On Jul 2, 9:30 am, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx> wrote:
> Spam reports rising
> Month of ActiveX bugs project begins with two Office flaws
>
> ,----[ Quote ]
> | A hacker known as shinnai kicked off his "Month of ActiveX Bugs"
> | (MoAxB) project with a bang by exposing a number of severe
> | vulnerabilities affecting OCX controls in Microsoft Office.
> `----
>
> http://scmagazine.com/us/news/article/654659/month-activex-bugs-proje...
I was about to say, "I bet the Microsoft Lawyers have already filed
for the injunctions. But I was too late - the link is already
tombstoned.
This "Month of activeX bugs" is almost as short as Octember. (Dr
Suess).
> Vista still vulnerable
>
> ,----[ Quote ]
> | Vulnerabilities in Windows Vista will plague users in coming months
> | and years, a prominent security researcher warns, despite its
> | security improvements over predecessor XP.
> `----
> http://www.smh.com.au/news/security/vista-still-vulnerable/2007/02/26...http://tinyurl.com/2o82lf
More vulnerable that what? Keep in mind that when Microsoft says
Vista is more secure than XP, they are referring to XP as shipped by
Microsoft. If one assumes no firewall, no antivirus, and default
setting of IE and Outlook, connected directly to the internet via a
Cable Modem, DSL, or Dial-up connection, XP can be "cracked" in about
12 minutes.
Just browsing e-mail or browsing the web can be enough to sponsor a
successful attack.
Of course, most XP users install McAffee, Symantic, Norton or other
commercial antivirus vendor. The intivirus vendors compete with each
other to see who can
catch the most viruses first. The goal is zero successful attacks,
but if that
fails, then they want to be able to remove or quarantine the malware
ASAP.
Microsoft's EULA for Vista actually prevents users from blocking
spyware that has been authorized by Microsoft. I'm not sure how they
are going to enforce that one (other than just shutting down your
computer), but appearantly, Microsoft is SELLING spyware access to
your computer, and they don't want end users blocking that access.
It reminds me of how the telephone company charged extra to NOT put
you in their phone book.
|
|