__/ [ BearItAll ] on Thursday 22 June 2006 09:40 \__
> Roy Schestowitz wrote:
>
>> Third Microsoft Excel attack posted
>>
>> ,----[ Quote ]
>> | Excel users have one more reason to worry. On Tuesday, a hacker
>> | published code that takes advantage of an unpatched flaw in the
>> | Microsoft spreadsheet software, the third such exploit to be disclosed
>> | in the past week.
>> `----
>>
>>
>
http://www.networkworld.com/news/2006/062106-third-microsoft-excel-attack.html
>>
>> As I said before, this will cease to happen when Excel gets Aero Glass, so
>> the future looks bright. For OpenOffice.
>
>
> This sort of thing concidering the time Excel has been out, if it has taken
> hackers this long to find the flaw it must be a real converluted affair.
> Stand on one leg with your finger in your ear on summer solstis and there
> is an exploit.
*smile*
> I suspect we will have a few of those in Linux.
The level of serverity is what makes these inexcusable. They
compromise your computer -- your very own bread and water.
They affect other people on the network, quite naturally, in
turn.
As a Microsoft developer recently confessed, there are
dozens of dependencies among modules, some of which are
circular. This explains why testing is slow, unreliable
(incomplete), and prone to breakage (of other components
too).
The Linux kernel will not permit this, not even if you
carefully construct and exploit that is based memory
glitches (e.g. buffer overflow). The X.org vulnerability
(missing quotes) comes to mind and it's extremely rare. Like
the Ubuntu 5 negligence, it also requires that the attacker
is a local user with full user account privileges. Unless
you becomes rather mad and ponder about chaining memory
overflows, e.g. exploiting Web browser loopholes, as well as
something that resides near the kernel (IE is bad due to
proximity to the center, including setups, filesystem and so
forth)...
Best wishes,
Roy
--
Roy S. Schestowitz | "Error, no keyboard - press F1 to continue"
http://Schestowitz.com | Free as in Free Beer ¦ PGP-Key: 0x74572E8E
Cpu(s): 20.4% user, 3.7% system, 18.4% nice, 57.6% idle
http://iuron.com - semantic engine to gather information
|
|