Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Crackers Outpace Microsoft, New Vulnerability Abound. Linux Provides Fewer and Immediate Patches for Less Severe Bugs

On Fri, 13 Oct 2006 21:56:16 +0100, Roy Schestowitz wrote:

> Hackers Stepping Up Pace of Microsoft Exploits
> 
> ,----[ Quote ]
>| The cat-and-mouse game that Microsoft Corp. and hackers have been playing
>| for years escalated this week, just as the software giant was addressing
>| some of the biggest problems facing computer users.
>| 
>| On Tuesday, the company released a record 26 security fixes for the
>| Windows operating system and the widely used Office programs such as
>| Word, Excel and Outlook. Yesterday, hackers pounced again, posting on
>| the Internet information about vulnerabilities in PowerPoint 2003, one of
>| the Office programs widely used by business customers and increasingly
>| used by students.
> `----
> 
> http://www.washingtonpost.com/wp-dyn/content/article/2006/10/12/AR2006101201744.html
> 
> The usual day-after-patch (Wednesday) exploit:
> 
> PoC published for MS Office 2003 PowerPoint
> 
> ,----[ Quote ]
>| I wanted to let you know that we've been made aware of proof of concept
>| code published publicly affecting Microsoft Office 2003 PowerPoint. We
>| are currently investigating this report. The reported proof of concept
>| may allow an attacker to execute code on a user?s machine by convincing
>| them to open a specially-crafted PowerPoint file. We are not aware of
>| any attacks attempting to use the reported vulnerability or of customer
>| impact at this time. 
> `----
> 
> http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx
> 
> The release of Windows Vista, even if (hypothetically speaking) it got
> embraced fully over time, would be no remedy. Links follow.
> 
> 
> Windows kernel protection expected to break soon
> 
> ,----[ Quote ]
>| PatchGuard, a Microsoft technology to protect key parts of Windows,
>| will be hacked sooner rather than later, a security expert said Thursday.
> `----
> 
> http://news.zdnet.com/2100-1009_22-6125274.html
> 
> Windows Vista: It's More Secure, We Promise
> 
> ,----[ Quote ]
>| Well, allow me to take a moment to remind everyone of something that
>| you might not remember - XP was also touted as being ultra secure.
>| Seriously, can anyone honestly look themselves in the mirror and say 
>| this is the gospel truth? You have got to be kidding me. Similar to
>| XP, Microsoft promises to have the most secure Windows version to date
>| yet again.
> `----
> 
> http://www.osweekly.com/index.php?option=com_content&task=view&id=2357&Itemid=449
> 
> Perspective: Why Microsoft is wrong on Vista security
> 
> ,----[ Quote ]
>| The net-net is that the user is demonstrably less safe as compared to
>| during the XP days, when security vendors could use their advanced
>| behavioral features.
> `----
> 
> http://news.com.com/Why+Microsoft+is+wrong+on+Vista+security/2010-7349_3-6123924.html
> http://tinyurl.com/fdhzw
> 
> IE 7 bugs abound
> 
> ,----[ Quote ]
>| "But browser testers may already be at risk, according to security 
>| researcher Tom Ferris. Late Tuesday, Ferris released details of a potential 
>| security flaw in IE 7. An attacker could exploit the flaw by crafting a 
>| special Web page that could be used to crash the browser or gain complete 
>| control of a vulnerable system, Ferris said in an advisory on his Web site. 
>| Microsoft had no immediate comment on Ferris' alert."
> `----
> 
> http://news.com.com/2100-1002_3-6034054.html?part=rss&tag=6034054&subj=news
> 
> Black Hat Takes Vista to Task
> 
> ,----[ Quote ]
>| She demonstrated two potential attack vectors. One could allow unsigned
>| code to be loaded into the Vista kernel. The second vector involved
>| taking advantage of AMD's Pacific Hardware Virtualization to inject a
>| new form of super malware that Rutkowska claimed to be undetectable.
> `----
> 
>                 http://www.internetnews.com/security/article.php/3624861
> 
> Symantec highlights Windows Vista user vulnerabilities
> 
> ,----[ Quote ]
>| Symantec has shed more light on potential vulnerabilities in Windows
>| Vista that could circumvent new security measures and leave users
>| vulnerable to attack.
> `----
> 
> http://www.theregister.co.uk/2006/08/02/symantec_windows_vista_security/
> 
> Symantec continues Vista bug hunt
> 
> ,----[ Quote ]
>| After poking around the Windows Vista networking stack, Symantec
>| researchers have tried out privilege-escalation attacks on an early
>| version of the Windows XP successor.
>|
>| "We discovered a number of implementation flaws that continued to allow
>| a full machine compromise to occur," Matthew Conover, principal
>| security researcher at Symantec, wrote in the report titled "Attacks
>| against Windows Vista's Security Model." The report was made available
>| to Symantec customers last week and is scheduled for public release
>| sometime before Vista ships, a Symantec representative said Monday.
> `----
> 
>                 http://news.zdnet.com/2100-1009_22-6097976.html
> 
> Six reasons you'll hate networking in Windows Vista
> 
> ,----[ Quote ]
>| Author finds some details 'maddening,' 'brain dead' and 'laughably
>| rudimentary.'
> `----
> 
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003835&pageNumber=1
> 
> Symantec Finds Flaws In Vista's Network Stack
> 
> ,----[ Quote ]
>| Researchers with Symantec's advanced threat team poked through
>| Vista's new network stack in several recent builds of the
>| still-under-construction operating system, and found several bugs
>| -- some of which have been fixed, including a few in  Monday's
>| release -- as well as broader evidence that the rewrite of the
>| networking code could easily lead to problems.
>|
>| [...]
>|
>| Among Newsham's and Hoagland's conclusions: "The amount of new
>| code present in Windows Vista provides many opportunities for
>| new defects."
>|
>| "It's true that some of the things we found were 'low-hanging
>| fruit,' and that some are getting fixed in later builds,"
>| said Friedrichs. "But that begs the question of what else
>| is in there?"
> `----
> 
> http://www.techweb.com/wire/security/190700049;jsessionid=MWLALDT21M1...
> 
> Symantec Says Windows Vista Will be Less Secure than XP
> 
> ,----[ Snippet ]
>| Symantec said earlier last week that there were no viruses for Apple's
>| OS X.
> `----
> 
>                         http://www.dailytech.com/article.aspx?newsid=3389
> 
> Symantec sees an Achilles' heel in Vista
> 
> ,----[ Quote ]
>| Some of Microsoft's efforts to make Windows Vista its most stable and
>| secure operating system ever could cause instability and new security
>| flaws, according to a Symantec report.
>|
>| [...]
>|
>| "Microsoft has removed a large body of tried and tested code and
>| replaced it with freshly written code, complete with new corner cases
>| and defects," the researchers wrote in the report, scheduled for
>| publication Tuesday.
> `----
> 
>                 http://news.zdnet.com/2100-1009_22-6095119.html 
> 
> McAfee: Microsoft completely unrealistic on Vista
> 
> ,----[ Quote ]
>| Windows Vista does not ship with antivirus software installed and active,
>| but for the first time Microsoft will be promoting their own antivirus
>| service in Windows OneCare. Alex Eckelberry, CEO of Sunbelt Software,
>| has already called Microsoft's plans predatory based on pricing. McAfee
>| is focusing its critique on operating system design, arguing instead that
>| Microsoft's decisions with Vista will simply make the operating system
>| less secure.
>| 
>| In the advertisement, McAfee CEO George Samunek is quoted as saying,
>| "Microsoft is being completely unrealistic if, by locking security
>| companies out of the kernel, it thinks hackers won't crack Vista's kernel.
>| In fact, they already have." The advert continues: "With its upcoming
>| Vista operating system, Microsoft is embracing the flawed logic that
>| computers will be more secure if it stops co-operating with the
>| independent security firms."
> `----
> 
> http://arstechnica.com/news.ars/post/20061002-7875.html
> 
> 
> Cisco exec: Windows Vista is scary
> 
> ,----[ Quote ]
>| "Parts of Vista scare me," Gleichauf said at the Gartner Security Summit
>| here on Monday. "Anything with that level of systems complexity will have
>| new threats, as well as bringing new solutions. It's always a struggle
>| in security, trying to build for what you don't know."
> `----
> 
> http://news.zdnet.com/2100-1009_22-6116823.html
> 
> ,----[ Quote ]
>| "Up to 60% of the code in the new consumer version of Microsoft new Vista
>| operating system is set to be rewritten as the Company 'scrambles' to fix
>| internal problems a Microsoft insider has confirmed to SHN... Microsoft has
>| also admitted that it has major problems in it's Windows division and has
>| has immediately initiated a total restructure of the division..."
> `----
> 
> 
> http://www.smarthouse.com.au/Computing/Platforms?Article=/Computing/Platforms/R7G5G6U4
> 
> This should motivate everyone to step up and migrate to GNU/Linux. Windows
> seems like a dead-end project, so better put the money on the stronger
> stallion. Better sooner than later.

More reposts upon reposts of the same articles you've posted a dozen times
before.  

And I like the quick little blurb that tries to make all this non-Linux
related content look like it belongs here.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index