Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Four New Unpatched Windows Vulnerabilities

CowboyNeal posted more than 9 years ago | from the most-wonderful-time-of-the-year dept.

Security 273

peeon writes "Right before Christmas, four new Windows NT/2k/XP vulnerabilities were posted to the Bugtraq list. This story discusses two of the vulnerabilities in the LoadImage function (buffer overflow) and Windows Help program (heap overflow), but the Chinese company discovered two more exploits in the parsing of a specially crafted ANI file (causes DoS). A Bugtraq posting has more details."

Sorry! There are no comments related to the filter you selected.

YAWN (5, Funny)

tarunthegreat2 (761545) | more than 9 years ago | (#11175901)

Hmmm, so windows has bugs in it. Surprise surprise. Merry Christmas everyone. In Soviet Russia, Windows Exploits you...oh wait...

Re:YAWN (1, Funny)

cablepokerface (718716) | more than 9 years ago | (#11176179)

Hmmm, so windows has bugs in it. Surprise surprise. Merry Christmas everyone. In Soviet Russia, Windows Exploits you...oh wait...

If this gets +5 funny, it must indeed be christmas.

second (-1, Offtopic)

necromcr (836137) | more than 9 years ago | (#11175905)

second post!

Re:second (1)

necromcr (836137) | more than 9 years ago | (#11176086)

sorry?

Forced Upgrade. (5, Interesting)

datadriven (699893) | more than 9 years ago | (#11175906)

Vulnerable:
Windows NT
Windows 2000 SP0
Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 SP4
Windows XP SP0
Windows XP SP1
Windows 2003
Not vulnerable:
Windows XP SP2

They'll do anything to get you to upgrade.

Re:Forced Upgrade. (0, Redundant)

Ramsey-07 (737166) | more than 9 years ago | (#11175911)

Since WHEN was this considered "upgrading"? :)

Re:Forced Upgrade. (2, Funny)

Ramsey-07 (737166) | more than 9 years ago | (#11175926)

Sorry, too much penguin-eggnog.

Re:Forced Upgrade. (1)

Ramsey-07 (737166) | more than 9 years ago | (#11175937)

Shit I did it again.

Re:Forced Upgrade. (3, Funny)

Dekks (808541) | more than 9 years ago | (#11175941)

Funny you should mention that, my father still uses Windows 98 and netscape 3, and never runs into any problems. So much for progress eh?

Re:Forced Upgrade. (1, Troll)

aurispector (530273) | more than 9 years ago | (#11175950)

MS OS's peaked out at DOS 6.22

Re:Forced Upgrade. (0)

Anonymous Coward | more than 9 years ago | (#11175944)

upgrade to what MS - Vaporware???

and when Longhorn is released it will be the same thing all over again with weekly vulnerabilities & exploits and viruses/trojans & worms...

viruses/trojans & worms, oh my
viruses/trojans & worms. oh my
viruses/trojans & worms, oh my

Toto, i have a feeling were not in Kansas anymore...

Re:Forced Upgrade. (2, Interesting)

mtenhagen (450608) | more than 9 years ago | (#11175958)

Just wait until longhorn comes out. Then XP SP2 will have some exploits aswell. This is just a microsoft consipracy to make us upgrade. Dont believe the people who claim microsoft developers spend more time on new features then on creating good code.

Re:Forced Upgrade. (4, Insightful)

DrEvil (99432) | more than 9 years ago | (#11176053)

It has to be a conspiracy. Anyone who claims that this might be a consequence of the year-long security push for SP2 and that a high-level fix made during this push might prevent certain classes of bugs from being exploitable is clearly evil and has been exposed to too much software engineering. I'd suspect such a person of spreading facts instead of FUD.

Re:Forced Upgrade. (1)

MarkByers (770551) | more than 9 years ago | (#11175976)

And..... Advisory: [AD_LAB-04006]Microsoft Windows winhlp32.exe Heap Overflow Vulnerability Class: Design Error DATE:12/20/2004 Remote: Yes Vulnerable: Windows NT Windows 2000 SP0 Windows 2000 SP1 Windows 2000 SP2 Windows 2000 SP3 Windows 2000 SP4 Windows XP SP0 Windows XP SP1 Windows 2003 Windows XP SP2 Unvulnerable: UnKnow

Re:Forced Upgrade. (0)

Anonymous Coward | more than 9 years ago | (#11176074)

Just like an average slashdot idiot, you accuse every single developer in the world is maliciously implementing bugs to force people to upgrade. On the ohter hand you forgot to mention that slashdot title is a huge lie, just like yourself.

Does anybody listen to you anyway, other than other idiots?

Re:Forced Upgrade. (4, Insightful)

bryanp (160522) | more than 9 years ago | (#11176080)

a) Nobody's forcing you to upgrade. I still haven't had Steve Ballmer show up on my doorstep with an Uzi yet.

b) The list you give is mostly patches. There are four base OS' on that list and 6 patches, all of which are free.

c) If it bothers you, feel free to run an unpatched OS of your choice, whether it be Windows, MacOS or one of the many *nix variants.

Re:Forced Upgrade. (0)

Anonymous Coward | more than 9 years ago | (#11176189)

Something tells me they do not want users going from Windows Server 2003 to Windows XP.

Call me crazy...

Re:Forced Upgrade. (1)

BESTouff (531293) | more than 9 years ago | (#11176252)

Not vulnerable:
Windows XP SP2

You must be wrong: the slahsdot title clearly states that the vulns are unpatched, so SP2 has to be exploitable too.

Not vulnerable: Windows 98 SE (2, Interesting)

stankulp (69949) | more than 9 years ago | (#11176328)

Now that it takes less than 5 minutes connected to the Internet for a Windows box to be hijacked, I have gone back to dual-booting Linux with Windows 98 SE.

A lot of Windows viruses simply won't run on it.

All I need is Office, so it's good enough.

Yeah.. ok.. (1, Funny)

El Icaro (816679) | more than 9 years ago | (#11175908)

But does it have a faraday cage so the data doesnt escape? And.. Can it be compiled for SkyOs?

And... (0)

Anonymous Coward | more than 9 years ago | (#11175919)

Is it digitally signed?

Re:Yeah.. ok.. (1, Insightful)

isometrick (817436) | more than 9 years ago | (#11175933)

See, for one of these types of posts to be funny, you can't just pick two previous articles at random and arbitrarily combine them with elements from the current story. The joke actually has to be funny, ironic, or creative in some way for it to be worth anything. I know getting modded Funny is a great ego (although not karma) booster and all, but come on. Show some class.

Re:Yeah.. ok.. (0)

El Icaro (816679) | more than 9 years ago | (#11175951)

Actually, this requires some inspiration, people should actually be modded up for all the effort an alcohol induced geek puts into trying to say something funny.

Clippy helps you get the most out of your PC (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11175910)

and all other PC's.
What do you want to steal today?

Re:Clippy helps you get the most out of your PC (0, Offtopic)

daniil (775990) | more than 9 years ago | (#11176092)

What do you want to steal today?

Santa's sleigh!

when o when... (1)

toQDuj (806112) | more than 9 years ago | (#11175912)

...Will santa fix it?

Why do these bugs (all 4) at christmas eve in china?

B.

(On Christmas eve, Soviet China bugs you!)

Timing of the post (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11175913)

Could it be these bugs have been published before christmas on purpose? To allow sysadmins to defend against them over the holidays, when corporate computer use is at a minimum?

Re:Timing of the post (1)

Moth7 (699815) | more than 9 years ago | (#11175929)

Or for crackers to exploit them given the flood of unpatched machines that will no doubt come online over the Christmas period?

Re:Timing of the post (4, Funny)

tarunthegreat2 (761545) | more than 9 years ago | (#11175932)

when corporate computer use is at a minimum?

Not in my office... our mailserver just went down due to a large number of 'seasonal' flash attachments coming and going out and PHB OutOfOffice AutoReplies. I can just see the SysAdmin's tears shorting out the domain controller as we speak....

Re:Timing of the post (2, Insightful)

Jessta (666101) | more than 9 years ago | (#11175966)

Sysadmins should have already fixed this problem. SP2 was available months ago. If you aren't patching your systems when the patches are out then you deserve everything you get.

Re:Timing of the post (2, Informative)

MarkByers (770551) | more than 9 years ago | (#11175982)

XP SP2 is also vulnerable to at least one of the exploits. See..

Advisory: [AD_LAB-04006]Microsoft Windows winhlp32.exe Heap Overflow Vulnerability

Re:Timing of the post (2, Insightful)

eofpi (743493) | more than 9 years ago | (#11176059)

And if you blindly install new patches on everything without testing them first, you deserve everything you get.

Re:Timing of the post (1)

1010011010 (53039) | more than 9 years ago | (#11176103)


How about, "If you use Windows, you deserve what you get." Except that doesn't really sound fair. It sounds like punishing innocent people; people who didn't know any better.

Re:Timing of the post (2, Insightful)

Chandon Seldon (43083) | more than 9 years ago | (#11176305)

Windows has been a known security hole for almost 10 years now. Until very recently, you could expect to spend $1000+ on a new computer - that's worth the investment of the amount of time it would take to find out that running Windows is dangerous.

Re:Timing of the post (1)

kuiken (115647) | more than 9 years ago | (#11176089)

yeah XP SP2 will do alot of good on this w2k network.

Bah! (5, Insightful)

rubberband (731966) | more than 9 years ago | (#11176109)

Hi, you've missed the point. I hope you're not trolling, because I'm going to bite.

Every box at my workplace is patched with SP2. In this case, it doesn't matter - one of the exploits is still useable.

The problem is not (this time, thankfully) the corporate enterprise deployment of windows. It's friends and family. Every time a new windows exploit like this comes out, jerk spyware/worm/virus writers are on it within 24 hours, populating their zombie networks with your mom's, friends' and families' computers. Manditory regular patching at work is easy. The same for people you see occaisionally who are not computer literate is not. These are the people who it really screws with - for example, all one of my buddies wants to do with his dell is play games, send email and surf. He knows nothing beyond that, and is certainly not going to run down to the basement on christmas eve to make sure his operating system is secure RIGHT NOW.

This business of "patch or you deserve it" is utter BS. I maintain that virus writers should be dragged into the street and beaten with keyboards, followed shortly by geeks who empower them by putting any of the blame on the end user. If I paid thousands for an OS site license, I should not be spending my holidays fixing it. If I spend hundreds for an oem copy at home, the same applies. The only ones who deserve ANYTHING bad here are the exploiters and the providers of the crappy OS in question.

Re:Bah! (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11176153)

If I paid thousands for an OS site license, I should not be spending my holidays fixing it.

Perhaps time to rethink this policy?

I know, I know. Management says to install it. Some apps only run under Windows. End users are scared of Linux.

Maybe its time to rethink working there, or working in that department. Would you would for an employer that made you go through a dark alley to make bank deposits, and every 5th time through you're mugged?

Re:Bah! (1, Interesting)

Chandon Seldon (43083) | more than 9 years ago | (#11176271)

You might have had a point 7 years ago when this whole "Windows has a new remote exploit" thing was a little bit more... new and unexpected.

But in late 2004, with almost 10 years of evidence that running Windows is just asking to be exploited, I find it hard to blame anyone but the users.

If you were to travel somewhere known for it's pickpockets during tourist season and kept $1000 in your wallet in the inside pocket of a loose jacket, I'd blame you (not the pickpocket) when you lost your money. The police there would agree with me. Running Windows on the internet is pretty similar, and should be treated as such.

Re:Timing of the post (1)

DanteLysin (829006) | more than 9 years ago | (#11176151)

More reasons to be using SUS or SMS. No one wants to patch user desktops this close to the holiday. For your servers, aren't you already used to monthly patching windows?

Re:Timing of the post (1)

global_diffusion (540737) | more than 9 years ago | (#11176293)

I figured it was a slap at Microsoft. "Merry Christmas, and Happy New Years Developers!"

Now that's not really in the Christmas Spirit! Even if it is Microsoft, that's really mean.

another wonderful holiday season (1)

jokach (462761) | more than 9 years ago | (#11175922)

a time when many companies and home users are least prepared to deal with the problems.

Looks like I know what i'll be doing over the Xmas holiday. If not fixing the problem at work if it becomes a problem, but fixing the problem with my family as well.

But I guess this is only a problem if some genius releases a virus containing the exploit ....

Re:another wonderful holiday season (2, Interesting)

northcat (827059) | more than 9 years ago | (#11175972)

RTFA. Exploits have already been released. Exploits are enough.

Re:another wonderful holiday season (0)

Anonymous Coward | more than 9 years ago | (#11176147)

> Looks like I know what i'll be doing over the Xmas holiday. If
> not fixing the problem at work if it becomes a problem, but
> fixing the problem with my family as well.

Which gives them yet another reason to stay with windows; exploits are someone-elses-problem.

Yours.

Yeah, I know you gotta help family, and I would too. Still, it's a thought... one that I get every few weeks as I help family with their win problems.

The fifth bug (1, Funny)

Cantide (743407) | more than 9 years ago | (#11175925)

Ah, this is yet another example of hack journalism. They missed another bug that I just had to fix on an XP box today It's a vunerability in the win.ini file- it runs a harmful program called 'Explorer.exe'. The best kind of horse to beat is a dead one...

Re:The fifth bug (2, Funny)

tarunthegreat2 (761545) | more than 9 years ago | (#11175953)

explorer? PSHAW! Everybody knows that the Great Satan's name in reverse Mesopotamian is inetinfo.exe. Don't you dare mod me down or I shall curse you with the following: May you be forced to plug a memory leak in a Visual Basic app sharing C++ structs over the Christmas Holidays....

I'm astonished. (0)

Anonymous Coward | more than 9 years ago | (#11175927)

They create the file format, they invent the algorythms used to *read* the file format, and yet they can't manage to get it working?

Come on...

Re:I'm astonished. (0)

Anonymous Coward | more than 9 years ago | (#11176021)

they invent the algorythms
It's algorithm, we're on /.! And don't forget that there was the same kind of vulnerability in libpng two years ago (which you could compile on Linux).

M$ christmast present (1)

Cen'Rec'Namor (842651) | more than 9 years ago | (#11175936)

Its the early microsoft christmas present to all of the world using ms windows. They do love us.

.. posted from newly esspee2d xp abomination (4, Insightful)

maharg (182366) | more than 9 years ago | (#11175949)

so it's christmas eve 2004, i'm at the in-laws, just spent 3 hours adawaring, spybotting, esspee2ing from a cd burnt on the latest stage 1. go figure.

30 megs of critical/av signatures to be done over diallup another time

damn you micro$hite

Re:.. posted from newly esspee2d xp abomination (0)

Anonymous Coward | more than 9 years ago | (#11176058)

this ain't "Score 3, Funny". It's either "Score 5, Insightful" or "Score -1, Pathetic".
This weekend, I'll be "Score -1, Lame" and will __not__ patch any pc. Let them become "Score 5, Wise" and learn to do it themselves.

Re:.. posted from newly esspee2d xp abomination (0)

Anonymous Coward | more than 9 years ago | (#11176127)

Here we see another advantage in being an IT professional who only uses *nix and doesn't touch Windoze.
Anybody asks me to help them out with Microshite and I can honestly tell them that I don't know how.

Saves lots of my time being wasted :-)

Re:.. posted from newly esspee2d xp abomination (0)

Anonymous Coward | more than 9 years ago | (#11176298)

Don't blame Microsoft because you lack the spine to stand up for yourself. Sounds like you need to learn how to say "No."

bugtraq links for the vulnerabilities / demo (5, Informative)

tsager (196659) | more than 9 years ago | (#11175959)

Instant Reboot on windows (3, Informative)

EqualSlash (690076) | more than 9 years ago | (#11176187)


Warning: If you are on Windows Don't download
www.xfocus.net/flashsky/icoExp/KERNELBLUE.ani

Instant Reboot. This is a very critical vulnerability. Reminds me of the old exploits that referenced "CON" [microsoft.com] in the file path inside a webpage to trigger a BSOD.

But... (4, Funny)

RAMMS+EIN (578166) | more than 9 years ago | (#11175990)

Will they allow me to install Linux once i 0wn the machine?

It's not fair (-1, Flamebait)

RAMMS+EIN (578166) | more than 9 years ago | (#11175995)

I admire the speed with which Slashdot brings me updates about Microsoft software. Now when will they start doing the same with F/OSS?

Oh wait...they already do, but there's nothing to report...

Re:It's not fair (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11176107)

So this [slashdot.org] was a joke article?

Don't suppose anyone... (2, Interesting)

NoMoreNicksLeft (516230) | more than 9 years ago | (#11175996)

Knows where a person could find a pre-compiled, local only 2k/XP administrator access binary? Something that would just open a cmd.exe with the correct privileges, to say, install java on Firefox?

I'm not a script kiddy, just not patient enough to go through the 3 month process of maybe getting it approved to be installed by IT...

That depends on how angry your IT dept is. (1)

rubberband (731966) | more than 9 years ago | (#11176072)

Depending on the reaction you'll get, you can always reset the admin password on your box to a new one of your choosing, and install away... Whether or not this is a good idea in your situation is left to your judgement.

A useful utility to accomplish this can be found here:

http://home.eunet.no/~pnordahl/ntpasswd/ [eunet.no]

While it's kinda overkill in this case, I think I'd trust it over a newly released exploit. Hope that helps a bit.

bad time of year? (1)

sonictheboom (546359) | more than 9 years ago | (#11176001)

It might be a bad time if you had patches to apply, but since this is unlikely to happen anytime soon you might as well relax...

I don't get it.... (0)

Anonymous Coward | more than 9 years ago | (#11176006)

I tried to crash my win 2K workstation using firefox, no luck. It is also indicated that "needs ie6 to open" ... So if it crashes when you use ie6 and not anything else, how comes this is described as a windows vulnerability??
I mean, If I create a linux tool that opens up all your ports when you send certain code, can we call it a linux flaw??

Re:I don't get it.... (2, Insightful)

faragon (789704) | more than 9 years ago | (#11176040)

The OS itself should not be shout-down just by an user level privilege rights. If ie6 or any other application causes system crash under non-root privilege level, it is an OS fault, as the OS must guarant interprocess safetyness and security, etc.

Re:I don't get it.... (0)

Anonymous Coward | more than 9 years ago | (#11176056)

So next time my code makes the machine crash, I can blame Windows?? Is this what you mean to say?

Re:I don't get it.... (2, Insightful)

AndroidCat (229562) | more than 9 years ago | (#11176139)

If you don't have any fancy admin rights, you shouldn't be able to anything in code to crash your machine, regardless of the OS.

Re:I don't get it.... (1)

black mariah (654971) | more than 9 years ago | (#11176180)

Could you possibly say something just a LEEETLE BIT more retarded? No? I didn't figure anyone could...

Re:I don't get it.... (2, Funny)

AndroidCat (229562) | more than 9 years ago | (#11176216)

You managed to.

Re:I don't get it.... (2, Insightful)

chorns (843228) | more than 9 years ago | (#11176178)

The LoadImage API is implemented in kernel-mode for speed so a bug in there can bring down a system.

Give this as a gift for the holidays (4, Informative)

Skalek (843223) | more than 9 years ago | (#11176016)

Nothing is more annoying about the holidays then going to visit family and friends and then being sucked into fixing their damn computers While everyone is drinking and having a good time we are the schmucks trying to figure out how to remove that damn proces from windows 98!

This year I wash my hands of it and am giving them a printout of a tutorial I found that has helped some friends. It is basic, but they do not bother me as much anymore:

Simple and easy ways to keep your computer safe and secure on the Internet [bleepingcomputer.com]

Re:Give this as a gift for the holidays (1)

Stevyn (691306) | more than 9 years ago | (#11176116)

Yeah, I always get stuck doing this too.

Do people ask plumbers to unclog toilets on holidays? I don't fricken think so!

Re:Give this as a gift for the holidays (2, Funny)

lew3004 (577895) | more than 9 years ago | (#11176162)

You're lucky. I cherish the moment they want me to fix their PC. That way I don't have to listen to all the other drunken idiots.

Re:Give this as a gift for the holidays (3, Interesting)

museumpeace (735109) | more than 9 years ago | (#11176321)

I'd suggest either feigning a stroke that has caused you to "forget" everything you ever knew about computers or download the ISO from mepis.org and burn a bunch of live CDs to give out to your clueless friends. My son's old laptop utterly refused to be upgraded to XP and its ME was hosed...it got so bad you couldnt even get a chance to break into the BIOS. I gave him the Mepis CD and just let him fool with it for a while. At breakfast the next morning, he was beaming. He'd figured out how the partion editor worked, wiped the microshit completely off the HD and was enjoying his trip up the KDE learning curve. We have gone from "I think its a doorstop now" to "its a little slow opening files and I think we need to find the right driver for my PCMCIA ethernet card".

Give those friends and relatives an opportunity to experience winning, to experience being just a little bit competant with a computer and there is a chance that they will be both bothering you less and talking to you more intelligently in the future. But for godsake don't let them leave the room if you have to be in the driver's seat for the repair sessions: make'em bring you a drink and make them listen and describe in their own words each step you take at the keyboard

Re:Give this as a gift for the holidays (2, Interesting)

MicroBerto (91055) | more than 9 years ago | (#11176323)

This has been holiday tradition for me since about 1999.. it's nothing new anymore.

Problem is that people are starting to bring laptops, family members are startin to have kids, and I'm still just one guy who wants to eat too and drink too much and pass out.

Spoilt Holidays for Admins (1)

mahesh_gharat (633793) | more than 9 years ago | (#11176026)

Why? Oh Why? they have to do it just one day before the starting of the holidays.
Its happening again this year also. Its very disheartening for all those admins who will be going on holidays to see the vulnerabilites just one day before the holidays and exploits the next day. I was admin couple of year ago and I know these conditions are living hell, when you will spend all your holidays thinking about your servers getting hacked or cracked.
Admins who have taken the backups will be in a better state though.

ANI vulnerability? (0)

Anonymous Coward | more than 9 years ago | (#11176031)

Does not surprise me.
Even the code to display ANI cursors is buggy in almost all Windows versions.
The timing values for the single pictures is not evaluated correctly. Best seen with the metronom.ani

Ho Ho Ho (3, Funny)

mslinux (570958) | more than 9 years ago | (#11176034)

Merry Christmas... from all the people at Microsoft. Buffer overflows for everyone this year ;)

Honestly, (1)

deutschemonte (764566) | more than 9 years ago | (#11176043)

Is this even news anymore?

what ever happened... (3, Informative)

Lord Bitman (95493) | more than 9 years ago | (#11176047)

remember that test someone did where garbage code was thrown at IE and firefox in order to see how they held up and find things like buffer overflows which could be potentially exploited?
What ever happened with that? Were the bugs in firefox fixed? I remember that IE did well in that test, but I dont remember any specifics.
Anyone know?

Re:what ever happened... (1)

imroy (755) | more than 9 years ago | (#11176088)

IIRC, those tests were done by a lab closely associated with Microsoft. i.e, MS had already fixed up those problems in IE and deliberately got someone to "discover" how it was better in this one tiny area. Just like the infamous Mindcraft tests all those years ago. I don't know if Mozilla has fixed its code yet.

Re:what ever happened... (0)

Anonymous Coward | more than 9 years ago | (#11176277)

All bugs have been fixed. And FYI it wasn't done by a lab closely associated with Microsoft.

Great (3, Interesting)

Segosa (838329) | more than 9 years ago | (#11176049)

Stupid question, but does the LoadImage() one affect images which are viewed in FireFox or Thunderbird?

Re:Great (1)

AndroidCat (229562) | more than 9 years ago | (#11176243)

Grap the source and grep. It's a fairly basic call, so it wouldn't surprise me if it was used.

Grr (2, Insightful)

Alioth (221270) | more than 9 years ago | (#11176052)

Why do they have to release this stuff JUST BEFORE we actually get time off? Are they deliberately being bastards to us Bastards who have to herd Redmondware amongst the other less sucky things?

At least I won't have to spend Christmas removing viruses, trojans and spyware from my Dad's computer. I bought him a Mac. Worth every penny in reduced aggro.

Re:Grr (1)

Gordonjcp (186804) | more than 9 years ago | (#11176137)

I put Linux on my Mum's computer. Works great, everything is supported, no adware/spyware/crapware, no patches required, *peace and quiet*....

Silent Night (4, Funny)

Electronik (821589) | more than 9 years ago | (#11176061)

Silent night, holey night,
All is calm, all is bright,
Round yon virgin PC and screen,
Holey computer, so exploitable and keen,
Sleep with spyware downloading,
Sleep with spyware downloading.

On the fourth day of Christmas... (1)

localroger (258128) | more than 9 years ago | (#11176258)

my True Love gave to me,
Four hacked boxen
Three spywares
Two viruses
And another Windows vulnerability.

Re:Silent Night (0)

Anonymous Coward | more than 9 years ago | (#11176260)

I hope you get a dictionary for Christmas.

ouch! (1)

TouchOfRed (785130) | more than 9 years ago | (#11176064)

Just for the hell of it, i tried it with firefox and fedora core 3(updates and all). Resulted in total X lockup :\. I usually dont side with MS, and X lockups arent as bad security wise, but still :\.

Is it really this hard... (0, Troll)

AC-x (735297) | more than 9 years ago | (#11176065)

...to write software without buffer overflow problems?

It's not just MS, even plenty of OSS programs have buffer overflow exploits.

I haven't done any lowlevel programming, but can it really be that difficult to do

malloc buffer MAX_BUFFER_SIZE
if(mem_to_copy.length>MAX_BUFFER_ SIZE){
return ERROR_DATA_TOO_LONG
}else{
copy(mem_to_copy,buffer)
}

?

Re:Is it really this hard... (1)

t0y (700664) | more than 9 years ago | (#11176141)

(sigh) Stick with VB.

Re:Is it really this hard... (0)

Anonymous Coward | more than 9 years ago | (#11176145)

Do you really want to allocate MAX_BUFFER_SIZE everytime you want some dynamic memory? Then what happens if mem_to_copy.length is negative?

Re:Is it really this hard... (3, Insightful)

twiddlingbits (707452) | more than 9 years ago | (#11176152)

Nice try, but you should check the return code from malloc(). If it is -1 then there is a problem and you don't need to do the If statement. A lot of times the trouble comes not when allocating memory but when using a pointer to WRITE to memory. It's a C programmer trick to set up a pointer to a block of size X and write to it via the pointer, of course if you lose track of the pointer address you can easily go too far. Common errors are off by one in the count, assuming you are writing 8/16/32 bits without checking the underlying data type first,
or just writing to whatever address the pointer says w/o checking that *p > MAX_MEMORY_ADDRESS. These are errors a beginner programmer would make, and from the looks of how common these errors are in Windows that is the type of folks MS uses. It also says to me that they don't use any sort of Automated Code Analysis tools which can catch these sorts of errors. Or maybe they don't do any indpendant QA at all? It's pretty pathetic when the worlds most popular software is made by a company that probably doesn't meet SEI Level 2 criteria. I only wish that the laws allowed someone to sue for lost time/income from the "basic" errors that shouldn't have been present.

Re:Is it really this hard... (4, Interesting)

Gopal.V (532678) | more than 9 years ago | (#11176171)

Vulnerabilities are not hard to write - they are hard to detect and often easy to fix.

Most FOSS programs are the result of someone who really wants to write something good. Rarely have I seen someone being forced to write FOSS code to meet a release date schedule or to remain competitive. It's about It'll be done when it's done, sort of Code Poetry [thinkgeek.com] . Most of the code was written to run in a hostile environment where black hats can read the code (like the above peice) and screw everyone who runs bad code. The term security in obscurity as far as coding style does not even enter your mind.

Also vulnerabilities are easier to find when you have the source - like that professor who set his students to find vulnerabilities in FOSS. Unlike a corporate setup - you have a practically unlimited number of reviewers if your program is popular (and if it is not, a vulnerability is no big deal anyway, right). Also everyone runs a different binary, slightly different from what everyone else runs (security often needs you to recompile stuff with stack canaries)

So FOSS software evolves (yes, Natural Selection) to avoid these vulnerabilities by dying out or it "adapts" - Someone adds more good ideas and makes it better like.. (s/ideas/genes == Sexual reproduction) . Also the good ones read Wietse's papers [porcupine.org] .

"the Chinese company"? (1)

wertarbyte (811674) | more than 9 years ago | (#11176069)

Is it "the company" or "The Company"?

Oh noes (1)

baadger (764884) | more than 9 years ago | (#11176138)

[BLOCKQUOTE]"They are rather serious," Huger said. "Both can be exploited by anything that processes images or reads help files."[/BLOCKQUOTE] Oh noes! Firefox isn't safe. It must be the end of the world.

Yes, but... (1, Funny)

Anonymous Coward | more than 9 years ago | (#11176227)

...are the bugs digitally signed?

BWAHAHA! (2, Funny)

El Gordo Motoneta (821753) | more than 9 years ago | (#11176262)

I've tested all of the vulnerabilities on Windows 2000 and they did nothing!! I'm invincibNOCARRIER

The important question here is... (1)

gregorio (520049) | more than 9 years ago | (#11176276)

...does Internet Explorer use any of these functions to load internet images?

We cal discuss all day about some local API exploit but there is a big difference between a local API bug and a remote bug.

Does IE use these functions to load images? Or does it handle these kind of primitive formats using his own code? After all, is not that hard to "parse" BMPs and ICOs and it would be much better to handle all file formats inside an internal library, thus avoiding conflicting API methodologies.

I'm really curious about this. Does anyone knows the answer for my question? Can anyone test the faulty BMPs and ICOs inside a HTML page?

digital signatures (2, Funny)

antibryce (124264) | more than 9 years ago | (#11176317)


It sure is a good thing Microsoft digitally signs everything. Clearly they are lightyears ahead of open-source in terms of security.

Twas the morn before christmas (4, Funny)

killerface (573659) | more than 9 years ago | (#11176330)

Twas the morn be for Christmas and all through the cage.
Not a creature was stirring not even a 10th level mage.
Then Flash, i look at my bookmarks and what did appear!?
A story on slashdot spreading with fear.
"Peril Peril", It screamed with fervor and fight.
"What shall we do about this vulnerability tonight?"

It's christmas eve and in the story lay more,
For this affected Santa and hurt him to the core.
His Server Used Exchange to give and recieve,
a malicious cracker got in to make Santa Grieve.

The clean cut elves said format and reinstall, while the ones with long beards solved it in no time at all.

"There will be no Christmas this year" Santa Said with dismay.
The naughty and nice list was lost in the fray.

And yet with precision and care the elves brought out from back,
santas new gift! a blade server rack!

"It runs Linux in fact!" said the elves in unison
"cron jobs too, back up that old piece of Sh.."
one interupted "Stop it Sam",

So christmas would go on with ease and ablitity, that is until santa went on his killing spree.

The End
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?