Microsieve 1

[GwydionM]

I've just fixed the much-reported Microsoft flaw, as reported at

http://news.bbc.co.uk/1/hi/technology/3477899.stm.

Why on earth is Windows written as a system that's wide open to hijack? Why isn't there an option for home users to say 'under no circumstances can any external instructions be performed without my specific permission'? And for business systems to have this right confined to one user plus the relevant technical experts.

It doesn't seem inherently difficult - if you choose to have a password on your machine, important operations cannot be done without re-entering that password.

Or was it written so that those 'in the know' could grab control of other people's machines and install or change what they pleased? But why should Microsoft wist to do that?

------------------
A view from the UK

 

[sleipnir214]

Define "significant operations". On Win32, you can do all kinds of things just by writing the correctly-formatted file to the right place on the filesystem. Do you want to have to enter a password every time you save a Word document? Or every time you launch an application?


Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[Dimandja]

Ask not: Why on earth is Windows written as a system that's wide open to hijack

Ask: Why trouble oneself at hijacking an obscure system?

Dimandja

 

[sleipnir214]

Better still, ask:
If you produce the most-attacked software for the PC, why wouldn't you take seriously the task of securing your products?


eEye is now publicly announcing vulnerabilities that they privately reported to Mi¢ro$oft more than 200 days ago.


Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[chiph]

It gets worse - slashdot is reporting that at least some of the source for Windows NT and Windows 2000 is being traded on the Internet.

http://slashdot.org/article.pl?sid=04/02/12/2114228&mode=thread&tid=109&tid=187

Just imagine all the holes that can be found & exploited when you have access to the source (no matter how old it may be)

Chip H.


If you want to get the best response to a question, please check out FAQ222-2244 first

 

[sleipnir214]

Considering the that the security flaw reported yesterday by eEYE affects multiple versions of Win32, that source code could very well be of use to hackers.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[ChrisHunt]

How long before the microserfs announce that the leaking of their source code was not, in fact, the result of a breach in their security, but due to their new open source strategy?

-- Chris Hunt

http://www.mcgonagall-online.org.uk

http://www.napitalia.org.uk

http://www.leicesteryha.org.uk

 

[sleipnir214]

ChrisHunt:
<facetious>
Q: How many Mi&cent;ro$oft software engineers does it take to screw in a light bulb?

A: None. They just define darkness as a standard.
</facetious>



Unfortunately, this source code probably comes from the source code Mi&cent;ro$oft made available to some national governments. I wonder if this will put the kebosh on that program.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[ChrisHunt]

facetious? Moi?

-- Chris Hunt

http://www.mcgonagall-online.org.uk

http://www.napitalia.org.uk

http://www.leicesteryha.org.uk

 

[sleipnir214]

I was wrong. The source-code leak wasn't through the source code released to national governments.

More news on the Win32 source-code leak:

http://www.eweek.com/article2/0,4149,1526830,00.asp

Somebody's gonna be in a world of hurt.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

 

[chiph]

Here's one slashdot user's take on it. And he's right - anyone who sees it is tainted, and will have a tough time working on projects afterward.

Chip H.

=================================

Gandalf: No! Don't ever use it!

Frodo: How do we know it's source to the One OS of the Dark Lord?

Gandalf tosses a CD-R into the burner, and burns Windows.Source.Code.w2k.nt4.wxp.tar onto it. When the CD is done, there are glowing fiery letters on it.

Frodo : I can't read the fiery letters.

Gandalf : There are few who can. The language is that of Redmond, which I will not utter here. In the common tongue, it says &quot;One OS To Rule Them All, One OS To Find Them, One OS To Bring Them All And With The NDA Bind Them&quot;

Frodo: Take the source code Gandalf!

Gandalf : Noo! Do not tempt me with it! I dare not take it! Not even to keep it safe! You must understand Frodo, that I would be tempted to use this source code, for good. To disclose hidden API's, help the WINE project. But through me, all of open source would be tainted, and the LawyerWraiths of The Dark Lord will sure destroy us.

Frodo : But it cannot stay here!

Gandalf : No, no it can't.

Frodo : What must I do?

Gandalf : It must be sent to the fires of /dev/null, where it will be undone, and we will be kept safe from the Lawyers of Evil.





If you want to get the best response to a question, please check out FAQ222-2244 first

 

[jsteph]

...another possible marketing explanation:

MS purposefully leaked the source, making it look like an accident. Now they can say &quot;well, how can you blame us for all these holes--the source code got out there and we can't be held responsible...I guess you'll all have to upgrade to XP now...excuse me while I prepare the giant cash-register.&quot;.
--jsteph

 

[sleipnir214]

That paranoid thought occurred to me, too.

As well as the thought that, since the article I posted mentioned that the files had been removed from a Linux machine at Mainsoft, Mi¢ro$oft was going to blame all their security woes on Linux.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!