Microsoft confirms IE zero-day behind Google attack

Frank wrote:
RonB wrote:

But it does
illustrate the point that malware, viruses and trojans are not a Linux
problem.

Nor are they a problem for me and I have only WSE loaded and it block's
all the crap.


I don't use any security software at all (now with Win7, nor with XP
since SP2 came out). Windows is perfectly secure - if people don't
want to take the simplest precautions, they're gonna keep getting
malware. And if they all switched to Linux, magically there would be
more concentration on hacking/infecting it.


The way you talk, every Windows box in the world is comprised, which
simply is not true.


COLA is pretty well-known for people almost implying such things. And
for attacking anyone who disagrees, as if we're invading their
personal space by posting anything other than like-minded thoughts
(although RonB is not one of those people, it should be noted).

--
Joel Crump

Alias wrote:
http://www.computerworld.com/s/article/9144938/Microsoft_confirms_IE_zero_day_behind_Google_attac k


Do you use IE? DON'T!



That's been excellent advice for the past several years.

-Al-

Conor wrote:
In , Enkidu says...

Letting developers off the hook for writing ****ty insecure software
doesn't help anyone. Granny shouldn't have to know to disable java in
Adobe Reader or any of a thousand other stupid holes developers have
left open. The developers should be liable for the damages their
software errors cause.

Does that include the Linux devs as well?

Would you accept it as "just life" if your car stopped working at 10,000
miles because the odometer buffer overflowed? Why is softeware treated
differently?

Because a car only has 1500 or so parts, not millions. It is far more
simpler. It also doesn't have hundreds of thousands of people
deliberately trying to break it for personal monetary gain.




No, it's because software was so damned buggy and problematical in
the early days of personal computing, that if the software writers
had been held legally responsible for the damage they caused, the
software would never have been written.

-Al-

Joel wrote:

Frank wrote:
RonB wrote:

But it does
illustrate the point that malware, viruses and trojans are not a Linux
problem.

Nor are they a problem for me and I have only WSE loaded and it block's
all the crap.


I don't use any security software at all (now with Win7, nor with XP
since SP2 came out).

Proving beyond any doubt that "stupid" does not describe you.
You are way beyond that. "Criminally and terminally Dumb" might describe
it somewhat better

Windows is perfectly secure - if people don't
want to take the simplest precautions, they're gonna keep getting
malware.

And you can get by by simply using your psychic powers. You just don't
click on those links which would lead you to a malware site, you simply
leave a site seconds before the infected ad-picture will be served.

All "precautions" every "good, psychic windows user" will employ
naturally.

Pull another one, and just don't assume that people are as stupid as you
need them to be to buy that garbage you are spouting

And if they all switched to Linux, magically there would be
more concentration on hacking/infecting it.

Certainly. More attempts would be made. That does not mean that they would
be successful


The way you talk, every Windows box in the world is comprised, which
simply is not true.


COLA is pretty well-known for people almost implying such things.

You might try to find *any* such claim.
Your "pulling a Hadron" is noted

And for attacking anyone who disagrees,

And here is the knock down of the strawman you just built

as if we're invading their
personal space by posting anything other than like-minded thoughts
(although RonB is not one of those people, it should be noted).


Did it occur to you where you are posting your ****e?
Did you notice "windows" anywhere in "COLA"?
--
Only two things are infinite,
the Universe and Stupidity.
And I'm not quite sure about the former.
- Albert Einstein

Frank pulled this Usenet boner:

Chris Ahlstrom wrote:
Frank pulled this Usenet boner:

Oh and I see you're cross posting to comp.os.linux.advocacy, that den of
MS hate mongers.

MS does a fine job of mongering MS hate on its own.

http://www.groklaw.net/staticpages/i...05010107100653

Microsoft Litigation

Please note that this is not a complete list, and if you have other cases
you'd like to have included, please let us know. You can click on the
email icon to email PJ. Thank you.

Thanks for proving my point, you MS hate filled linturd asshole loser.

(Are many Microsoft fans like this guy?)

--
Caution: Keep out of reach of children.

On 16/01/2010 3:34 PM, Frank wrote:
Enkidu wrote:
Conor wrote:

In article , Enkidu says...
Conor wrote:

In article , Enkidu
says...

Letting developers off the hook for writing ****ty insecure software
doesn't help anyone. Granny shouldn't have to know to disable java in
Adobe Reader or any of a thousand other stupid holes developers have
left open. The developers should be liable for the damages their
software errors cause.

Does that include the Linux devs as well?
It's hard to get a refund for something you didn't pay for in the first
place.
And? That doesn't excuse it. It is even less excusable considering
that open source is supposed to have everyone able to look at the code.

And yet, Linux *is* more stable than Windows.

*BULL*****, it isn't. Maybe you need to go to a real linux help forum to
get the truth and I don't mean that den of MS hatred, the linux advocacy
ng where you'll find the assholes losers of Earth posting.

Do you know anyone who has
a Windows box running for a year without a reboot?

So what does re-booting have to do with stability?
Also if you're running linux for a year without re-booting then your
kernel and software is most likely out of date.
Oops!

I have ran linux under load uninterupted for 4.25 years without a reboot
and no appliciation down time.

It only had to be rebooted as the UPS batteries melted and needed
replacing. In the servers previous deployment it ran NT but they
couldn't get it running as stable so it was a hand me down.

It was a private gateway with DNS, squid, FTP forwarding and firewall.
Cron cleaned the cache and restarted squid each week. Management forgot
that it existed until the UPS went down.

Fedora 6.1 or something.

It isn't MS hatred, although I could see why you could argue that.
After years of 2am calls for what is a MS problem some people do get
bitter. I think it is the zealot fascism that irks us the most.

Many of us have a brain that can expand beyond heil MS, and use the
right tools for the right job. To a MS zealot like yourself you feel a
Microsoft hammer fixes everything.

Enkidu wrote:
Frank wrote:

MS does a fine job of mongering MS hate on its own.

http://www.groklaw.net/staticpages/i...05010107100653

Microsoft Litigation

Please note that this is not a complete list, and if you have other cases
you'd like to have included, please let us know. You can click on the
email icon to email PJ. Thank you.

Thanks for proving my point, you MS hate filled linturd asshole loser.

You had a point? What was it?


The only points that Frank ever makes are lies, insults, animal sex
fantasies and bluster. He also laughs at his own lame jokes.

--
Alias

Chris Ahlstrom wrote:
Frank pulled this Usenet boner:

Chris Ahlstrom wrote:
Frank pulled this Usenet boner:

Oh and I see you're cross posting to comp.os.linux.advocacy, that den of
MS hate mongers.
MS does a fine job of mongering MS hate on its own.

http://www.groklaw.net/staticpages/i...05010107100653

Microsoft Litigation

Please note that this is not a complete list, and if you have other cases
you'd like to have included, please let us know. You can click on the
email icon to email PJ. Thank you.

Thanks for proving my point, you MS hate filled linturd asshole loser.

(Are many Microsoft fans like this guy?)


No, Frank is unique. Not many people are as clueless and disgusting as
Frank.

--
Alias

Kerry Brown wrote:
The code used in the attack is only effective against IE6 and possibly
IE7 and 8 on computers running XP SP2 or older OS's. It's also possible
that if someone deliberately relaxed the security way beyond what would
be considered normal that newer OS's with newer versions of IE may be
affected.

http://blogs.zdnet.com/Bott/?p=1645

I'd say the message here is to keep things up to date and don't relax
security in the name of convenience. You'd have to be a couple years
behind on updates or an idiot to be affected by this. It's mind boggling
that the companies that got hacked are that mindless about updates. The
story that's slowly emerging is that there were probably several
different methods used to penetrate their security.


Wrong. IE8 is also affected as is Windows 6.1, er 7:

http://news.bbc.co.uk/2/hi/technology/8463516.stm

From the article:

"Graham Cluley of anti-virus firm Sophos, told BBC News that not only
did the warning apply to 6, 7 and 8 of the browser, but the instructions
on how to exploit the flaw had been posted on the internet."

--
Alias

"Canuck57" wrote in message
...
On 16/01/2010 3:34 PM, Frank wrote:
Enkidu wrote:


Do you know anyone who has
a Windows box running for a year without a reboot?

So what does re-booting have to do with stability?
Also if you're running linux for a year without re-booting then your
kernel and software is most likely out of date.
Oops!

I have ran linux under load uninterupted for 4.25 years without a reboot
and no appliciation down time.

It only had to be rebooted as the UPS batteries melted and needed
replacing. In the servers previous deployment it ran NT but they couldn't
get it running as stable so it was a hand me down.

It was a private gateway with DNS, squid, FTP forwarding and firewall.
Cron cleaned the cache and restarted squid each week. Management forgot
that it existed until the UPS went down.

Congratulations on doing such a ****-poor job maintaining your servers.
Obvioiusly to you it's much more important at work to get a 4.25 year uptime
than it is to actually apply all of the important and critical security
patches that were released over that 4 year period. After all, why bother
keeping the work network secure.

Ezekiel wrote:


"Canuck57" wrote in message
...
On 16/01/2010 3:34 PM, Frank wrote:
Enkidu wrote:


Do you know anyone who has
a Windows box running for a year without a reboot?

So what does re-booting have to do with stability?
Also if you're running linux for a year without re-booting then your
kernel and software is most likely out of date.
Oops!

I have ran linux under load uninterupted for 4.25 years without a reboot
and no appliciation down time.

It only had to be rebooted as the UPS batteries melted and needed
replacing. In the servers previous deployment it ran NT but they couldn't
get it running as stable so it was a hand me down.

It was a private gateway with DNS, squid, FTP forwarding and firewall.
Cron cleaned the cache and restarted squid each week. Management forgot
that it existed until the UPS went down.

Congratulations on doing such a ****-poor job maintaining your servers.
Obvioiusly to you it's much more important at work to get a 4.25 year uptime
than it is to actually apply all of the important and critical security
patches that were released over that 4 year period. After all, why bother
keeping the work network secure.


Maybe he works @ Google.
--

Vita brevis breviter in brevi finietur,
Mors venit velociter quae neminem veretur.

"Death" -x wrote in message
...
Ezekiel wrote:


"Canuck57" wrote in message
...
On 16/01/2010 3:34 PM, Frank wrote:
Enkidu wrote:


Do you know anyone who has
a Windows box running for a year without a reboot?

So what does re-booting have to do with stability?
Also if you're running linux for a year without re-booting then your
kernel and software is most likely out of date.
Oops!

I have ran linux under load uninterupted for 4.25 years without a reboot
and no appliciation down time.

It only had to be rebooted as the UPS batteries melted and needed
replacing. In the servers previous deployment it ran NT but they
couldn't
get it running as stable so it was a hand me down.

It was a private gateway with DNS, squid, FTP forwarding and firewall.
Cron cleaned the cache and restarted squid each week. Management forgot
that it existed until the UPS went down.

Congratulations on doing such a ****-poor job maintaining your servers.
Obvioiusly to you it's much more important at work to get a 4.25 year
uptime
than it is to actually apply all of the important and critical security
patches that were released over that 4 year period. After all, why
bother
keeping the work network secure.


Maybe he works @ Google.

If this ever happend at ${EMPLOYER} he would be someone that once worked
here at one time.

"Alias" wrote in message
...
Kerry Brown wrote:
The code used in the attack is only effective against IE6 and possibly
IE7 and 8 on computers running XP SP2 or older OS's. It's also possible
that if someone deliberately relaxed the security way beyond what would
be considered normal that newer OS's with newer versions of IE may be
affected.

http://blogs.zdnet.com/Bott/?p=1645

I'd say the message here is to keep things up to date and don't relax
security in the name of convenience. You'd have to be a couple years
behind on updates or an idiot to be affected by this. It's mind boggling
that the companies that got hacked are that mindless about updates. The
story that's slowly emerging is that there were probably several
different methods used to penetrate their security.


Wrong. IE8 is also affected as is Windows 6.1, er 7:

http://news.bbc.co.uk/2/hi/technology/8463516.stm

From the article:

"Graham Cluley of anti-virus firm Sophos, told BBC News that not only did
the warning apply to 6, 7 and 8 of the browser, but the instructions on
how to exploit the flaw had been posted on the internet."

--
Alias

You'll have to go over all the news items and blogs again then reread my
post. All versions of IE are vulnerable if you change some of the security
settings from the default. Any program may become vulnerable if you
purposely relax security.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/

Kerry Brown wrote:

"Alias" wrote in message
...
Kerry Brown wrote:
The code used in the attack is only effective against IE6 and
possibly IE7 and 8 on computers running XP SP2 or older OS's. It's
also possible that if someone deliberately relaxed the security way
beyond what would be considered normal that newer OS's with newer
versions of IE may be affected.

http://blogs.zdnet.com/Bott/?p=1645

I'd say the message here is to keep things up to date and don't relax
security in the name of convenience. You'd have to be a couple years
behind on updates or an idiot to be affected by this. It's mind
boggling that the companies that got hacked are that mindless about
updates. The story that's slowly emerging is that there were probably
several different methods used to penetrate their security.


Wrong. IE8 is also affected as is Windows 6.1, er 7:

http://news.bbc.co.uk/2/hi/technology/8463516.stm

From the article:

"Graham Cluley of anti-virus firm Sophos, told BBC News that not only
did the warning apply to 6, 7 and 8 of the browser, but the
instructions on how to exploit the flaw had been posted on the internet."

--
Alias

You'll have to go over all the news items and blogs again then reread my
post. All versions of IE are vulnerable if you change some of the
security settings from the default. Any program may become vulnerable if
you purposely relax security.


As I don't use Internet Explorer, I don't have to do anything. I don't
even use Windows to surf the Net. That said, raising the Internet
security in IE to high will disable the ability to surf to many web
sites. The default settings of IE8 are NOT recommended by anyone,
including Microsoft.

Sooooooooo, it's time for YOU to apologize to me and to all the readers
you've mislead with this post as an "MVP".

--
Alias

Alias wrote:

Chris Ahlstrom wrote:
Frank pulled this Usenet boner:

Chris Ahlstrom wrote:
Frank pulled this Usenet boner:

Oh and I see you're cross posting to comp.os.linux.advocacy, that
den of MS hate mongers.
MS does a fine job of mongering MS hate on its own.

http://www.groklaw.net/staticpages/i...05010107100653

Microsoft Litigation

Please note that this is not a complete list, and if you have
other cases you'd like to have included, please let us know. You
can click on the email icon to email PJ. Thank you.

Thanks for proving my point, you MS hate filled linturd asshole loser.

(Are many Microsoft fans like this guy?)


No, Frank is unique. Not many people are as clueless and disgusting as
Frank.


Well, DumbFull**** may apply, because he is truly dumb and also a
disgusting racist (a trait shared by many windows users, obviously). And
Hadron Snot Quark, perhaps, for the same reasons. "The Bee" certainly, as
he is the only one in COLA about as stupid as "Frank"
--
I refuse to have a battle of wits with an unarmed person.