Roy Schestowitz wrote:
> __/ [ BearItAll ] on Thursday 22 June 2006 09:40 \__
>
>> Roy Schestowitz wrote:
>>
>>> Third Microsoft Excel attack posted
>>>
>>> ,----[ Quote ]
>>> | Excel users have one more reason to worry. On Tuesday, a hacker
>>> | published code that takes advantage of an unpatched flaw in the
>>> | Microsoft spreadsheet software, the third such exploit to be disclosed
>>> | in the past week.
>>> `----
>>>
>>>
>>
>
http://www.networkworld.com/news/2006/062106-third-microsoft-excel-attack.html
>>>
>>> As I said before, this will cease to happen when Excel gets Aero Glass,
>>> so the future looks bright. For OpenOffice.
>>
>>
>> This sort of thing concidering the time Excel has been out, if it has
>> taken hackers this long to find the flaw it must be a real converluted
>> affair. Stand on one leg with your finger in your ear on summer solstis
>> and there is an exploit.
>
>
> *smile*
>
>
>> I suspect we will have a few of those in Linux.
>
>
> The level of serverity is what makes these inexcusable. They
> compromise your computer -- your very own bread and water.
> They affect other people on the network, quite naturally, in
> turn.
>
> As a Microsoft developer recently confessed, there are
> dozens of dependencies among modules, some of which are
> circular. This explains why testing is slow, unreliable
> (incomplete), and prone to breakage (of other components
> too).
>
> The Linux kernel will not permit this, not even if you
> carefully construct and exploit that is based memory
> glitches (e.g. buffer overflow). The X.org vulnerability
> (missing quotes) comes to mind and it's extremely rare. Like
> the Ubuntu 5 negligence, it also requires that the attacker
> is a local user with full user account privileges. Unless
> you becomes rather mad and ponder about chaining memory
> overflows, e.g. exploiting Web browser loopholes, as well as
> something that resides near the kernel (IE is bad due to
> proximity to the center, including setups, filesystem and so
> forth)...
>
> Best wishes,
>
> Roy
>
Yes I know all of that, but my point really is that MS although very
responsible for built in tunnels/holes available for hackers and virus
writers to use, we can't really view in the same light when a genuine bug
is found. One is design the other is a bug, and we all have a few of those
about our person, and some on our computers too.
|
|