Re: controversial paper
From: Sam Simpson (sam_at_samsimpson.com)
Date: 09/29/03
- Previous message: Don Chiasson: "Re: controversial paper"
- In reply to: George Ou: "Re: controversial paper"
- Next in thread: George Ou: "Re: controversial paper"
- Reply: George Ou: "Re: controversial paper"
- Reply: Mxsmanic: "Re: controversial paper"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Sep 2003 22:27:58 +0000 (UTC)
"George Ou" <533george_ou234@netzero234.com> wrote in message
news:6i8cnvgbg5548gc77lobfl1li7lfn3grpl@4ax.com...
> On Sat, 27 Sep 2003 22:47:35 +0000 (UTC), "Sam Simpson"
> <sam@samsimpson.com> wrote:
>
> >
> >"George Ou" <533george_ou234@netzero234.com> wrote in message
> >news:fstbnv83gkaktmb4e6bfvi0e6f9j09383n@4ax.com...
> >> On Sat, 27 Sep 2003 16:12:37 -0400, "Douglas A. Gwyn"
> >> <DAGwyn@null.net> wrote:
> >>
> >> >George Ou wrote:
> >> >> It's a blessing now because all the usual holes that most hackers
take
> >> >> advantage of are now locked down.
> >> >
> >> >You mean, *some* of the vulnerabilities that have left systems
> >> >wide open to exploitation for a long time re now more widely
> >> >patched than before. Yet there is currently a post-Blaster
> >> >onslaught in the SMTP universe; obviously there are more
> >> >Microsoft vulnerabilities causing trouble. This is inevitable
> >> >since Microsoft emphasizes bells and whistles (active elements
> >> >in mail and Web pages) over security, and their customer base
> >> >is too naive to demand differently.
> >>
> >> No, I mean ALL critical vulnerabilities are patched in Windows.
> >
> >See
>
>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security
/bulletin/MS03-010.asp
> >
> >A critical bug (e.g. can be used as a DoS) was found in NTv4 during the
> >period in which it was still officially supported but was left unpatched
> >"due to architectural limitations".
> >
> >
> >You gotta love 'em......
>
> I don't give a rat's ass about NT4.
You may not give a rat's ass but there are still huge numbers of users on
NTv4. Even better, there are huge numbers of "secure" government customers
that *have* to use NTv4 because Win2k isn't certified for use.
> Microsoft isn't the only one that
> abandons older software, it is common in the industry.
Yeah, it's common and totally expected - but not when a product is
explicitly within support for security patches.
So there was a version of Windows within the support period with a known
vulnerability that has never been patched. What was you point about all
critical vulnerabilities being patched again? ;)
- Previous message: Don Chiasson: "Re: controversial paper"
- In reply to: George Ou: "Re: controversial paper"
- Next in thread: George Ou: "Re: controversial paper"
- Reply: George Ou: "Re: controversial paper"
- Reply: Mxsmanic: "Re: controversial paper"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
