|
Wednesday, July 16, 2003 |
Yet Another Windows Flaw
Microsoft issued yet another patch this morning to plug a critical security hole that could allow an attacker to take control of computers running any version of Windows except for Windows ME. I guess the reason why Windows ME is unaffected is because the flaw only affects "running" versions of Windows. According to CNET News.com:
The flaw is in a component of the operating system that allows other computers to request the Windows system perform an action or service. The component, known as the remote procedure call (RPC) process, facilitates such activities such as sharing files and allowing others to use the computer's printer. By sending too much data to the RPC process, an attacker can cause the system to grant full access to the system.
Does any of this sound familiar to you by now? I mean, this warning is starting to sound like a broken record.
Microsoft is well into the second year of its Trustworthy Computing initiative . Aimed at boosting customers' trust in the company's products, the initiative has been both praised as a bold move to become a leader in security and criticized as largely ineffectual.
Trustworthy computing? I mean, who are they kidding. The Windows OS is full of security holes and we haven't even scratched the surface yet. Maybe Microsoft should spend more time making sure an OS is ready to be released instead of rushing it out so the next one can be put in the pipeline.
ADDENDUM: It has been brought to my attention that The Department of Homeland Security has awarded a five-year, $90 million enterprise agreement to Microsoft Corp to become the department's primary technology provider. You just can't make this stuff up.
ADDENDUM #2: Here's a comment from OpusSoup at FARK:
How does someone write code that can be subject to a buffer overrun hack?!? I can't imagine receiving a stream of data from an external source and not prefixing the stream with an exact byte count, allocating a buffer big enough to hold the stream, and then only grabbing as many bytes as you have room for. It's remarkable the number of these types of bugs I've heard about. Silly coders. Really, how does this happen?
Followed by an explanation by another FARKer of the problem:
Consider the following:
Pizza.EXE:
1) Obtain the following ingredients: 2) Dough 3) Tomato Sauce 4) Cheese 5) Knead the dough until it's nice and fluffy. 6) Yadda, yadda...
OK, in the above, #1 and #5 are instructions, #2-4 are data. Number four takes up six spaces until the next instruction. Now we update our data - the ingredients list - and let's say we downloaded...
4) CheeseAnd then kiss your cat
...in the space of #4. Because the computer/language/OS didn't check to make sure that the new #4 didn't take up only six spaces, the new instruction in space #5 is now "And then kiss your cat" - ie, the data overlays the valid instruction, and the bogus instructions get executed. So instead of pizza you get catfood-breath.
Well, that's how I understand it, anyway.
Well I guess that straightens everything out. Boy am I happy.
10:40:56 PM  
|
10:40:56 PM
|
Ouch!
Both PromoGuy and The Blogger Formerly Known As Cheyene have had to deal with some unpleasant medical procedures recently. I've gone that route and I know it's not something you look forward to.
Me, lately I've been making numerous trips to the dentist paying for several years of avoiding going. Now I'm not afraid of the dentist. Actually, laying in the chair while he does his thing beats sitting at my desk doing my thing. What hurt today, however, was finding out that right now I'm out of pocket about $4,700 with more still to come! Damn, I would've just taken the pliers and yanked the offending molars myself.
Maybe I'll have to set up a PayPal link on this blog. I can just see it: "New Teeth for Hondo." Oh well, where's that damn dental floss?
7:59:15 PM  
|
7:59:15 PM
|
This Ain't Your Mama's Sports Show
Salon.com weighs in on ESPN's newest sportscaster:
King Kaufman's Sports Daily. New ESPN hire Rush Limbaugh will bring the same level of insight to football that he brings to politics. In other words, the real fans get screwed again. [Salon.com]
I just can't wait for Al Franken's new sports book to come out.
9:27:42 AM  
|
9:27:42 AM
|
The Open Group's Not Too Open
Silicon.com reports that Apple Computer is being sued by The Open Group (surely a euphemism) "for using the term Unix in conjunction with its Mac OS X operating system without a licence." The Open Group claims to own the Unix trademark, although another entity, SCO, claims to own the intellectual property rights to the Unix source code. In response, Apple has counterclaimed, asking for the court to declare the trademark invalid because Unix has now become a generic term.
Since introducing Mac OS X in March 2001, Apple has consistently touted the Unix underpinnings as part of its marketing of the operating system. Apple's Web site, for example, has a page devoted to the Unix base of the OS, including a logolike GIF that shows a metal plate bearing the words "Unix Based".
Of course The Open Group merely wants to make sure that OS X complies with "its standards for software bearing the Unix name." The license fee is just an afterthought.
The Open Group wants Apple to have Mac OS X undergo testing to certify that it complies with its standards for software bearing the Unix name; it also wants Apple to pay a fee. The Open Group says the costs to license the name are reasonable, based on the size of the company and the rough number of copies of the software Apple sells. In any case, no company is required to pay more than $110,000 (£67,000), said Graham Bird, vice president of marketing for The Open Group.
OS X integrates features from FreeBSD 4.4 and GCC 3.1 into Darwin, the open source base of the operating system. Apparently, there is quite a difference between open source and The Open Group.
So, while The Open Group attacks OS X and SCO attacks Linux, I guess the folks at Microsoft just sit back and laugh.
2:43:15 AM  
|
2:43:15 AM
|
|
The Shadow Government
Side Blog
Blogroll
|