New vulnerabilities in Microsoft software

TalkBack 9 of 58:

Next »

« Previous

• Thread View
• Flat View

In 1-2 years peope will be surprised

First, from the article:

``The first vulnerability affects MSN Messenger 6.0 and MSN Messenger 6.1 and will allow attackers to view contents of a victim's hard drive during a chat session with the victim.

Attackers "could view files through MSN Messenger on their computer," said Stephen Toulouse, security program manager for the Microsoft Security Response Center. "They can do it, and you are not necessarily aware of what they are doing."

Users that do not block anonymous callers are most vulnerable to the exploit. If anonymous callers are blocked, the attacker has to be identified on the victim's address list. To obtain particular information, such as credit card numbers, attackers have to troll the hard drive, said Toulouse. However, they can continue to comb the drive as long as the chat session lasts.

Oliver Friedrichs, senior manager for Symantec's security response team, said that victims don't actually have to be in conversation with the attacker. As long as the user permits anonymous callers to send messages, an attacker could come in and peruse Quicken files or other identifiable files that could likely contain sensitive data. However, most people block that function, so random attacks will likely be rare, he said.''

This is clearly an open door to remote access of one's owns data on the disk.

``The second medium-level risk potentially allows a hacker to take over a system by executing Internet Explorer code through a flaw in Outlook 2002.

A computer has to be configured in a particular manner, though, said Toulouse. The user has to set "Outlook Today" as their Outlook home page. ''

If a remote process can take over system control then this IS a system vulnerability.

Second: longhorn has real LONG way to go until it becomes a useful system. It wont be out until after two years (or more likely 3 or 4, given the well known MS delays).

In the last two years Linux went from a niche OS to one that has been penetrating almost all sectors from the server down to the desktop. ALL major vendors are releasing their commercial s/w under Linux. Desktop and office applications have improved very much in the last 1-2 years. Only if you haven't used Linux recently you may have the impression that the user has to do command line system management. As a matter of fact, Linux GUI apps have become as tedious and ornate as their ms windows counterparts.

About friendliness: ms windows is hostile to the point of prejudice against the occasional or the serious user. Linux management -including learning time- is MUCH LESS than the time a user / admin has to spent in re-re-...patchings, reinstalls, reboots, cleaning viruses, recovering data, ETC. This is a simple fact of life and it becomes more and more obvious to PC users that try their hand on Linux.

As for the clueless-user friendliness, this is not a reality anymore for ms windpows. Setting up even a home or a LAN ms windpows box with ADEQUATE security requires THE SAME ammount of expertise as that to do the same on Linux.

If the trends continue, by the time longhorn will be out, Linux will have a significant portion of the PC market.

-m

Posted by: michael-t   Posted on: 03/09/04 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
• Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
• Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now