Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Microsoft Office 2003 Attack Code Comes from Angry Hacker, Linux is Safe

  • Subject: [News] Microsoft Office 2003 Attack Code Comes from Angry Hacker, Linux is Safe
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Sat, 16 Feb 2008 13:07:07 +0000
  • Newsgroups: comp.os.linux.advocacy
  • Organization: Netscape / schestowitz.com
  • User-agent: KNode/0.10.4
Bug-finder gets no credit from Microsoft

,----[ Quote ]
| When a hacker going by the name Chujwamwdupe published attack code that 
| exploited a recently patched bug in Microsoft Office 2003 earlier this week, 
| it looked almost as if he were publishing the software out of spite.  
`----

http://www.infoworld.com/article/08/02/15/bug-finder-gets-no-credit-from-Microsoft_1.html
http://tinyurl.com/2tp2v2

Flipping the Linux switch: The anti-virus question

,----[ Quote ]
| Using Linux, of course, isn't an excuse to throw all caution to the wind. 
| There are very real threats out there that aren't carried out by particularly 
| clever bits of malicious code or disguised attachments. It can not protect 
| you against phishing, for instance. But with a little due diligence, your 
| system, and data, are safe. No yearly subscription required.    
`----

http://www.downloadsquad.com/2008/02/14/flipping-the-linux-switch-the-anti-virus-question/

Doom and Gloom! Oh My! Linux Kernal in Trouble?

,----[ Quote ]
| Here’s the operative bit: “They could be exploited by malicious, *local* 
| users to cause denial of service attacks, disclose potentially sensitive 
| information or gain “root” privileges, according “to security experts.” So, 
| if someone sneaks into your house when you’re not there and boots up the 
| computer, logs in with a VALID user account with privileges to compile code, 
| they could get access to your computer… Ooh, scary!     
| 
| Of course, the same evil user could just put a ‘Live’ CD in your CD drive, 
| boot off it, then mount your hard drive and get your data that way. They 
| could open the easy slide off-side of your computer, plug a USB adapter into 
| your drive and mount it with a notebook, too. Failing all of that, they could 
| pick up your whole computer and walk off with it.     
`----

http://www.tmgstudio.com/node/63


In the past week alone:

Exploit Code Surfaces For Microsoft Works Vulnerability

http://www.informationweek.com/news/showArticle.jhtml?articleID=206504526


Microsoft: Critical patch goes missing

,----[ Quote ]
| Busy day for IT departments but key fix goes AWOL
`----

http://www.computerworlduk.com/technology/operating-systems/windows/news/index.cfm?newsid=7467


Microsoft dishes out six critical updates

,----[ Quote ]
| They all focus on flaws in the programs that could allow remote code 
| execution. Affected systems are those running Windows XP, Windows Vista and 
| Windows Server 2003  
`----

http://www.theregister.co.uk/2008/02/13/patch_tuesday_february/


Microsoft fixes 17 flaws in 11 patches; 6 are 'critical'

,----[ Quote ]
| Microsoft on Tuesday released its February 2008 security bulletin, which 
| includes 11 bulletins, six of which are deemed "critical" by Microsoft, while 
| five are deemed "important." One bulletin, suggested in the advance notice 
| posted Thursday, failed to be released Tuesday.   
`----

http://www.news.com/8301-10789_3-9870399-57.html?part=rss&subj=news&tag=2547-1_3-0-20


Related:

Microsoft quietly tackles known Wi-Fi flaw

,----[ Quote ]
| Microsoft has quietly posted an update found here. The update
| prevents a Windows wireless client on a laptop from advertising
| its preferred wireless network list to the world at large.
| 
| But the update appears to leave open the larger problem, which
| is having your laptop connect to a criminal rogue access point
| with the same default name as one of your preferred home networks.
`----

http://news.com.com/2061-10789_3-6143573.html?part=rss&tag=2547-1_3-0-20&subj=news


Vista SP1 will contain undocumented fixes

,----[ Quote ]
| Interesting email in today mailbag:  “Will SP1 contain undisclosed or 
| undocumented security fixes?” 
| 
| For some people, counting the number of security flaws that one OS has 
| compared to another is important because it offers a metric upon which to  
| determine which OS is the most secure (personally, I feel that it’s a bogus 
| metric, but I’ll let it slide for now).  However, many claim that Microsoft 
| stacks the deck in its favor by not disclosing a full list of vulnerabilities 
| that have been patched by omitting to include those discovered and patched 
| in-house.      
`----

http://blogs.zdnet.com/hardware/?p=1225


Critical Vulnerability in Microsoft Metrics

,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the 
| vulnerabilities that are found through the QA process and the vulnerabilities 
| that are found by the security folks they engage as contractors to perform 
| penetration testing are fixed in service packs and major updates. For 
| Microsoft this makes sense because these fixes get the benefit of a full test 
| pass which is much more robust for a service pack or major release than it is 
| for a security update.      
`----

http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/


http://antitrust.slated.org/www.iowaconsumercase.org/011607/3000/PX03096.pdf


Skeletons in Microsoft’s Patch Day closet

,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently 
| fixing vulnerabilities in its bulletins — a controversial practice that 
| effectively reduces the number of publicly documented bug fixes (for those 
| keeping count) and affects patch management/deployment decisions.   
`----

http://blogs.zdnet.com/security/?p=316


Beware of undisclosed Microsoft patches

,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts 
| that Microsoft brass use to compare its security record with those 
| of its competitors. What do you think of Redmond’s silent patching 
| practice?
`----

http://blogs.zdnet.com/microsoft/?p=527


Microsoft is Counting Bugs Again

,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a 
| good accounting.
| 
| [...]
| 
| The point: Don't count on security flaw counting. The real flaw is 
| the counting.
`----

http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index