Universities, research centers retrench after hacks | TalkBack on ZDNet

On CBS MoneyWatch: Report: Tiger to Pay Wife $60 Million

BNET Business Network:: BNET; TechRepublic; ZDNet

TalkBack 18 of 28:: Next »; « Previous

Thread View
Flat View

Windows patches are cosmetic ....: "Please state some evidence as to how MS fixes are usually a cosmetic change to hide the problem without permanently fixing offending code."

Since you are too stupid to read every day IT news, here is recent example as requested:

Windows has contained a critical flaw that could be trivially exploited at any time by any malicious hacker. By causing any Windows system to process a specially-formed URL (web-style link), the system would obediently delete all or most of the files within any specified directory. (That's not good.) This flaw is considered critical because these malicious URLs could be delivered to any Windows user through any means: via an eMail solicitation, a chat room, a newsgroup posting, a malicious web page, or even processed automatically without the user clicking anything by merely visiting a malicious web page. (That's bad.)

MS answer --> Stop processing URLs with a hidden character in it. Guess what, that is a COSMETIC fix that DID NOT FIX the problem (the URL parser).

The bad part is that a simple 3 line Javascript can do the same thing and is been know since 2001. That one doesn't even have cosmetic patch. The sample source code can be found using Google.; Posted by: wackoae Posted on: 04/15/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Attacks more widespread then initially thought ShadeTree | 04/15/04

More troubling than this? Jose Jimenez | 04/15/04

Not a very intelligent response ShadeTree | 04/15/04

What attack? Jose Jimenez | 04/15/04

Deeply flawed... ShadeTree | 04/15/04

Windows is deeply flawed voska | 04/15/04

I don't think shadetree was attacking linux Monkey_MCSE | 04/15/04

YEAH it is cancelled@... | 04/15/04

And my response is labeled "Not Intelligent".. Jose Jimenez | 04/15/04

Linux patch management Yagotta B. Kidding | 04/15/04

WAKE UP CALL FOR PATCHING ON LINUX cancelled@... | 04/15/04

Don't you read? Martin Marvinski | 04/15/04

RE: Don't you read cancelled@... | 04/15/04

Oh - great!! quietLee | 04/15/04

Not Patch Management thomasmac | 04/16/04

Same thing under Windows ... wackoae | 04/15/04

RE:Same thing under Windows ... cancelled@... | 04/15/04

Windows patches are cosmetic .... wackoae | 04/15/04

so you are saying V Sanders | 04/16/04

Nice try jalenhunter | 04/16/04

one problem with that thought Monkey_MCSE | 04/15/04

Still ROFLMAO Loverock Davidson | 04/15/04

Grammatical correction tic swayback | 04/15/04

Likewise Solaris? Yagotta B. Kidding | 04/15/04

Another free lunch horror story............... TheTruthGiver | 04/15/04

Message has been deleted. MkIIISupra | 04/16/04

Talk is cheap sfuertes@... | 04/12/05

maybe linux should have a once a month V Sanders | 04/16/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More