Microsoft warns about security holes
-
http://news.bbc.co.uk/1/hi/technology/2211571.stm[^] Here we go again, did nobody in Microsoft think about security when they wrote these products :( JohnJ X| Life is hard and then you die! X| http://www.rainbow-innov.co.uk[^]
-
http://news.bbc.co.uk/1/hi/technology/2211571.stm[^] Here we go again, did nobody in Microsoft think about security when they wrote these products :( JohnJ X| Life is hard and then you die! X| http://www.rainbow-innov.co.uk[^]
As Graham said, this is nothing but a good thing. In answer to your question - obviously yes, but unless you build your software in a box with only one 'access point' which is heavily defended, then there will always be ways to find your way in if you look hard enough.
David Wulff http://www.davidwulff.co.uk
I'm not schizophrenic, are we.
-
http://news.bbc.co.uk/1/hi/technology/2211571.stm[^] Here we go again, did nobody in Microsoft think about security when they wrote these products :( JohnJ X| Life is hard and then you die! X| http://www.rainbow-innov.co.uk[^]
Um, do you expect the software to be perfect. If so, you are living in a dream world and should leave the computer industry. ALL software will have security holes. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
-
As Graham said, this is nothing but a good thing. In answer to your question - obviously yes, but unless you build your software in a box with only one 'access point' which is heavily defended, then there will always be ways to find your way in if you look hard enough.
David Wulff http://www.davidwulff.co.uk
I'm not schizophrenic, are we.
David Wulff wrote: you build your software in a box with only one 'access point' which is heavily defended, then there will always be ways to find your way in if you look hard enough Not necessarily. Assuming that you have a secure OS and the app is using secure libraries I don't see how protecting an application can be that hard. Of course no application is perfectly secure but it can be made hard enough. IIRC the reported problem is an "unchecked buffer" which in other words is a buffer overflow. It's easy to check against this type of attack: something as simple as using strncpy() rather than using strcpy() is enough sometimes. The really difficult problems to solve from an application developer point of view are OS flaws which can be used to attack you app but there's nothing much you can do about it except complain (in the MS case) or patch the OS yourself (Linux). bibamus, edamus, cras moriemur
[eat, drink, for tomorrow we die]
-
http://news.bbc.co.uk/1/hi/technology/2211571.stm[^] Here we go again, did nobody in Microsoft think about security when they wrote these products :( JohnJ X| Life is hard and then you die! X| http://www.rainbow-innov.co.uk[^]
Come on. Microsoft makes a low-key announcement for some security patches, and these bozos act like it's some kind of brand new idea. BTW: Where I come from, it's Life's a bitch, then you die.
"Think of it as evolution in action." - 'Oath of Fealty' by Larry Niven and Jerry Pournelle
-
http://news.bbc.co.uk/1/hi/technology/2211571.stm[^] Here we go again, did nobody in Microsoft think about security when they wrote these products :( JohnJ X| Life is hard and then you die! X| http://www.rainbow-innov.co.uk[^]
In a nutshell, SW Development is difficult. Even when you're being vigilant about security, you'll get such lapses. I'm just glad there's a patch out. ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
-
David Wulff wrote: you build your software in a box with only one 'access point' which is heavily defended, then there will always be ways to find your way in if you look hard enough Not necessarily. Assuming that you have a secure OS and the app is using secure libraries I don't see how protecting an application can be that hard. Of course no application is perfectly secure but it can be made hard enough. IIRC the reported problem is an "unchecked buffer" which in other words is a buffer overflow. It's easy to check against this type of attack: something as simple as using strncpy() rather than using strcpy() is enough sometimes. The really difficult problems to solve from an application developer point of view are OS flaws which can be used to attack you app but there's nothing much you can do about it except complain (in the MS case) or patch the OS yourself (Linux). bibamus, edamus, cras moriemur
[eat, drink, for tomorrow we die]
Brian Azzopardi wrote: It's easy to check against this type of attack: something as simple as using strncpy() rather than using strcpy() is enough sometimes I agree, which makes it wierd that buffer overflows are the most common type of errors that are reported, when in theory they are the easiest to avoid. *shrug* ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
-
http://news.bbc.co.uk/1/hi/technology/2211571.stm[^] Here we go again, did nobody in Microsoft think about security when they wrote these products :( JohnJ X| Life is hard and then you die! X| http://www.rainbow-innov.co.uk[^]
I don't believe MS anymore. To me it's just an additional check against pirate installations, user profiles, and whatever (as shown in their latest XP SP1 EULA addendum) component they want to replace for their own interest. Has anyone tried to install this patch with non Admin profile ? Just a thought.
And I swallow a small raisin.
-
David Wulff wrote: you build your software in a box with only one 'access point' which is heavily defended, then there will always be ways to find your way in if you look hard enough Not necessarily. Assuming that you have a secure OS and the app is using secure libraries I don't see how protecting an application can be that hard. Of course no application is perfectly secure but it can be made hard enough. IIRC the reported problem is an "unchecked buffer" which in other words is a buffer overflow. It's easy to check against this type of attack: something as simple as using strncpy() rather than using strcpy() is enough sometimes. The really difficult problems to solve from an application developer point of view are OS flaws which can be used to attack you app but there's nothing much you can do about it except complain (in the MS case) or patch the OS yourself (Linux). bibamus, edamus, cras moriemur
[eat, drink, for tomorrow we die]
patch the OS yourself (Linux). That is what my mother does!!! :rolleyes: :laugh: Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
-
David Wulff wrote: you build your software in a box with only one 'access point' which is heavily defended, then there will always be ways to find your way in if you look hard enough Not necessarily. Assuming that you have a secure OS and the app is using secure libraries I don't see how protecting an application can be that hard. Of course no application is perfectly secure but it can be made hard enough. IIRC the reported problem is an "unchecked buffer" which in other words is a buffer overflow. It's easy to check against this type of attack: something as simple as using strncpy() rather than using strcpy() is enough sometimes. The really difficult problems to solve from an application developer point of view are OS flaws which can be used to attack you app but there's nothing much you can do about it except complain (in the MS case) or patch the OS yourself (Linux). bibamus, edamus, cras moriemur
[eat, drink, for tomorrow we die]
Not necessarily. Assuming that you have a secure OS and the app is using secure libraries I don't see how protecting an application can be that hard. Of course no application is perfectly secure but it can be made hard enough. Well, first off, #1 and #2 can not be proven. It is like trying to prove that a program has no bugs. Can't be done. Then the same holds true for your software. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture