I read Mr. Mullens article via a link on the Register. It seemed to be a valid article until I reached the end of the article and saw "related links". One was entitled "MS warns of severe universal plug & play security hole". ( link ).

It turns out that there's three security vulnerabilities associated with the UPnP: a buffer overflow vulnerability, a denial of service hazard, and a zombie-like remote attack hazard. Two of these vulnerabilities are avoidable if UPnP is turned off (contrary to what Mr. Mullen's article states).

As for the supposed FUD: Gee, people scream loudly when the sewer flows in the opposite direction. Who was it that classified open-source *nix's (except the one they borrowed IP stack code from) as viral?

My stance: there's not an OS out there that doesn't have problems. None is the end-all-to-be-all. Each does something better than the other. ALL of them require constant patching/updating. Get over it, fix the hole, move on to the next problem (there will always be another one).

Mr. Mullen: you need to do better research before posting such an article. With this one, you give the impression of a hidden motive (angry because someone had "gored your ox"?).



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/50/9596#9596