GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Slackware: in progress, Mandrake 9.2, Libranet, Vector
Posts: 373
Rep:
Microsoft is not able to patch its code!
From Astalavista.com
Quote:
eEye, a very well known security company, discovered 200 days ago two flaws in Microsoft products. As usually eEye notified to Microsoft these problems and now it (and WE!) is still waiting for these patches. eEye is attacking Microsoft for not releasing patches for these two critical security flaws. These flaws affect all versions of Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003 and it's possible to exploit them remotely.
One vulnerability can allow an attacker to conduct a Denial of Service attack against default installations of the affected software and the system will have a total crash.
The second can allow an anonymous attacker to compromise default installations of the affected software and will give, to the remote attacker, SYSTEM access, the highest possible level of access.
According to eEye more than 300 million machines are vulnerable to these flaws but there are no evidences that someone is trying to attack machines using it.
In the past the Microsoft patching system has had the same problem of slowness, we want to remind you that Microsoft took some months to patch a high-risk flaw in the ASN.1 library. eEye adds that there are two more known vulnerabilities, that in a month or two will hit the 200-day mark.
Thought you should also see this.
Quote:
Earlier today (March 29, 2004), one Microsoft web site ( http://register.microsoft.co.kr ) was compromised and defaced on the Microsoft Korea (microsoft.co.kr) network. The machine was defaced (and is still defaced 15.25 GMT) initially (...) by a Brazilian defacer/group know as "c0derz". The defacer obtained an unauthorized access to this system by using a misconfiguration in the Frontpage Estensions. After some minutes many other defacers crew has started to redeface the same site. "Silver Lords", "int3rc3pt0r" take part to this "tour" in the Microsoft site. The funny thing is that also Microsoft is defaced by using a very common error in the configuration of the Frontpage Extensions, we must consider the following: where is the security if also Microsoft is hacked by using a misconfiguration in their own product while they should know everything about it?
You can see the mirror of this defacement at the following url:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
