From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_00BF_01C55CCB.85ABC330
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   GDI+ had nothing to do with .NET.

   The DoS attacks were CPU usage due to large contrived complex cases.  =
The first and last were meaningful bugs.  Two in four years is not so =
bad.  All of these are server side issues that only are an issue if you =
explicitly make use of these.  None would affect you on the client.  = None
would affect you on the server either just by installing.

Rich


  "Geo"  wrote in message
news:428b17d7$1{at}w3.nls.net...
  "Peter Sawatzki"  wrote in message
  news:428a190e{at}w3.nls.net...

  > I don't see why you have a less secure system when installing .NET.
  > Installing a runtime that enables the system to run application =
built
  > in a more secure environment enhances your system.

  Well lets start with the fact that .NET is 23mb of stuff and the first =
patch
  I had to apply was over 10mb and the second patch was 1.5mb.

  If it doesn't make me less secure, why all the patches? Let's see..

   2005-02-08: Microsoft ASP.NET URI Canonicalization Unauthorized Web =
Access
  Vulnerability
   2005-01-18: Microsoft GDI+ Library JPEG Segment Length Integer =
Underflow
  Vulnerability
   2003-12-11: Multiple Vendor XML DTD Parameter Entity SOAP Server =
Denial Of
  Service Vulnerability
   2003-12-09: Multiple Vendor XML Parser SOAP Server Denial Of Service
  Vulnerability
   2002-06-08: Microsoft ASP.NET StateServer Cookie Handling Buffer =
Overflow
  Vulnerability

  Still think it's not a security issue?

  Geo.


------=_NextPart_000_00BF_01C55CCB.85ABC330
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   GDI+ had
nothing to do =
with=20
.NET.
 
   The DoS
attacks were CPU =
usage due to=20
large contrived complex cases.  The first and last were
meaningful=20 bugs.  Two in four years is not so bad. 
All of these are = server side=20
issues that only are an issue if you explicitly make use of
these.  = None=20
would affect you on the client.  None would affect you on the =
server either=20
just by installing.
 
Rich
 
 

  "Geo" <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote=20
  in message news:428b17d7$1{at}w3.nls.net..."Peter=20
  Sawatzki" <peter{at}sawatzki.de>=20">mailto:peter{at}sawatzki.de">peter{at}sawatzki.de>=20
  wrote in messagenews:428a190e{at}w3.nls.net...=
> I=20
  don't see why you have a less secure system when installing =
.NET.>=20
  Installing a runtime that enables the system to run application =
built>=20
  in a more secure environment enhances your system.Well lets =
start with=20
  the fact that .NET is 23mb of stuff and the first patchI had to =
apply was=20
  over 10mb and the second patch was 1.5mb.If it
doesn't make me =
less=20
  secure, why all the patches? Let's see.. 2005-02-08: =
Microsoft=20
  ASP.NET URI Canonicalization Unauthorized Web=20
  AccessVulnerability 2005-01-18: Microsoft
GDI+ Library =
JPEG=20
  Segment Length Integer
UnderflowVulnerability 2003-12-11: =

  Multiple Vendor XML DTD Parameter Entity SOAP Server Denial =
OfService=20
  Vulnerability 2003-12-09: Multiple Vendor XML Parser SOAP =
Server=20
  Denial Of ServiceVulnerability 2002-06-08: Microsoft =
ASP.NET=20
  StateServer Cookie Handling Buffer =
OverflowVulnerabilityStill=20
  think it's not a security =
issue?Geo.

------=_NextPart_000_00BF_01C55CCB.85ABC330--

--- BBBS/NT v4.01 Flag-5