[News] [Rival] Another Microsoft Flaw Surfaces, More Bad Patches - Linux

This is a discussion on [News] [Rival] Another Microsoft Flaw Surfaces, More Bad Patches - Linux ; On Wed, 09 Jul 2008 15:57:57 -0400, Roy Schestowitz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Symantec Warns of New Word Attack > > ,----[ Quote ] >| Criminals have found a new way to attack ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: [News] [Rival] Another Microsoft Flaw Surfaces, More Bad Patches

  1. Re: [News] [Rival] Another Microsoft Flaw Surfaces, More Bad Patches

    On Wed, 09 Jul 2008 15:57:57 -0400, Roy Schestowitz wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Symantec Warns of New Word Attack
    >
    > ,----[ Quote ]
    >| Criminals have found a new way to attack PC users, taking advantage of what
    >| appears to be a new bug in Microsoft's Word software, according to Symantec.
    >|
    >| Symantec warned of the attack Tuesday, saying on its Web site that it had
    >| seen attackers exploiting "what is possibly an undisclosed vulnerability
    >| affecting Microsoft Word."
    > `----
    >
    > http://www.pcworld.com/article/14809...rd_attack.html


    The flaw is specific to only one version of Word. Word 2000 SP3. This is
    not a broad attack, no other versions appear to be affected.

    > Microsoft update kills ZoneAlarm
    >
    > ,----[ Quote ]
    >| PUNTERS who use the ZoneAlarm security package might not want to install MS
    >| update KB951748.
    > `----
    >
    > http://www.theinquirer.net/gb/inquir...t-update-kills
    >
    > More productivity sinks for the company that made horrible
    > engineering 'acceptable'.


    The problem is most likely with Zone Alarms software. Firewalls, in
    particular, are very sensitive to internal changes. That's just the cost
    of doing business at a kernel level. Lots of software breaks in Linux when
    the kernel gets updated too, and often requires at a minimum a recompile,
    sometimes actual code changes.

    Don't act like this is a problem specific to Windows.

    > Recent (on fixing a flaw months late, only after attacks began):


    Oh, you mean like the recent multi-vendor DNS fix that took 3.5 months to
    accomplish?

    Frequently, even in open source, security flaws are kept quiet and often
    left unfixed for months while the problem is being analyzed and worked on.
    That's just the way things work throughout the industry, including open
    source.

  2. Re: [News] [Rival] Another Microsoft Flaw Surfaces, More Bad Patches

    Erik Funkenbusch writes:

    > On Wed, 09 Jul 2008 15:57:57 -0400, Roy Schestowitz wrote:
    >
    >> -----BEGIN PGP SIGNED MESSAGE-----
    >> Hash: SHA1
    >>
    >> Symantec Warns of New Word Attack
    >>
    >> ,----[ Quote ]
    >>| Criminals have found a new way to attack PC users, taking advantage of what
    >>| appears to be a new bug in Microsoft's Word software, according to Symantec.
    >>|
    >>| Symantec warned of the attack Tuesday, saying on its Web site that it had
    >>| seen attackers exploiting "what is possibly an undisclosed vulnerability
    >>| affecting Microsoft Word."
    >> `----
    >>
    >> http://www.pcworld.com/article/14809...rd_attack.html

    >
    > The flaw is specific to only one version of Word. Word 2000 SP3. This is
    > not a broad attack, no other versions appear to be affected.
    >
    >> Microsoft update kills ZoneAlarm
    >>
    >> ,----[ Quote ]
    >>| PUNTERS who use the ZoneAlarm security package might not want to install MS
    >>| update KB951748.
    >> `----
    >>
    >> http://www.theinquirer.net/gb/inquir...t-update-kills
    >>
    >> More productivity sinks for the company that made horrible
    >> engineering 'acceptable'.

    >
    > The problem is most likely with Zone Alarms software. Firewalls, in
    > particular, are very sensitive to internal changes. That's just the cost
    > of doing business at a kernel level. Lots of software breaks in Linux when
    > the kernel gets updated too, and often requires at a minimum a recompile,
    > sometimes actual code changes.
    >
    > Don't act like this is a problem specific to Windows.
    >
    >> Recent (on fixing a flaw months late, only after attacks began):

    >
    > Oh, you mean like the recent multi-vendor DNS fix that took 3.5 months to
    > accomplish?
    >
    > Frequently, even in open source, security flaws are kept quiet and often
    > left unfixed for months while the problem is being analyzed and worked on.
    > That's just the way things work throughout the industry, including open
    > source.


    Or the more than a year old SSH flaw which had opened up Debian systems
    to the world undetected for so long?

  3. Re: [News] [Rival] Another Microsoft Flaw Surfaces, More Bad Patches

    On 2008-07-09, Erik Funkenbusch claimed:
    > On Wed, 09 Jul 2008 15:57:57 -0400, Roy Schestowitz wrote:
    >
    >> -----BEGIN PGP SIGNED MESSAGE-----
    >> Hash: SHA1
    >>
    >> Symantec Warns of New Word Attack
    >>
    >> ,----[ Quote ]
    >>| Criminals have found a new way to attack PC users, taking advantage of what
    >>| appears to be a new bug in Microsoft's Word software, according to Symantec.
    >>|
    >>| Symantec warned of the attack Tuesday, saying on its Web site that it had
    >>| seen attackers exploiting "what is possibly an undisclosed vulnerability
    >>| affecting Microsoft Word."
    >> `----
    >>
    >> http://www.pcworld.com/article/14809...rd_attack.html

    >
    > The flaw is specific to only one version of Word. Word 2000 SP3. This is
    > not a broad attack, no other versions appear to be affected.


    According to MICROS~1.

    Symantec, who reported the flaw, says " Initial analysis suggests that
    some Microsoft Office versions, even when fully patched, are affected
    by this exploit."

    In coming days, weeks and months I guess we'll get to see who is
    correct in the analysis: the lying, convicted monopolist, or the
    company that makes a living trying to (futilely) "protect" the products
    of the lying, convicted monopolist. I expect there will be a patch for
    several versions of Offal soon.

    --
    Failure is not an option. It comes bundled with your Microsoft product.
    ---- Posted via Pronews.com - Premium Corporate Usenet News Provider ----
    http://www.pronews.com offers corporate packages that have access to 100,000+ newsgroups

  4. [News] [Rival] Another Microsoft Flaw Surfaces, More Bad Patches

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Symantec Warns of New Word Attack

    ,----[ Quote ]
    | Criminals have found a new way to attack PC users, taking advantage of what
    | appears to be a new bug in Microsoft's Word software, according to Symantec.
    |
    | Symantec warned of the attack Tuesday, saying on its Web site that it had
    | seen attackers exploiting "what is possibly an undisclosed vulnerability
    | affecting Microsoft Word."
    `----

    http://www.pcworld.com/article/14809...rd_attack.html

    Microsoft update kills ZoneAlarm

    ,----[ Quote ]
    | PUNTERS who use the ZoneAlarm security package might not want to install MS
    | update KB951748.
    `----

    http://www.theinquirer.net/gb/inquir...t-update-kills

    More productivity sinks for the company that made horrible
    engineering 'acceptable'.


    Recent (on fixing a flaw months late, only after attacks began):

    After Attacks, Microsoft Fixes Jet Database Flaw

    ,----[ Quote ]
    | Security experts say that the Jet flaw (MS08-028) should be patched first,
    | since it has already been exploited. Microsoft had previously warned of this
    | bug in a March 21 advisory.
    |
    | [...]
    |
    | Microsoft also patched two critical flaws in Word and a critical Publisher
    | bug.
    `----

    http://www.pcworld.com/businesscente...base_flaw.html


    Related:

    ,----[ Quote ]
    | Problems found in an audit of Diebold tabulation records from an Ohio
    | November 2006 election raise questions about whether the database got
    | corrupted during the tabulation of election results...
    |
    | The database is built from Microsoft's Jet database engine. The
    | * * * * * * * * * * * * * *^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    | engine, according to Microsoft, is vulnerable to corruption when a lot
    | * * * * * * * * * * * * * * * * * *^^^^^^^^^^^^^^^^^^^^^^^^
    | of concurrent activity is happening with the database, such as what
    | occurs on an election night [and Microsoft advises againt using Jet in
    | a complex environment]...
    |
    | The report mentions that election staff had trouble with the server
    | crashing and freezing on election night....
    |
    | The report notes that with punch card machines election officials used
    | to be able to determine definitively if all ballots had been counted
    | in the results....
    `----

    http://blog.wired.com/27bstroke6/200...d_vote_da.html
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.9 (GNU/Linux)

    iEYEARECAAYFAkh1GEUACgkQU4xAY3RXLo4VzwCgiSnMXKqhCs/LNrnNLtChyxza
    E8oAn2qupYUBr6994WDDUQExeLF9R1iG
    =jQaf
    -----END PGP SIGNATURE-----

+ Reply to Thread