What is Digg?40 Comments
- jfuchs, on 08/08/2008, -5/+12Its software. Anything can be fixed. Although this is more likely to be a major overhaul to the code than just a simple patch.
The funny thing is its Microsoft. The fix will leave some other gaping hole.
Windows code is old and defunct, the mentality of their entire operation doesn't change.
This may not yet be the 'year of the linux desktop', but I think this year we will start to see even more people migrating away from windows as they realize they have options. Lets just hope they go with RedHat and IBM and not Novell. - ihavebeenseen, on 08/08/2008, -1/+8"Expect to be hearing more about this in the near future and possibly being faced with the prospect of your "secure" server being stripped completely naked of all its protection."
Who the hell goes browsing around the internets on their "secure" server. If you do then you deserve whatever happens to you. - BigManOnCampus, on 08/08/2008, -1/+7I would say Microsoft's real problem is their inferior numbers of "hours in the wild". They spend years developing their operating systems behind closed doors. It is only when they release that they get to see what happens to their designs. with *nix based OS's they're already in the wild and have been in use on the internet for decades in thousands of places, and each new update is based on what happened to the previous iteration. *Nix's are always in the wild, always being security tested by those who actually try to do harm, and people rarely start over from scratch to make new flavors of it.
- jhodapp, on 08/08/2008, -4/+10Could this be yet another reason why *old*, tried and true code (like UNIX) is the best way to do things? I'm not saying it's 100% impervious from everything, but it's been kicked around for decades. Microsoft insists on reinventing the wheel so many times. I think it really bit them this time.
- benitojuarez, on 08/08/2008, -1/+6patched yes, quickly? im not sure, sounds like a pretty hefty code deployment would be required.
- DarkShroud, on 08/08/2008, -1/+6Lets see, IE7 sets ActiveX to "prompt" to download & run by default. Just set .net & Java to the same thing. Then when these guys actually reveal what's going on we can get a real fix.
- oobuntu, on 08/08/2008, -7/+12Rather sensationalist i feel. i'm sure it can be patched, and will be patched quickly.
- Kamujin, on 08/09/2008, -1/+5My favorite part is the XP users taking pot shots at Vista.
Sorry, this makes Vista look bad, but Vista's security still makes XP's look like the joke that it is.
As it stands, XP remains the most widely compromised operating system in human history.
BTW, Mac heads, last more then 1 round in the next hacking contest then smack talk. - BigManOnCampus, on 08/08/2008, -1/+5I wonder if this is game over for Microsoft's attempt to sell Vista to companies.
They went through an awful lot of trouble and took some major usability risks with Vista to make it more secure, and it turns out that it may not be any more secure than any other Windows version... - genemaster, on 08/08/2008, -5/+8No way it'll get fixed:
"While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture."
M$ better give back money to shareholders and terminate Windows misery. - inactive, on 08/08/2008, -2/+4Stupid windows vista laptop can't even manage to keep me protected.
- seltaeb4, on 08/08/2008, -4/+6Windows users: why do you continue to tolerate this?
Is it "Stockholm Syndrome"? - BigManOnCampus, on 08/08/2008, -0/+2@InvisibleInk:
http://www.mfeldstein.com/why-im-not-worried-about ... - InvisibleInk, on 08/08/2008, -1/+3I'm curious; what do you have against Novell?
- matx, on 08/09/2008, -0/+2If everyone used Firefox and NoScript then there probably less botnets around. >_>
- benitojuarez, on 08/08/2008, -2/+4So basically you have to visit a malicious site in order for any exploit code to run right? Its not like the rpc bug in xp that infected hundreds of thousands of computers overnight.
And for those out there there are like LOL @ M$
"but since these techniques do not rely on any one specific vulnerability, Zovi believes that we may suddenly see many similar techniques applied to other platforms or environments."
This implies it COULD effect mac, linux, earlier versions of windows whatever. - mrBitch, on 08/11/2008, -0/+2RE: "BTW, Mac heads, last more then 1 round in the next hacking contest then smack talk."
I love how many people bring up the pwn2own without actually reading about how the hack (on day TWO, with relaxed restrictions) took place.
firstly : the prize was that you got to keep whatever machine you could target.
guess how many punters were there to target the just released Apple MacBook Air Vs how many wanted to win an average standard spec Windows laptop?
secondly, clack already says it best here :
clack posted : "The guy at Pwn2Own didn't hack the Mac over the internet. He was able to hack using a crossover cable. "
... but of course, desperate attempts to defend Windows security usually completely ignores this little bit of info. - jhodapp, on 08/11/2008, -0/+2Great addition to my post. Thanks!
- inactive, on 08/11/2008, -3/+5"Vista's security rendered completely useless by new exploit"
Do you not understand what that means? - Kamujin, on 08/09/2008, -0/+2If boobies were not so damned appealing, there would be no botnets around.
- lou6, on 08/14/2008, -0/+2Vista FTL
- DarkShroud, on 08/09/2008, -1/+3So you think you're safe using the less secure Operating Systems?
- Kamujin, on 08/09/2008, -2/+4Yes, at worst it means that Vista's security is now as bad as XP's.
- mrBitch, on 08/11/2008, -0/+2I love how many people bring up the pwn2own without actually reading about how the hack (on day TWO, with relaxed restrictions) took place.
firstly : the prize was that you got to keep whatever machine you could target.
guess how many punters were there to target the just released Apple MacBook Air Vs how many wanted to win an average standard spec Windows laptop?
secondly, clack already says it best here :
clack posted : "The guy at Pwn2Own didn't hack the Mac over the internet. He was able to hack using a crossover cable. "
... but of course, desperate attempts to defend Windows security usually completely ignores this little bit of info. - miker71, on 08/15/2008, -0/+2For as long as users use computers they will get tricked. We need robots to use our computers for us. Obviously the robots will need to be secure, running the most secure version of WindowsCE to date. Wince.
Then there's that "other" computer for the rest of us. Give away your password and the key to your house and it's really insecure.
Con men, being conned, being mugged, are not new concepts. The same safe guard concepts generally apply to computers as they do to the real world. Don't want to catch that sexually transmitted disease? Don't visit the whore. - shinkou, on 08/09/2008, -0/+2I think the real cause which led to this exploit is that we are messing up our tools way too far beyond their limits. The internet (or world wide web) used to be 100% safe for everyone back in the days when there was no server / client scripting and what we call "dynamic contents". I wonder why nobody puts time on inventing a new distributed computing technology or framework for that, instead of keep using and pushing something incapable in the first place.
- Kamujin, on 08/09/2008, -3/+4Didn't OS X fall first in the last hack off?
Oh, yeah. It did. - greentimes, on 10/28/2008, -0/+1well from now on before i run any script at all i'll just read the code and see if it does anything bad. That's the only way to be safe. Jesus christ. Thanks for the internet scripting you horrible dicks at the w3c. But i do love me some streaming video.......so conflicted...maybe just run a VM on top of a liveCD in a hypervisor environment - and i'll only touch the keyboard with sticks from accross the room.
- inactive, on 08/08/2008, -8/+9But... but... Vista is NOT THAT BAD. Obviously if you believe anything bad about Vista, you're a latte drinking, over-priced Mac using, Steve Jobs loving homosexual with a obsession with shiny objects with less than half the functionality. I for one, will be building my fourth computer this month for only $1.50 plus tax and shopping for a new "Members Only" jacket later in the day, instead of reading this slanderous article. Let's play some Counter-Strike when I get back, bitches.
/sarcastic Mac user - greentimes, on 10/28/2008, -0/+1still a huge pain in the ass - just like everything anyone ever does w/ *nix. I would definitely switch if it weren't for the gaming aspect and the BS graphics card driver issues.
- jhodapp, on 08/11/2008, -0/+1A lot of games run in Wine or a good virtualization piece of software (with the virtualization hardware acceleration support in Intel chips). No it won't run every game, but that combo will run a lot of games.
- reland1, on 08/19/2008, -0/+1and in your "opinion" that would be???????? I don't give one rat t--d about Microsoft..just giving MY opinion! K?
- DarkShroud, on 08/09/2008, -2/+2Quit surfing gay porn sites and you won't have so many problems.
- InvisibleInk, on 08/10/2008, -1/+1Plus PIX and IDS, plus WSUS, plus Barracuda, plus Spy Zero, plus McAfee. So yeah, I think I'm secure.
- DarkShroud, on 08/09/2008, -2/+2When Mac or Linux can play all of my games (including my classic Sierra DOS games) I might consider switching. Until I look at all the software I have that will not run on Mac or Linux.
- 37prime, on 08/09/2008, -1/+1Let's take this news with a grain of salt, as opposed to a truckload of salt. Let's not be hasty and saying that Windows Vista is not secure. Tie and again, Microsoft is saying that Windows Vista is the most secure Operating System they ever released.
Who would you want to believe? Microsoft or some Black Hat Hackers?
I'd believe the exploit the day Geek Squad is profiting from this.
By the way, where's Paul Thurrott, the original Microsoft Defender, downplaying this news?
Thurrott is adamantly urging Windows XP users to upgrade Windows Vista already. (http://twit.tv/ww69 and http://twit.tv/ww70)
Mojave Experiment is way too effective for Microsoft Marketing.
/endofsarc - reland1, on 08/09/2008, -2/+2I hate MICROSOFT!
- DarkShroud, on 08/10/2008, -1/+1Don't say that, you might hurt Microsoft's feelings. Oh that's right MS is just a company that provide products & services. Get over your self, there are so many things you could be putting that energy towards.
- thakur01, on 04/27/2009, -2/+1"This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System."
What the story does not tell you is that the user needs to allow the script/activeX control to run. And on top of that if your using FireFox with the Noscript addon this exploit is useless. - InvisibleInk, on 08/08/2008, -5/+4It's a good thing we haven't adopted Vista and WS2K8 here at work yet. Still on XP and WS2K3.
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is