Microsoft, I'm afraid you suck!
-
David Wulff posted a link to a nice MSDN article outlining MS' ten tips for writing secure apps. I thought "cool". Then I visited this link http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/htshat.asp[^] covering MS's "investigation" into the "shatter attack" allegations made over at bugtraq. Now the article says "The first Microsoft Knowledge Base article that documents this issue dates back to 1994" Good stuff I thought. Then I read "As part of our investigation of the report, Microsoft examined its own services, and found a small number of cases in which Microsoft-developed interactive services do run with inappropriately high privileges. We are developing patches to correct these services, and will release them to users shortly" WTF?????????????????????????????????? Frankly, I no longer believe a word MS says. They think they can get away with anything. Steve, hurry up and port Mac OS X to the x86 will you??? ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
-
David Wulff posted a link to a nice MSDN article outlining MS' ten tips for writing secure apps. I thought "cool". Then I visited this link http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/htshat.asp[^] covering MS's "investigation" into the "shatter attack" allegations made over at bugtraq. Now the article says "The first Microsoft Knowledge Base article that documents this issue dates back to 1994" Good stuff I thought. Then I read "As part of our investigation of the report, Microsoft examined its own services, and found a small number of cases in which Microsoft-developed interactive services do run with inappropriately high privileges. We are developing patches to correct these services, and will release them to users shortly" WTF?????????????????????????????????? Frankly, I no longer believe a word MS says. They think they can get away with anything. Steve, hurry up and port Mac OS X to the x86 will you??? ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
What exactly is your problem ?
-
What exactly is your problem ?
Hmmm, you honestly don't see what's wrong with this picture? If they knew about this issue way back in 1994, why are they still not following their own prescribed security practices? Do as I say, not as I do? It sucks. ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
-
Hmmm, you honestly don't see what's wrong with this picture? If they knew about this issue way back in 1994, why are they still not following their own prescribed security practices? Do as I say, not as I do? It sucks. ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
If somebody would give me a dime for each time any person sets some rule and later violates it I would be living on the Bahamas by now :) Seriously, it's not as if every service is in violation of that principle. "A small number" is suitably vague, I agree, but you make it sound as if they explicitly and frequently violated their own policy.
-
If somebody would give me a dime for each time any person sets some rule and later violates it I would be living on the Bahamas by now :) Seriously, it's not as if every service is in violation of that principle. "A small number" is suitably vague, I agree, but you make it sound as if they explicitly and frequently violated their own policy.
-
If somebody would give me a dime for each time any person sets some rule and later violates it I would be living on the Bahamas by now :) Seriously, it's not as if every service is in violation of that principle. "A small number" is suitably vague, I agree, but you make it sound as if they explicitly and frequently violated their own policy.
Yeah but if this was an unchecked buffer, I wouldn't make a fuss. But if they are going to say that the design of the Win32 API isn't flawed (and I don't think in this regard that it is), then they really should act like it. More importantly, if their own developers aren't aware of the quirks of the API then what about third party devs? I've just read an article over at cnet.com outlining Win2000 server attacks that MS aren't even sure what sort of attacks they are. If it's a lack of communiction between developers at MS, well, that's a very risky situation to have when you have Linux and Apple nipping at your heels. Ordinarily this wouldn't bug me, but in the near future myself and a friend of mine are planning on setting up shop back home, so suddenly, security issues with Windows get me VERY jittery. ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
-
Yeah but if this was an unchecked buffer, I wouldn't make a fuss. But if they are going to say that the design of the Win32 API isn't flawed (and I don't think in this regard that it is), then they really should act like it. More importantly, if their own developers aren't aware of the quirks of the API then what about third party devs? I've just read an article over at cnet.com outlining Win2000 server attacks that MS aren't even sure what sort of attacks they are. If it's a lack of communiction between developers at MS, well, that's a very risky situation to have when you have Linux and Apple nipping at your heels. Ordinarily this wouldn't bug me, but in the near future myself and a friend of mine are planning on setting up shop back home, so suddenly, security issues with Windows get me VERY jittery. ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
Senkwe Chanda wrote: in the near future myself and a friend of mine are planning on setting up shop back home, so suddenly, security issues with Windows get me VERY jittery. And while we're at it, don't forget about secure doors ;) Tomasz Sowinski -- http://www.shooltz.com
** Putt knot yore thrust inn spel chequers. **
-
Senkwe Chanda wrote: in the near future myself and a friend of mine are planning on setting up shop back home, so suddenly, security issues with Windows get me VERY jittery. And while we're at it, don't forget about secure doors ;) Tomasz Sowinski -- http://www.shooltz.com
** Putt knot yore thrust inn spel chequers. **
Tomasz Sowinski wrote: And while we're at it, don't forget about secure doors LOL. The thing with bad puns is that they're still funny :laugh::laugh: ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
-
David Wulff posted a link to a nice MSDN article outlining MS' ten tips for writing secure apps. I thought "cool". Then I visited this link http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/htshat.asp[^] covering MS's "investigation" into the "shatter attack" allegations made over at bugtraq. Now the article says "The first Microsoft Knowledge Base article that documents this issue dates back to 1994" Good stuff I thought. Then I read "As part of our investigation of the report, Microsoft examined its own services, and found a small number of cases in which Microsoft-developed interactive services do run with inappropriately high privileges. We are developing patches to correct these services, and will release them to users shortly" WTF?????????????????????????????????? Frankly, I no longer believe a word MS says. They think they can get away with anything. Steve, hurry up and port Mac OS X to the x86 will you??? ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
mac os x on intel already: http://apple.slashdot.org/apple/02/08/31/195208.shtml?tid=179[^] get real - everyone makes mistakes, microsoft write more code therefore more mitakes...
"When the only tool you have is a hammer, a sore thumb you will have."
-
mac os x on intel already: http://apple.slashdot.org/apple/02/08/31/195208.shtml?tid=179[^] get real - everyone makes mistakes, microsoft write more code therefore more mitakes...
"When the only tool you have is a hammer, a sore thumb you will have."
Nobody understands me ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
-
David Wulff posted a link to a nice MSDN article outlining MS' ten tips for writing secure apps. I thought "cool". Then I visited this link http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/htshat.asp[^] covering MS's "investigation" into the "shatter attack" allegations made over at bugtraq. Now the article says "The first Microsoft Knowledge Base article that documents this issue dates back to 1994" Good stuff I thought. Then I read "As part of our investigation of the report, Microsoft examined its own services, and found a small number of cases in which Microsoft-developed interactive services do run with inappropriately high privileges. We are developing patches to correct these services, and will release them to users shortly" WTF?????????????????????????????????? Frankly, I no longer believe a word MS says. They think they can get away with anything. Steve, hurry up and port Mac OS X to the x86 will you??? ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
C'mon... Take it easy... Give me any of your programs and I'll find security flaws in it. Even after you check and recheck it. And why? I am a genius? Do you suck as a programmer? No, I'm simply on the easier side. Maybe I have more free time than you. Maybe I'm not concerned about the features the end-user will have. Maybe I'm only concerned in proving you suck. Maybe I'm just lucky. Finding and creating problems with tools is much easier than creating one with no such problems. "When a fool throws a stone in a lake, not even 10 scholars can find it." Concussus surgo. When struck I rise.
-
C'mon... Take it easy... Give me any of your programs and I'll find security flaws in it. Even after you check and recheck it. And why? I am a genius? Do you suck as a programmer? No, I'm simply on the easier side. Maybe I have more free time than you. Maybe I'm not concerned about the features the end-user will have. Maybe I'm only concerned in proving you suck. Maybe I'm just lucky. Finding and creating problems with tools is much easier than creating one with no such problems. "When a fool throws a stone in a lake, not even 10 scholars can find it." Concussus surgo. When struck I rise.
*sigh* I give up. When a fool throws a stone in a lake, not even 10 scholars can find it - Daniel Turini (via???)
-
Nobody understands me ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
I understand you man , a long time ago ... if windows emulated unix security and improved it, then this case would be a different story, but since they at that time didn't understand the full implications of running applications with high privileges and IMHO didn't give a shit neither understanded anything about it , and they were busy building the sucessfull empire that we have today ... You get the picture Senkwe ? If it weren't Microsoft most of us wouldn't do what we like the most , programming . I personally would be a failed lawyer or a sad, stressed economist ... One positive thing , this time IMHO they are taking seriously the security issues and they are working harder and harder to improve their code and to release patches to resolve it, so cheer up, there is a new hope in the horizon :-) Cheers, Joao Vaz A Programming Language is a tool that has profound influence on our thinking habits -The late giant Edsger Dijkstra 1930 - 2002 And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. -
-
I understand you man , a long time ago ... if windows emulated unix security and improved it, then this case would be a different story, but since they at that time didn't understand the full implications of running applications with high privileges and IMHO didn't give a shit neither understanded anything about it , and they were busy building the sucessfull empire that we have today ... You get the picture Senkwe ? If it weren't Microsoft most of us wouldn't do what we like the most , programming . I personally would be a failed lawyer or a sad, stressed economist ... One positive thing , this time IMHO they are taking seriously the security issues and they are working harder and harder to improve their code and to release patches to resolve it, so cheer up, there is a new hope in the horizon :-) Cheers, Joao Vaz A Programming Language is a tool that has profound influence on our thinking habits -The late giant Edsger Dijkstra 1930 - 2002 And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. -
Actually, MS had a GREAT understanding of privs. After all, the people who were working for MS were the people who WROTE the operating systems UNIX based their stuff on. Remember, the old PDPs? The problem is that there was NO WAY IN HELL MS was going totally re-write the whole Windows layer. It would have created a dead product. So now we have to deal with the garbage design that was created for single user systems back in the early 80s. Now THAT really stinks. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
-
Nobody understands me ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
Or maybe you aren't making your point in a clear and concise manner. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
-
Actually, MS had a GREAT understanding of privs. After all, the people who were working for MS were the people who WROTE the operating systems UNIX based their stuff on. Remember, the old PDPs? The problem is that there was NO WAY IN HELL MS was going totally re-write the whole Windows layer. It would have created a dead product. So now we have to deal with the garbage design that was created for single user systems back in the early 80s. Now THAT really stinks. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
Tim Smith wrote: After all, the people who were working for MS were the people who WROTE the operating systems UNIX based their stuff on. Remember, the old PDPs? Ops, I forgot that side of the computing history , true, true . Tim Smith wrote: was going totally re-write the whole Windows layer. Too bad , that at that time , MS didn't have the today resources, because I believe that if they had , they would rewrite the damn thing :-( Tim Smith wrote: So now we have to deal with the garbage design that was created for single user systems back in the early 80s. Now THAT really stinks. So, true and yes , the smell many times is too nasty :) Cheers, Joao Vaz A Programming Language is a tool that has profound influence on our thinking habits -The late giant Edsger Dijkstra 1930 - 2002 And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. -
-
Why go for the bahamas? I heard the moon is cool and queit... ;)
One day I might find it quite amusing how touching tongues make life so confusing Anne Clark again [sighist]
-
Yeah but if this was an unchecked buffer, I wouldn't make a fuss. But if they are going to say that the design of the Win32 API isn't flawed (and I don't think in this regard that it is), then they really should act like it. More importantly, if their own developers aren't aware of the quirks of the API then what about third party devs? I've just read an article over at cnet.com outlining Win2000 server attacks that MS aren't even sure what sort of attacks they are. If it's a lack of communiction between developers at MS, well, that's a very risky situation to have when you have Linux and Apple nipping at your heels. Ordinarily this wouldn't bug me, but in the near future myself and a friend of mine are planning on setting up shop back home, so suddenly, security issues with Windows get me VERY jittery. ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
Senkwe Chanda wrote: More importantly, if their own developers aren't aware of the quirks of the API then what about third party devs? And that, in a nutshell, is the problem. There will always be pitfalls in every system. If they're clearly marked, then they can be avoided. But if they're ignored, we'll just keep right on falling into them. :|
---------------- Shog9 ---------------- ------- Drink Coca-Cola ------- ---- Use SciTE ----
-
Actually, MS had a GREAT understanding of privs. After all, the people who were working for MS were the people who WROTE the operating systems UNIX based their stuff on. Remember, the old PDPs? The problem is that there was NO WAY IN HELL MS was going totally re-write the whole Windows layer. It would have created a dead product. So now we have to deal with the garbage design that was created for single user systems back in the early 80s. Now THAT really stinks. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
Tim Smith wrote: Actually, MS had a GREAT understanding of privs. After all, the people who were working for MS were the people who WROTE the operating systems UNIX based their stuff on. Remember, the old PDPs Didn't know that. All I knew was that MS at one stage actually supplied UNIX systems. (Read that in a Tanenbaum book) Thanks for the info. I'll grit my teeth and give them the benefit of the doubt. :-) Still not too pleased though. Cheers Senkwe ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
-
David Wulff posted a link to a nice MSDN article outlining MS' ten tips for writing secure apps. I thought "cool". Then I visited this link http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/htshat.asp[^] covering MS's "investigation" into the "shatter attack" allegations made over at bugtraq. Now the article says "The first Microsoft Knowledge Base article that documents this issue dates back to 1994" Good stuff I thought. Then I read "As part of our investigation of the report, Microsoft examined its own services, and found a small number of cases in which Microsoft-developed interactive services do run with inappropriately high privileges. We are developing patches to correct these services, and will release them to users shortly" WTF?????????????????????????????????? Frankly, I no longer believe a word MS says. They think they can get away with anything. Steve, hurry up and port Mac OS X to the x86 will you??? ASP.NET can never fail as working with it is like fitting bras to supermodels - it's one pleasure after the next - David Wulff
Senkwe Chanda wrote: Steve, hurry up and port Mac OS X to the x86 will you??? Now, That's a great idea! X| - - - - - - - - - - - - - - - - - - Memory leaks is the price we pay \0 01234567890123456789012345678901234