____/ Philip on Tuesday 18 March 2008 17:45 : \____
> Erik Funkenbusch wrote:
>> On Tue, 18 Mar 2008 03:05:39 +0000, Roy Schestowitz wrote:
>>
>>> You mean "Duke Nuken ForWindows"? For all it seems, judging by the pattern
>>> of promises and vapourware (procrastination has already begun with Windows
>>> 7 release date being pushed back by years), you might not see Windows 7 for
>>> another 5 years.
>>
>> Sorry, your track record for predicting when Microsoft will release
>> software is very poor. Remember when you were claiming Vista wouldn't be
>> released until 2010?
>
> Well then, lets just say it'll be 2010 before Vista is accepted and
> replaces all the XP hosted bots.
Vista is not secure. It's an illusion Microsoft is trying to sell. Microsoft
threw away Longhorn in 2005 and just quickly modified an XP cousin to make a
seemingly new and shiny (and heavy) O/S. See:
2008 kicks off with critical Vista/XP patch
,----[ Quote ]
| Microsoft's first set of security bulletins for 2008 may be slim, but will
| include a fix for a critical vulnerability in XP and Vista.
`----
http://www.itwire.com/content/view/15956/53/
Windows Vista Has Another New Critical Vulnerability
,----[ Quote ]
| One of the updates is considered critical for Windows Vista and XP users
| because the flaw it fixes could be used by attackers to install unauthorized
| software on a victim's computer.
`----
http://www.infoworld.com/article/08/01/03/Microsoft-prepares-two-Windows-security-updates_1.html
http://tinyurl.com/2ls6x4
Critical Vulnerability in Microsoft Metrics
,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.
`----
http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/
http://antitrust.slated.org/www.iowaconsumercase.org/011607/3000/PX03096.pdf
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
Microsoft fixes 11 flaws in 7 patches; 5 affect Windows Vista
,----[ Quote ]
| Microsoft on Tuesday released its December 2007 security bulletin, which
| includes seven updates: three are designated as critical by the software
| giant and four are deemed important.
`----
http://www.news.com/8301-10784_3-9832347-7.html?part=rss&subj=news&tag=2547-1_3-0-20
December 2007's Patch Tuesday's Going to Be Big - Really Big
,----[ Quote ]
| A Trio of Critical Patches
|
| First up is a remote code execution patch for DirectX versions 7.0 (Windows
| 2000) through 10.0 (Windows Vista).
`----
http://www.maximumpc.com/article/december_2007s_patch_tuesdays_going_to_be_big_really_big
Security hole in MS-Windows Vista on Thanksgiving
,----[ Quote ]
| Microsoft, although late, but did acknowledge that it is a flaw even in the
| latest OS (Vista) which should have been fixed long back.
`----
http://technology.millionface.com/2007/11/27/security-hole-in-ms-windows-vista-on-thanksgiving/
http://tinyurl.com/32uq44
Thirty-Six Updates Later—and Counting
,----[ Quote ]
| Over the Thanksgiving holiday, I refreshed one of my Windows Vista test
| machines. Oh my, there were so many Windows Updates.
`----
http://www.microsoft-watch.com/content/vista/thirty-six_updates_laterand_counting.html?kc=MWRSS02129TX1K0000535
http://tinyurl.com/355uqw
Vista security threats to rise in 2008: McAfee
,----[ Quote ]
| Microsoft’s Windows Vista operating system will face increasing security
| threats, according to McAfee Avert Labs predictions for top 10 security
| threats in 2008.
`----
http://www.business-standard.com/common/storypage.php?autono=304706&leftnm=8&subLeft=0&chkFlg=
Microsoft issues 6 'critical' patches
,----[ Quote ]
| The updates affect many versions of Windows, Server and Office software --
| including Windows XP and Windows Vista -- and are meant to prevent hackers
| from breaking into Web surfers' computers using specially crafted Web pages.
`----
http://news.yahoo.com/s/ap/20070814/ap_on_hi_te/microsoft_security
Buffer the Overflow Slayer v. the ActiveX Files
,----[ Quote ]
| The vulnerability was discovered by Krystian Kloskowski and is rated "highly
| critical" in this posting on Secunia. It's also discussed here on the US-Cert
| website. Proof-of-concept code can be found on MilW0rm here.
`----
http://www.theregister.co.uk/2007/08/14/sdk_spreads_vuln_love/
Microsoft plans six critical patches
,----[ Quote
| At least one of the critical vulnerabilities involves Internet Explorer 7 and
| Windows Vista, both of which were conceived under new and highly vaunted
| ^^^^^^^^^^^^^
| development rigors designed to produce more secure products.
`----
http://www.theregister.co.uk/2007/08/09/microsoft_august_patch_tuesday/
Patch Tuesday: Critical IE, Vista patches on deck
,----[ Quote ]
| Of the four criticals, two will include high-severity patches for
| Windows Vista. The bulletin rated ?moderate? only affects Vista.
`----
http://blogs.zdnet.com/security/?p=273
June Patch Tuesday to deliver Vista fixes and more
,----[ Quote ]
| Four of this month's bulletins are labelled 'critical' and
| relate to vulnerabilities that may allow remote code execution.
`----
http://www.itwire.com.au/content/view/12751/
Microsoft Plugs Critical Vista Hole
,----[ Quote ]
| Microsoft has just patched another critical hole in Vista that it
| knew about as long ago as last Christmas. The delay was similar
| to its lag in patching the serious (and heavily targeted)
| animated-cursor flaw I told you about last month.
`----
http://www.pcworld.com/article/id,132082/article.html
Microsoft Patches Not One, But Three Vista Holes
,----[ Quote ]
| Microsoft today released an update for the recently popular 'animated
| cursor' vulnerability. The update was originally scheduled for April
| 10th, but due to recent exploits, was rushed out today. The update
| wasn't just for this one vulnerability though, in Vista, it addressed two
| others, and in all covered seven vulnerabilities in Vista, XP and
| 2000.
`----
http://itsvista.com/2007/04/microsoft-patches-not-one-but-three-vista-holes/
Windows Vista's Built-in Rootkit
,----[ Quote ]
| This poor implementation of the permissions structure can be exploited
| by malware to make files that are undetectable to Anti-Virus products.
`----
http://www.jmcardle.com/blog/?p=361
More Windows cursor patch trouble
,----[ Quote
| A new issue with the fix has also come up. Some customers have
| experienced trouble when printing from SQL Reporting Services to
| a Printer Command Language (PCL) printer, Microsoft said.
`----
http://news.com.com/8301-10784_3-9710649-7.html?part=rss&subj=news&tag=2547-1_3-0-20
http://tinyurl.com/3xrm4k
Windows cursor patch causing trouble
,----[ Quote ]
| Installing Microsoft's Tuesday patch for a "critical" Windows
| vulnerability is causing trouble for some users.
`----
http://news.com.com/Windows+cursor+patch+causing+trouble/2100-1002_3-6173413.html
MS Patch Tuesday: Vista dinged again
,----[ Quote ]
| For the second time this month, Microsoft has shipped a security
| bulletin with patches for a "critical" Vista vulnerability that
| puts millions of users at risk of code execution attacks.
`----
http://blogs.zdnet.com/security/?p=161
Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago
,----[ Quote ]
| Security researchers say the Windows .ANI bug that has been plaguing
| users for the past week first surfaced -- and was patched --
| in early 2005.
`----
http://www.informationweek.com/news/showArticle.jhtml?articleID=198800828
Week in review: Cursing Windows' cursor flaw
,----[ Quote ]
| The software giant broke with its monthly patch cycle to fix a bug
| that cybercrooks had been using since last week to attack Windows
| PCs, including those running Vista.
`----
http://news.com.com/2100-1083_3-6173895.html?part=rss&tag=2547-1_3-0-20&subj=news
ANI takers for Asus website virus?
,----[ Quote ]
| Asus.com.tw, the website of Taiwanese motherboard maker Asustek,
| has been spraying visitors with the .ANI virus, security software
| makers confirmed today.
`----
http://www.theregister.co.uk/2007/04/06/asus_website_viruses/
Cursor hackers target WoW players
,----[ Quote ]
| World of Warcraft players are being targeted by hackers exploiting
| flaws in how Windows handles animated cursors.
`----
http://news.bbc.co.uk/1/hi/technology/6526851.stm
Will Next Tuesday's 3 Updates Effect Vista?
,----[ Quote ]
| I would suspect that one will be a patch for the Windows MessageBox
| exploit, so Vista should get it. Might another be for the Vista
| 'Timer/2099 Crack'? I wouldn't consider it critical, but
| Microsoft probably does.
`----
http://itsvista.com/2007/01/will-next-tuesdays-3-updates-effect-vista/
Windows Vista now has its first exploit spotted in the public
,----[ Quote ]
| Security experts have confirmed that a proof of concept code for an
| unpatched vulnerability in Windows Vista has been released on
| the internet.
`----
http://www.it-networks.org/?news=172
Windows Vista: It's More Secure, We Promise
,----[ Quote ]
| Well, allow me to take a moment to remind everyone of something that
| you might not remember - XP was also touted as being ultra secure.
| Seriously, can anyone honestly look themselves in the mirror and say
| this is the gospel truth? You have got to be kidding me. Similar to
| XP, Microsoft promises to have the most secure Windows version to date
| yet again.
`----
http://www.osweekly.com/index.php?option=com_content&task=view&id=2357&Itemid=449
Old:
Cisco exec: Windows Vista is scary
,----[ Quote ]
| "Parts of Vista scare me," Gleichauf said at the Gartner Security Summit
| here on Monday. "Anything with that level of systems complexity will have
| new threats, as well as bringing new solutions. It's always a struggle
| in security, trying to build for what you don't know."
`----
http://news.zdnet.com/2100-1009_22-6116823.html
Symantec Finds Flaws In Vista's Network Stack
,----[ Quote ]
| Researchers with Symantec's advanced threat team poked through
| Vista's new network stack in several recent builds of the
| still-under-construction operating system, and found several bugs
| -- some of which have been fixed, including a few in Monday's
| release -- as well as broader evidence that the rewrite of the
| networking code could easily lead to problems.
|
| [...]
|
| Among Newsham's and Hoagland's conclusions: "The amount of new
| code present in Windows Vista provides many opportunities for
| new defects."
|
| "It's true that some of the things we found were 'low-hanging
| fruit,' and that some are getting fixed in later builds,"
| said Friedrichs. "But that begs the question of what else
| is in there?"
`----
http://www.techweb.com/wire/security/190700049;jsessionid=MWLALDT21M1
--
~~ Best of wishes
Roy S. Schestowitz | Linux: most popular O/S, yet not most widespread
http://Schestowitz.com | RHAT GNU/Linux | PGP-Key: 0x74572E8E
run-level 2 2008-01-24 14:06 last=
http://iuron.com - help build a non-profit search engine
|
|