, 2001-12-31
Everyone from the FBI to the L.A. Times has something scary to say about the new XP vulnerability. Here's why they all have it wrong.
Expand all |
Post comment
Fear, Uncertainty and Doubt, Inc.
2001-12-31
Anonymous (1 replies)
Anonymous (1 replies)
RE: Fear, Uncertainty and Doubt, Inc.
2001-12-31
J Horner <jjhorner@bellsouth.net> (2 replies)
J Horner <jjhorner@bellsouth.net> (2 replies)
RE: Fear, Uncertainty and Doubt, Inc.
2001-12-31
Anonymous (1 replies)
Anonymous (1 replies)
Fear, Uncertainty and Doubt, Inc.
2001-12-31
Anonymous (2 replies)
Anonymous (2 replies)
No worm? Tim, lay off the meds
2001-12-31
Anonymous (9 replies)
Anonymous (9 replies)
A lesson in comprehension...
2002-01-02
Anonymous (1 replies)
Anonymous (1 replies)
A lesson in... Comprehend this: MS has 36+Billion in Liquidity (4x next on list)
2002-01-06
gained by monopoly + inferior product = superior pricing (does this compute?) (1 replies)
gained by monopoly + inferior product = superior pricing (does this compute?) (1 replies)
A lesson in... Comprehend this: MS has 36+Billion in Liquidity (4x next on list)
2002-01-16
Anonymous
Anonymous
Here you go Tim, the exploit is out !
2002-01-04
Chad Cyrisse (1 replies)
Chad Cyrisse (1 replies)
And yes, media and authorities wrote some reports and/or advisories and/or really useful tools - written in pure assembly language, trying to save microsoft's xmas sales (maybe successfully did as these saved a bit of customer's trust in ms' products, yet there are a few millions vulnerable machines out there).
But these effords were at least not effective enough or just gave wrong instructions/information.
[Conspiracy theores ... i love them ... just another form of fudness.;)]
And i have to agree again with your opinon that too many people like to talk about some companies (some of them are leading the market by the way), instead of also focusing on other very important security holes [like:http://www.securityfocus.com/archive/1/246663;)].
It is a bad thing that vulnerabilities like this one exist in software installed on too many home machines, leaving the internet (but not limited only to the internet, of course) itself more than vulnerable.
Your article is very good (almost as enjoyable as eeye's advisory); i really like it ... but i have to oppose your opinion with this point:
"if you don't like ... [or it's politics; e.g. limited disclosure] then don't buy their products. Write your congressman. Get a job at Oracle. Wear a penguin T-shirt"
Yes ... or write malicious code, exploiting this vulnerability.
I think (it is more than possible) that someone will implement this vuln in a self-replicating, rapidly spreading code. Maybe it will take two additional months ... maybe three or four ... but face the fact:
There are millions of machines out there that could be directed (within a few hours) to perform attacks on the internet itself. I don't want to estimate what dramatic loss of image this could cause regarding the system's vendor or what damage such a code could cause among common economical structures ...
... "if the right people put their minds to it"!
[Just imagine ... what would happen if someone also implemented attack code on the telephony net (something like Job de Haas's research or just another dDoS perhaps).]
Again: A great article,
Der HexXer.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/50/9842#9842