What is Digg?49 Comments
- Osirus1156, on 10/12/2009, -9/+56Well at least the update can't be any worse than accidentally logging into a guest account on Snow Leopard.
- milwaukeesbeast, on 10/12/2009, -1/+19Finally fixing the FTP server bug, been ***** people up since August.
You can DDOS the more recent windows servers, and on some of the older ones for windows 2000 you can get complete remote control of the server as long as you had ftp access. (and if the ftp had anonymous enabled, well then it was your own computer).
took them over 2 months - ehaugan, on 10/12/2009, -5/+17And 9 days after that, Microsoft will release an even more critical update. Codename : Windows 7.
- jackcifer07, on 10/12/2009, -4/+14I can't wait.
- Archaic1, on 10/12/2009, -2/+9This is hardly the most groundbreaking news. The record was again broken only a few months ago, and it will likely be broken again within a year given that Microsoft is concurrently supporting more operating systems than ever at the moment.
- FutureGuy, on 10/12/2009, -2/+8You cannot make antivirus software redundant for any OS as long as people use them. No amount of OS design can overcome stupid and no software is 100% bug free (unless its from Apple /s)
- czarcasm, on 10/12/2009, -1/+6*So, why isn't Microsoft or Apple held legally liable for damages caused by their incompetent coding?
-There,Fixed it.
http://digg.com/d316x5N
http://news.techworld.com/security/1798/mac-os-x-s ... - NinjaGod, on 10/12/2009, -4/+9That is like saying gun manufactures should be responsible for people getting shot.
Besides, if someone uses the car to intentionally hurt someone, is the car company still responsible? - zeth006, on 10/12/2009, -2/+6Businesses?
- netant, on 10/14/2009, -0/+4Geez, look at all the Microsoft zealots burying you.
That was the exact thought that came to my mind.
@bashmohandesx
13 packages of changes addressing 34 vulnerabilities. Do you really think Microsoft had the time to test ALL of the fixes on ALL of the software that runs on Vista (including legacy apps)? - cyssero, on 10/13/2009, -0/+4Won't take months to fix it.. oh right, just like the unpatched Java exploit in Snow Leopard that took about 4 weeks for Apple to fix.
Face it - Apple aren't as perfect as you think they are. - wshs, on 10/13/2009, -0/+3Being vulnerable to an attack is not the same as being exploitable. His software has loads of bugs, but only once (that I now know of) has any of those bugs been able to be used to gain access to a machine. Under 5 remote exploits in 10+ years is a lot better than Microsoft, or Apple, or Cisco's track record. However, I was unaware about the djbdns exploit until now, thanks for pointing that out.
- czarcasm, on 10/13/2009, -0/+3I keep ***** this reply up. Ok one more time:
djbdns:
"djbdns has never been vulnerable to the cache poisoning vulnerability reported in July 2008 , but it has been discovered that it is vulnerable to a related attack. "
"The source code has not been centrally managed since 1991 and was released into the public domain in 2007. As of March 2009 there are three forks, one of which is dbndns, the fork of the Debian Project, and more than a dozen patches to address shortcomings exist."
"In March 2009, Bernstein awarded $1000 to Matthew Dempsky for finding a security hole in djbdns.[9]"
http://en.wikipedia.org/wiki/Djbdns
----------------------------------------------------------------------------------------------------------------------------------------------------------------
qmail:
"1.1. qmail-smtpd memory exhaustion attacks
While qmail is claimed to be the most secure MTA, it is not in its default install."
http://www.dt.e-technik.uni-dortmund.de/%7Ema/qmai ...
--------------------------------------------------------------
I ***** hope I did that ***** right this time.
*palm face* - mikael110, on 10/12/2009, -1/+4http://digg.com/d316x5N
- bashmohandesx, on 10/12/2009, -3/+6Since when a windows update stop something from working, stop this nonesense please
- crackerjack20, on 10/12/2009, -2/+4Why, what happens?
- Davrioza, on 10/13/2009, -1/+3programs powering root DNS servers and mail systems != fully fledged desktop operating systems, managing an almost impossible amount of hardware setups, and infinitely many pieces of third party software. Do you seriously think it is feasible to create a fully bug free piece of software of this magnitude? If so, you are quite simply wrong.
- seltaeb4, on 10/23/2009, -0/+2Don't know much about history, do you?
- V1ruk, on 10/12/2009, -0/+2Dugg for stock microsoft news picture!
- bashmohandesx, on 10/26/2009, -0/+1When an application is relying on a security vulnerability, it is most probably the one I need to make sure it stops working after the patch.
- Solkre, on 10/12/2009, -1/+2Some people use the Server OS as a desktop OS.
- czarcasm, on 10/13/2009, -0/+1Screwed up this post as well >:^[
- theOster, on 10/12/2009, -0/+1nevermid.
- wshs, on 10/13/2009, -2/+3Dan Bernstein has managed to write several programs with zero found exploits. Programs which power root DNS servers and some of the largest mail systems on the planet. So, it's only impossible if you're lazy or incompetent. What's your excuse?
I thank you for the personal attack. - Davrioza, on 10/12/2009, -2/+3You are clearly a massive ***** who has no idea about the real world application of coding. It is impossible to avoid bugs in such a huge piece of software. It is impossible to find and eradicate all bugs later on. This does not make the coder "incompetent". As a programmer myself, I think that you are the ***** incompetent one.
- zeth006, on 10/13/2009, -0/+1Why not?
- czarcasm, on 10/13/2009, -1/+1CRAP! This was meant as a 'reply' to a thread.
What a fail - wshs, on 10/12/2009, -5/+5Congrats on basic reading comprehension. If the gun manufacturer made a gun which exploded on each shot, then yeah, they should be sued. What you're essentially saying is that Microsoft intentionally put those bugs in there to be exploited. For those of us who like to think, we're talking about things the creator did wrong, such as making floor mats that stick under the brake, or food companies that put lead into canned products.
- czarcasm, on 10/13/2009, -1/+1djbdns:
"djbdns has never been vulnerable to the cache poisoning vulnerability reported in July 2008 , but it has been discovered that it is vulnerable to a related attack. "
"The source code has not been centrally managed since 1991 and was released into the public domain in 2007. As of March 2009 there are three forks, one of which is dbndns, the fork of the Debian Project, and more than a dozen patches to address shortcomings exist."
"In March 2009, Bernstein awarded $1000 to Matthew Dempsky for finding a security hole in djbdns.[9]"
http://en.wikipedia.org/wiki/Djbdns
----------------------------------------------------------------------------------------------------------------------------------------------------------------
qmail:
"1.1. qmail-smtpd memory exhaustion attacks
While qmail is claimed to be the most secure MTA, it is not in its default install."
http://www.dt.e-technik.uni-dortmund.de/%7Ema/qmai ... - Wilddigi, on 10/12/2009, -3/+3and in 2 years, Windows 8
- czarcasm, on 10/13/2009, -1/+1djbdns:
"djbdns has never been vulnerable to the cache poisoning vulnerability reported in July 2008 , but it has been discovered that it is vulnerable to a related attack. "
"The source code has not been centrally managed since 1991 and was released into the public domain in 2007. As of March 2009 there are three forks, one of which is dbndns, the fork of the Debian Project, and more than a dozen patches to address shortcomings exist."
"In March 2009, Bernstein awarded $1000 to Matthew Dempsky for finding a security hole in djbdns.[9]"
http://en.wikipedia.org/wiki/Djbdns
----------------------------------------------------------------------------------------------------------------------------------------------------------------
qmail:
"1.1. qmail-smtpd memory exhaustion attacks
While qmail is claimed to be the most secure MTA, it is not in its default install."
http://www.dt.e-technik.uni-dortmund.de/%7Ema/qmai ... - inactive, on 10/12/2009, -3/+2If you don't use a computer like me you are completely safe.
- inactive, on 10/12/2009, -3/+2It's not a bug, it's a "design feature"
- ChileanGoD, on 10/12/2009, -4/+3Why do they make them with these vulnerabilities in the first place?
/jk - Zippo, on 10/12/2009, -4/+3At least Apple won't wait several months to fix it... and besides, if you're running Snow Leopard, you should have Time Machine backups anyways.
- VaderCatLover, on 10/13/2009, -2/+1When is Vista 2.0 coming out?
- grnicon, on 10/12/2009, -2/+1That's pure FUD.
*You* might not know how, but people that have actually done OS research do know how. More than half of viruses exploit flaws in the way C, C++, etc. handle memory. There are languages out there that do not have the flaws that those languages do. An OS based around a different language and a different paradigm would result in a different programmer mindset.
There will always be the halting problem and Godel's incompleteness to deal with. But, based on your argument...
"No amount of OS design can overcome stupid and no software is 100% bug free"
You're missing the logical fallacy here. If no software is 100% bug free, then no *antivirus* software can be 100% bug free or know of 100% of bugs.
Very few viruses have a shelf-life of more than a few weeks, simply because software is constantly updated. Bugs are fixed, new versions released, new features added. All antivirus software is a racket. Snake oil, if you will. - antdude, on 10/12/2009, -3/+1How are you posting on Digg? PDA?
- grnicon, on 10/12/2009, -11/+734 vulnerabilities? God.
I really wish people would stop assuming this is how OS design should work, based on how Microsoft and others do things.
You *can* design software that is immune to most of these types of attacks. But OS and language R&D pretty much stopped with UNIX. Which is a shame. Mostly because the entire C/C++/Java/files/process paradigm that we have today (whether it's Windows, Linux, or OS X) isn't even the best. (Google worse-is-better, for more info)
People also think it's normal to have antivirus software. But it's not. With proper OS design, such software would be redundant.
It's 2009 and we still have software with memory leak and corruption issues. All of which were solved problems 30 years ago. - tmslak, on 10/12/2009, -6/+2@zeth006 any business with an IT department is NOT using windows server.
- nxusername, on 10/12/2009, -7/+1***** C, C++, C#, and Java.
- DaviDTC, on 10/12/2009, -8/+2It disintegrates your computer. At least with SL you get to keep it.
- wassim2k, on 10/12/2009, -12/+5So, the update will just turn your computer off?
- wshs, on 10/12/2009, -11/+4If a car company screws up and people get hurt as a result, the car company ends up having to pay big money. The same for a canned food company, or toothpaste, or .... So, why isn't Microsoft held legally liable for damages caused by their incompetent coding?
- chessthecat, on 10/12/2009, -13/+634 out of 185623758225 ain't bad!
- chthonical, on 10/12/2009, -13/+5Microsoft Windows Vista SP3. Codename: Old Yeller
- captininsanity, on 10/12/2009, -12/+3I don't think I fully understand windows server. Nothing against windows, but its an OS designed for personal use not serious server use. Do many people use windows server for more serious things than making a small server at home?
2 months isn't so bad though. I mean proper dev and QA need to be done to make sure you don't cause something worse by the fix. -
Show 51 - 52 of 52 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is