plugged

 
 
Au79
Guest
Posts: n/a
 
      07-25-2006
Inquirer - Harrow,Middlesex,UK

Microsoft had slapped a severity rating of 'critical ... on two of the
exploited vulnerabilities, when plugging ... experts had warned that the
vulnerability ...

<http://www.theinquirer.net/default.aspx?article=33246>
--
....................
http://www.vanwensveen.nl/rants/microsoft/IhateMS.html

http://free.thelinuxstore.ca/
 
Reply With Quote
 
 
 
 
Paul
Guest
Posts: n/a
 
      07-25-2006

"Au79" <(E-Mail Removed)> wrote in message
news:3Ovxg.15953$(E-Mail Removed)...
> Inquirer - Harrow,Middlesex,UK
>
> Microsoft had slapped a severity rating of 'critical ... on two of the
> exploited vulnerabilities, when plugging ... experts had warned that the
> vulnerability ...
>
> <http://www.theinquirer.net/default.aspx?article=33246>
> --


Read it carefully before making a fool of yourself:

Quote:

Microsoft plugged the three holes as part of July's security patch.

 
Reply With Quote
 
 
 
 
Au79
Guest
Posts: n/a
 
      07-25-2006
Paul wrote:

>
> "Au79" <(E-Mail Removed)> wrote in message
> news:3Ovxg.15953$(E-Mail Removed)...
>> Inquirer - Harrow,Middlesex,UK
>>
>> Microsoft had slapped a severity rating of 'critical ... on two of the
>> exploited vulnerabilities, when plugging ... experts had warned that the
>> vulnerability ...
>>
>> <http://www.theinquirer.net/default.aspx?article=33246>
>> --

>
> Read it carefully before making a fool of yourself:
>
>
Quote:
>
> Microsoft plugged the three holes as part of July's security patch.
>
>


Read it carefully before making a fool of yourself (albeit too late):

<quote>

THE SANS INTERNET Storm Centre has warned of exploit code for three
vulnerabilities Microsoft *plugged* *earlier* *this month* [meaning part of
July's security patch].

</quote>


--
....................
http://www.vanwensveen.nl/rants/microsoft/IhateMS.html

http://free.thelinuxstore.ca/
 
Reply With Quote
 
Paul
Guest
Posts: n/a
 
      07-25-2006

"Au79" <(E-Mail Removed)> wrote in message
news:OWvxg.15958$(E-Mail Removed)...
> Paul wrote:
>
>>
>> "Au79" <(E-Mail Removed)> wrote in message
>> news:3Ovxg.15953$(E-Mail Removed)...
>>> Inquirer - Harrow,Middlesex,UK
>>>
>>> Microsoft had slapped a severity rating of 'critical ... on two of the
>>> exploited vulnerabilities, when plugging ... experts had warned that the
>>> vulnerability ...
>>>
>>> <http://www.theinquirer.net/default.aspx?article=33246>
>>> --

>>
>> Read it carefully before making a fool of yourself:
>>
>>
Quote:
>>
>> Microsoft plugged the three holes as part of July's security patch.
>>
>>

>
> Read it carefully before making a fool of yourself (albeit too late):
>
> <quote>
>
> THE SANS INTERNET Storm Centre has warned of exploit code for three
> vulnerabilities Microsoft *plugged* *earlier* *this month* [meaning part
> of
> July's security patch].
>
> </quote>
>
>


Exactly, the holes have already been plugged.


 
Reply With Quote
 
Ponder
Guest
Posts: n/a
 
      07-25-2006
Hiya Au79.

In <news:3Ovxg.15953$(E-Mail Removed)> you wrote:

> Microsoft had slapped a severity rating of 'critical ... on two of the
> exploited vulnerabilities, when plugging ... experts had warned that the
> vulnerability ...


Comparable to Linux vulnerabilities then.

And just in case you don't get it, Linux is now my primary OS. I'm not
anti-Linux I'm anti-thoughtless copy/pasting and anti-posting any URL
pointing out competing OS vulnerabilities without making it clear that
there are equivalent Linux vulnerabilities too.

Do you work for a tabloid newspaper by any chance?

--
PGP key ID - DSS:0x2661A952
Ponder - Homepage: http://www.colinjones.co.uk ICQ# 1707811
Skittles Team: http://www.ddskittles.co.uk
 
Reply With Quote
 
William Poaster
Guest
Posts: n/a
 
      07-25-2006
It was on Wednesday 26 July 2006 12:32 am, that Ponder apparently said:

> Hiya Au79.
>
> In <news:3Ovxg.15953$(E-Mail Removed)> you wrote:
>
>> Microsoft had slapped a severity rating of 'critical ... on two of the
>> exploited vulnerabilities, when plugging ... experts had warned that the
>> vulnerability ...

>
> Comparable to Linux vulnerabilities then.
>
> And just in case you don't get it, Linux is now my primary OS. I'm not
> anti-Linux I'm anti-thoughtless copy/pasting and anti-posting any URL
> pointing out competing OS vulnerabilities without making it clear that
> there are equivalent Linux vulnerabilities too.


And what are these "equivalent Linux vulnerabilities", & which distros? What may
affect one linux distro would not necessarily affect others.

> Do you work for a tabloid newspaper by any chance?
>


--
Disk full - remove Windows?
Y - Yes!
F - FFS YES!
 
Reply With Quote
 
Ponder
Guest
Posts: n/a
 
      07-26-2006
Hiya William Poaster.

In <news:(E-Mail Removed)2.eu> you wrote:

> And what are these "equivalent Linux vulnerabilities", & which distros? What may
> affect one linux distro would not necessarily affect others.


How about the ssh one that got me some years ago? Yes it's been plugged
but it affected all distros. I was hit because it required a massive amount
of work to upgrade ssh due to glibc being split in the rpm repository. That
took a lot of hacking to upgrade, let me tell you.

Debian's apt-get system is far more constant and no trouble to keep up to
date but if there were no bugs or vulnerabilities why update perfectly
functional software? I still see updates for some pretty core functions so
something must be happening. Don't get blinkered and think you're secure
just because you're running Linux, if it's not maintained you could fall
prey to a rootkit or two.

--
PGP key ID - DSS:0x2661A952
Ponder - Homepage: http://www.colinjones.co.uk ICQ# 1707811
Skittles Team: http://www.ddskittles.co.uk
 
Reply With Quote
 
William Poaster
Guest
Posts: n/a
 
      07-26-2006
It was on Wed, 26 Jul 2006 12:50:13 +0000, that Ponder wrote:

> Hiya William Poaster.
>
> In <news:(E-Mail Removed)2.eu> you wrote:
>
>> And what are these "equivalent Linux vulnerabilities", & which distros? What may
>> affect one linux distro would not necessarily affect others.

>
> How about the ssh one that got me some years ago? Yes it's been plugged
> but it affected all distros. I was hit because it required a massive amount
> of work to upgrade ssh due to glibc being split in the rpm repository. That
> took a lot of hacking to upgrade, let me tell you.


Yes, that's one example, & I bet it did. However it seems to me that the
big difference in vulnerabilities between GNU/linux & Windows, is that
GNU/linux is less prone to remote ones than windows...which appears to be
backed up by security experts:
http://searchwindowssecurity.techtar...ml?bucket=NEWS

http://www.techenclave.com/forums/ho...puter-694.html

Also, don't forget the Honeypot Project report:
http://www.eweek.com/article2/0,1895,1752343,00.asp

> Debian's apt-get system is far more constant and no trouble to keep up to
> date but if there were no bugs or vulnerabilities why update perfectly
> functional software? I still see updates for some pretty core functions so
> something must be happening.


Just because something works perfectly well, doesn't mean there shouldn't
be ongoing improvements.

> Don't get blinkered and think you're secure just because you're running
> Linux, if it's not maintained you could fall prey to a rootkit or two.


Of course, *if* it's not maintained. I run chkrootkit periodically to
check for any rootkits. Also in SuSE linux 10.1, AppArmor is enabled by
default. http://en.opensuse.org/Apparmor (I believe it is also available
for Ubuntu now).

I've been using GNU/linux distros for a long time, & security was one of
the things that attracted me to use it, after a *lot* of research on the
matter.

--
If a cell phone call was to fall into a black hole,
would it be a cingularity?
 
Reply With Quote
 
Jimchip
Guest
Posts: n/a
 
      07-26-2006
On 2006-07-26, Ponder <(E-Mail Removed)> wrote:
> Hiya William Poaster.
>
> In <news:(E-Mail Removed)2.eu> you wrote:
>
>> And what are these "equivalent Linux vulnerabilities", & which distros? What may
>> affect one linux distro would not necessarily affect others.

>
> How about the ssh one that got me some years ago? Yes it's been plugged
> but it affected all distros. I was hit because it required a massive amount
> of work to upgrade ssh due to glibc being split in the rpm repository. That
> took a lot of hacking to upgrade, let me tell you.
>
> Debian's apt-get system is far more constant and no trouble to keep up to
> date but if there were no bugs or vulnerabilities why update perfectly
> functional software? I still see updates for some pretty core functions so
> something must be happening. Don't get blinkered and think you're secure
> just because you're running Linux, if it's not maintained you could fall
> prey to a rootkit or two.


Debian apt-get (I use Synaptics as the Gnome 2.14 interface to it) has
regular security source and package updates at a different location than
the typical distro download mirrors. It's all automatic if one does a
standard install, for example. I switched to Etch...don't ask me why but
it is doing OK, for me.
------------------------
partial Sources.list

deb http://ftp.us.debian.org/debian/ etch main contrib non-free
deb-src http://ftp.us.debian.org/debian/ etch main

deb http://security.debian.org/ etch/updates main
deb-src http://security.debian.org/ etch/updates main
------------------------

--
"One Architecture, One OS" also translates as "One Egg, One Basket".
 
Reply With Quote
 
William Poaster
Guest
Posts: n/a
 
      07-26-2006
It was on Wed, 26 Jul 2006 15:31:32 +0000, that Jimchip wrote:

> On 2006-07-26, Ponder <(E-Mail Removed)> wrote:
>> Hiya William Poaster.
>>
>> In <news:(E-Mail Removed)2.eu> you wrote:
>>
>>> And what are these "equivalent Linux vulnerabilities", & which distros? What may
>>> affect one linux distro would not necessarily affect others.

>>
>> How about the ssh one that got me some years ago? Yes it's been plugged
>> but it affected all distros. I was hit because it required a massive amount
>> of work to upgrade ssh due to glibc being split in the rpm repository. That
>> took a lot of hacking to upgrade, let me tell you.
>>
>> Debian's apt-get system is far more constant and no trouble to keep up to
>> date but if there were no bugs or vulnerabilities why update perfectly
>> functional software? I still see updates for some pretty core functions so
>> something must be happening. Don't get blinkered and think you're secure
>> just because you're running Linux, if it's not maintained you could fall
>> prey to a rootkit or two.

>
> Debian apt-get (I use Synaptics as the Gnome 2.14 interface to it) has
> regular security source and package updates at a different location than
> the typical distro download mirrors. It's all automatic if one does a
> standard install, for example. I switched to Etch...don't ask me why but
> it is doing OK, for me.
> ------------------------
> partial Sources.list
>
> deb http://ftp.us.debian.org/debian/ etch main contrib non-free
> deb-src http://ftp.us.debian.org/debian/ etch main
>
> deb http://security.debian.org/ etch/updates main
> deb-src http://security.debian.org/ etch/updates main
> ------------------------


I have to say, after using apt-get in Kubuntu & Debian, I rather like it!
apt-get is also available for SuSE linux.

--
98% of linux problems *windows* users whine about,
emanate from somewhere between the chair and the PC.
Either the person cannot read, doesn't understand
what they read, or they can't be bothered.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware targets OpenOffice users Jonathan Walker NZ Computing 41 06-02-2007 06:24 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
Exploits are already circulating for the MS security holes patched this week.... Imhotep Computer Security 0 08-12-2005 08:07 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments