New exploit technique nullifies major Windows defense

Alias · 4th March 2010

http://www.computerworld.com/s/artic...indows_defense

--
Alias

Frank · 4th March 2010

On 3/4/2010 9:40 AM, Alias wrote:
> http://www.computerworld.com/s/artic...indows_defense
>
>
Yawn.

Spring Sprung · 4th March 2010

From Sancho's viewpoint, the DEP bypass doesn't exploit a vulnerability in
Microsoft's code, but rather takes advantage of a design flaw. "Microsoft
can fix this, and I have faith they will," he said.

A big so what. This morning one of my websites was hacked and defaced - the
server was running linux.

"Alias" <aka@masked&anonymous.com.invalido> wrote in message
news:hmorau$7bt$1@news.eternal-september.org...
> http://www.computerworld.com/s/artic...indows_defense
>
> --
> Alias

Alias · 4th March 2010

Spring Sprung wrote:
>

>
> From Sancho's viewpoint, the DEP bypass doesn't exploit a vulnerability
> in Microsoft's code, but rather takes advantage of a design flaw.
> "Microsoft can fix this, and I have faith they will," he said.

I don't.

>
>

>
> A big so what. This morning one of my websites was hacked and defaced -
> the server was running linux.

You need a hosting service that actually has IT folks who know what
they're doing.

>
>
>
> "Alias" <aka@masked&anonymous.com.invalido> wrote in message
> news:hmorau$7bt$1@news.eternal-september.org...
>> http://www.computerworld.com/s/artic...indows_defense
>>
>>
>> --
>> Alias
>

--
Alias

Jasper · 4th March 2010

"Alias" <aka@masked&anonymous.com.invalido> wrote in message
news:hmosud$dl3$2@news.eternal-september.org...
> Spring Sprung wrote:
>>

>>
>> From Sancho's viewpoint, the DEP bypass doesn't exploit a vulnerability
>> in Microsoft's code, but rather takes advantage of a design flaw.
>> "Microsoft can fix this, and I have faith they will," he said.

>
> I don't.
>
>>
>>

>>
>> A big so what. This morning one of my websites was hacked and defaced -
>> the server was running linux.
>
> You need a hosting service that actually has IT folks who know what
> they're doing.
>
>>
>>
>>
>> "Alias" <aka@masked&anonymous.com.invalido> wrote in message
>> news:hmorau$7bt$1@news.eternal-september.org...
>>> http://www.computerworld.com/s/artic...indows_defense
>>>
>>> --
>>> Alias
>>
>
>
> --
> Alias

You really need to read the full article not just the headline.
"The proof-of-concept that Wever published doesn't actually do damage, since
it is wrapped around an exploit of a bug in Internet Explorer 6 that was
patched years ago."

"This exploit targets a bug that was fixed in IE6 in 2005, which explains
why it does not affect any recent install," said Wever in a comment he added
to his blog entry. "This release is for academic purpose only, it is not an
0-day that script-kiddies can use to pwn your grandma's computer."

Spring Sprung · 4th March 2010

"Alias" <aka@masked&anonymous.com.invalido> wrote in message
news:hmosud$dl3$2@news.eternal-september.org...
> .
>
> You need a hosting service that actually has IT folks who know what
> they're doing.
>

Yet you think linux will make it on the desktop. If linux guys themselves
have a time of it with linux .. well .. sheesh.

DanS · 4th March 2010

"Spring Sprung" <spring.sprung@not.an.address.net> wrote in
news:hmotno$i6q$1@speranza.aioe.org:

> "Alias" <aka@masked&anonymous.com.invalido> wrote in message
> news:hmosud$dl3$2@news.eternal-september.org...
>> .
>>
>> You need a hosting service that actually has IT folks who know what
>> they're doing.
>>
>
> Yet you think linux will make it on the desktop. If linux guys
> themselves have a time of it with linux .. well .. sheesh.

There's IT schmucks everywhere, it doesn't matter what OS.

(FWIW, a system being 'hacked' by someone that was able to guess/brute
force crack a password is not an exploit.)

Alias · 4th March 2010

Spring Sprung wrote:
> "Alias" <aka@masked&anonymous.com.invalido> wrote in message
> news:hmosud$dl3$2@news.eternal-september.org...
>> .
>>
>> You need a hosting service that actually has IT folks who know what
>> they're doing.
>>
>
> Yet you think linux will make it on the desktop.

It already has.

> If linux guys
> themselves have a time of it with linux .. well .. sheesh.

Who are these "linux guys"? Why should we believe you?

--
Alias

Spring Sprung · 4th March 2010

Linux guys are people who run linux.

"Alias" <aka@masked&anonymous.com.invalido> wrote in message
news:hmovas$mst$1@news.eternal-september.org...
> Spring Sprung wrote:
>> "Alias" <aka@masked&anonymous.com.invalido> wrote in message
>> news:hmosud$dl3$2@news.eternal-september.org...
>>> .
>>>
>>> You need a hosting service that actually has IT folks who know what
>>> they're doing.
>>>
>>
>> Yet you think linux will make it on the desktop.
>
> It already has.
>
>> If linux guys themselves have a time of it with linux .. well .. sheesh.
>
> Who are these "linux guys"? Why should we believe you?
>
> --
> Alias

Alias · 4th March 2010

Spring Sprung wrote:
> Linux guys are people who run linux.

And some know what they're doing and some don't. Yours don't.

>
>
>
> "Alias" <aka@masked&anonymous.com.invalido> wrote in message
> news:hmovas$mst$1@news.eternal-september.org...
>> Spring Sprung wrote:
>>> "Alias" <aka@masked&anonymous.com.invalido> wrote in message
>>> news:hmosud$dl3$2@news.eternal-september.org...
>>>> .
>>>>
>>>> You need a hosting service that actually has IT folks who know what
>>>> they're doing.
>>>>
>>>
>>> Yet you think linux will make it on the desktop.
>>
>> It already has.
>>
>>> If linux guys themselves have a time of it with linux .. well .. sheesh.
>>
>> Who are these "linux guys"? Why should we believe you?
>>
>> --
>> Alias
>

--
Alias