Page 1 of 2 12 LastLast
Results 1 to 16 of 24

Thread: New critical Windows flaw discovered

  1. #1
    Goat Boy
    Join Date
    Jul 2003
    Location
    Alexandra Park, London
    Posts
    2,428
    Thanks
    0
    Thanked
    0 times in 0 posts

    New critical Windows flaw discovered

    http://www.eeye.com/html/Research/Ad...D20040210.html

    Shame it took MS 6 months to patch...
    "All our beliefs are being challenged now, and rightfully so, they're stupid." - Bill Hicks

  2. #2
    Drop it like it's hot Howard's Avatar
    Join Date
    Jul 2003
    Location
    Surrey, South East
    Posts
    11,731
    Thanks
    14
    Thanked
    42 times in 39 posts
    • Howard's system
      • Motherboard:
      • Asus P5B
      • CPU:
      • Core2Duo E6420 2.13GHz
      • Memory:
      • 2x1gb OCZ DDR2 6400
      • Storage:
      • 250GB & 500GB Seagate
      • Graphics card(s):
      • Inno3d iChill 7900GS
      • PSU:
      • Antec SmartPower 500W
      • Case:
      • Coolermaster Elite 330
      • Monitor(s):
      • 2x AG Neovo F419
      • Internet:
      • Virgin Media 20mbit
    I swear they employ someone to name these exploits/flaws in the most awkward way possible!

    "Microsoft ASN.1 Library Length Overflow Heap Corruption"

    Good lord
    Home cinema: Toshiba 42XV555DB Full HD LCD | Onkyo TX-SR705 | NAD C352 | Monitor Audio Bronze B2 | Monitor Audio Bronze C | Monitor Audio Bronze BFX | Yamaha NSC120 | BK Monolith sub | Toshiba HD-EP35 HD-DVD | Samsung BD-P1400 BluRay Player | Pioneer DV-575 | Squeezebox3 | Virgin Media V+ Box
    PC: Asus P5B | Core2duo 2.13GHz | 2GB DDR2 PC6400 | Inno3d iChill 7900GS | Auzentech X-Plosion 7.1 | 250GB | 500GB | NEC DVDRW | Dual AG Neovo 19"
    HTPC: | Core2Duo E6420 2.13GHz | 2GB DDR2 | 250GBx2 | Radeon X1300 | Terratec Aureon 7.1 | Windows MCE 2005
    Laptop: 1.5GHz Centrino | 512MB | 60GB | 15" Wide TFT | Wifi | DVDRW


  3. #3
    HEXUS.social member Agent's Avatar
    Join Date
    Jul 2003
    Location
    Internet
    Posts
    19,185
    Thanks
    739
    Thanked
    1,614 times in 1,050 posts
    New critical Windows flaw discovered
    Didn't see that one coming
    Quote Originally Posted by Saracen View Post
    And by trying to force me to like small pants, they've alienated me.

  4. #4
    iMc
    iMc is offline
    Senior Member iMc's Avatar
    Join Date
    Aug 2003
    Location
    Northants
    Posts
    3,616
    Thanks
    2
    Thanked
    0 times in 0 posts
    if i had a penny for every time............ you know the rest!
    HEXUS|iMc

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Location
    3rd Rock from the sun..
    Posts
    463
    Thanks
    15
    Thanked
    4 times in 3 posts
    • Dave_07's system
      • Motherboard:
      • MSI X99A Gaming 7
      • CPU:
      • Intel Core i7 5930k (6 core) @ 4.3Ghz
      • Memory:
      • 16Gb Corsair DDR4 2800Mhz
      • Storage:
      • 2x 500Gb SSD's (Raid 0)
      • Graphics card(s):
      • 2x SLI MSI GTX 980
      • PSU:
      • EVGA 1000w PSU
      • Case:
      • Corsair C70
      • Operating System:
      • Windows 7 Pro 64Bit
      • Monitor(s):
      • G-Sync AOC G2460PG 1080p and LG Flatron W2261VP
      • Internet:
      • 17.5Mb Broadband.
    This is the "still abit of a newbie" bit of me showing through here but,
    Why does it take Microsoft so long to correct such flaws as this ??

    Dave.
    Intel Core i7 5930k @ 3.7Ghz Turbo
    MSI X99A Gaming 7
    16Gb Corsair DDR4 2667Mhz
    2x SLI MSI GTX 980
    2x 500Gb SSD's (Raid 0)
    EVGA 1000w PSU
    Windows 7 Pro 64Bit
    G-Sync AOC G2460PG 1080p
    LG Flatron W2261VP

  6. #6
    Member
    Join Date
    Sep 2003
    Location
    Nottingham, UK
    Posts
    152
    Thanks
    0
    Thanked
    0 times in 0 posts
    Windows is (this is a fact, not just cause I hate it) the most unreliable and unstable operating system on the market. Microsoft basically release too buggy software to the consumer without thinking, thats why they have these service packs and upgrades.

    *pats linux*
    AMD Athlon XP 2400+ | Connect3D Radeon 9600PRO | Seagate Barrcuda 80GB HDD | 512mb PC2700 Crucial RAM | MSI KT6 Delta FIS2R | Zorro Silver Case | Windows XP/Gentoo Linux

  7. #7
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Whereas Linux, being open source and having hundreds of contributors, tends to have deliberate back door code injected into the source code for the kernel
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  8. #8
    Member
    Join Date
    Sep 2003
    Location
    Nottingham, UK
    Posts
    152
    Thanks
    0
    Thanked
    0 times in 0 posts
    Your signature picture is flawed, my IP address is not that, I am not with that service and I am not using that webbrowser either.

    I didn't say Linux was excluded from problems, just windows is succumbed to them more.
    AMD Athlon XP 2400+ | Connect3D Radeon 9600PRO | Seagate Barrcuda 80GB HDD | 512mb PC2700 Crucial RAM | MSI KT6 Delta FIS2R | Zorro Silver Case | Windows XP/Gentoo Linux

  9. #9
    Goat Boy
    Join Date
    Jul 2003
    Location
    Alexandra Park, London
    Posts
    2,428
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by Paul Adams
    Whereas Linux, being open source and having hundreds of contributors, tends to have deliberate back door code injected into the source code for the kernel
    Erm, if anyone did that everyone would be able to see it...
    "All our beliefs are being challenged now, and rightfully so, they're stupid." - Bill Hicks

  10. #10
    Photographer; for hire!! shiato storm's Avatar
    Join Date
    Aug 2003
    Location
    next door
    Posts
    6,977
    Thanks
    4
    Thanked
    6 times in 5 posts
    windows releasing stuff too early? never....!
    Powered by Marmite and Wet Dog
    Light Over Water Photography

  11. #11
    Sublime HEXUS.net
    Join Date
    Jul 2003
    Location
    The Void.. Floating
    Posts
    11,819
    Thanks
    213
    Thanked
    233 times in 160 posts
    • Stoo's system
      • Motherboard:
      • Mac Pro
      • CPU:
      • 2*Xeon 5450 @ 2.8GHz, 12MB Cache
      • Memory:
      • 32GB 1600MHz FBDIMM
      • Storage:
      • ~ 2.5TB + 4TB external array
      • Graphics card(s):
      • ATI Radeon HD 4870
      • Case:
      • Mac Pro
      • Operating System:
      • OS X 10.7
      • Monitor(s):
      • 24" Samsung 244T Black
      • Internet:
      • Zen Max Pro
    ... and in great windows style, the windows update site seems to be down due to the current MyDoom onslaught.. LOL
    (\__/)
    (='.'=)
    (")_(")

  12. #12
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Quote Originally Posted by DaBeeeenster
    Erm, if anyone did that everyone would be able to see it...
    While the comment was slightly tongue-in-cheek, there have been 3 attempts to get such backdoor code into the Linux kernel fairly recently, and 1 was detected in the live kernel so a patch was issued.

    For the other 2 attempts, the Linux developers are trying to work out how they bypassed the change control mechanism, as at least 1 was only picked up by mistake when looking at fixing something else.

    So yes, you are right in that everyone should be able to see it, but it still doesn't stop it happening, and it could be argued it is more dangerous than a flaw as these are specifically designed holes with attempts to cover them up.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  13. #13
    Drop it like it's hot Howard's Avatar
    Join Date
    Jul 2003
    Location
    Surrey, South East
    Posts
    11,731
    Thanks
    14
    Thanked
    42 times in 39 posts
    • Howard's system
      • Motherboard:
      • Asus P5B
      • CPU:
      • Core2Duo E6420 2.13GHz
      • Memory:
      • 2x1gb OCZ DDR2 6400
      • Storage:
      • 250GB & 500GB Seagate
      • Graphics card(s):
      • Inno3d iChill 7900GS
      • PSU:
      • Antec SmartPower 500W
      • Case:
      • Coolermaster Elite 330
      • Monitor(s):
      • 2x AG Neovo F419
      • Internet:
      • Virgin Media 20mbit
    Windows is buggy, yes. But it's the best operating system available. I love it.
    With the amount of features it has, I'm not in the slightest bit surprised it falls over now and again (which for me is hardly ever, mine's very stable). Linux is not a desktop operating system, it's designed for purposes, Windows does everything and it's fantastic.
    Home cinema: Toshiba 42XV555DB Full HD LCD | Onkyo TX-SR705 | NAD C352 | Monitor Audio Bronze B2 | Monitor Audio Bronze C | Monitor Audio Bronze BFX | Yamaha NSC120 | BK Monolith sub | Toshiba HD-EP35 HD-DVD | Samsung BD-P1400 BluRay Player | Pioneer DV-575 | Squeezebox3 | Virgin Media V+ Box
    PC: Asus P5B | Core2duo 2.13GHz | 2GB DDR2 PC6400 | Inno3d iChill 7900GS | Auzentech X-Plosion 7.1 | 250GB | 500GB | NEC DVDRW | Dual AG Neovo 19"
    HTPC: | Core2Duo E6420 2.13GHz | 2GB DDR2 | 250GBx2 | Radeon X1300 | Terratec Aureon 7.1 | Windows MCE 2005
    Laptop: 1.5GHz Centrino | 512MB | 60GB | 15" Wide TFT | Wifi | DVDRW


  14. #14
    Goat Boy
    Join Date
    Jul 2003
    Location
    Alexandra Park, London
    Posts
    2,428
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by Paul Adams
    While the comment was slightly tongue-in-cheek, there have been 3 attempts to get such backdoor code into the Linux kernel fairly recently, and 1 was detected in the live kernel so a patch was issued.

    For the other 2 attempts, the Linux developers are trying to work out how they bypassed the change control mechanism, as at least 1 was only picked up by mistake when looking at fixing something else.
    Interesting. Do you have a URL on this? I wasn't aware that anything had made it into production code...I know that people have tried to hack the SSH code before, but not the kernel...
    So yes, you are right in that everyone should be able to see it, but it still doesn't stop it happening, and it could be argued it is more dangerous than a flaw as these are specifically designed holes with attempts to cover them up.
    How? An exploit is an exploit.

    The bottom line is, Linux has a FAR better history of security than Linux. I mean, come on, it has taken MS SIX MONTHS to release a fix for this one...Open Source software is normally patched within hours (sometimes minutes) of the exploit being made publicly available. The same thing happened with the IE URL spoofer bug...That was public knowledge for weeks before a fix was made available. MS's temporary fix was to...get users to type URL's in by hand!!!
    "All our beliefs are being challenged now, and rightfully so, they're stupid." - Bill Hicks

  15. #15
    OMG!! PWND!!
    Join Date
    Dec 2003
    Location
    In front of computer
    Posts
    964
    Thanks
    0
    Thanked
    0 times in 0 posts
    i know its WAY off topic.... but Paul Adams how does that pic work?
    adn by the way windows is fun... just cause you can piss people using the fun little features like the shutdown remote computer command in the console, doesnt mean its a BAD thing..

  16. #16
    Goat Boy
    Join Date
    Jul 2003
    Location
    Alexandra Park, London
    Posts
    2,428
    Thanks
    0
    Thanked
    0 times in 0 posts
    The pic works by checking your IP address and Browser agent string when you request his sig. I guess there must be a database of ISP's assigned to different IP batches to work out who your ISP is. Pretty cool!
    "All our beliefs are being challenged now, and rightfully so, they're stupid." - Bill Hicks

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Windows XP Email?
    By joshwa in forum Software
    Replies: 9
    Last Post: 18-01-2004, 09:38 AM
  2. Windows XP & Windows 95 crossover "network" doesn't work. Help, please
    By SteveRoads in forum Networking and Broadband
    Replies: 4
    Last Post: 28-12-2003, 06:39 PM
  3. Windows Update flaw 'left PCs open' to MSBlast
    By Bunjiweb in forum Software
    Replies: 10
    Last Post: 19-08-2003, 02:44 PM
  4. 'Critical' flaw found in Windows
    By Basher in forum General Discussion
    Replies: 8
    Last Post: 25-07-2003, 04:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •