Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Excel Gets THIRD Exploit

Roy Schestowitz wrote:

> __/ [ BearItAll ] on Thursday 22 June 2006 09:40 \__
> 
>> Roy Schestowitz wrote:
>> 
>>> Third Microsoft Excel attack posted
>>> 
>>> ,----[ Quote ]
>>> | Excel users have one more reason to worry. On Tuesday, a hacker
>>> | published code that takes advantage of an unpatched flaw in the
>>> | Microsoft spreadsheet software, the third such exploit to be disclosed
>>> | in the past week.
>>> `----
>>> 
>>>
>>
>
http://www.networkworld.com/news/2006/062106-third-microsoft-excel-attack.html
>>> 
>>> As I said before, this will cease to happen when Excel gets Aero Glass,
>>> so the future looks bright. For OpenOffice.
>> 
>> 
>> This sort of thing concidering the time Excel has been out, if it has
>> taken hackers this long to find the flaw it must be a real converluted
>> affair. Stand on one leg with your finger in your ear on summer solstis
>> and there is an exploit.
> 
> 
> *smile*
> 
> 
>> I suspect we will have a few of those in Linux.
> 
> 
> The level of serverity is what makes these inexcusable. They
> compromise  your computer -- your very own bread and  water.
> They affect other people on the network, quite naturally, in
> turn.
> 
> As  a  Microsoft  developer recently  confessed,  there  are
> dozens  of  dependencies  among modules, some of  which  are
> circular.  This  explains  why testing is  slow,  unreliable
> (incomplete),  and  prone to breakage (of  other  components
> too).
> 
> The  Linux  kernel  will not permit this, not  even  if  you
> carefully  construct  and  exploit  that  is  based   memory
> glitches  (e.g.  buffer overflow). The  X.org  vulnerability
> (missing quotes) comes to mind and it's extremely rare. Like
> the  Ubuntu 5 negligence, it also requires that the attacker
> is  a  local user with full user account privileges.  Unless
> you  becomes  rather  mad and ponder about  chaining  memory
> overflows, e.g. exploiting Web browser loopholes, as well as
> something  that  resides near the kernel (IE is bad  due  to
> proximity to the center, including setups, filesystem and so
> forth)...
> 
> Best wishes,
> 
> Roy
> 

Yes I know all of that, but my point really is that MS although very
responsible for built in tunnels/holes available for hackers and virus
writers to use, we can't really view in the same light when a genuine bug
is found. One is design the other is a bug, and we all have a few of those
about our person, and some on our computers too.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index