February 16, 2006 6:55 PM PST
Attack code out for latest Microsoft flaw
The "proof-of-concept" exploits that take advantage of a flaw in the media player were posted on the Web over the past couple of days. The flaw, rated "critical" by Microsoft, could enable an attacker to seize control of a vulnerable computer system.
The appearance of proof-of concept code is usually a sign that actual attacks are not far off. Microsoft, when it released its patch Tuesday, urged users to upgrade their systems as soon as possible.
Microsoft recently issued patch MS06-005 as part of its monthly security update. The vulnerability in Windows Media Player can compromise a system through malicious images embedded in the player.
Versions of Windows Media Player affected by the bug include 7.1 through 10. The vulnerability was also tagged as "critical" by the French Security Incident Response Team, or FrSIRT, a research outfit that published one of the two exploits.
Microsoft announced the release of seven fixes on Tuesday, including a "critical" patch for a Windows Meta File vulnerability in Internet Explorer. It exists only in IE 5.01 with Service Pack 4 on Windows 2000 and IE 5.5 with Service Pack 2 on Windows ME, Microsoft said in the security advisory.
Dell Labor Day Deals
CNet Editor's: Do you copy paste the "Critical Flaw Found In Microsoft Products" story weekly, only changing the name of the flaw and worm used this week?
In the past few weeks I have read about flaws in Linux and Microsoft. I've even read about a virus for the MacOSX (couldn't tell you if it's true or not).
I thought about it a bit and the real problem starts with the foundation of computers. First you have the hardware that is mass produced to be sold at the lowest possible price while generating the best bottom line. Then you have old languages that allow for bad programming. Then add legacy code which creates the potential for old flaws to still exist. Top that off with many over worked programmers and deadlines. Then you through in the average user or the user who thinks they know enough to be safe.
What I think we have here is an accident waiting to happen. The more I think about it the more I realize that the problem is really big and way beyond just Microsoft or Linux. Standards are seldom fully followed and cheap hardware is just that Cheap.
I think we need hardware that knows how to monitor itself for bad data and a programming language that makes it much harder for programmers to let bad code slip in. I think we need more openness in the technology world without becoming completly open source. I think we need to work harder at creating and following standards. I think users need to work harder at understanding the systems they are working on. We also need to slow down. Are we all really in that big a hurry to get it all done. When you die it's not going to make a bit of difference to you anyway.
The reality is that programmers can make software more secure and stable and hardware makers can make smarter hardware. However, it's not going to happen until we all realize that the problem with the world is the people living in it. People are the greatest computer this world has ever known and look how flawed we all are.
Carry on...
http://www.referate-romana.com