Get APLawrence.com by RSSThe Catch-22 of XP Service Pack 2
Mon Aug 23 20:53:39 2004 The Catch-22
of XP Service Pack 2
Posted by Tony Lawrence
Search Keys: microsoft,security
Referencing:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2aumng.mspx
I hope that the brewing trouble around this service pack hasn't escaped your attention. It's important to understand that this patch WILL break many programs. On the other hand, it fixes some truly awful security holes.
So what do you do? I have clients who have been told by their application vendor NOT to install this. So their choice is either remain vulnerable to the various problems that this addresses, or be unable to use the software their business depends upon. Some choice.
Microsoft richly deserves the pain they will suffer from this debacle.
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 1 | 10 | 38 | 757 | 3,410 |
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Your ad here - $48.00 yearly!
larryi@ccamedical.com SCO OS5, Debian Linux, RedHat Linux, MySQL, Apache, AJAX development using dXport/dL4/Unibasic, Windows Connectivity, Sharing Resouces, Automation, Shell Scripting
http://www.m3ipinc.com Security, firewalls, ids, audits, vulnerability assesments, BS7799, HIPAA, GLB, incident handling
http://www.breakthru.com.au SCO (Openserver and Unixware), Unix, Solaris and Linux Consulting services including: Secure Networking Solutions; Linux based Firewalls; Backup Solutions; Secure Home to Office Network Setup; Phone, Remote and On-Site Support available - Satisfaction Guaranteed!
- Nov 21 07:55
@loudmouthman: correct, but how do you prove ANYTHING like that is accurate? You can't. A text file is no better or worse than anything. - Nov 21 07:40
@loudmouthman: well, a digital signature could prove it hadn't been altered. Text is no more insecure than anything else in that sense.
Related Posts
Publish your articles, comments, book reviews or opinions here!
CommentsBlog1067 :
Gates, Ballmer and company can't engineer in good security. So like a leaky roof on a sleazy shack, they madly nail on shingles to fix the leaks, hoping that none of the nails penetrates the plumbing, wiring and the heads of the people living inside. Sheesh! It's almost enough to make you wish for the days of CP/M.
--BigDumbDinosaur
---August 24, 2004
Oh, ya. Last week I read a new advisory on a published exploit for Internet Explorer were you could get malicious code to execute buy tricking the user to drag and drop a file onto their desktop (it's not the one were you drag a image into the cmd.exe window). However it could be modified to operate under a single click.
If affected all versions of IE on WinXP, even with SP2 installed. So they didn't fix everything that needed to be fixed anyways.
http://secunia.com/advisories/12321/
Luckily for MS Firefox came along when it did. But IE is part Explorer shell and since that software and it's libraries makes up a big hunk of Windows it means similar flaws could exist elsewere.
--Drag
---August 24, 2004
Could?
:-)
Add your comments