ANOTHER security flaw in M$IE being exploited

Discussion in 'NZ Computing' started by Have A Nice Cup of Tea, Mar 26, 2006.

  1. Have A Nice Cup of Tea, Mar 26, 2006
    #1
    1. Advertising

  2. Have A Nice Cup of Tea

    whoisthis Guest

    whoisthis, Mar 26, 2006
    #2
    1. Advertising

  3. On Mon, 27 Mar 2006 03:01:52 +1200, someone purporting to be whoisthis
    didst scrawl:

    > In article <>,
    > Have A Nice Cup of Tea <> wrote:
    >
    >> http://www.microsoft-watch.com/article2/0,1995,1942732,00.asp?kc=MWRSS02129TX1
    >> K0000535
    >>
    >> How many weeks have past since the last one?
    >>

    > feel free to post the linux and firefox security flaws too, just to give
    > a ballanced perspective


    That's a bit difficult when there's nothing to post.
    Well, not nothing, but nothing major. IE is currently affected by an
    Extremely Critical unpatched bug, and before that it was just Highly
    Critical. Firefox's most serious unpatched bug is Less Critical, which
    tallies with 2.4.x and 2.6.x versions of the Linux kernel.

    What's also interesting is that, since 2003, those versions of the kernel
    have had nothing more serious than a Moderately Critical bug, according to
    Secunia. That could just be rounding, but it's still very, very low.
    Firefox 1.x has had 4% Extremely and 26% Highly. IE6.x has had 15%
    Extremely, 28% Highly.

    Just to give a balanced perspective. Oh, and IE and Firefox have had
    fairly similar numbers of bugs, before you start down that particular path.


    --
    Matthew Poole
    "Don't use force. Get a bigger hammer."
     
    Matthew Poole, Mar 26, 2006
    #3
  4. On Mon, 27 Mar 2006 07:13:55 +1200, someone purporting to be Matthew Poole
    didst scrawl:

    > On Mon, 27 Mar 2006 03:01:52 +1200, someone purporting to be whoisthis
    > didst scrawl:

    *SNIP*
    > Just to give a balanced perspective. Oh, and IE and Firefox have had
    > fairly similar numbers of bugs, before you start down that particular path.


    Not sure where I got the similar numbers thing from. IE has had over three
    times as many as FF (96 against 27), and nearly as many reported bugs in
    IE are unpatched as there have ever been reported bugs in FF1.x

    --
    Matthew Poole
    "Don't use force. Get a bigger hammer."
     
    Matthew Poole, Mar 26, 2006
    #4
  5. Have A Nice Cup of Tea

    whoisthis Guest

    In article <>,
    Matthew Poole <> wrote:

    > On Mon, 27 Mar 2006 03:01:52 +1200, someone purporting to be whoisthis
    > didst scrawl:
    >
    > > In article <>,
    > > Have A Nice Cup of Tea <> wrote:
    > >
    > >> http://www.microsoft-watch.com/article2/0,1995,1942732,00.asp?kc=MWRSS02129
    > >> TX1
    > >> K0000535
    > >>
    > >> How many weeks have past since the last one?
    > >>

    > > feel free to post the linux and firefox security flaws too, just to give
    > > a ballanced perspective

    >
    > That's a bit difficult when there's nothing to post.
    > Well, not nothing, but nothing major. IE is currently affected by an
    > Extremely Critical unpatched bug, and before that it was just Highly
    > Critical. Firefox's most serious unpatched bug is Less Critical, which
    > tallies with 2.4.x and 2.6.x versions of the Linux kernel.
    >
    > What's also interesting is that, since 2003, those versions of the kernel
    > have had nothing more serious than a Moderately Critical bug, according to
    > Secunia. That could just be rounding, but it's still very, very low.
    > Firefox 1.x has had 4% Extremely and 26% Highly. IE6.x has had 15%
    > Extremely, 28% Highly.
    >
    > Just to give a balanced perspective. Oh, and IE and Firefox have had
    > fairly similar numbers of bugs, before you start down that particular path.


    And of course because linux is of limited interest to criminals because
    of the much lower numbers (and I do accept better security model as I
    run Macs for the same reason) they exploits probably are these they are
    just no found.

    And of course to be balanced it should be noted that Unix is more than
    twice as old as Windows so it has had an extra 20 years to work out the
    issues !
     
    whoisthis, Mar 26, 2006
    #5
  6. Have A Nice Cup of Tea

    Invisible Guest

    Invisible, Mar 26, 2006
    #6
  7. Have A Nice Cup of Tea

    thingy Guest

    whoisthis wrote:

    8><----

    > And of course because linux is of limited interest to criminals because
    > of the much lower numbers (and I do accept better security model as I
    > run Macs for the same reason) they exploits probably are these they are
    > just no found.


    Yes Apache and Linux run 3 times the web servers that run on MS & ISS,
    so if you want to infect web browsers via the web do it via an infected
    Apache server, this is so happening....

    Of course this is a prime reason to switch to Linux & FF, it is not
    targetted by criminals and the better security model means any future
    impact is going to be limited.

    > And of course to be balanced it should be noted that Unix is more than
    > twice as old as Windows so it has had an extra 20 years to work out the
    > issues !


    What balance? what does 20 years of Unix got to do with IE and Firefox?

    Unless you mean that by the same point IE has been around for several
    years longer ie way older than FF, so it should have less bugs, but has
    more and worse....kinda an oxy moron....

    regards

    Thing
     
    thingy, Mar 27, 2006
    #7
  8. On Mon, 27 Mar 2006 07:43:03 +1200, whoisthis wrote:

    > And of course to be balanced it should be noted that Unix is more than
    > twice as old as Windows so it has had an extra 20 years to work out the
    > issues !


    So why then, has Micro$oft dumped M$ WindowsNT in favour of a supposedly
    complete new OS called Vista?

    I mean, if all those years of development are anything to go by, surely
    also M$'s own software should be now starting to be reasonably secure -
    given all the patching that it has done over the years.


    Have A Nice Cup of Tea

    --
    "Vista - I wouldn't buy it with someone else's money. Then again What do I
    know, I've only been testing the dog for the last 2-3 yrs..."
     
    Have A Nice Cup of Tea, Mar 27, 2006
    #8
  9. Have A Nice Cup of Tea

    thingy Guest

    Have A Nice Cup of Tea wrote:
    > On Mon, 27 Mar 2006 07:43:03 +1200, whoisthis wrote:
    >
    >
    >>And of course to be balanced it should be noted that Unix is more than
    >>twice as old as Windows so it has had an extra 20 years to work out the
    >>issues !

    >
    >
    > So why then, has Micro$oft dumped M$ WindowsNT in favour of a supposedly
    > complete new OS called Vista?
    >
    > I mean, if all those years of development are anything to go by, surely
    > also M$'s own software should be now starting to be reasonably secure -
    > given all the patching that it has done over the years.
    >
    >
    > Have A Nice Cup of Tea
    >


    and lets not forget MS's huge R&D budget......

    Patching wont fix the fundimental design flaws that MS allowed in to
    make applications talk to each other easily....or DLL hell.....

    I find it interesting that virtaul servers seem such a popular idea. Yet
    when you look at why it is mostly a way to allow different applications
    running on a MS OS that require different DLLs to live together happily
    on the same hardware. All this for a 5~20% hit on server performance
    over native mode....with Unix and linux you just run them....yet another
    layer being added into hide yet another flaw in the MS OS......

    regards

    Thing
     
    thingy, Mar 27, 2006
    #9
  10. On Mon, 27 Mar 2006 07:43:03 +1200, someone purporting to be whoisthis
    didst scrawl:

    > In article <>,
    > Matthew Poole <> wrote:

    *SNIP*
    > And of course because linux is of limited interest to criminals because
    > of the much lower numbers (and I do accept better security model as I
    > run Macs for the same reason) they exploits probably are these they are
    > just no found.
    >

    Reported bugs has nothing to do with the availability of exploits for
    them. Most bugs in Firefox and the Linux kernel are never exploited, and
    many bugs in IE are never exploited.

    > And of course to be balanced it should be noted that Unix is more than
    > twice as old as Windows so it has had an extra 20 years to work out the
    > issues !


    Unix != Linux! There is no connection between the Linux kernel and Unix,
    so the age of Unix matters not a jot. If we were discussing the BSD's it
    would be a valid comparison, as they are direct descendants of AT&T's
    Unix, but we're not.

    --
    Matthew Poole
    "Don't use force. Get a bigger hammer."
     
    Matthew Poole, Mar 27, 2006
    #10
  11. On Mon, 27 Mar 2006 11:06:49 +1200, thingy wrote:

    >> And of course because linux is of limited interest to criminals because
    >> of the much lower numbers (and I do accept better security model as I
    >> run Macs for the same reason) they exploits probably are these they are
    >> just no found.

    >
    > Yes Apache and Linux run 3 times the web servers that run on MS & ISS,
    > so if you want to infect web browsers via the web do it via an infected
    > Apache server, this is so happening....


    LOLOL!

    Nice! :eek:)


    Have A Nice Cup of Tea

    --
    Jeffrey Jaffe, Novell CTO: "What many people are discovering is that the
    Linux desktop works just fine."
     
    Have A Nice Cup of Tea, Mar 27, 2006
    #11
  12. On Mon, 27 Mar 2006 12:39:00 +1200, thingy wrote:

    >> So why then, has Micro$oft dumped M$ WindowsNT in favour of a supposedly
    >> complete new OS called Vista?
    >>
    >> I mean, if all those years of development are anything to go by, surely
    >> also M$'s own software should be now starting to be reasonably secure -
    >> given all the patching that it has done over the years.

    >
    > and lets not forget MS's huge R&D budget......


    True!


    > Patching wont fix the fundimental design flaws that MS allowed in to
    > make applications talk to each other easily....or DLL hell.....


    Yup

    But to be fair, *nix can have dependency hell as well.


    > I find it interesting that virtaul servers seem such a popular idea. Yet
    > when you look at why it is mostly a way to allow different applications
    > running on a MS OS that require different DLLs to live together happily
    > on the same hardware. All this for a 5~20% hit on server performance
    > over native mode....with Unix and linux you just run them....yet another
    > layer being added into hide yet another flaw in the MS OS......


    Flaw after flaw after flaw after flaw.

    And then the justification "but it is impossible to produce bug free code."

    Bollocks!


    Have A Nice Cup of Tea

    --
    Jeffrey Jaffe, Novell CTO: "Our entire company does most of its work on Linux."
     
    Have A Nice Cup of Tea, Mar 27, 2006
    #12
  13. On Mon, 27 Mar 2006 13:37:54 +1200, Matthew Poole wrote:

    > Unix != Linux! There is no connection between the Linux kernel and Unix,
    > so the age of Unix matters not a jot. If we were discussing the BSD's it
    > would be a valid comparison, as they are direct descendants of AT&T's
    > Unix, but we're not.


    Hey Matthew.

    It doesn't matter that Linux is not in any way descended from AT&T's Unix.

    IBM's zOS is a mainframe operating system completely unrelated to AT&T's
    Unix, but it has been accredited the right to use the name "UNIX" because
    it conforms to the single UNIX specification as published by the Open
    Group.

    If Linux conforms to that specification, then it too can apply to use the
    "UNIX" name.

    I don't know if Linux does or does not conform. But I believe the
    intention is that it should conform.

    IIRC M$ made M$WinNT possix compliant as well. Didn't it?


    Have A Nice Cup of Tea

    --
    "Vista - I wouldn't buy it with someone else's money. Then again What do I
    know, I've only been testing the dog for the last 2-3 yrs..."
     
    Have A Nice Cup of Tea, Mar 27, 2006
    #13
  14. On Mon, 27 Mar 2006 19:34:17 +1200, someone purporting to be Have A Nice
    Cup of Tea didst scrawl:

    > On Mon, 27 Mar 2006 13:37:54 +1200, Matthew Poole wrote:
    >
    >> Unix != Linux! There is no connection between the Linux kernel and Unix,
    >> so the age of Unix matters not a jot. If we were discussing the BSD's it
    >> would be a valid comparison, as they are direct descendants of AT&T's
    >> Unix, but we're not.

    >
    > Hey Matthew.
    >
    > It doesn't matter that Linux is not in any way descended from AT&T's Unix.
    >

    Of course it does. You cannot make claims related to the age of the
    codebase if a product doesn't draw on that codebase to begin with.

    > IBM's zOS is a mainframe operating system completely unrelated to AT&T's
    > Unix, but it has been accredited the right to use the name "UNIX" because
    > it conforms to the single UNIX specification as published by the Open
    > Group.
    >

    Yes, that's right. But Linux is not Unix, and even if it were to be
    accredited by the Open Group it would still not be a descendant of AT&T's
    Unix. zOS isn't a descendant either.

    > If Linux conforms to that specification, then it too can apply to use the
    > "UNIX" name.
    >

    Irrelevant.

    > I don't know if Linux does or does not conform. But I believe the
    > intention is that it should conform.
    >

    Linus has said that he doesn't intend to seek accreditation, for matters
    of cost if nothing else.

    > IIRC M$ made M$WinNT possix compliant as well. Didn't it?
    >

    Yes, NT was Posix 1.x compliant. That's not enough to make it "Unix",
    though.

    --
    Matthew Poole
    "Don't use force. Get a bigger hammer."
     
    Matthew Poole, Mar 27, 2006
    #14
  15. On Mon, 27 Mar 2006 19:43:34 +1200, Matthew Poole wrote:

    >> It doesn't matter that Linux is not in any way descended from AT&T's Unix.
    >>

    > Of course it does. You cannot make claims related to the age of the
    > codebase if a product doesn't draw on that codebase to begin with.
    >
    >> IBM's zOS is a mainframe operating system completely unrelated to AT&T's
    >> Unix, but it has been accredited the right to use the name "UNIX" because
    >> it conforms to the single UNIX specification as published by the Open
    >> Group.
    >>

    > Yes, that's right. But Linux is not Unix, and even if it were to be
    > accredited by the Open Group it would still not be a descendant of AT&T's
    > Unix. zOS isn't a descendant either.


    Linux is not descended from AT&T's Unix code base. That does not mean it
    is not intent on providing a fully functional replica of the Unix API.

    I also believe that when I said "zOS is ... completely unrelated to AT&T's
    Unix" I was indicating that it was not a descent from AT&T's original Unix
    code base.

    Hover that does not mean zOS is not these days a variety of Unix.


    Have A Nice Cup of Tea

    --
    Judge John Daniel Tinder, United States District Court: "The GPL
    encourages, rather than discourages, free competition and the
    distribution of computer operating systems, the benefits of which
    directly pass to consumers."
     
    Have A Nice Cup of Tea, Mar 27, 2006
    #15
  16. On Tue, 28 Mar 2006 01:51:54 +1200, someone purporting to be Have A Nice
    Cup of Tea didst scrawl:

    > On Mon, 27 Mar 2006 19:43:34 +1200, Matthew Poole wrote:
    >

    *SNIP*
    >> Yes, that's right. But Linux is not Unix, and even if it were to be
    >> accredited by the Open Group it would still not be a descendant of AT&T's
    >> Unix. zOS isn't a descendant either.

    >
    > Linux is not descended from AT&T's Unix code base. That does not mean it
    > is not intent on providing a fully functional replica of the Unix API.
    >

    You talked about it having had 20 years of development. IT HASN'T! No
    matter what you're aiming for when you start a project, if you start it
    from scratch you can claim precisely zero of the work done on any other
    project when it comes to the bug-free-ness of your own code.

    > I also believe that when I said "zOS is ... completely unrelated to AT&T's
    > Unix" I was indicating that it was not a descent from AT&T's original Unix
    > code base.
    >
    > Hover that does not mean zOS is not these days a variety of Unix.
    >

    It's still not descended from AT&T's Unix. It's a parallel development of
    a Unix system. IBM certainly wouldn't claim to have fewer bugs due to the
    age of the Unix line, because that would be utter bollocks. They might
    have a better idea of what kind of things can and cannot be done in
    certain ways, but they've written the code themselves.

    --
    Matthew Poole
    "Don't use force. Get a bigger hammer."
     
    Matthew Poole, Mar 27, 2006
    #16
  17. On Tue, 28 Mar 2006 08:18:45 +1200, Matthew Poole wrote:

    > You talked about it having had 20 years of development. IT HASN'T!


    Sorry - wrong. *I* didn't say that.


    Have A Nice Cup of Tea

    --
    "Vista - I wouldn't buy it with someone else's money. Then again What do I
    know, I've only been testing the dog for the last 2-3 yrs..."
     
    Have A Nice Cup of Tea, Mar 27, 2006
    #17
  18. On Tue, 28 Mar 2006 08:18:45 +1200, Matthew Poole wrote:

    >> I also believe that when I said "zOS is ... completely unrelated to AT&T's
    >> Unix" I was indicating that it was not a descent from AT&T's original Unix
    >> code base.
    >>
    >> Hover that does not mean zOS is not these days a variety of Unix.
    >>

    > It's still not descended from AT&T's Unix.


    Look, mate. Try reading what I typed!

    "...completely unrelated..."


    Have A Nice Cup of Tea

    --
    "Vista - I wouldn't buy it with someone else's money. Then again What do I
    know, I've only been testing the dog for the last 2-3 yrs..."
     
    Have A Nice Cup of Tea, Mar 27, 2006
    #18
  19. Have A Nice Cup of Tea

    Bette Noir Guest

    On , , Mon, 27 Mar 2006 08:47:40 +1200, Re: ANOTHER security flaw
    in M$IE being exploited, Invisible <> wrote:

    >On Mon, 27 Mar 2006 02:24:52 +1200, Have A Nice Cup of Tea <> wrote:
    >
    >>http://www.microsoft-watch.com/article2/0,1995,1942732,00.asp?kc=MWRSS02129TX1K0000535
    >>
    >>How many weeks have past since the last one?
    >>
    >>

    >Got hard-on?


    "When was the last time you had an election?"
    "Lite before bleakfast!"

    Who said that?


    >


    ---
     
    Bette Noir, Mar 28, 2006
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. NIST.org
    Replies:
    38
    Views:
    1,495
  2. Au79
    Replies:
    0
    Views:
    505
  3. Au79
    Replies:
    22
    Views:
    1,029
  4. Au79
    Replies:
    0
    Views:
    826
  5. Lawrence D'Oliveiro

    Another Fundamental Windows Security Flaw

    Lawrence D'Oliveiro, Aug 24, 2010, in forum: NZ Computing
    Replies:
    23
    Views:
    780
    Lawrence D'Oliveiro
    Sep 9, 2010
Loading...

Share This Page