| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft patch delay may contribute to early exploit | |
|
||
| Time: 10:02 EST/15:02 GMT | News Source: E-Mail | Posted By: Byron Hinson | ||
|
Experts are fuming over the lengthy delay -- 200 days -- between when Microsoft Corp. was first notified of a critical vulnerability affecting all supported versions of Windows and when it released a patch. The primary issue: how confidential was the information detailing the ASN.1 flaw and when can we expect the first exploit. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 200 Last | Next |
The time now is
10:15:26 PM
ET.
Any comment problems? E-mail us |
| #1 By 19992 (164.214.4.61) at 2/12/2004 11:37:38 AM |
| And that makes Microsofts delay acceptable how? |
| #2 By 3339 (64.160.58.135) at 2/12/2004 4:14:10 PM |
| Different flaw. The novell flaw you point to only affected eDirectory, the equivalent of LDAP or AD. They fixed it in 55 days when it was discovered two months ago. eDirectory runs on more platforms than MS has total. |
| #3 By 3339 (64.160.58.135) at 2/12/2004 5:13:45 PM |
|
Was it January 29th or October 1st? Or are they two different flaws? Wait, two different flaws based on the same underlying tech are the SAME flaw, right? So, one flaw discovered on two different dates repaired on two different dates?? Wait...
Hey, if it's the same flaw, why didn't MS just use the Novell patch? Wait... You are a moron. Just because a lot of flaws are arising from ASN.1, that does not mean each of these flaws are the same. They are different flaws. They affect different apps in different ways, manifest in different ways, and are repaired in different ways. The Novell flaw you are pointing to only affects eDirectory. A relatively small app. It was discovered recently in fixed in 55 days. The OpenSSL flaw was found in Oct of 2003 and was fixed on Nov. 4, 2003. 35 days. Not 120 days, moron. (For all of these advisories you are linking to, you should at least read when a patch or repair was made available, moron.) This post was edited by sodajerk on Thursday, February 12, 2004 at 17:38. |
| #4 By 3339 (64.160.58.135) at 2/12/2004 5:37:42 PM |
|
Are you suggesting that parker isn't a moron, Locke?
Personally, I could care less what someone thinks if they are the type of person to say: I understand that, it makes sense, and I agree, but I don't like the tone so instead I'm going to cry about it. Listen to me or don't. And, by the way, parker knows he is being completely foolish. I've corrected him on this issue about fifteen times but he continues to spout off like a moron. If he didn't do so and if he didn't insult me in kind as well, I wouldn't insult him. I am perfectly willing to converse without taking this tone if others can likewise handle the situation. Just so happens that a lot of members here can't handle what I have to say. This post was edited by sodajerk on Thursday, February 12, 2004 at 17:51. |
| #5 By 3339 (64.160.58.135) at 2/12/2004 7:48:36 PM |
|
moron, how many times do I have to remind you to look to see if there is a patch.
If you look under "SOLUTIONS" (well, I'll be), the notices regarding eDirectory are exactly those of the Secunia listing which was released/fixed on 1/29. Again, look at patches/solutions/fixes. And maybe you shouldn't look at a site which is listing hundreds of products, it's clearly confusing you. That page may have been updated today, but it has nothing to do with the Novell eDirectory flaw which was patched already. And OS X was patched with the release of 10.2.8. In fact, I can't see a single vendor/product that hasn't been patched. |
| #6 By 3339 (64.160.58.135) at 2/12/2004 7:50:56 PM |
|
"Microsoft was right in releasing the patch when all products had been examined and tested."
And that's what they're doing with these bad boys, right? http://www.eeye.com/html/Research/Upcoming/index.html |
| #7 By 3339 (64.160.58.135) at 2/12/2004 8:17:26 PM |
|
"And since anyone with more than a grade 1 education can see they all relate to the exact same ASN.1 vulnerability found on September 30, 2003, I will point out again that Novell didn't get around to patching eDirectory until January 29, 2004, which is 120 days after the vulnerability was discovered."
And I will point out to you that the OpenSSL flaw was patched last year. eDirectory, even if OpenSSL was patched, remained vulnerable. This was discovered recently and patched recently. The flaw is manifesting itself in two separate ways. Two separate patches for two separate applications. The eDirectory flaw wasn't discovered 120 days ago, moron. It was discovered two months ago. "They all require you to upgrade to the most current version of the software and then apply a patch." How does that amount to still exposed? You apply the free point release updates. You apply the patch. It's patched. You're whining about a typo now (that nobody cares to look for) on a web page? Ha, ha, ha!! Yes, spelling is more important than holding onto your source code! |
|
Write Comment
Return to News |
Displaying 1 through 25 of 200 Last | Next |
The time now is
10:15:26 PM
ET.
Any comment problems? E-mail us |
