From: "Robert Comer" 

There's no excuse that it would take 6 months to fix the hole -- that was 6
months after someone knew how to exploit the problem.

>Would you rather have every
> hacker trying to exploit it before it was fixed?

It'll happen eventually, Windows is not secure and probably never will be
as it's designed now.

> I'm sure there are more
> holes we don't know about that haven't been found.  Guess the only real
> answer then is to just turn off your computer until all the holes are
fixed.

Hardly -- there are other ways to secure things, but you're right, for the
common man, yep, it'll be easier to just turn the darn things off. You
better hope Microsoft can produce a patch quicker than 6 months...

> At least eEye didn't announce what they found till the fix was available.


Don't expect the less scrupulous people will give Microsoft the chance to
fix things like that -- in spite of what Rich says, eeye is helping
Microsoft and Windows.

- Bob Comer



"Glenn Meadows"  wrote in message
news:402adeaa$1{at}w3.nls.net...
> Hey, the hole was there LONG before someone found it.  At least it wasn't
> publicly disclosed for 6 months with no patch.  Would you rather have
every
> hacker trying to exploit it before it was fixed?  I'm sure there are more
> holes we don't know about that haven't been found.  Guess the only real
> answer then is to just turn off your computer until all the holes are
fixed.
>
> At least eEye didn't announce what they found till the fix was available.
>
> --
> Glenn M.
>
>
> "Robert Comer"  wrote in message
> news:402ac7bb$1{at}w3.nls.net...
> > >(no patches in December, merry f**king christmas, we own your ass)
> >
> > It does bother me big time, I was being sarcastic.
> >
> > - Bob Comer  > big time today.>
> >
> >
> > "Geo."  wrote in message
news:402abf98{at}w3.nls.net...
> > > "Robert Comer"
 wrote in message
> > > news:402a4320$1{at}w3.nls.net...
> > > > > 5 months, they sat on a remote code execution exploit for 5
months..
> > > > doesn't
> > > > > that just give you a warm fuzzy?
> > > >
> > > > Why yes it does.
> > >
> > > Article on it today on wired
> > > http://www.wired.com/news/technology/0,1282,62239,00.html/wn_ascii
> > >
> > > "Microsoft, which learned about the flaws more than six
months ago
from
> > > researchers, said the only protective solution was to apply a
repairing
> > > patch it offered on its website. It assessed the threat to computer
> users
> > as
> > > "critical," its highest rating. "
> > >
> > > [...]
> > >
> > > "This is one of the most serious Microsoft vulnerabilities ever
> released,"
> > > said Marc Maiffret of eEye Digital Security of Aliso Viejo,
California,
> > > which discovered the new Windows flaws. "The breadth of systems
affected
> > is
> > > probably the largest ever. This is something that will let you get
into
> > > Internet servers, internal networks, pretty much any system."
> > >
> > > [...]
> > >
> > > Researchers at eEye discovered the problems last July and agreed to
keep
> > > quiet about them until Microsoft could fix them. Maiffret complained
> that
> > > the delay between eEye's discovery and Tuesday's public disclosure by
> > > Microsoft was "just totally unacceptable" because
Windows users were
> > broadly
> > > vulnerable during the period.
> > >
> > > --------
> > >
> > > for 6 months Microsoft has had a backdoor into all the windows systems
> on
> > > the planet.. Wasn't that like the theme to a movie or something?
> > >
> > > Geo. (no patches in December, merry f**king christmas, we own your
ass)
> > >
> > >
> > >
> >
> >
>
>

--- BBBS/NT v4.01 Flag-5