Does Windows 10 have a way to edit a PDF yet?

On 11-Jul-17 12:51 PM, Paul wrote:
David B. wrote:

Thank you - I really mean that - for taking the time and trouble to
respond to me, Paul. I'll read it again later too.

I've just been reading he-

https://www.akamai.com/uk/en/support/end-user-faq.jsp

Are you CERTAIN that it is impossible for a 'bunch of bad apples' to
have manipulated the server so that folk are directed to a 'spoof'
site which is *pretending* to be Microsoft Answers?

Sites on the Internet, get hacked all the time.

They do indeed!

However, I don't recollect *ever* hearing any stories
about Microsoft equipment. Perhaps nobody is willing to report
such things. (When source code was stolen, it's usually traced
to a "trusted partner" who had a copy of the code.)

You are aware that the Microsoft Answers server is a 'stand-alone'
server - not part of the same 'log-in' arrangement as all the other
Microsoft facilities for which a Microsoft Account functions?

In this case, when using a "rent-a-server", you have two
IT departments. And the Microsoft staff would have an account
and login password, for accessing the rent-a-server and uploading
content to it. Or, whatever. As it's a forum, of course the
server adds content to itself, every time a user posts something.

Microsoft staff don't 'run the Microsoft Answers forums.

Other than that detail, the site will have just as many exposures
as any other site. Does the site use a database ? Probably.
Could someone do an injection attack on it ? Maybe. I have no
way of knowing how well or how poorly the site is managed,
whether it has automated heuristic protection (Tripwire)
or anything else.

I don't know the answers to your questions. How do you feel about asking
a question about this *ON* the Microsoft Answers forums?

A weakness on small company sites (like say pcper.com or
anandtech forums), is nobody writes their own BBS software.
They buy it. And sometimes bugs are found in BBS software
that makes it attack-prone.

I've heard about this before and understand what you say.

What does Microsoft use ? Is
the code written by their own staff, or did they purchase
a product ? That would be a consideration too, as to how
secure it was. Any time you run a forum, the attack surface
is larger than simple web-sites intended to be "read-only
under all circumstances".

Again, I don't know the answers. I doubt very much that Microsoft would
have purchased "a product" to run the forums. We're you just kidding
about this?!!!

--
David B.

On 11-Jul-17 12:51 PM, Paul wrote:
David B. wrote:

Thank you - I really mean that - for taking the time and trouble to
respond to me, Paul. I'll read it again later too.

I've just been reading he-

https://www.akamai.com/uk/en/support/end-user-faq.jsp

Are you CERTAIN that it is impossible for a 'bunch of bad apples' to
have manipulated the server so that folk are directed to a 'spoof'
site which is *pretending* to be Microsoft Answers?

Sites on the Internet, get hacked all the time.

However, I don't recollect *ever* hearing any stories
about Microsoft equipment. Perhaps nobody is willing to report
such things. (When source code was stolen, it's usually traced
to a "trusted partner" who had a copy of the code.)

In this case, when using a "rent-a-server", you have two
IT departments. And the Microsoft staff would have an account
and login password, for accessing the rent-a-server and uploading
content to it. Or, whatever. As it's a forum, of course the
server adds content to itself, every time a user posts something.

Other than that detail, the site will have just as many exposures
as any other site. Does the site use a database ? Probably.
Could someone do an injection attack on it ? Maybe. I have no
way of knowing how well or how poorly the site is managed,
whether it has automated heuristic protection (Tripwire)
or anything else.

A weakness on small company sites (like say pcper.com or
anandtech forums), is nobody writes their own BBS software.
They buy it. And sometimes bugs are found in BBS software
that makes it attack-prone. What does Microsoft use ? Is
the code written by their own staff, or did they purchase
a product ? That would be a consideration too, as to how
secure it was. Any time you run a forum, the attack surface
is larger than simple web-sites intended to be "read-only
under all circumstances".

Paul


I've now written to Akamai and asked them to review my post on the
Answers forum.

https://answers.microsoft.com/en-us/...e-f76f6d5fa569

I'll let you know what they say - IF they respond!

--
David B.