Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Crackers Outpace Microsoft, New Vulnerability Abound. Linux Provides Fewer and Immediate Patches for Less Severe Bugs

  • Subject: [News] Crackers Outpace Microsoft, New Vulnerability Abound. Linux Provides Fewer and Immediate Patches for Less Severe Bugs
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Fri, 13 Oct 2006 21:56:16 +0100
  • Newsgroups: comp.os.linux.advocacy
  • Organization: schestowitz.com / ISBE, Manchester University / ITS / Netscape / MCC
  • Reply-to: newsgroups@xxxxxxxxxxxxxxx
  • User-agent: KNode/0.7.2
Hackers Stepping Up Pace of Microsoft Exploits

,----[ Quote ]
| The cat-and-mouse game that Microsoft Corp. and hackers have been playing
| for years escalated this week, just as the software giant was addressing
| some of the biggest problems facing computer users.
| On Tuesday, the company released a record 26 security fixes for the
| Windows operating system and the widely used Office programs such as
| Word, Excel and Outlook. Yesterday, hackers pounced again, posting on
| the Internet information about vulnerabilities in PowerPoint 2003, one of
| the Office programs widely used by business customers and increasingly
| used by students.


The usual day-after-patch (Wednesday) exploit:

PoC published for MS Office 2003 PowerPoint

,----[ Quote ]
| I wanted to let you know that we've been made aware of proof of concept
| code published publicly affecting Microsoft Office 2003 PowerPoint. We
| are currently investigating this report. The reported proof of concept
| may allow an attacker to execute code on a user?s machine by convincing
| them to open a specially-crafted PowerPoint file. We are not aware of
| any attacks attempting to use the reported vulnerability or of customer
| impact at this time. 


The release of Windows Vista, even if (hypothetically speaking) it got
embraced fully over time, would be no remedy. Links follow.

Windows kernel protection expected to break soon

,----[ Quote ]
| PatchGuard, a Microsoft technology to protect key parts of Windows,
| will be hacked sooner rather than later, a security expert said Thursday.


Windows Vista: It's More Secure, We Promise

,----[ Quote ]
| Well, allow me to take a moment to remind everyone of something that
| you might not remember - XP was also touted as being ultra secure.
| Seriously, can anyone honestly look themselves in the mirror and say 
| this is the gospel truth? You have got to be kidding me. Similar to
| XP, Microsoft promises to have the most secure Windows version to date
| yet again.


Perspective: Why Microsoft is wrong on Vista security

,----[ Quote ]
| The net-net is that the user is demonstrably less safe as compared to
| during the XP days, when security vendors could use their advanced
| behavioral features.


IE 7 bugs abound

,----[ Quote ]
| "But browser testers may already be at risk, according to security 
| researcher Tom Ferris. Late Tuesday, Ferris released details of a potential 
| security flaw in IE 7. An attacker could exploit the flaw by crafting a 
| special Web page that could be used to crash the browser or gain complete 
| control of a vulnerable system, Ferris said in an advisory on his Web site. 
| Microsoft had no immediate comment on Ferris' alert."


Black Hat Takes Vista to Task

,----[ Quote ]
| She demonstrated two potential attack vectors. One could allow unsigned
| code to be loaded into the Vista kernel. The second vector involved
| taking advantage of AMD's Pacific Hardware Virtualization to inject a
| new form of super malware that Rutkowska claimed to be undetectable.


Symantec highlights Windows Vista user vulnerabilities

,----[ Quote ]
| Symantec has shed more light on potential vulnerabilities in Windows
| Vista that could circumvent new security measures and leave users
| vulnerable to attack.


Symantec continues Vista bug hunt

,----[ Quote ]
| After poking around the Windows Vista networking stack, Symantec
| researchers have tried out privilege-escalation attacks on an early
| version of the Windows XP successor.
| "We discovered a number of implementation flaws that continued to allow
| a full machine compromise to occur," Matthew Conover, principal
| security researcher at Symantec, wrote in the report titled "Attacks
| against Windows Vista's Security Model." The report was made available
| to Symantec customers last week and is scheduled for public release
| sometime before Vista ships, a Symantec representative said Monday.


Six reasons you'll hate networking in Windows Vista

,----[ Quote ]
| Author finds some details 'maddening,' 'brain dead' and 'laughably
| rudimentary.'


Symantec Finds Flaws In Vista's Network Stack

,----[ Quote ]
| Researchers with Symantec's advanced threat team poked through
| Vista's new network stack in several recent builds of the
| still-under-construction operating system, and found several bugs
| -- some of which have been fixed, including a few in  Monday's
| release -- as well as broader evidence that the rewrite of the
| networking code could easily lead to problems.
| [...]
| Among Newsham's and Hoagland's conclusions: "The amount of new
| code present in Windows Vista provides many opportunities for
| new defects."
| "It's true that some of the things we found were 'low-hanging
| fruit,' and that some are getting fixed in later builds,"
| said Friedrichs. "But that begs the question of what else
| is in there?"


Symantec Says Windows Vista Will be Less Secure than XP

,----[ Snippet ]
| Symantec said earlier last week that there were no viruses for Apple's
| OS X.


Symantec sees an Achilles' heel in Vista

,----[ Quote ]
| Some of Microsoft's efforts to make Windows Vista its most stable and
| secure operating system ever could cause instability and new security
| flaws, according to a Symantec report.
| [...]
| "Microsoft has removed a large body of tried and tested code and
| replaced it with freshly written code, complete with new corner cases
| and defects," the researchers wrote in the report, scheduled for
| publication Tuesday.


McAfee: Microsoft completely unrealistic on Vista

,----[ Quote ]
| Windows Vista does not ship with antivirus software installed and active,
| but for the first time Microsoft will be promoting their own antivirus
| service in Windows OneCare. Alex Eckelberry, CEO of Sunbelt Software,
| has already called Microsoft's plans predatory based on pricing. McAfee
| is focusing its critique on operating system design, arguing instead that
| Microsoft's decisions with Vista will simply make the operating system
| less secure.
| In the advertisement, McAfee CEO George Samunek is quoted as saying,
| "Microsoft is being completely unrealistic if, by locking security
| companies out of the kernel, it thinks hackers won't crack Vista's kernel.
| In fact, they already have." The advert continues: "With its upcoming
| Vista operating system, Microsoft is embracing the flawed logic that
| computers will be more secure if it stops co-operating with the
| independent security firms."


Cisco exec: Windows Vista is scary

,----[ Quote ]
| "Parts of Vista scare me," Gleichauf said at the Gartner Security Summit
| here on Monday. "Anything with that level of systems complexity will have
| new threats, as well as bringing new solutions. It's always a struggle
| in security, trying to build for what you don't know."


,----[ Quote ]
| "Up to 60% of the code in the new consumer version of Microsoft new Vista
| operating system is set to be rewritten as the Company 'scrambles' to fix
| internal problems a Microsoft insider has confirmed to SHN... Microsoft has
| also admitted that it has major problems in it's Windows division and has
| has immediately initiated a total restructure of the division..."


This should motivate everyone to step up and migrate to GNU/Linux. Windows
seems like a dead-end project, so better put the money on the stronger
stallion. Better sooner than later.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index