Skip to comments.
FBI, Pentagon Quiz Microsoft on XP
dailynews.yahoo.com ^
Posted on 12/23/2001 6:55:43 AM PST by TaRaRaBoomDeAyGoreLostToday!
click here to read article
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80 ... 241-247 next last
To: TaRaRaBoomDeAyGoreLostToday!
The FBI's National Infrastructure Protection Center said that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP (news - web sites) should disable the product's ``universal plug and play'' features affected by the glitches. Why does MS want people to leave this on so bad?
MS has known about the exploit for 5 weeks. They could have -- legally *should* have -- informed their customers of the product flaw 5 weeks ago and told customers to turn that 'feature' off.
Instead, MS just left customers hanging in the wind, vulnerable, for over a month while they continued to fraudulently sell XP. And MS has been selling a product they *knew* to be faulty, without informing consumers of the flaw.
To: tech_index, stainlessbanner
- Microsoft declined to tell U.S. officials how many consumers downloaded and installed its fix during the first 24 hours it was available.
- Microsoft also indicated it would not send e-mail reminders to Windows XP customers to remind them of the importance of installing the patch.
- The FBI's cyber-security unit has been concerned about the threat and warned again Thursday that the potential of ``denial of service'' attacks is high.
Why won't they say how many patches were downloaded? It must be because only a very small number of patches are being downloaded. Which means that there are a *bunch* of unpatched XP machines out there.
And MS won't email customers to make sure they know about the patch and the exploit.
So consumer protection laws don't apply to MS either?
To: Dominic Harr
Pardon me while I laugh at the notion of the FBI lecturing on security vulnerability. I guess they are grasping for credibility. But maybe this is much more sinister. Maybe the FBI was using the universal plug and play to install "rogue software" to spy on users. They've been drooling over such things prior to 9-11 but with more eagerness afterwards. Maybe Microsoft was strong armed into delaying the fix. After all, the government was just involved in trying to destroy the company. I'm sure Gates is much more eager to "play ball" with the government after they attacked his company.
4
posted on
12/23/2001 7:19:43 AM PST
by
verboten
To: TaRaRaBoomDeAyGoreLostToday!
A co-worker of mine just bought a Sony Vaio laptop that came with XP installed. I took it for a test drive--thumbs down. The laptop was a 900+MHz machine, but it ran slower than mud. My co-worker agreed and is trying to get 98 installed on it.
5
posted on
12/23/2001 7:20:14 AM PST
by
randog
To: verboten
Maybe Microsoft was strong armed into delaying the fix. I don't know how much experience you have with MS bugs, but this is SoP for MS.
Only this time, there is proof that they knew 5 weeks ago that the OS they were selling was defective. And they continued to sell the OS without informing customers of the product defect.
That is illegal.
To: ALL
To: ALL
To: ALL
Ooops pardon the double post.Don't know what happened.
To: TaRaRaBoomDeAyGoreLostToday!
I would like to pose what I consider a reasonable question. Please save your flames--I'm not being sarcastic, and I know that most Freepers are less than thrilled with Microsoft's products. My question is, how can a company, among the most fiscally solvent in world history, have thousands of highly-paid programmers working for years on a project, never realizing, time and time again, that a clever fourteen year-old can waltz through the security holes in a day or two of getting the latest operating system??? Don't they test this stuff? Is the whole world their beta-testers? (Even I know the answer to that is yes.)This is the equivalent of the newest Mercedes rolling off the lot with a key code that can be circumvented by someone who aims a tv remote control at it. What gives with these guys?
To: Dominic Harr
The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet. Kind of gives a whole new meaning to the term "Univeral Plug and Play".
I'm sure they didn't expect it to be that "universal".
11
posted on
12/23/2001 7:29:38 AM PST
by
AAABEST
To: Dominic Harr
Only this time, there is proof that they knew 5 weeks ago that the OS they were selling was defective. And they continued to sell the OS without informing customers of the product defect. That is illegal.
Huh?
What law are you refering to?
The only thing I see here is an excuse to bash MS. I automatically recieved noticfication a few day ago that an important patch was already downloaded and was waiting for instruction from me to be installed, which I did.
To: Dominic Harr
legally *should* have Can you cite this law, please?
13
posted on
12/23/2001 7:31:55 AM PST
by
Glenn
To: ALL
Microsoft Security Bulletin MS01-059
Print |
|
Unchecked Buffer in Universal Plug and Play can Lead to System Compromise
Originally posted: December 20, 2001 Summary
Who should read this bulletin: Customers using Microsoft® Windows® ME or XP, or who have installed the Windows XP Internet Connection Sharing client on Windows 98 or 98SE. Impact of vulnerability: Run code of attackers choice. Maximum Severity Rating: Critical Recommendation: Microsoft strongly urges all Windows XP customers to apply the patch immediately. Customers using Windows 98, 98SE or ME should apply the patch if the Universal Plug and Play service is installed and running. Affected Software:
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP
Technical details
Frequently asked questions Patch availability
Download locations for this patch
Additional information about this patch Other information:
AcknowledgmentsMicrosoft thanks eEye Digital Security (http://www.eeye.com) for reporting this issue to us and working with us to protect customers. Support:
- Microsoft Knowledge Base article Q315000 discusses this issue and will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.
- Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.
|
To: Dominic Harr
I don't know how much experience you have with MS bugs, but this is SoP for MS.
I agree that their software is buggy. And its early releases should be stamped with large letters "caveat emptor." But when you say "only this time, there is proof that they knew 5 weeks ago" doesn't that imply that asserting that prior bugs were known but not revealed was mere speculation? I agree MS can keep thing close to their vest. But how many companies are truly forthcoming?
15
posted on
12/23/2001 7:33:42 AM PST
by
verboten
To: Balding_Eagle
What law are you refering to? Basic consumer protection laws.
MS just spent 5 weeks selling a product with a very serious defect. They knew about the defect, and didn't inform customers.
That is illegal.
To: Glenn
Can you cite this law, please? Seriously?
I have to prove that in America it's against the law to knowingly sell a defective product?
Consumer protection laws do apply to MS, don't they?
To: verboten
But how many companies are truly forthcoming? You're wasting your time. Dominic lives in a perfect world where everyone can volume test 100 million clients under all circumstances revealing all defects in all cases. A place where tens of millions of lines of code are released once and never need patched.
18
posted on
12/23/2001 7:40:25 AM PST
by
Glenn
To: Dominic Harr
I have to prove that in America it's against the law to knowingly sell a defective product? Yes. You do.
19
posted on
12/23/2001 7:41:19 AM PST
by
Glenn
To: TaRaRaBoomDeAyGoreLostToday!
I read the posts yesterday and downloaded the patch. I checked my puter and found that Universal Plug and Play had not been enabled in the first place. My system has XP Pro and is not networked. Is this a vulnerability to networked computers only?
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80 ... 241-247 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson